last executing test programs: 3.645194366s ago: executing program 2 (id=2022): open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x8000, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x2, @perf_config_ext={0xf60, 0x40ffffffff}, 0x1100, 0x5, 0x3a65, 0x5, 0x0, 0x1, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_setup(0xf08, &(0x7f0000000780)={0x0, 0x826e, 0x40, 0x3, 0xf0}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/kexec_crash_size', 0x202, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) sendfile(r1, r1, 0x0, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x286ca06bbee933dc, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 2.441326064s ago: executing program 2 (id=2044): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0) connect$netlink(0xffffffffffffffff, &(0x7f0000000280)=@proc={0x10, 0x0, 0x1}, 0xc) readv(r2, &(0x7f0000001b00)=[{&(0x7f00000004c0)=""/205, 0xcd}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xe0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, 0x0, 0x0) 1.494248678s ago: executing program 2 (id=2050): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xb, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.483738518s ago: executing program 4 (id=2051): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f00000005c0)={[{@discard}, {@bh}, {@nomblk_io_submit}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") socket$inet6(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r0}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r1, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) write(0xffffffffffffffff, &(0x7f0000004200)='t', 0x1) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3ffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) 1.34347127s ago: executing program 4 (id=2054): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='sys_enter\x00', r0}, 0x10) pipe(&(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) pipe(&(0x7f0000000100)) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000004c0)=ANY=[@ANYRES64=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x541c, &(0x7f0000000000)) 1.32911157s ago: executing program 2 (id=2056): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) unshare(0x8000000) semget$private(0x0, 0x3, 0x0) syz_io_uring_setup(0xe46, &(0x7f0000000380)={0x0, 0x5f39, 0x0, 0x4001, 0x2b7}, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x6a, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x51}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) close(r1) 1.236174092s ago: executing program 3 (id=2058): r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @multicast1}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}}, 0x2a, {0x2, 0x0, @multicast1=0xe000cc02}}) splice(r0, 0x0, r1, 0x0, 0x2, 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB='\v\x00\x00\x00'], 0x48) inotify_init1(0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f00000003c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) 1.235963832s ago: executing program 4 (id=2059): perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x20, 0x12504, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) gettid() timer_settime(0x0, 0x0, 0x0, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000002, 0x6031, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0xc01, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0) close(0xffffffffffffffff) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.221604042s ago: executing program 0 (id=2060): r0 = inotify_init() r1 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) r2 = inotify_add_watch(r0, &(0x7f00000004c0)='./file0\x00', 0x8c7) write$binfmt_elf32(r1, &(0x7f0000000040)=ANY=[@ANYRES64=r2], 0x69) close(r1) bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYRES32=r1, @ANYRES32=r3], 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x904e, @void, @value}, 0x94) socket$inet_udp(0x2, 0x2, 0x0) accept4$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @none}, &(0x7f0000000340)=0xe, 0x800) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYRES64=r4, @ANYRES32], &(0x7f00000005c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) execve(&(0x7f0000000440)='./file0\x00', 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x800) 1.198841652s ago: executing program 0 (id=2061): socket$nl_route(0x10, 0x3, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000118110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014002000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r3, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)=r4}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000400)="e8", &(0x7f0000000480)=@tcp6=r2, 