last executing test programs: 2.054539479s ago: executing program 4 (id=1162): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) sendto$packet(r2, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 2.025546902s ago: executing program 4 (id=1163): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000040)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x1}}) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000140)=""/144, 0x90}], 0x1) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f00000000c0)={0x0, 0x8, 0x0, 0x0, 0xf}) read(r1, &(0x7f00000002c0)=""/200, 0x39) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) 1.817169861s ago: executing program 4 (id=1164): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001d0000090000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_clone(0xe000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe94, 0x30, 0x25, 0x0, 0x0, {}, [{0xe80, 0x1, [@m_pedit={0xe7c, 0x1, 0x0, 0x0, {{0xa}, {0xe50, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x2c, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x800000}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x1}, {}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xe94}}, 0x0) 1.814473991s ago: executing program 1 (id=1174): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r3 = dup3(r2, r1, 0x0) recvmmsg$unix(r3, &(0x7f00000025c0)=[{{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000a80)=""/87, 0x57}], 0x1}}, {{&(0x7f00000011c0), 0x6e, 0x0}}, {{&(0x7f0000001a00)=@abs, 0x6e, 0x0}}, {{0x0, 0x0, &(0x7f00000024c0)}}], 0x4, 0x0, 0x0) 1.7230114s ago: executing program 1 (id=1165): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"}) r2 = syz_open_pts(r1, 0x0) dup3(r2, r1, 0x0) ppoll(&(0x7f0000000140)=[{r1}], 0x1, 0x0, 0x0, 0xfffffffffffffdc0) ioctl$TCSETA(r2, 0x402c542d, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, "dac7a15f305b57a3"}) 1.636225718s ago: executing program 4 (id=1166): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) epoll_create1(0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x70, 0x0, 0x0, 0x1, 0x800}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0) 1.553265025s ago: executing program 1 (id=1167): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x0, 0x20}, 0xc) sendmmsg$inet6(r0, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0) 1.540749477s ago: executing program 1 (id=1168): timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f00000002c0)=0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) timer_settime(r0, 0x0, &(0x7f0000000480)={{0x0, 0x3938700}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000080)={0x0, 0x989680}, &(0x7f0000000200)) 1.483487662s ago: executing program 3 (id=1171): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC=r3]) 1.468903163s ago: executing program 3 (id=1172): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000700)={{r0}, &(0x7f0000000680), 0x0}, 0x20) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x0) sendfile(r3, r3, 0x0, 0x80000000) 1.349038544s ago: executing program 2 (id=1173): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff000044850000000e000000650000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f2, &(0x7f0000000080)) 1.306174549s ago: executing program 0 (id=1175): sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) ioprio_set$pid(0x2, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200010, &(0x7f0000000300)={[{@user_xattr}, {@nombcache}, {@dioread_lock}, {@norecovery}, {@barrier_val={'barrier', 0x3d, 0x4c}}, {@lazytime}, {@init_itable_val={'init_itable', 0x3d, 0x5}}, {@usrquota}, {@errors_continue}]}, 0xfe, 0x55d, &(0x7f0000000980)="$eJzs3d9rW1UcAPDvTX/sp66DMdQHKezByVy6tv6Y4MN8FB0O9H2G9q6Mpsto0rHWgduDe9mLDEHEgfgH+O7j8B/wrxjoYMgo+uBL5aY3XbYmbZZlSzSfD9ztnPuj55yce07OyUm4AQytyeyfQsSrEfFNEnGo6dho5AcnN89bf3htLtuS2Nj47M8kknxf4/wk//9AHnklIn79OuJEYXu61dW1xVK5nC7n8ana0uWp6urayYtLpYV0Ib00Mzt7+p3Zmfffe7dnZX3z3N/ff3r3o9O3jq1/9/P9w7eTOBMH82PN5XgG15sjkzGZvyZjceaJE6d7kNggSfqdAboykrfzscj6gEMxkrd64P/vq4jYAIZUov3DkGqMAxpz+x7Ng/8zHny4OQHaXv7Rzc9GYm99brR/PXlsZpTNdyd6kH6Wxi9/3LmdbdG7zyEAdnX9RkScGh3d3v8lef/XvVMdnPNkGvo/eHHuZuOft1qNfwpb459oMf450KLtdmP39l+43+KypFefUmfjvw9ajn+3Fq0mRvLYS/Ux31hy4WI5zfq2lyPieIztyeI7reecXr+30e5Y8/gv27L0G2PBPB/3R/c8fs18qVZ6ljI3e3Aj4rWW499kq/6TFvWfvR7nOkzjaHrn9XbHdi//87XxU8QbLev/0YpWsvP65FT9fphq3BXb/XXz6G/t0u93+bP6379z+SeS5vXa6tOn8ePef9J2x7q9/8eTz+vh8Xzf1VKttjwdMZ58sn3/zKNrG/HG+Vn5jx/buf9rdf/vi4gvOiz/zSM32546CPU//1T1//SBex9/+UO79Dur/7froeP5nk76v04z+CyvHQAAAAAAAAyaQkQcjKRQ3AoXCsXi5vc7jsT+QrlSrZ24UFm5NB/138pOxFihsdJ9qOn7ENP592Eb8Zkn4rMRcTgivh3ZV48X5yrl+X4XHgAAAAAAAAAAAAAAAAAAAAbEgTa//8/8PtLykvEXm0PgufLIbxheu7b/XjzpCRhI3v9heHXV/vf1Ph/Ai+f9H4bUWL8zAPST938YXto/DC/tH4aX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9de7s2WzbWH94bS6Lz19ZXVmsXDk5n1YXi0src8W5yvLl4kKlslBOi3OVpd3+XrlSuTw9EytXp2pptTZVXV07v1RZuVQ7f3GptJCeTz1tCAAAAAAAAAAAAAAAAAAAALarrq4tlsrldFlAoKvA6GBkQ6ApcKsHrbvPHRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANPk3AAD//0unNek=") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffffb, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) preadv2(r1, &(0x7f0000000400)=[{&(0x7f0000001140)=""/4096, 0x2007ffb}], 0x1, 0x0, 0x0, 0x0) 1.305967128s ago: executing program 3 (id=1176): bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_MASTER={0x8, 0x3, r2}]}, 0x28}, 0x1, 0x8}, 0x0) 1.269271072s ago: executing program 2 (id=1177): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xb, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r3 = dup3(r2, r1, 0x0) recvmmsg$unix(r3, &(0x7f00000025c0)=[{{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000a80)=""/87, 0x57}], 0x1}}, {{&(0x7f00000011c0), 0x6e, 0x0}}, {{&(0x7f0000001a00)=@abs, 0x6e, 0x0}}, {{0x0, 0x0, &(0x7f00000024c0)}}], 0x4, 0x0, 0x0) 1.263682632s ago: executing program 0 (id=1178): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001d0000090000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_clone(0xe000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0xe94, 0x30, 0x25, 0x0, 0x0, {}, [{0xe80, 0x1, [@m_pedit={0xe7c, 0x1, 0x0, 0x0, {{0xa}, {0xe50, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x2c, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x10}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x800000}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x1}, {}, {0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xe94}}, 0x0) 1.222027126s ago: executing program 3 (id=1179): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"}) r2 = syz_open_pts(r1, 0x0) dup3(r2, r1, 0x0) ppoll(&(0x7f0000000140)=[{r1}], 0x1, 0x0, 0x0, 0xfffffffffffffdc0) ioctl$TCSETA(r2, 0x402c542d, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, "dac7a15f305b57a3"}) 1.0684203s ago: executing program 0 (id=1180): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x0, 0x20}, 0xc) sendmmsg$inet6(r0, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0) 1.031135924s ago: executing program 1 (id=1181): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r2, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 1.030955734s ago: executing program 2 (id=1182): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000040), 0x8) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xcf88, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.030445304s ago: executing program 0 (id=1183): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x8e, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x3}, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x18, 0x11, 0x0, @private2, @mcast2, {[], {0x0, 0xe22, 0x18, 0x0, @wg=@data}}}}}}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) sendmsg(r2, &(0x7f00000000c0)={0x0, 0x952b, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 1.029974194s ago: executing program 3 (id=1184): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x80, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}, @CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0xe6ba7615268e7f7}]}]}, 0x80}}, 0x0) 998.552517ms ago: executing program 0 (id=1185): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081) 998.222987ms ago: executing program 2 (id=1186): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x3}}, 0x2e) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000080)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100000620702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000003c0)='kmem_cache_free\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0) 976.808369ms ago: executing program 2 (id=1187): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="00497786597dbd2c459a4eb848d7ee63ed400df217f0ad4e50ac877321ebb94a4c1272eecf58c17374c8a89473e8e9a6764605d0dd6eebe6d3abecd72f02c9ebe88463eaea18d5ec8f028b937001b9b944dfc83a825bf25740d87c8aac392384af98aa507594fb305e6cac7f256b5ab71e3b6054873980d031898b22b9edcc66bad1217655b725c525adac7f563c5bca52bf9af89943c05645c590c5a901be5b8bb16a5289d450f4509b992b6d97e5975c66a3030b7ab085952d4e1b1f848ac2c63995dbca0021552d8424b3937cf2253ae1a2", @ANYRESOCT], 0x1, 0x222, &(0x7f0000000300)="$eJzs2k2LW2UUB/Bz25HWKdNEfKMF8UE3urk0Wblw0UFaEAOKNoIK0lvnRkMyyZAbBiLSzs6tH8G1uHQnSL/AbPwEXbibzSy7EK+0KZ0X4mIQJ9j5/TY5cPKH5+FcLmdx9979YXPQq/JeMY1zWRYr12MnHmbRjHNxPuZ24u277zx47ZPPPv9gvdO58XFKN9dvtdoppcuv//bFdz+/cX966dNfLv96IXabX+7tt//YfWX3yt5ft77pV6lfpdF4mop0ZzyeFneGZdroV4M8pY+GZVGVqT+qysmRfm843tqapWK0sba6NSmrKhWjWRqUszQdp+lkloqvi/4o5Xme1laDf6P708O6jv36udtR1/XzP8al+7H2IBqRvZCyF69nL9/OXt3JruzXdWPZR+U/Yf5nm/mfbeZ/th1a6i5GbH6/3d3uzn/n/fVe9GMYZVyLRvwZjx6TJ+b1zfc7N66lx5qRNu89yd/b7p4/mm9FI5qL8615Ph3NX4jVw/l2NOKlxfn2wvzFeOvNQ/k8GvH7VzGOYWzEo+xB/m4rpfc+7BzLX338PwCAZ02enlq4v+X5P/Xn+RPsh8f2q5W4urLcuxNRzb4dFMNhOVEoFIqnxbLfTJyGg6Ev+yQAAAAAAAAAAACcxGl8TrjsOwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/w9/BwAA///8j/If") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, "ef359f413bb90152f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a01000000000000004faa2ad9c084a003ea00", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00"}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) openat(0xffffffffffffffff, 0x0, 0x6a1c2, 0x50) open(&(0x7f0000000100)='./file0\x00', 0x101bff, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 76.960512ms ago: executing program 0 (id=1188): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff000044850000000e000000650000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f2, &(0x7f0000000080)) 76.684622ms ago: executing program 1 (id=1189): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = socket$igmp6(0xa, 0x3, 0x2) lseek(r0, 0xf, 0x2) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1008002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {@jqfmt_vfsold}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0x8004587d, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0, 0x2}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000380)='kmem_cache_free\x00', r2}, 0x10) pwritev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000280)="be", 0x7ffff000}, {0x0, 0x141}], 0x2, 0x0, 0x0) 76.491383ms ago: executing program 4 (id=1190): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) 72.952073ms ago: executing program 3 (id=1200): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x42, 0x173) r0 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==") ioctl$USBDEVFS_CONNECTINFO(0xffffffffffffffff, 0x5452, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000000)=0x0) timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000880)={0xc, 0x8, 0xfa00, {0x0}}, 0x10) 33.525257ms ago: executing program 4 (id=1191): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"}) r2 = syz_open_pts(r1, 0x0) dup3(r2, r1, 0x0) ppoll(&(0x7f0000000140)=[{r1}], 0x1, 0x0, 0x0, 0xfffffffffffffdc0) ioctl$TCSETA(r2, 0x402c542d, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, "dac7a15f305b57a3"}) 0s ago: executing program 2 (id=1192): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000017"], 0x54}}, 0x0) kernel console output (not intermixed with test programs): 5.844464][ T29] audit: type=1400 audit(1727635617.357:444): avc: denied { read } for pid=3809 comm="syz.4.138" name="event0" dev="devtmpfs" ino=218 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 35.880214][ T3815] loop0: detected capacity change from 0 to 512 [ 35.881194][ T29] audit: type=1400 audit(1727635617.357:445): avc: denied { open } for pid=3809 comm="syz.4.138" path="/dev/input/event0" dev="devtmpfs" ino=218 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 35.926850][ T3815] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 35.935709][ T3589] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.944621][ T50] hsr_slave_0: left promiscuous mode [ 35.950625][ T50] hsr_slave_1: left promiscuous mode [ 35.956114][ T3815] EXT4-fs (loop0): orphan cleanup on readonly fs [ 35.963953][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 35.971620][ T50] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 35.993279][ T3815] Quota error (device loop0): v2_read_file_info: Block with free entry 1 out of range (1, 6). [ 36.005251][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 36.012793][ T50] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 36.039434][ T3815] EXT4-fs warning (device loop0): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 36.059443][ T3815] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 36.066332][ T50] veth1_macvtap: left promiscuous mode [ 36.066688][ T29] audit: type=1400 audit(1727635617.577:446): avc: denied { write } for pid=3825 comm="syz.1.139" name="ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 36.071880][ T50] veth0_macvtap: left promiscuous mode [ 36.100152][ T50] veth1_vlan: left promiscuous mode [ 36.105466][ T50] veth0_vlan: left promiscuous mode [ 36.106324][ T3815] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.141: bg 0: block 40: padding at end of block bitmap is not set [ 36.126102][ T3815] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 36.146432][ T3815] EXT4-fs (loop0): 1 truncate cleaned up [ 36.159945][ T3815] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 36.182850][ T3815] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 36.223597][ T50] team0 (unregistering): Port device team_slave_1 removed [ 36.233961][ T50] team0 (unregistering): Port device team_slave_0 removed [ 36.280330][ T3589] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.289102][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.296210][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.307579][ T3266] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.318654][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.325829][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.350837][ T3589] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 36.361252][ T3589] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 36.402700][ T29] audit: type=1400 audit(1727635617.917:447): avc: denied { setopt } for pid=3842 comm="syz.1.144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 36.450837][ T3589] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.459604][ T29] audit: type=1400 audit(1727635617.937:448): avc: denied { write } for pid=3842 comm="syz.1.144" path="socket:[5626]" dev="sockfs" ino=5626 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 36.511466][ T3856] team0: Port device team_slave_1 removed [ 36.512427][ T29] audit: type=1400 audit(1727635618.017:449): avc: denied { ioctl } for pid=3854 comm="syz.0.146" path="socket:[5641]" dev="sockfs" ino=5641 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 36.559678][ T3660] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 36.576665][ T3660] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 36.585123][ T29] audit: type=1400 audit(1727635618.037:450): avc: denied { write } for pid=3850 comm="syz.1.145" path="socket:[5648]" dev="sockfs" ino=5648 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 36.612499][ T3660] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 36.634264][ T3660] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 36.667486][ T29] audit: type=1400 audit(1727635618.167:451): avc: denied { audit_write } for pid=3862 comm="syz.0.147" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 36.688581][ T29] audit: type=1107 audit(1727635618.167:452): pid=3862 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 36.699157][ T3878] loop0: detected capacity change from 0 to 128 [ 36.732318][ T3878] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 36.744995][ T3878] ext4 filesystem being mounted at /58/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 36.750316][ T3589] veth0_vlan: entered promiscuous mode [ 36.789958][ T3589] veth1_vlan: entered promiscuous mode [ 36.810977][ T3660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.820220][ T3589] veth0_macvtap: entered promiscuous mode [ 36.827081][ T3266] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 36.841299][ T3660] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.851905][ T3589] veth1_macvtap: entered promiscuous mode [ 36.864512][ T3589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.874989][ T3589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.884808][ T3589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 36.895280][ T3589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.906078][ T3589] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.929783][ T3889] Zero length message leads to an empty skb [ 36.940648][ T3589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.951169][ T3589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.961211][ T3589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 36.971695][ T3589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 36.986132][ T3589] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.993517][ T3887] netlink: 24 bytes leftover after parsing attributes in process `syz.1.153'. [ 37.034021][ T3660] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 37.044520][ T3660] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.064227][ T3893] team_slave_0: entered promiscuous mode [ 37.070898][ T3893] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 37.081975][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.089073][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.100703][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.107780][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.135211][ T3589] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.144033][ T3589] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.152826][ T3589] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.161558][ T3589] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.316770][ T3939] syz.1.165[3939] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.317769][ T3939] syz.1.165[3939] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.332890][ T3944] loop4: detected capacity change from 0 to 128 [ 37.338364][ T3660] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.359535][ T3939] syz.1.165[3939] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.411791][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 37.608893][ T3966] loop4: detected capacity change from 0 to 512 [ 37.617141][ T3660] veth0_vlan: entered promiscuous mode [ 37.623092][ T3974] netlink: 24 bytes leftover after parsing attributes in process `syz.3.175'. [ 37.632598][ T3966] EXT4-fs error (device loop4): ext4_orphan_get:1414: comm syz.4.172: bad orphan inode 15 [ 37.634314][ T3660] veth1_vlan: entered promiscuous mode [ 37.648414][ T3966] ext4_test_bit(bit=14, block=5) = 0 [ 37.654372][ T3966] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.689545][ T3660] veth0_macvtap: entered promiscuous mode [ 37.693903][ T3270] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.697907][ T3660] veth1_macvtap: entered promiscuous mode [ 37.717634][ T3660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.728223][ T3660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.738149][ T3660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.748739][ T3660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.758650][ T3660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 37.769272][ T3660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.781036][ T3660] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.789176][ T3660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.799668][ T3660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.809602][ T3660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.820064][ T3660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.829882][ T3660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 37.840299][ T3660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 37.850773][ T3660] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.860129][ T3660] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.868936][ T3660] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.877739][ T3660] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.886564][ T3660] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.975994][ T3994] netlink: 4 bytes leftover after parsing attributes in process `syz.4.179'. [ 38.258868][ T4026] netlink: 'syz.1.191': attribute type 39 has an invalid length. [ 38.266778][ T4026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.191'. [ 38.383668][ T4036] netlink: 'syz.0.195': attribute type 3 has an invalid length. [ 38.439685][ T4046] netlink: 4 bytes leftover after parsing attributes in process `syz.1.200'. [ 38.463930][ T4048] netlink: 4 bytes leftover after parsing attributes in process `syz.0.201'. [ 38.473530][ T4048] netlink: 4 bytes leftover after parsing attributes in process `syz.0.201'. [ 38.635934][ T4066] netlink: 4 bytes leftover after parsing attributes in process `syz.1.206'. [ 38.772207][ T4075] netlink: 'syz.0.211': attribute type 29 has an invalid length. [ 38.781482][ T4075] netlink: 'syz.0.211': attribute type 29 has an invalid length. [ 38.790263][ T4075] netlink: 500 bytes leftover after parsing attributes in process `syz.0.211'. [ 38.799629][ T4075] unsupported nla_type 40 [ 38.817037][ T4079] loop0: detected capacity change from 0 to 128 [ 38.885966][ T4082] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 38.893672][ T4082] vhci_hcd: invalid port number 97 [ 38.898862][ T4082] vhci_hcd: default hub control req: 685f v7473 i0061 l115 [ 38.924330][ T4086] loop4: detected capacity change from 0 to 128 [ 38.934398][ T4086] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 38.948999][ T4086] ext4 filesystem being mounted at /36/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 39.087209][ T4101] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 39.100483][ T4101] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 39.137588][ T4107] syz.0.225[4107] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 39.137688][ T4107] syz.0.225[4107] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 39.149257][ T4107] syz.0.225[4107] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 39.186443][ T4090] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 39.210262][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.268093][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.294950][ T4121] vxlan0: entered allmulticast mode [ 39.333113][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.368316][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.537642][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 39.548719][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 39.560738][ T11] bond0 (unregistering): Released all slaves [ 39.612682][ T4118] chnl_net:caif_netlink_parms(): no params data found [ 39.630864][ T11] hsr_slave_0: left promiscuous mode [ 39.638017][ T11] hsr_slave_1: left promiscuous mode [ 39.644224][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 39.651713][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 39.662666][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 39.670174][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 39.681141][ T11] veth1_macvtap: left promiscuous mode [ 39.686751][ T11] veth0_macvtap: left promiscuous mode [ 39.692514][ T11] veth1_vlan: left promiscuous mode [ 39.697949][ T11] veth0_vlan: left promiscuous mode [ 39.798196][ T11] team0 (unregistering): Port device team_slave_1 removed [ 39.810831][ T11] team0 (unregistering): Port device team_slave_0 removed [ 39.916905][ T4118] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.923990][ T4118] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.934475][ T4118] bridge_slave_0: entered allmulticast mode [ 39.943145][ T4118] bridge_slave_0: entered promiscuous mode [ 39.958865][ T4118] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.966074][ T4118] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.997676][ T4118] bridge_slave_1: entered allmulticast mode [ 40.004256][ T4118] bridge_slave_1: entered promiscuous mode [ 40.038953][ T4118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.051658][ T4118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.096156][ T4118] team0: Port device team_slave_0 added [ 40.098549][ T4172] netlink: 22 bytes leftover after parsing attributes in process `syz.2.240'. [ 40.116786][ T4118] team0: Port device team_slave_1 added [ 40.138326][ T4118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.145340][ T4118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.171259][ T4118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.200787][ T4118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.207884][ T4118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.233864][ T4118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.260862][ T4118] hsr_slave_0: entered promiscuous mode [ 40.268392][ T4118] hsr_slave_1: entered promiscuous mode [ 40.348307][ T4198] netlink: 'syz.1.244': attribute type 4 has an invalid length. [ 40.559626][ T4237] loop3: detected capacity change from 0 to 1024 [ 40.567040][ T4237] EXT4-fs: Ignoring removed orlov option [ 40.572783][ T4237] EXT4-fs: Ignoring removed bh option [ 40.594054][ T4237] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.626532][ T4237] syz.3.258[4237] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.626589][ T4237] syz.3.258[4237] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.646760][ T4237] syz.3.258[4237] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.688259][ T3589] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.736425][ T4118] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 40.750174][ T4118] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 40.771371][ T4118] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 40.781182][ T4118] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 40.822095][ T4118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.848674][ T4118] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.881442][ T161] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.888563][ T161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.904597][ T161] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.911719][ T161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.979704][ T4286] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 41.075585][ T4306] syz.1.266[4306] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.075654][ T4306] syz.1.266[4306] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.089918][ T4118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.116009][ T4306] syz.1.266[4306] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.249459][ T29] kauditd_printk_skb: 82 callbacks suppressed [ 41.249473][ T29] audit: type=1400 audit(1727635622.767:535): avc: denied { listen } for pid=4328 comm="syz.2.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 41.302155][ T29] audit: type=1326 audit(1727635622.817:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4333 comm="syz.3.271" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe31048dff9 code=0x0 [ 41.360532][ T4118] veth0_vlan: entered promiscuous mode [ 41.388420][ T4118] veth1_vlan: entered promiscuous mode [ 41.425806][ T4118] veth0_macvtap: entered promiscuous mode [ 41.439117][ T4118] veth1_macvtap: entered promiscuous mode [ 41.461146][ T4118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.471988][ T4118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.481959][ T4118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.484565][ T29] audit: type=1326 audit(1727635622.997:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.2.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662a2edff9 code=0x7ffc0000 [ 41.492406][ T4118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.492421][ T4118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.492434][ T4118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.530063][ T4118] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.543756][ T29] audit: type=1326 audit(1727635623.037:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.2.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662a2edff9 code=0x7ffc0000 [ 41.583236][ T29] audit: type=1326 audit(1727635623.067:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.2.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f662a2edff9 code=0x7ffc0000 [ 41.606671][ T29] audit: type=1326 audit(1727635623.067:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.2.