0x1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r4, 0x5, 0xe, 0x0, &(0x7f0000000000)="6121eed4cd50bb2b01e841acde1a", 0x0, 0x2a1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 1.093876584s ago: executing program 4 (id=2062): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0) connect$netlink(0xffffffffffffffff, &(0x7f0000000280)=@proc={0x10, 0x0, 0x1}, 0xc) readv(r2, &(0x7f0000001b00)=[{&(0x7f00000004c0)=""/205, 0xcd}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xe0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, 0x0, 0x0) 1.092363934s ago: executing program 0 (id=2072): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00') r2 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x114df, 0x0, 0x1, 0x89}, &(0x7f00000003c0)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780}) io_uring_enter(r2, 0x3518, 0xaddf, 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) 993.260346ms ago: executing program 0 (id=2063): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r5, 0x0, r4, 0x0, 0x9, 0xc) splice(r3, 0x0, r6, 0x0, 0x80, 0x7) timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18) rt_sigaction(0xf, 0x0, 0x0, 0x8, &(0x7f0000000500)) 727.20077ms ago: executing program 1 (id=2064): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x3d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x100000) ioctl$SIOCX25SDTEFACILITIES(0xffffffffffffffff, 0x89eb, &(0x7f00000000c0)={0x963, 0x5, 0x10, 0x85, 0x7, 0x4, 0xa8, "e75867a0aa45de1500", "39e80000000000000000e30f00"}) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x2c) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 697.42515ms ago: executing program 1 (id=2065): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000000)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) r4 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x9}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @empty, 0x0, 0x0, 0x1000000}}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r5, 0x9c3fa077fa966179, 0x4, 0x0, {{0x7e}, {@void, @void}}}, 0x1c}}, 0x0) 657.247931ms ago: executing program 1 (id=2066): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3) write$binfmt_misc(r2, &(0x7f0000000740), 0xff67) sendfile(r1, r2, &(0x7f0000000000), 0xfffb) fcntl$addseals(r2, 0x409, 0x8) lseek(r2, 0x100000, 0x3) 479.905853ms ago: executing program 2 (id=2067): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00'}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48) syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x100c412, &(0x7f0000000380)={[{@dots}, {@fat=@discard}, {@fat=@nfs_nostale_ro}, {@fat=@sys_immutable}, {@fat=@nocase}, {@nodots}, {@dots}, {@nodots}, {@dots}, {@nodots}, {@dots}, {@nodots}, {@nodots}, {@nodots}, {@nodots}, {@dots}, {@nodots}, {@dots}, {@fat=@tz_utc}, {@fat=@dos1xfloppy}, {@fat=@nfs_nostale_ro}, {@nodots}]}, 0x0, 0x1fd, &(0x7f00000008c0)="$eJzs3b2KE1EUAOCTmN0kVukEQRix0GpRn2BFVhADwkoK7QStTLXbZG12H8NXsPeRfABZLNLIlTiTnRizYxxIRtfva3Im556Z+0MmaXInRe7zjQ/R67WivR/7MW3FINoxdxYAwFUyTSm+pFzTfQEAtmON7/9vFeWfvm6oXwDA5rx4+erZo+Hw4DDLehHnZ5PRZJS/5vknT4cH97MfBmXV+WQyunaRf5At/3aY5XfiepF/mNdnF+ndiBjtxr07eX6We/x8mP1c3403Gx47AAAAAAAAAAAAAAAAAAAAAAA05VZkcyv399nbW873i3x+tLA/0NL+PZ242SkOy+2B0uk2BgUAAAAAAAAAAAAAAAAAAAD/mOOT9+9ej8dvj8qgGxGL73RWtLk8aBUnXqtx80E76pX3i2HWuGirmKLNDrC/enHXCaLzt6xO3SD7fZsY/Pn8tBeXu19ZntIsWP0pmG+LcWn5bkRU9+fuYd35maaUxh9vHx2fRKpsXN4julu9IwEAAAAAAAAAAAAAAAAAwP9r4V/fv+g10SEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaED5/P8awWm3OEt14/m1dqLX3EABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC40r4HAAD//yPwIeg=") r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') pread64(r2, 0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) mkdir(0x0, 0x0) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r5, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'}) 382.658195ms ago: executing program 1 (id=2068): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) getpgrp(0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, 0x0, 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49) preadv2(r1, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0) mount_setattr(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x9000, &(0x7f0000000680)={0x8}, 0x20) tgkill(0x0, 0x0, 0x12) 371.346715ms ago: executing program 3 (id=2069): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x0, 0x40000000, 