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662a2edff9 code=0x7ffc0000 [ 41.617238][ T4118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.630144][ T29] audit: type=1326 audit(1727635623.067:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.2.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662a2edff9 code=0x7ffc0000 [ 41.630168][ T29] audit: type=1400 audit(1727635623.067:542): avc: denied { append } for pid=4376 comm="syz.0.278" name="ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 41.640088][ T29] audit: type=1326 audit(1727635623.097:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.2.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f662a2edff9 code=0x7ffc0000 [ 41.640665][ T4118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.664171][ T29] audit: type=1326 audit(1727635623.097:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4371 comm="syz.2.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662a2edff9 code=0x7ffc0000 [ 41.743391][ T4118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.754054][ T4118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.764147][ T4118] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.768697][ T4372] loop2: detected capacity change from 0 to 512 [ 41.774678][ T4118] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.792120][ T4118] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.806213][ T4390] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 41.815694][ T4118] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.824412][ T4118] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.826750][ T4390] vhci_hcd: default hub control req: 9500 v0000 i0000 l0 [ 41.833237][ T4118] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.848886][ T4118] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.850248][ T4372] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.870887][ T4372] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.894205][ T4372] SELinux: Context system_u:object_r:apt_var_lib_t:s0 is not valid (left unmapped). [ 41.942717][ T3660] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.002879][ T4408] __nla_validate_parse: 2 callbacks suppressed [ 42.002894][ T4408] netlink: 4 bytes leftover after parsing attributes in process `syz.2.287'. [ 42.009965][ T4403] syzkaller0: entered promiscuous mode [ 42.023563][ T4403] syzkaller0: entered allmulticast mode [ 42.039007][ T4396] loop1: detected capacity change from 0 to 8192 [ 42.132599][ T4420] loop1: detected capacity change from 0 to 512 [ 42.159084][ T4420] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.171683][ T4420] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.211358][ T4432] loop0: detected capacity change from 0 to 764 [ 42.221415][ T3269] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.319119][ T4449] loop1: detected capacity change from 0 to 2048 [ 42.338241][ T4449] EXT4-fs: Ignoring removed orlov option [ 42.356821][ T4453] can0: slcan on ttyS3. [ 42.386494][ T4449] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.405714][ T4449] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.472213][ T4461] ebtables: ebtables: counters copy to user failed while replacing table [ 42.481596][ T4453] can0 (unregistered): slcan off ttyS3. [ 42.487465][ T4453] Falling back ldisc for ttyS3. [ 42.551914][ T3269] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.579971][ T4470] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 42.688261][ T4482] loop4: detected capacity change from 0 to 512 [ 42.710190][ T4482] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.723109][ T4482] ext4 filesystem being mounted at /7/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 42.793463][ T4492] syz.1.321[4492] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 42.842173][ T4118] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.875969][ T4496] netlink: zone id is out of range [ 42.881125][ T4496] netlink: zone id is out of range [ 42.896769][ T4496] netlink: zone id is out of range [ 42.901905][ T4496] netlink: zone id is out of range [ 42.907199][ T4496] netlink: zone id is out of range [ 42.922469][ T4496] netlink: del zone limit has 4 unknown bytes [ 43.001415][ T4506] loop4: detected capacity change from 0 to 1024 [ 43.004181][ T4501] loop1: detected capacity change from 0 to 2048 [ 43.021280][ T4506] EXT4-fs: Ignoring removed orlov option [ 43.037858][ T4506] EXT4-fs: Ignoring removed nomblk_io_submit option [ 43.058128][ T4506] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a842e018, mo2=0002] [ 43.073093][ T4506] System zones: 0-1, 3-12 [ 43.090325][ T4506] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.218679][ T4506] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2792: inode #14: comm syz.4.326: corrupted in-inode xattr: bad magic number in in-inode xattr [ 43.237491][ T4506] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #14: comm syz.4.326: attempt to clear invalid blocks 1886221359 len 1 [ 43.259383][ T4518] bond1: entered promiscuous mode [ 43.264462][ T4518] bond1: entered allmulticast mode [ 43.271187][ T4518] 8021q: adding VLAN 0 to HW filter on device bond1 [ 43.284238][ T4518] bond1 (unregistering): Released all slaves [ 43.315904][ T4118] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.425164][ T4531] loop4: detected capacity change from 0 to 512 [ 43.446680][ T4531] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.459279][ T4531] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.484041][ T4118] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.524014][ T4537] netlink: 36 bytes leftover after parsing attributes in process `syz.3.335'. [ 43.821395][ T4572] netlink: 44 bytes leftover after parsing attributes in process `syz.3.352'. [ 43.975989][ T4595] netlink: 8 bytes leftover after parsing attributes in process `syz.0.359'. [ 43.984866][ T4595] netlink: 8 bytes leftover after parsing attributes in process `syz.0.359'. [ 44.237271][ T4624] loop1: detected capacity change from 0 to 128 [ 44.461218][ T4643] loop1: detected capacity change from 0 to 2048 [ 44.501771][ T4643] Alternate GPT is invalid, using primary GPT. [ 44.508316][ T4643] loop1: p1 p2 p3 [ 44.846967][ T4665] process 'syz.3.391' launched './file1' with NULL argv: empty string added [ 45.039549][ T4675] bpf_get_probe_write_proto: 8 callbacks suppressed [ 45.039617][ T4675] syz.3.395[4675] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.055640][ T4673] tipc: Enabling of bearer rejected, failed to enable media [ 45.082472][ T4675] syz.3.395[4675] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.082588][ T4675] syz.3.395[4675] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.197942][ T4686] loop4: detected capacity change from 0 to 512 [ 45.258471][ T4686] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 45.279079][ T4696] netlink: 60 bytes leftover after parsing attributes in process `syz.2.403'. [ 45.288052][ T4696] netlink: 60 bytes leftover after parsing attributes in process `syz.2.403'. [ 45.306055][ T4698] netlink: 'syz.0.406': attribute type 39 has an invalid length. [ 45.313920][ T4698] netlink: 8 bytes leftover after parsing attributes in process `syz.0.406'. [ 45.336145][ T4698] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.343401][ T4698] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.353200][ T4686] EXT4-fs (loop4): 1 orphan inode deleted [ 45.359000][ T4686] EXT4-fs (loop4): 1 truncate cleaned up [ 45.384639][ T4686] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.469385][ T4118] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.554343][ T4720] netlink: 60 bytes leftover after parsing attributes in process `syz.3.415'. [ 45.563635][ T4720] unsupported nlmsg_type 40 [ 45.680571][ T4731] netlink: 12 bytes leftover after parsing attributes in process `syz.3.420'. [ 45.721406][ T4733] tipc: Started in network mode [ 45.726502][ T4733] tipc: Node identity 52297f711b18, cluster identity 4711 [ 45.733757][ T4733] tipc: Enabled bearer , priority 10 [ 45.750986][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.758763][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.766570][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.774268][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.782130][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.784232][ T4733] tipc: Resetting bearer [ 45.789865][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.801790][ T4738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 45.803309][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.819418][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.827110][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.834803][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.842563][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.850275][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.858055][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.865795][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.873448][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.881207][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.889025][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.896662][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.904658][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.912489][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.920262][ T3345] hid-generic 0000:1000003:0000.0002: unknown main item tag 0x0 [ 45.931979][ T4738] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 45.938041][ T3345] hid-generic 0000:1000003:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 [ 45.949778][ T4732] tipc: Resetting bearer [ 45.976158][ T4732] tipc: Disabling bearer [ 46.061984][ T4755] ebt_among: dst integrity fail: 101 [ 46.096836][ T4759] loop1: detected capacity change from 0 to 4096 [ 46.116028][ T4759] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.228199][ T4770] loop0: detected capacity change from 0 to 128 [ 46.295442][ C1] ------------[ cut here ]------------ [ 46.300961][ C1] refcount_t: underflow; use-after-free. [ 46.306796][ C1] WARNING: CPU: 1 PID: 23 at lib/refcount.c:28 refcount_warn_saturate+0x1c6/0x230 [ 46.316037][ C1] Modules linked in: [ 46.319960][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 46.330259][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 46.340438][ C1] RIP: 0010:refcount_warn_saturate+0x1c6/0x230 [ 46.346629][ C1] Code: 72 ff ff ff e8 0b 88 71 ff 48 c7 c7 be d6 b2 86 e8 9f 6d 8a ff c6 05 b6 2d f4 04 01 90 48 c7 c7 c2 a5 1b 86 e8 db 4c 53 ff 90 <0f> 0b 90 90 e9 43 ff ff ff e8 dc 87 71 ff 48 c7 c7 bb d6 b2 86 e8 [ 46.366280][ C1] RSP: 0018:ffffc900000cf9e8 EFLAGS: 00010246 [ 46.372334][ C1] RAX: 19bbec5567023c00 RBX: ffff8881156055e4 RCX: ffff888100f92100 [ 46.380313][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 46.388307][ C1] RBP: 0000000000000003 R08: ffffffff8111f757 R09: 0000000000000000 [ 46.396305][ C1] R10: 0001ffffffffffff R11: ffff888100f92100 R12: 0000000000000001 [ 46.404330][ C1] R13: ffff888114b92e00 R14: ffff8881156055e4 R15: 0000000000000000 [ 46.412321][ C1] FS: 0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 [ 46.421295][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.427916][ C1] CR2: 000000002072c000 CR3: 000000010f21e000 CR4: 00000000003506f0 [ 46.435914][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 46.443914][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 [ 46.451903][ C1] Call Trace: [ 46.455185][ C1] [ 46.458275][ C1] ? __warn+0x141/0x350 [ 46.462459][ C1] ? report_bug+0x315/0x420 [ 46.466987][ C1] ? refcount_warn_saturate+0x1c6/0x230 [ 46.472545][ C1] ? handle_bug+0x60/0x90 [ 46.476926][ C1] ? exc_invalid_op+0x1a/0x50 [ 46.481658][ C1] ? asm_exc_invalid_op+0x1a/0x20 [ 46.486702][ C1] ? __warn_printk+0x167/0x1b0 [ 46.491477][ C1] ? refcount_warn_saturate+0x1c6/0x230 [ 46.497056][ C1] ? refcount_warn_saturate+0x1c5/0x230 [ 46.502606][ C1] sk_skb_reason_drop+0xe9/0x290 [ 46.507623][ C1] j1939_xtp_rx_cts+0x3c4/0x6c0 [ 46.512688][ C1] j1939_tp_recv+0x699/0xa80 [ 46.517346][ C1] j1939_can_recv+0x45f/0x550 [ 46.522028][ C1] ? __pfx_j1939_can_recv+0x10/0x10 [ 46.527250][ C1] can_rcv_filter+0x225/0x4c0 [ 46.531951][ C1] can_receive+0x182/0x1f0 [ 46.536367][ C1] ? can_rcv+0xdc/0x180 [ 46.540572][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 46.545132][ C1] can_rcv+0xe7/0x180 [ 46.549148][ C1] ? __pfx_can_rcv+0x10/0x10 [ 46.553756][ C1] __netif_receive_skb+0x123/0x280 [ 46.559010][ C1] process_backlog+0x22e/0x440 [ 46.563785][ C1] __napi_poll+0x63/0x3c0 [ 46.568233][ C1] ? net_rx_action+0x376/0x7f0 [ 46.573053][ C1] net_rx_action+0x3a1/0x7f0 [ 46.577736][ C1] handle_softirqs+0xbf/0x280 [ 46.582651][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 46.587771][ C1] run_ksoftirqd+0x1c/0x30 [ 46.592224][ C1] smpboot_thread_fn+0x31c/0x4c0 [ 46.597265][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 46.602739][ C1] kthread+0x1d1/0x210 [ 46.606820][ C1] ? __pfx_kthread+0x10/0x10 [ 46.611428][ C1] ret_from_fork+0x4b/0x60 [ 46.615882][ C1] ? __pfx_kthread+0x10/0x10 [ 46.620620][ C1] ret_from_fork_asm+0x1a/0x30 [ 46.625438][ C1] [ 46.628537][ C1] ---[ end trace 0000000000000000 ]--- [ 46.979936][ T3269] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.003037][ T4779] loop1: detected capacity change from 0 to 1024 [ 47.022551][ T4779] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.038167][ T29] kauditd_printk_skb: 228 callbacks suppressed [ 47.038181][ T29] audit: type=1326 audit(1727635628.312:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4778 comm="syz.1.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f259500dff9 code=0x7ffc0000 [ 47.067892][ T29] audit: type=1326 audit(1727635628.312:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4778 comm="syz.1.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f259500dff9 code=0x7ffc0000 [ 47.091207][ T29] audit: type=1326 audit(1727635628.312:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4778 comm="syz.1.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f259500dff9 code=0x7ffc0000 [ 47.114559][ T29] audit: type=1326 audit(1727635628.312:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4778 comm="syz.1.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f259500dff9 code=0x7ffc0000 [ 47.137777][ T29] audit: type=1326 audit(1727635628.312:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4778 comm="syz.1.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f259500dff9 code=0x7ffc0000 [ 47.161178][ T29] audit: type=1326 audit(1727635628.312:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4778 comm="syz.1.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f259500dff9 code=0x7ffc0000 [ 47.184651][ T29] audit: type=1326 audit(1727635628.312:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4778 comm="syz.1.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f259500dff9 code=0x7ffc0000 [ 47.208229][ T29] audit: type=1326 audit(1727635628.312:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4778 comm="syz.1.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f259500dff9 code=0x7ffc0000 [ 47.231514][ T29] audit: type=1326 audit(1727635628.312:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4778 comm="syz.1.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f259500dff9 code=0x7ffc0000 [ 47.254824][ T29] audit: type=1326 audit(1727635628.312:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4778 comm="syz.1.441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f259500dff9 code=0x7ffc0000 [ 47.278989][ T3269] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.306639][ T4784] syz.2.444 (4784) used greatest stack depth: 10624 bytes left [ 47.321687][ T4790] syz.2.446[4790] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 47.321807][ T4790] syz.2.446[4790] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 47.333544][ T4790] syz.2.446[4790] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 47.333867][ T4791] tipc: Enabling of bearer rejected, failed to enable media [ 47.465290][ C1] hrtimer: interrupt took 32671 ns [ 47.692031][ T4814] loop4: detected capacity change from 0 to 256 [ 47.699228][ T4814] vfat: Bad value for 'fmask' [ 47.739054][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888111adae00: rx timeout, send abort [ 47.963031][ T4830] pim6reg1: entered promiscuous mode [ 47.968543][ T4830] pim6reg1: entered allmulticast mode [ 48.072202][ T4827] chnl_net:caif_netlink_parms(): no params data found [ 48.125998][ T4827] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.133171][ T4827] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.140327][ T4827] bridge_slave_0: entered allmulticast mode [ 48.146970][ T4827] bridge_slave_0: entered promiscuous mode [ 48.154376][ T4827] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.154496][ T4848] netlink: 8 bytes leftover after parsing attributes in process `syz.0.464'. [ 48.161432][ T4827] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.185199][ T4827] bridge_slave_1: entered allmulticast mode [ 48.199238][ T4827] bridge_slave_1: entered promiscuous mode [ 48.226562][ T4827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.237413][ T4827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.258138][ T4827] team0: Port device team_slave_0 added [ 48.265349][ T4827] team0: Port device team_slave_1 added [ 48.289090][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888111adae00: abort rx timeout. Force session deactivation [ 48.290007][ T4827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.306353][ T4827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.332345][ T4827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.372648][ T4827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.379678][ T4827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.405640][ T4827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.424599][ T4855] netlink: 8 bytes leftover after parsing attributes in process `syz.3.467'. [ 48.473686][ T4827] hsr_slave_0: entered promiscuous mode [ 48.479912][ T4827] hsr_slave_1: entered promiscuous mode [ 48.485757][ T4827] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 48.493556][ T4827] Cannot create hsr debugfs directory [ 48.513365][ T4858] team_slave_0: entered promiscuous mode [ 48.520669][ T4858] team_slave_0: left promiscuous mode [ 48.866111][ T4881] netlink: 40 bytes leftover after parsing attributes in process `syz.2.479'. [ 49.023979][ T4827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 49.045075][ T4827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 49.061179][ T4827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 49.070393][ T4827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 49.108579][ T4827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.121552][ T4827] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.132715][ T3367] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.139962][ T3367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.157782][ T4827] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 49.168322][ T4827] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 49.183557][ T3367] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.190707][ T3367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.251522][ T4827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.325208][ T4827] veth0_vlan: entered promiscuous mode [ 49.334148][ T4827] veth1_vlan: entered promiscuous mode [ 49.350971][ T4827] veth0_macvtap: entered promiscuous mode [ 49.359183][ T4827] veth1_macvtap: entered promiscuous mode [ 49.370290][ T4827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.381096][ T4827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.391208][ T4827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.401647][ T4827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.411477][ T4827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.421965][ T4827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.431913][ T4827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.442416][ T4827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.454488][ T4827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.465734][ T4827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.476422][ T4827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.486622][ T4827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.497059][ T4827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.506897][ T4827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.517475][ T4827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.527277][ T4827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.537754][ T4827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.551665][ T4827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.562872][ T4827] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.571700][ T4827] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.580490][ T4827] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.589738][ T4827] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.665018][ T4903] loop1: detected capacity change from 0 to 512 [ 49.691923][ T4903] EXT4-fs (loop1): too many log groups per flexible block group [ 49.699613][ T4903] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 49.707767][ T4903] EXT4-fs (loop1): mount failed [ 49.792156][ T4921] loop3: detected capacity change from 0 to 512 [ 49.818431][ T4925] loop2: detected capacity change from 0 to 1024 [ 49.827301][ T4921] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.840063][ T4921] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.841192][ T4925] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.862717][ T4925] ext4 filesystem being mounted at /60/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.892992][ T3589] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.926716][ T3660] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.011387][ T4938] loop2: detected capacity change from 0 to 8192 [ 50.015844][ T4946] syz.3.500[4946] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.017920][ T4946] syz.3.500[4946] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.030169][ T4946] syz.3.500[4946] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.161020][ T4964] loop1: detected capacity change from 0 to 1024 [ 50.184197][ T4968] loop3: detected capacity change from 0 to 512 [ 50.195196][ T4968] EXT4-fs: Ignoring removed i_version option [ 50.203253][ T4964] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.220728][ T4968] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 50.234440][ T4968] EXT4-fs (loop3): 1 truncate cleaned up [ 50.240560][ T4968] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.318358][ T4827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.579043][ T4984] serio: Serial port ptm0 [ 51.103861][ T3589] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.133795][ T24] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4 [ 51.141489][ T24] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2 [ 51.149976][ T24] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x3 [ 51.158304][ T24] hid-generic 0000:3000000:0000.0003: hidraw0: HID v0.00 Device [sy] on syz0 [ 51.920458][ T5019] pim6reg1: entered promiscuous mode [ 51.925934][ T5019] pim6reg1: entered allmulticast mode [ 52.052290][ T5030] netlink: 20 bytes leftover after parsing attributes in process `syz.2.530'. [ 52.201707][ T5042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 52.216206][ T5042] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 52.226611][ T5042] loop1: detected capacity change from 0 to 128 [ 52.533818][ T29] kauditd_printk_skb: 119 callbacks suppressed [ 52.533832][ T29] audit: type=1400 audit(1727635633.379:902): avc: denied { create } for pid=5047 comm="syz.3.535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 52.561750][ T5048] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 52.581916][ T29] audit: type=1400 audit(1727635633.398:903): avc: denied { write } for pid=5047 comm="syz.3.535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 52.672995][ T29] audit: type=1326 audit(1727635633.508:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.3.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe31048dff9 code=0x7ffc0000 [ 52.683974][ T5050] loop3: detected capacity change from 0 to 512 [ 52.696448][ T29] audit: type=1326 audit(1727635633.508:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.3.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fe31048dff9 code=0x7ffc0000 [ 52.696475][ T29] audit: type=1326 audit(1727635633.508:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.3.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe31048e033 code=0x7ffc0000 [ 52.697814][ T29] audit: type=1326 audit(1727635633.518:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.3.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe31048cadf code=0x7ffc0000 [ 52.746743][ T5050] ext4: Unknown parameter 'subj_user' [ 52.749586][ T29] audit: type=1326 audit(1727635633.518:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.3.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fe31048e087 code=0x7ffc0000 [ 52.801373][ T29] audit: type=1326 audit(1727635633.518:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.3.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe31048c990 code=0x7ffc0000 [ 52.824637][ T29] audit: type=1326 audit(1727635633.518:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.3.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe31048dbfb code=0x7ffc0000 [ 52.849590][ T29] audit: type=1326 audit(1727635633.582:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5049 comm="syz.3.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe31048cc8a code=0x7ffc0000 [ 52.866021][ T5053] syz.1.537[5053] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.872803][ T5053] syz.1.537[5053] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.884385][ T5053] syz.1.537[5053] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.960418][ T5057] tipc: Started in network mode [ 52.976595][ T5057] tipc: Node identity ac1414aa, cluster identity 4711 [ 52.984784][ T5057] tipc: Enabled bearer , priority 10 [ 52.992285][ T5057] tipc: Disabling bearer [ 53.061859][ T5062] loop1: detected capacity change from 0 to 2048 [ 53.076657][ T5062] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.109975][ T4827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.168920][ T5078] syzkaller0: entered promiscuous mode [ 53.174438][ T5078] syzkaller0: entered allmulticast mode [ 53.293047][ T5092] syz.3.552[5092] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.293113][ T5092] syz.3.552[5092] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.304669][ T5092] syz.3.552[5092] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.354281][ T5100] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 54.102528][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.109996][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.117550][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.125049][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.132593][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.140039][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.147563][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.155000][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.162533][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.170024][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.177428][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.184813][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.192308][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.199775][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.207305][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.214771][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.224373][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.231806][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.239340][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.246896][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.254401][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.261958][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.269377][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.276781][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.284226][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.291615][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.299053][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.306711][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.307784][ T5134] loop1: detected capacity change from 0 to 512 [ 54.314164][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.327799][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.331680][ T5134] EXT4-fs: Ignoring removed bh option [ 54.335182][ T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 54.350833][ T5134] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 54.370833][ T24] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz0 [ 54.381224][ T5134] EXT4-fs (loop1): 1 truncate cleaned up [ 54.387532][ T5134] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.436050][ T4827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.629636][ T5174] loop3: detected capacity change from 0 to 128 [ 54.661324][ T5174] syz.3.586: attempt to access beyond end of device [ 54.661324][ T5174] loop3: rw=0, sector=121, nr_sectors = 119 limit=128 [ 54.679590][ T5180] netlink: 132 bytes leftover after parsing attributes in process `syz.4.588'. [ 54.689349][ T5180] netlink: 'syz.4.588': attribute type 10 has an invalid length. [ 54.703324][ T5180] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 54.765753][ T3817] kworker/u8:8: attempt to access beyond end of device [ 54.765753][ T3817] loop3: rw=1, sector=241, nr_sectors = 800 limit=128 [ 54.792237][ T5179] SET target dimension over the limit! [ 54.800040][ T5189] netlink: 80 bytes leftover after parsing attributes in process `syz.4.593'. [ 54.873701][ T5201] loop3: detected capacity change from 0 to 256 [ 54.877845][ T5200] netlink: 8 bytes leftover after parsing attributes in process `syz.1.598'. [ 54.895071][ T5200] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.944803][ T5201] loop3: detected capacity change from 256 to 11 [ 54.953641][ T5203] FAT-fs (loop3): unable to read inode block for updating (i_pos 202) [ 54.956960][ T5200] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.013617][ T5200] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.099462][ T5200] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.156334][ T5200] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.166830][ T5200] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.178922][ T5200] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.190026][ T5200] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.319543][ T3589] FAT-fs (loop3): Directory bread(block 3) failed [ 55.500181][ T5209] syz.0.601[5209] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 55.500221][ T5209] syz.0.601[5209] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 55.511600][ T5209] syz.0.601[5209] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 55.525726][ T5209] netlink: 28 bytes leftover after parsing attributes in process `syz.0.601'. [ 55.547080][ T5209] netlink: 8 bytes leftover after parsing attributes in process `syz.0.601'. [ 55.645728][ T5231] netlink: 4 bytes leftover after parsing attributes in process `syz.0.609'. [ 55.656696][ T5231] vxcan3: entered promiscuous mode [ 55.667413][ T5231] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5231 comm=syz.0.609 [ 55.683377][ T5231] netlink: 4 bytes leftover after parsing attributes in process `syz.0.609'. [ 55.720622][ T5213] chnl_net:caif_netlink_parms(): no params data found [ 55.756077][ T5213] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.763355][ T5213] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.770739][ T5213] bridge_slave_0: entered allmulticast mode [ 55.777057][ T5213] bridge_slave_0: entered promiscuous mode [ 55.784936][ T5213] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.792068][ T5213] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.799459][ T5213] bridge_slave_1: entered allmulticast mode [ 55.806048][ T5213] bridge_slave_1: entered promiscuous mode [ 55.825503][ T5213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.836040][ T5213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.866462][ T5213] team0: Port device team_slave_0 added [ 55.873040][ T5213] team0: Port device team_slave_1 added [ 55.899560][ T5213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.906559][ T5213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.932622][ T5213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.944365][ T5213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.951323][ T5213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.977306][ T5213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.990817][ T5253] pim6reg: entered allmulticast mode [ 56.000171][ T5249] pim6reg: left allmulticast mode [ 56.019324][ T5213] hsr_slave_0: entered promiscuous mode [ 56.025307][ T5213] hsr_slave_1: entered promiscuous mode [ 56.031443][ T5213] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.039245][ T5213] Cannot create hsr debugfs directory [ 56.127081][ T5213] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.157786][ T5256] loop2: detected capacity change from 0 to 8192 [ 56.165364][ T5267] netlink: 48 bytes leftover after parsing attributes in process `syz.1.624'. [ 56.188127][ C1] dccp_v4_rcv: dropped packet with invalid checksum [ 56.205142][ T5213] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.327138][ T5213] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.339513][ T5289] netlink: 24 bytes leftover after parsing attributes in process `syz.2.634'. [ 56.393142][ T5213] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.453769][ T5213] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 56.491804][ T5213] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 56.512192][ T5213] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 56.531964][ T5213] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 56.589714][ T5314] loop2: detected capacity change from 0 to 128 [ 56.631670][ T5213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.670691][ T5213] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.685163][ T5304] syz.2.641: attempt to access beyond end of device [ 56.685163][ T5304] loop2: rw=34817, sector=97, nr_sectors = 32 limit=128 [ 56.701402][ T5303] syz.2.641 (5303) used greatest stack depth: 10544 bytes left [ 56.718468][ T3817] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.725561][ T3817] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.739176][ T3817] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.746429][ T3817] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.788725][ T5327] syz.0.650[5327] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 56.821662][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.840321][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.847726][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.855295][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.862687][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.870107][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.877579][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.885045][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.892486][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.894083][ T5213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.899942][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914106][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914128][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914148][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914166][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914186][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914207][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914226][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914308][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914331][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914353][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914376][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914427][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914475][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914497][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914520][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914567][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914590][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914613][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914635][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914657][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914680][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.914703][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 56.987415][ T5213] veth0_vlan: entered promiscuous mode [ 56.989397][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 57.003133][ T5213] veth1_vlan: entered promiscuous mode [ 57.004603][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 57.025390][ T5213] veth0_macvtap: entered promiscuous mode [ 57.026753][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 57.037248][ T5213] veth1_macvtap: entered promiscuous mode [ 57.041487][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 57.055453][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.056196][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 57.063554][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.070903][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 57.078232][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.078245][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.078253][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.078264][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.078274][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.083734][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 57.091092][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.096508][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 57.103851][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.109544][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 57.116883][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.166636][ T5213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.175513][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 57.190796][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.195711][ T3342] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 57.205486][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.218010][ T3342] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz0] on syz0 [ 57.223244][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.223275][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.340832][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.340848][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.340857][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.340869][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.340878][ T5213] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.340889][ T5213] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.406424][ T5213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.409235][ T5213] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.409270][ T5213] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.409317][ T5213] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.409348][ T5213] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.533623][ T5353] loop3: detected capacity change from 0 to 128 [ 57.574534][ T5353] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 57.601066][ T5353] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 57.660116][ T5213] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 57.711675][ T5371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.665'. [ 57.759595][ T5360] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 57.795158][ T5381] loop2: detected capacity change from 0 to 512 [ 57.828519][ T5381] EXT4-fs error (device loop2): ext4_xattr_inode_iget:436: comm syz.2.669: Parent and EA inode have the same ino 15 [ 57.890206][ T5381] EXT4-fs (loop2): 1 orphan inode deleted [ 57.901483][ T5384] bridge_slave_1: left allmulticast mode [ 57.907165][ T5384] bridge_slave_1: left promiscuous mode [ 57.912932][ T5384] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.930176][ T5381] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.954750][ T5384] bridge_slave_0: left allmulticast mode [ 57.959629][ T5381] block device autoloading is deprecated and will be removed. [ 57.960486][ T5384] bridge_slave_0: left promiscuous mode [ 57.967916][ T5381] syz.2.669: attempt to access beyond end of device [ 57.967916][ T5381] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 57.973569][ T5384] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.015608][ T3660] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.051481][ T29] kauditd_printk_skb: 423 callbacks suppressed [ 58.051496][ T29] audit: type=1400 audit(1727635638.465:1335): avc: denied { mount } for pid=5403 comm="syz.2.679" name="/" dev="ramfs" ino=11982 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 58.098431][ T29] audit: type=1400 audit(1727635638.511:1336): avc: denied { unmount } for pid=3660 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 58.138572][ T5406] bridge_slave_0: left allmulticast mode [ 58.144307][ T5406] bridge_slave_0: left promiscuous mode [ 58.150226][ T5406] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.160824][ T5406] bridge_slave_1: left allmulticast mode [ 58.160843][ T5406] bridge_slave_1: left promiscuous mode [ 58.161068][ T5406] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.176813][ T5406] bond0: (slave bond_slave_0): Releasing backup interface [ 58.233345][ T5406] bond0: (slave bond_slave_1): Releasing backup interface [ 58.257454][ T5406] team0: Port device team_slave_0 removed [ 58.278178][ T5406] team0: Port device team_slave_1 removed [ 58.287421][ T5406] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 58.295039][ T5406] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 58.317605][ T5406] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 58.325081][ T5406] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 58.371893][ T29] audit: type=1400 audit(1727635638.770:1337): avc: denied { cpu } for pid=5425 comm="syz.4.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 58.395362][ T5420] netlink: 'syz.2.686': attribute type 39 has an invalid length. [ 58.402641][ T5427] loop1: detected capacity change from 0 to 128 [ 58.413125][ T5420] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.420419][ T5420] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.451584][ T29] audit: type=1326 audit(1727635638.834:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5428 comm="syz.4.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a6a96dff9 code=0x7ffc0000 [ 58.475000][ T29] audit: type=1326 audit(1727635638.834:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5428 comm="syz.4.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a6a96dff9 code=0x7ffc0000 [ 58.547576][ T5422] syz.1.696: attempt to access beyond end of device [ 58.547576][ T5422] loop1: rw=34817, sector=97, nr_sectors = 32 limit=128 [ 58.554430][ T29] audit: type=1400 audit(1727635638.834:1340): avc: denied { read } for pid=5429 comm="syz.3.689" laddr=127.0.0.1 lport=57752 faddr=127.0.0.1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 58.585229][ T29] audit: type=1326 audit(1727635638.890:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5428 comm="syz.4.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a6a96dff9 code=0x7ffc0000 [ 58.608635][ T29] audit: type=1326 audit(1727635638.890:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5428 comm="syz.4.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a6a96dff9 code=0x7ffc0000 [ 58.631947][ T29] audit: type=1326 audit(1727635638.890:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5428 comm="syz.4.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a6a96dff9 code=0x7ffc0000 [ 58.655383][ T29] audit: type=1326 audit(1727635638.890:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5428 comm="syz.4.690" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a6a96dff9 code=0x7ffc0000 [ 58.724957][ T5453] loop4: detected capacity change from 0 to 1024 [ 58.732157][ T5453] EXT4-fs: Ignoring removed oldalloc option [ 58.768798][ T5453] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.808234][ T5461] bridge_slave_0: left allmulticast mode [ 58.814048][ T5461] bridge_slave_0: left promiscuous mode [ 58.819871][ T5461] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.833430][ T5461] bridge_slave_1: left allmulticast mode [ 58.839152][ T5461] bridge_slave_1: left promiscuous mode [ 58.845143][ T5461] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.863357][ T5461] bond0: (slave bond_slave_0): Releasing backup interface [ 58.867785][ T5453] syz.4.699 (5453) used greatest stack depth: 10168 bytes left [ 58.883493][ T4118] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.892870][ T5461] bond0: (slave bond_slave_1): Releasing backup interface [ 58.910168][ T5461] team0: Port device team_slave_0 removed [ 58.927969][ T5461] team0: Port device team_slave_1 removed [ 58.929059][ T5461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 58.929091][ T5461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 58.937861][ T5461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 58.958620][ T5461] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 59.023693][ T5471] netlink: 'syz.3.705': attribute type 39 has an invalid length. [ 59.140057][ C1] dccp_v4_rcv: dropped packet with invalid checksum [ 59.146763][ C1] dccp_v4_rcv: dropped packet with invalid checksum [ 59.167715][ T5490] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 59.244465][ T5493] syzkaller0: entered promiscuous mode [ 59.250247][ T5493] syzkaller0: entered allmulticast mode [ 59.337396][ T5507] loop3: detected capacity change from 0 to 512 [ 59.366074][ T5507] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 59.369720][ T5514] bridge0: port 1(macvlan0) entered blocking state [ 59.375278][ T5507] EXT4-fs (loop3): orphan cleanup on readonly fs [ 59.380704][ T5514] bridge0: port 1(macvlan0) entered disabled state [ 59.388995][ T5507] EXT4-fs warning (device loop3): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 59.395982][ T5514] macvlan0: entered allmulticast mode [ 59.413627][ T5514] veth1_vlan: entered allmulticast mode [ 59.415162][ T5507] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 59.421018][ T5514] macvlan0: entered promiscuous mode [ 59.428058][ T5507] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.720: bg 0: block 40: padding at end of block bitmap is not set [ 59.432656][ T5514] bridge0: port 1(macvlan0) entered blocking state [ 59.447380][ T5507] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 59.452032][ T5514] bridge0: port 1(macvlan0) entered forwarding state [ 59.461138][ T5507] EXT4-fs (loop3): 1 truncate cleaned up [ 59.483508][ T5507] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 59.506529][ T5507] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 59.522047][ T5522] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 59.533340][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.463427][ T5625] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 60.726689][ T5649] __nla_validate_parse: 5 callbacks suppressed [ 60.726700][ T5649] netlink: 140 bytes leftover after parsing attributes in process `syz.4.779'. [ 60.769501][ T5650] netlink: 'syz.3.777': attribute type 6 has an invalid length. [ 60.777213][ T5650] netlink: 14557 bytes leftover after parsing attributes in process `syz.3.777'. [ 60.840784][ C0] dccp_v4_rcv: dropped packet with invalid checksum [ 61.157213][ T5658] netlink: 'syz.2.783': attribute type 39 has an invalid length. [ 61.165051][ T5658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.783'. [ 61.192072][ T5662] netlink: 36 bytes leftover after parsing attributes in process `syz.1.786'. [ 61.544618][ T5677] netlink: 44 bytes leftover after parsing attributes in process `syz.2.794'. [ 61.632764][ T5693] loop3: detected capacity change from 0 to 128 [ 61.696797][ T5700] bpf_get_probe_write_proto: 8 callbacks suppressed [ 61.696812][ T5700] syz.2.803[5700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.704019][ T5700] syz.2.803[5700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.715569][ T5700] syz.2.803[5700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.728419][ T5700] syz.2.803[5700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.740447][ T5700] syz.2.803[5700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.751744][ T5700] syz.2.803[5700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 61.830436][ T5712] tipc: Enabled bearer , priority 10 [ 61.884009][ T5712] tipc: Resetting bearer [ 61.894686][ T3367] tipc: Resetting bearer [ 61.905973][ T5711] tipc: Resetting bearer [ 61.916640][ T5711] tipc: Disabling bearer [ 62.088520][ T5724] serio: Serial port ptm0 [ 62.211210][ T5733] loop1: detected capacity change from 0 to 1024 [ 62.239048][ T5733] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 62.253141][ T5733] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.301255][ T5733] support for the xor transformation has been removed. [ 62.654685][ T5759] loop3: detected capacity change from 0 to 512 [ 62.662860][ T5759] EXT4-fs error (device loop3): ext4_xattr_inode_iget:436: comm syz.3.826: Parent and EA inode have the same ino 15 [ 62.675753][ T5759] EXT4-fs (loop3): 1 orphan inode deleted [ 62.681855][ T5759] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 62.696184][ T5759] syz.3.826: attempt to access beyond end of device [ 62.696184][ T5759] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 62.723850][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.780358][ T5766] tipc: Started in network mode [ 62.785263][ T5766] tipc: Node identity , cluster identity 4711 [ 62.791819][ T5766] tipc: Failed to set node id, please configure manually [ 62.798925][ T5766] tipc: Enabling of bearer rejected, failed to enable media [ 63.408971][ T5769] block device autoloading is deprecated and will be removed. [ 63.411824][ T5772] loop1: detected capacity change from 0 to 512 [ 63.427364][ T5773] netlink: 4 bytes leftover after parsing attributes in process `syz.0.840'. [ 63.453633][ T5772] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.479719][ T5772] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.491994][ T29] kauditd_printk_skb: 167 callbacks suppressed [ 63.492007][ T29] audit: type=1400 audit(1727635643.491:1511): avc: denied { name_bind } for pid=5776 comm="syz.0.832" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 63.520176][ T29] audit: type=1400 audit(1727635643.491:1512): avc: denied { create } for pid=5776 comm="syz.0.832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 63.539686][ T29] audit: type=1400 audit(1727635643.500:1513): avc: denied { connect } for pid=5776 comm="syz.0.832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 63.559291][ T29] audit: type=1400 audit(1727635643.500:1514): avc: denied { ioctl } for pid=5776 comm="syz.0.832" path="socket:[13659]" dev="sockfs" ino=13659 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 63.584335][ T29] audit: type=1400 audit(1727635643.537:1515): avc: denied { unlink } for pid=4118 comm="syz-executor" name="file0" dev="tmpfs" ino=558 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 63.607669][ T29] audit: type=1400 audit(1727635643.574:1516): avc: denied { write } for pid=5771 comm="syz.1.829" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 63.629519][ T29] audit: type=1400 audit(1727635643.574:1517): avc: denied { add_name } for pid=5771 comm="syz.1.829" name="cgroup.events" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 63.651003][ T29] audit: type=1400 audit(1727635643.574:1518): avc: denied { create } for pid=5771 comm="syz.1.829" name="cgroup.events" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 63.671999][ T29] audit: type=1400 audit(1727635643.574:1519): avc: denied { read append open } for pid=5771 comm="syz.1.829" path="/75/file1/cgroup.events" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 63.692710][ T5779] loop4: detected capacity change from 0 to 512 [ 63.696392][ T29] audit: type=1400 audit(1727635643.583:1520): avc: denied { ioctl } for pid=5771 comm="syz.1.829" path="/75/file1/cgroup.events" dev="loop1" ino=18 ioctlcmd=0x582b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 63.706362][ T5779] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 63.738580][ T5779] EXT4-fs (loop4): 1 truncate cleaned up [ 63.746418][ T5779] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.773497][ T5779] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.785363][ T4827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.944585][ T5804] ALSA: seq fatal error: cannot create timer (-19) [ 64.024479][ T5810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.847'. [ 64.035559][ T5813] loop4: detected capacity change from 0 to 128 [ 64.055618][ T5810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.847'. [ 64.066401][ T5808] netlink: 16 bytes leftover after parsing attributes in process `+}[@'. [ 64.074910][ T5808] netlink: 24 bytes leftover after parsing attributes in process `+}[@'. [ 64.132569][ T5813] loop4: detected capacity change from 128 to 0 [ 64.139640][ T5813] syz.4.848: attempt to access beyond end of device [ 64.139640][ T5813] loop4: rw=0, sector=5, nr_sectors = 1 limit=0 [ 64.152682][ T5813] FAT-fs (loop4): Directory bread(block 5) failed [ 64.160048][ T5813] syz.4.848: attempt to access beyond end of device [ 64.160048][ T5813] loop4: rw=0, sector=6, nr_sectors = 1 limit=0 [ 64.181007][ T5815] pimreg: entered allmulticast mode [ 64.181518][ T5813] FAT-fs (loop4): Directory bread(block 6) failed [ 64.188847][ T5815] pimreg: left allmulticast mode [ 64.193855][ T5813] syz.4.848: attempt to access beyond end of device [ 64.193855][ T5813] loop4: rw=0, sector=7, nr_sectors = 1 limit=0 [ 64.211048][ T5813] FAT-fs (loop4): Directory bread(block 7) failed [ 64.219430][ T5813] syz.4.848: attempt to access beyond end of device [ 64.219430][ T5813] loop4: rw=0, sector=8, nr_sectors = 1 limit=0 [ 64.233648][ T5813] FAT-fs (loop4): Directory bread(block 8) failed [ 64.245327][ T5813] syz.4.848: attempt to access beyond end of device [ 64.245327][ T5813] loop4: rw=0, sector=5, nr_sectors = 1 limit=0 [ 64.256324][ T5817] netlink: 'syz.2.850': attribute type 3 has an invalid length. [ 64.258244][ T5813] FAT-fs (loop4): Directory bread(block 5) failed [ 64.272313][ T5813] syz.4.848: attempt to access beyond end of device [ 64.272313][ T5813] loop4: rw=0, sector=6, nr_sectors = 1 limit=0 [ 64.286107][ T5813] FAT-fs (loop4): Directory bread(block 6) failed [ 64.292899][ T5813] syz.4.848: attempt to access beyond end of device [ 64.292899][ T5813] loop4: rw=0, sector=7, nr_sectors = 1 limit=0 [ 64.315061][ T5813] FAT-fs (loop4): Directory bread(block 7) failed [ 64.323167][ T5813] syz.4.848: attempt to access beyond end of device [ 64.323167][ T5813] loop4: rw=0, sector=8, nr_sectors = 1 limit=0 [ 64.336554][ T5813] FAT-fs (loop4): Directory bread(block 8) failed [ 64.352210][ T5813] syz.4.848: attempt to access beyond end of device [ 64.352210][ T5813] loop4: rw=0, sector=5, nr_sectors = 1 limit=0 [ 64.365546][ T5813] FAT-fs (loop4): Directory bread(block 5) failed [ 64.374340][ T5813] FAT-fs (loop4): Directory bread(block 6) failed [ 64.420776][ T4118] FAT-fs (loop4): unable to read boot sector to mark fs as dirty [ 64.579726][ T5844] bridge0: port 3(vlan0) entered blocking state [ 64.586045][ T5844] bridge0: port 3(vlan0) entered disabled state [ 64.595213][ T5844] vlan0: entered allmulticast mode [ 64.600940][ T5844] vlan0: left allmulticast mode [ 64.601448][ T5847] loop3: detected capacity change from 0 to 512 [ 64.614540][ T5847] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 64.623319][ T5847] EXT4-fs (loop3): invalid journal inode [ 64.629092][ T5847] EXT4-fs (loop3): can't get journal size [ 64.636343][ T5847] EXT4-fs (loop3): 1 truncate cleaned up [ 64.642598][ T5847] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 64.666281][ T3367] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.684863][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.709267][ T5853] loop3: detected capacity change from 0 to 128 [ 64.732004][ T3367] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.797211][ T3367] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.848822][ T3367] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.860110][ T5873] loop3: detected capacity change from 0 to 1024 [ 64.867256][ T5873] EXT4-fs: Ignoring removed nomblk_io_submit option [ 64.877015][ T5873] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 64.886635][ T5873] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 64.897460][ T5873] System zones: 0-1, 3-36 [ 64.907061][ T5873] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.926066][ T5873] EXT4-fs (loop3): shut down requested (0) [ 64.948401][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.000069][ T5883] netlink: 'syz.2.875': attribute type 3 has an invalid length. [ 65.021121][ T3367] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 65.032528][ T3367] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 65.035752][ T5885] loop2: detected capacity change from 0 to 1024 [ 65.050498][ T3367] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 65.060382][ T5885] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.061126][ T3367] bond0 (unregistering): Released all slaves [ 65.114900][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 65.128513][ T3660] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.165049][ T3367] tipc: Left network mode [ 65.199737][ T3367] hsr_slave_0: left promiscuous mode [ 65.223872][ T5897] loop3: detected capacity change from 0 to 1024 [ 65.230351][ T3367] hsr_slave_1: left promiscuous mode [ 65.237992][ T3367] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.245560][ T3367] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 65.256274][ T3367] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.263766][ T3367] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 65.277193][ T3367] veth1_macvtap: left promiscuous mode [ 65.282967][ T3367] veth0_macvtap: left promiscuous mode [ 65.288458][ T3367] veth1_vlan: left promiscuous mode [ 65.293818][ T3367] veth0_vlan: left promiscuous mode [ 65.346357][ T5833] 9pnet_fd: p9_fd_create_tcp (5833): problem connecting socket to 127.0.0.1 [ 65.475894][ T3367] team0 (unregistering): Port device team_slave_1 removed [ 65.488659][ T3367] team0 (unregistering): Port device team_slave_0 removed [ 65.530517][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.537610][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.545275][ T5854] bridge_slave_0: entered allmulticast mode [ 65.551772][ T5854] bridge_slave_0: entered promiscuous mode [ 65.558654][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.565763][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.572942][ T5854] bridge_slave_1: entered allmulticast mode [ 65.579896][ T5854] bridge_slave_1: entered promiscuous mode [ 65.587728][ T5915] all: renamed from bridge_slave_0 (while UP) [ 65.644182][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.660700][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.693302][ T5854] team0: Port device team_slave_0 added [ 65.703903][ T5854] team0: Port device team_slave_1 added [ 65.734549][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.741573][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.767629][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.781919][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.788874][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.814868][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.849869][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x7 [ 65.857493][ T3323] hid-generic 0000:0000:0000.0006: ignoring exceeding usage max [ 65.868844][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 65.887107][ T5854] hsr_slave_0: entered promiscuous mode [ 65.902369][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x6 [ 65.909973][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0xd [ 65.916006][ T5937] loop1: detected capacity change from 0 to 512 [ 65.928341][ T5937] EXT4-fs: Ignoring removed orlov option [ 65.929364][ T5854] hsr_slave_1: entered promiscuous mode [ 65.939646][ T5937] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 65.950827][ T5939] syz.0.898[5939] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 65.950943][ T5939] syz.0.898[5939] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 65.964283][ T5939] syz.0.898[5939] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 65.974079][ T3323] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz0] on syz0 [ 65.977062][ T5937] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002] [ 66.013359][ T5937] System zones: 1-12 [ 66.018616][ T5937] EXT4-fs (loop1): 1 truncate cleaned up [ 66.224809][ T5952] __nla_validate_parse: 2 callbacks suppressed [ 66.224824][ T5952] netlink: 4 bytes leftover after parsing attributes in process `syz.1.903'. [ 66.305160][ T5854] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 66.324981][ T5854] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 66.350213][ T5854] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 66.368514][ T5854] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 66.461409][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.483551][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.493531][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.500750][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.513805][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.520926][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.616689][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.632232][ T5973] netlink: 12 bytes leftover after parsing attributes in process `syz.2.909'. [ 66.714112][ T5987] netlink: 'syz.2.914': attribute type 1 has an invalid length. [ 66.736181][ T5987] bond1: (slave bridge1): Enslaving as a backup interface with a down link [ 66.829527][ T5854] veth0_vlan: entered promiscuous mode [ 66.838400][ T5854] veth1_vlan: entered promiscuous mode [ 66.856119][ T5854] veth0_macvtap: entered promiscuous mode [ 66.864515][ T5854] veth1_macvtap: entered promiscuous mode [ 66.875268][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.885761][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.895585][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.906023][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.915864][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.926353][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.939903][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.948419][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.958955][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.968858][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.979353][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.989168][ T5854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.999619][ T5854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.013981][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.025444][ T6009] loop3: detected capacity change from 0 to 512 [ 67.027252][ T5854] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.040529][ T5854] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.049359][ T5854] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.058162][ T5854] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.086935][ T6009] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.099266][ T6009] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.919: Failed to acquire dquot type 0 [ 67.142383][ T6016] netlink: 60 bytes leftover after parsing attributes in process `syz.3.920'. [ 67.152221][ T6016] netlink: 60 bytes leftover after parsing attributes in process `syz.3.920'. [ 67.171301][ T6016] netlink: 60 bytes leftover after parsing attributes in process `syz.3.920'. [ 67.180373][ T6016] netlink: 60 bytes leftover after parsing attributes in process `syz.3.920'. [ 67.208463][ T6016] netlink: 60 bytes leftover after parsing attributes in process `syz.3.920'. [ 67.217725][ T6016] netlink: 60 bytes leftover after parsing attributes in process `syz.3.920'. [ 67.373628][ T6025] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 67.700132][ T6041] syz.0.929[6041] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.700182][ T6041] syz.0.929[6041] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.716621][ T6041] syz.0.929[6041] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 67.746353][ T6048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6048 comm=syz.2.932 [ 67.776509][ T6048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6048 comm=syz.2.932 [ 67.805900][ T6048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6048 comm=syz.2.932 [ 67.842523][ T6048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6048 comm=syz.2.932 [ 67.855329][ T6048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6048 comm=syz.2.932 [ 67.878201][ T6048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6048 comm=syz.2.932 [ 67.890620][ T6048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6048 comm=syz.2.932 [ 67.903079][ T6048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6048 comm=syz.2.932 [ 67.919149][ T6048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6048 comm=syz.2.932 [ 67.931796][ T6048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6048 comm=syz.2.932 [ 67.992552][ T6071] tipc: Started in network mode [ 67.997467][ T6071] tipc: Node identity ac14140f, cluster identity 4711 [ 68.006289][ T6071] tipc: New replicast peer: 255.255.255.255 [ 68.012455][ T6071] tipc: Enabled bearer , priority 10 [ 68.034984][ T6069] syz.0.940 (6069) used greatest stack depth: 10128 bytes left [ 68.121673][ T6082] netlink: 60 bytes leftover after parsing attributes in process `syz.3.946'. [ 68.173492][ T6089] Failed to initialize the IGMP autojoin socket (err -2) [ 68.176128][ T6085] could not set up IPv6 listen sock [ 68.836154][ T6123] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 68.873497][ T6127] netlink: 12 bytes leftover after parsing attributes in process `syz.0.967'. [ 68.897072][ T6130] loop2: detected capacity change from 0 to 512 [ 68.916294][ T29] kauditd_printk_skb: 190 callbacks suppressed [ 68.916306][ T29] audit: type=1400 audit(1727635648.494:1709): avc: denied { mounton } for pid=6129 comm="syz.2.968" path="/134/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=715 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 68.964687][ T6130] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 68.993769][ T6130] EXT4-fs (loop2): orphan cleanup on readonly fs [ 69.004194][ T6130] EXT4-fs error (device loop2): ext4_ext_check_inode:524: inode #3: comm syz.2.968: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 69.036865][ T29] audit: type=1400 audit(1727635648.604:1710): avc: denied { load_policy } for pid=6136 comm="syz.4.971" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 69.036887][ T6137] SELinux: failed to load policy [ 69.070454][ T6130] EXT4-fs error (device loop2): ext4_quota_enable:7056: comm syz.2.968: Bad quota inode: 3, type: 0 [ 69.093230][ T6130] EXT4-fs warning (device loop2): ext4_enable_quotas:7097: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 69.108116][ T6130] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 69.147036][ T6130] EXT4-fs mount: 6 callbacks suppressed [ 69.147054][ T6130] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 69.189378][ T29] audit: type=1400 audit(1727635648.752:1711): avc: denied { mount } for pid=6129 comm="syz.2.968" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 69.211054][ T6130] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 69.224551][ T4097] tipc: Node number set to 2886997007 [ 69.256690][ T6130] EXT4-fs warning (device loop2): ext4_multi_mount_protect:292: Invalid MMP block in superblock [ 69.305901][ T3660] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.307502][ T29] audit: type=1400 audit(1727635648.854:1712): avc: denied { unmount } for pid=3660 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 69.361169][ T6148] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 69.369377][ T29] audit: type=1400 audit(1727635648.900:1713): avc: denied { mounton } for pid=6147 comm="syz.0.976" path="/proc/579/task" dev="proc" ino=15492 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 69.392195][ T29] audit: type=1400 audit(1727635648.900:1714): avc: denied { mount } for pid=6147 comm="syz.0.976" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 69.438050][ T29] audit: type=1400 audit(1727635648.974:1715): avc: denied { write } for pid=6153 comm="syz.3.979" name="ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 69.449247][ T3341] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 69.460981][ T29] audit: type=1400 audit(1727635648.974:1716): avc: denied { open } for pid=6153 comm="syz.3.979" path="/dev/ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 69.471626][ T6158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.506967][ T29] audit: type=1400 audit(1727635648.974:1717): avc: denied { read write } for pid=6157 comm="syz.4.980" name="uhid" dev="devtmpfs" ino=227 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 69.530526][ T29] audit: type=1400 audit(1727635648.974:1718): avc: denied { open } for pid=6157 comm="syz.4.980" path="/dev/uhid" dev="devtmpfs" ino=227 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 69.554112][ T3341] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 69.565319][ T6158] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.611830][ T6162] pim6reg1: entered promiscuous mode [ 69.617265][ T6162] pim6reg1: entered allmulticast mode [ 69.671363][ T6172] loop3: detected capacity change from 0 to 512 [ 69.680151][ T6172] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 69.697706][ T6172] EXT4-fs (loop3): 1 truncate cleaned up [ 69.704914][ T6172] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.707342][ T6175] 9p: Unknown access argument 18446744073709551615: -34 [ 69.740782][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.908879][ T4097] kernel write not supported for file /input/event0 (pid: 4097 comm: kworker/1:4) [ 70.085080][ T6245] loop3: detected capacity change from 0 to 512 [ 70.104782][ T6245] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.117352][ T6245] ext4 filesystem being mounted at /106/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 70.160605][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.201066][ T6256] bridge0: port 1(veth0_to_bond) entered blocking state [ 70.208053][ T6256] bridge0: port 1(veth0_to_bond) entered disabled state [ 70.215626][ T6256] veth0_to_bond: entered allmulticast mode [ 70.230841][ T6256] veth0_to_bond: entered promiscuous mode [ 70.251222][ T6264] loop4: detected capacity change from 0 to 512 [ 70.270068][ T6263] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -2 [ 70.282840][ T6264] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.296938][ T6264] ext4 filesystem being mounted at /11/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 70.331783][ T5854] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.430987][ T6282] can0: slcan on ttyS3. [ 70.481228][ T6282] can0 (unregistered): slcan off ttyS3. [ 70.487054][ T6282] Falling back ldisc for ttyS3. [ 70.571755][ T6292] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 71.049845][ T6305] syz.0.1041[6305] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 71.049923][ T6305] syz.0.1041[6305] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 71.063634][ T6305] syz.0.1041[6305] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 71.108101][ T3323] kernel write not supported for file /input/event0 (pid: 3323 comm: kworker/1:2) [ 71.150761][ T6311] loop3: detected capacity change from 0 to 512 [ 71.175173][ T6311] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 71.183096][ T6311] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 71.191253][ T6311] System zones: 0-1, 15-15, 18-18, 34-34 [ 71.197118][ T6311] EXT4-fs (loop3): orphan cleanup on readonly fs [ 71.203471][ T6311] EXT4-fs warning (device loop3): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 71.218276][ T6311] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 71.225101][ T6311] EXT4-fs error (device loop3): ext4_orphan_get:1414: comm syz.3.1044: bad orphan inode 16 [ 71.235346][ T6311] ext4_test_bit(bit=15, block=18) = 1 [ 71.240748][ T6311] is_bad_inode(inode)=0 [ 71.244885][ T6311] NEXT_ORPHAN(inode)=0 [ 71.248960][ T6311] max_ino=32 [ 71.252241][ T6311] i_nlink=2 [ 71.255651][ T6311] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 71.280776][ T6311] syzkaller0: entered promiscuous mode [ 71.286410][ T6311] syzkaller0: entered allmulticast mode [ 71.357284][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.404287][ T6319] loop4: detected capacity change from 0 to 128 [ 71.520181][ T6329] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -2 [ 71.539166][ T6331] loop4: detected capacity change from 0 to 512 [ 71.556249][ T6331] EXT4-fs: Ignoring removed orlov option [ 71.573937][ T6331] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 71.595216][ T6331] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002] [ 71.612304][ T6331] System zones: 1-12 [ 71.619814][ T6331] EXT4-fs (loop4): 1 truncate cleaned up [ 71.633363][ T6331] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.714663][ T5854] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.861850][ T6343] loop1: detected capacity change from 0 to 512 [ 71.905087][ T6343] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.943820][ T6343] ext4 filesystem being mounted at /116/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.017332][ T6343] EXT4-fs error (device loop1): ext4_do_update_inode:5121: inode #19: comm syz.1.1059: corrupted inode contents [ 72.043745][ T6343] EXT4-fs error (device loop1): ext4_dirty_inode:5984: inode #19: comm syz.1.1059: mark_inode_dirty error [ 72.067620][ T6343] EXT4-fs error (device loop1): ext4_do_update_inode:5121: inode #19: comm syz.1.1059: corrupted inode contents [ 72.096571][ T6343] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3005: inode #19: comm syz.1.1059: mark_inode_dirty error [ 72.127127][ T6343] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3008: inode #19: comm syz.1.1059: mark inode dirty (error -117) [ 72.155290][ T6343] EXT4-fs warning (device loop1): ext4_evict_inode:276: xattr delete (err -117) [ 72.198281][ T4827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.753612][ T6362] 9pnet_fd: Insufficient options for proto=fd [ 72.817411][ T6367] Failed to initialize the IGMP autojoin socket (err -2) [ 73.351441][ T2967] udevd[2967]: worker [3259] terminated by signal 33 (Unknown signal 33) [ 73.359024][ T6386] syz.1.1072[6386] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.359947][ T6386] syz.1.1072[6386] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.373394][ T6386] syz.1.1072[6386] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.380490][ T2967] udevd[2967]: worker [3259] failed while handling '/devices/virtual/block/loop1' [ 73.407203][ T6381] loop4: detected capacity change from 0 to 128 [ 73.433463][ T6381] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 73.446371][ T6381] ext4 filesystem being mounted at /19/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 73.465864][ T5854] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 73.489331][ T6393] loop2: detected capacity change from 0 to 1024 [ 73.499685][ T6393] EXT4-fs: Ignoring removed oldalloc option [ 73.517103][ T6393] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802c018, mo2=0102] [ 73.525838][ T6393] System zones: 0-1, 3-12 [ 73.530577][ T6393] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.543068][ T6403] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 73.549595][ T6403] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 73.557277][ T6403] vhci_hcd vhci_hcd.0: Device attached [ 73.565251][ T6404] vhci_hcd: connection closed [ 73.565448][ T3817] vhci_hcd: stop threads [ 73.574495][ T3817] vhci_hcd: release socket [ 73.579109][ T3817] vhci_hcd: disconnect device [ 73.586658][ T3660] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.607416][ T6407] loop2: detected capacity change from 0 to 1024 [ 73.626801][ T6407] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.652741][ T3660] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.711049][ T6416] tipc: Enabling of bearer rejected, failed to enable media [ 73.732592][ T6418] syz.2.1084[6418] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.732802][ T6418] syz.2.1084[6418] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.744615][ T6418] syz.2.1084[6418] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 73.871334][ T6428] __nla_validate_parse: 1 callbacks suppressed [ 73.871345][ T6428] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1088'. [ 73.897824][ T6428] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1088'. [ 74.128668][ T6430] loop4: detected capacity change from 0 to 512 [ 74.141240][ T6434] netlink: 16 bytes leftover after parsing attributes in process `+}[@'. [ 74.141421][ T6430] EXT4-fs error (device loop4): ext4_xattr_inode_iget:436: comm syz.4.1089: Parent and EA inode have the same ino 15 [ 74.149713][ T6434] netlink: 24 bytes leftover after parsing attributes in process `+}[@'. [ 74.150991][ T6432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1100'. [ 74.167567][ T6430] EXT4-fs (loop4): 1 orphan inode deleted [ 74.188187][ T6430] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.189126][ T6432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1100'. [ 74.209743][ T6430] bio_check_eod: 20 callbacks suppressed [ 74.209755][ T6430] syz.4.1089: attempt to access beyond end of device [ 74.209755][ T6430] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 74.236230][ T5854] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.318321][ T6445] bridge: RTM_NEWNEIGH with invalid ether address [ 74.355226][ T6451] loop2: detected capacity change from 0 to 128 [ 74.377637][ T6455] team0: Port device team_slave_1 removed [ 74.409988][ T29] kauditd_printk_skb: 144 callbacks suppressed [ 74.410002][ T29] audit: type=1400 audit(1727635653.570:1862): avc: denied { write } for pid=6456 comm="syz.1.1102" name="vlan0" dev="proc" ino=4026533162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 74.414466][ T6459] loop2: detected capacity change from 0 to 1024 [ 74.447283][ T6459] EXT4-fs: Ignoring removed nomblk_io_submit option [ 74.456481][ T6459] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 74.461953][ T29] audit: type=1400 audit(1727635653.616:1863): avc: denied { audit_write } for pid=6460 comm="syz.4.1104" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 74.486480][ T29] audit: type=1107 audit(1727635653.616:1864): pid=6460 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 74.501455][ T6459] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 74.509817][ T6459] System zones: 0-1, 3-36 [ 74.523418][ T29] audit: type=1400 audit(1727635653.681:1865): avc: denied { getopt } for pid=6463 comm="syz.4.1105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 74.550364][ T6459] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.567175][ T6459] EXT4-fs (loop2): shut down requested (0) [ 74.597915][ T3660] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.638432][ T6480] all: renamed from bridge_slave_0 (while UP) [ 74.706588][ T29] audit: type=1400 audit(1727635653.847:1866): avc: denied { bind } for pid=6489 comm="syz.1.1116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 74.712743][ T6491] netlink: 22 bytes leftover after parsing attributes in process `syz.1.1116'. [ 74.728553][ T29] audit: type=1400 audit(1727635653.847:1867): avc: denied { nlmsg_read } for pid=6489 comm="syz.1.1116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 75.602311][ T29] audit: type=1400 audit(1727635654.669:1868): avc: denied { listen } for pid=6498 comm="syz.3.1120" path=2F3133302FE91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 75.654439][ T6500] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -2 [ 75.690056][ T6508] netlink: 'syz.1.1124': attribute type 3 has an invalid length. [ 75.743917][ T6512] wireguard: wg2: Could not create IPv4 socket [ 75.785916][ T29] audit: type=1400 audit(1727635654.835:1869): avc: denied { mounton } for pid=6515 comm="syz.2.1127" path="/165/file0" dev="tmpfs" ino=878 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 75.812838][ T29] audit: type=1400 audit(1727635654.835:1870): avc: denied { mount } for pid=6515 comm="syz.2.1127" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 75.815411][ T6516] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -2 [ 75.849261][ T29] audit: type=1400 audit(1727635654.890:1871): avc: denied { unmount } for pid=3660 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 75.902090][ T6523] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -2 [ 75.927898][ T6525] Failed to initialize the IGMP autojoin socket (err -2) [ 75.993962][ T6529] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1135'. [ 76.002898][ T6529] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1135'. [ 76.039298][ T6533] netlink: 'syz.3.1136': attribute type 27 has an invalid length. [ 76.070007][ T6535] loop2: detected capacity change from 0 to 512 [ 76.085291][ T6535] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.097923][ T6535] ext4 filesystem being mounted at /167/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 76.122824][ T3660] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.130345][ T6542] loop1: detected capacity change from 0 to 512 [ 76.138951][ T6542] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 76.152437][ T6542] EXT4-fs (loop1): 1 truncate cleaned up [ 76.159427][ T6542] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.189287][ T4827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.234321][ T6533] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.243295][ T6533] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.252422][ T6533] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.261419][ T6533] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.310542][ T6554] loop2: detected capacity change from 0 to 128 [ 76.314282][ T6553] loop3: detected capacity change from 0 to 1024 [ 76.333521][ T6553] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.349983][ T6554] syz.2.1154: attempt to access beyond end of device [ 76.349983][ T6554] loop2: rw=0, sector=121, nr_sectors = 120 limit=128 [ 76.380773][ T161] kworker/u8:5: attempt to access beyond end of device [ 76.380773][ T161] loop2: rw=1, sector=241, nr_sectors = 800 limit=128 [ 76.400809][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.446950][ T6564] loop1: detected capacity change from 0 to 128 [ 76.511630][ T6568] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -2 [ 76.601943][ T6573] loop1: detected capacity change from 0 to 4096 [ 76.614800][ T6573] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.732622][ T4827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.761093][ T6592] loop1: detected capacity change from 0 to 1024 [ 76.790439][ T6592] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.845267][ T4827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.425265][ T6626] loop3: detected capacity change from 0 to 4096 [ 77.433676][ T6626] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.529444][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.579200][ T6633] all: renamed from bridge_slave_0 [ 77.871621][ T6660] loop2: detected capacity change from 0 to 128 [ 77.891484][ T6661] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1184'. [ 78.789766][ T6669] loop1: detected capacity change from 0 to 1024 [ 78.803215][ T6660] loop2: detected capacity change from 128 to 0 [ 78.821423][ T6669] EXT4-fs: Ignoring removed nomblk_io_submit option [ 78.829874][ T6667] loop3: detected capacity change from 0 to 4096 [ 78.838568][ T6669] ================================================================== [ 78.841839][ T3660] syz-executor: attempt to access beyond end of device [ 78.841839][ T3660] loop2: rw=2049, sector=0, nr_sectors = 1 limit=0 [ 78.846655][ T6669] BUG: KCSAN: data-race in __filemap_add_folio / filemap_write_and_wait_range [ 78.846694][ T6669] [ 78.846698][ T6669] read-write to 0xffff8881004c11f0 of 8 bytes by task 3253 on cpu 0: [ 78.846712][ T6669] __filemap_add_folio+0x430/0x6f0 [ 78.859976][ T3660] Buffer I/O error on dev loop2, logical block 0, lost sync page write [ 78.868731][ T6669] filemap_add_folio+0x9c/0x1b0 [ 78.868762][ T6669] page_cache_ra_unbounded+0x175/0x310 [ 78.902679][ T6669] page_cache_sync_ra+0x252/0x670 [ 78.907793][ T6669] filemap_get_pages+0x2c1/0x10e0 [ 78.912822][ T6669] filemap_read+0x216/0x680 [ 78.917331][ T6669] blkdev_read_iter+0x20e/0x2c0 [ 78.922259][ T6669] vfs_read+0x5f6/0x720 [ 78.926498][ T6669] ksys_read+0xeb/0x1b0 [ 78.930648][ T6669] __x64_sys_read+0x42/0x50 [ 78.935154][ T6669] x64_sys_call+0x27d3/0x2d60 [ 78.939826][ T6669] do_syscall_64+0xc9/0x1c0 [ 78.944317][ T6669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.950209][ T6669] [ 78.952520][ T6669] read to 0xffff8881004c11f0 of 8 bytes by task 6669 on cpu 1: [ 78.960050][ T6669] filemap_write_and_wait_range+0x59/0x2c0 [ 78.965851][ T6669] set_blocksize+0x1d0/0x270 [ 78.970436][ T6669] sb_min_blocksize+0x63/0xe0 [ 78.975108][ T6669] ext4_fill_super+0x38b/0x3a10 [ 78.979954][ T6669] get_tree_bdev+0x256/0x2e0 [ 78.984541][ T6669] ext4_get_tree+0x1c/0x30 [ 78.988954][ T6669] vfs_get_tree+0x56/0x1e0 [ 78.993367][ T6669] do_new_mount+0x227/0x690 [ 78.997867][ T6669] path_mount+0x49b/0xb30 [ 79.002195][ T6669] __se_sys_mount+0x27c/0x2d0 [ 79.006868][ T6669] __x64_sys_mount+0x67/0x80 [ 79.011454][ T6669] x64_sys_call+0x203e/0x2d60 [ 79.016123][ T6669] do_syscall_64+0xc9/0x1c0 [ 79.020620][ T6669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.026509][ T6669] [ 79.028815][ T6669] value changed: 0x0000000000000009 -> 0x000000000000000a [ 79.035905][ T6669] [ 79.038217][ T6669] Reported by Kernel Concurrency Sanitizer on: [ 79.044360][ T6669] CPU: 1 UID: 0 PID: 6669 Comm: syz.1.1189 Tainted: G W 6.11.0-syzkaller-12113-ge7ed34365879 #0 [ 79.056156][ T6669] Tainted: [W]=WARN [ 79.059942][ T6669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 79.069994][ T6669] ================================================================== [ 79.088913][ T6669] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 79.110354][ T6669] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 79.118827][ T6669] System zones: 0-1, 3-36 [ 79.120186][ T6667] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.123948][ T6669] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.158398][ T6669] EXT4-fs (loop1): shut down requested (0) [ 79.176947][ T4827] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.680079][ T5213] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.