0x2000, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x4}}}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x38, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, 0x98, 0x1114}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_setup(0x7290, 0x0, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x401, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, 0x1493cf2c54a75087, 0xac}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040805}, 0x20004090) 366.151744ms ago: executing program 2 (id=2070): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) bind$unix(r3, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r3, 0x0) connect$unix(r2, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r3, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 241.138566ms ago: executing program 4 (id=2071): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$loop(0x0, 0xd, 0x401) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) mkdir(0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) socket$packet(0x11, 0xa, 0x300) sendto$packet(r1, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_emit_ethernet(0x4e, &(0x7f0000001bc0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}, @void, {@ipv6={0x86dd, @udp={0x4, 0x6, "6598bc", 0x18, 0x11, 0x1, @ipv4={'\x00', '\xff\xff', @remote}, @empty, {[], {0x4e24, 0x4e24, 0x18, 0x0, @wg=@data={0x4, 0x0, 0x905}}}}}}}, 0x0) 240.291097ms ago: executing program 3 (id=2082): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x587, 0x4) sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f00000002c0)={0xa, 0x4e22, 0xf5b, @mcast2}, 0x1c, 0x0}}], 0x1, 0x4040884) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[], 0x18}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) 217.557787ms ago: executing program 3 (id=2073): syz_mount_image$iso9660(&(0x7f0000000cc0), &(0x7f0000000180)='./file1\x00', 0x1004081, &(0x7f0000000380)=ANY=[], 0x2, 0x81c, &(0x7f0000001540)="$eJzs3U9oHOfZAPBnFMmyZeIv5PvIZ4zjjO18YPM5ykpKlIoc0s1qJE8i7YrdVbEpITGxnBrLSUgIaUxp6kvSlpbSU49priGX3FoKLfTQ9lRoDr30EAjk0pKWFkpLKbjs7K61+rOSLctymv5+i/edfeedd953djzPzmrfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIqlMl0pjSczl1cUzaX+V6XptfpP53fp+tirZZL0RSetf7N0bB9tZB/9nZfZ9radjcbj96nDsbSV748r+++55/L8HB7rLb9Kg7Traf9ZQ74sk4hutRl06t7y89MptaMgu+vZPOhN7b3iRv19rPc9m1bxRy+fLs1maN2rp1ORk6eHTM410Jp/LGmcbzWw+rdSzcrNWT09UTqZjU1MTaTZ6trZYnZ0uz2XdzMceGi+VJtOnRheycr1Rqz781Gijcjqfm8urs0WZ8dLr0SrzWGtHfDpvps2sPJ+mFy4uL01s1dRWobFVOcOrdpzDD97zyWsf/+XiUmuH7FdJ0tkxx8fGxsfHJh+devSxUmlwvDS+OqO0RlwvEQMRrRK3Zaflztq/Qd5gZ49ZNyPi2n/tzMEbbtFAJ/7HXORRjcU4E2mkMVA8rzyGohLTUY9azLde/3Zozfx18f//Hv7jrzdbb2/870b5gyuzD0UR/4+0Xx3pF//XtWIHHoP9aq2+325Nb96r8UZciUtxLpZjOZbile2scc/aWm/HY7idDuxsrbORRTXyaEQt8piPcpGTdnLSmIrJmIxSPBunYyYakcZM5DEXWTTibDSiGVmxR1WiHlmUoxm1qEcaJ6ISJyONsZiKqZiINLIYjbNRi8WoxmxMR7mo5UJcLLb7xJp23ff15378wm8+eac1fb3Q2CYdSVof5vZ/FPHnTQqtC/c3Ef9bJQY6e/euxCR2yd6bfFd36MgNt+5aEf8H73QzAAAAgNsoKb59TyJiKO4vpmbyuezLd7pZAAAAwA4qftd8uJUMtabuj6R1/l/aoOSHEcO73jwAAABgByTFGLskIkbigfZUd7jURl8CAAAAAP+Gir//H2klIxFvFhnO/wEAAOBz5pv9rrH/8Z7iGrsj0VgYTn76p6jXh5KrC2ceTC6XW+XKl+9qL9dJvnS9xubMoeRAp5IimRy8sj+JiMFKdjjpXv3yn52xBJ8Wz4dWLkDY71r/yRYNiM0bULyK78TRdpmj59vp+e6c9lpGZvK5bLRSm3t8LOl8OdJ87cWLX42i+9+qzh9I4sLF5aXR519aPl+05WqrlquXO5eHT7pLRbQHVGzSlmvd0RT3b9zjoWIgRme9I+31lnr737ma7MDm/U961/lWHGuXOTbSTkdW939va51jo4+PRbl8YKCZnWm+dq2n951WjK30fLjb2+Qm3oW34ni7zPETx9vJBq0YX9WKF9e3Yrx3+9/YtrjhVrxz9M0zf/1FLckmtmrFxC22AuBOuVBc9WclCu0rotA/rrW1AtqauLuvu+TNHOUurHzK6C7fE+sGY110T7cT3d+KE+0yJ9qfJwYPbRBXShsc0V+++PIvO0f0R977wQ+fOfKrD9bE9ZtoxXtxsl2mk8S9P+8TY1t9/u6aqPpua4l3+663MTeevD48MZS0bz4UVx66ePncC0svLL04Pj4xWXqkVHp0PIaKjwqdpE9LRR6A/2xb3WPng69dL9rvLjzJI1ucVd97/ScFo/F8vBTLcT5OFaMNIuKBjWsd6fkZwqktzlpHeu7wcmqLc8uVsuNryw4fT6JP2YmeLfa/3y+Sv92mNwQAdsGxLeJwEve0L/vz+t2dJdaUuCtJTvWed38lIg71i7mtWH6yfePc7tlx9I/lvX7fSb+wGxsFAD7nsvqnyUjz7aRezxeeHZuaGis3T2dpvVZ5Oq3n07NZmlebWb1yulydzdKFeq1Zq3S/Op7OGmljcWGhVm+mM7V6ulBr5GeKO7+nnVu/N7L5crWZVxoLc1m5kaWVWrVZrjTT6bxRSRcWn5zLG6ezerFwYyGr5DN5pdzMa9W0UVusV7LRNG1kWU/BfDqrNvOZPBtK82q6UM/ny/WrETG3OJ+l01mjUs8XmrV2hd115dWZWn2+qHZ0fff/sNvbGwA+C15948qlc8vLS69sb+J3N1L4TvcRAFhNlAYAAAAAAAAAAAAAgM++9cP1Wrk3NRBwKLY9fPDV4WhN7Nvu4q2JZzo9uYVRjJtMDMYOV7j5xP+/3+7MTlS4vp6hbs7dW4373LfqPd3T2cS7tBF2cuK5J564tJKTDPZu3iffPHj6oyy6vdukno3/p2w01PXtAxF7fvS9ds4X+xROBne4px9GxDYWv5ZsUmZ3j0MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcCP+FQAA//+XX0rH") r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xb1}, 0x100002, 0x2, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000001c0)='mm_page_free\x00', r4, 0x0, 0x6}, 0x18) readlink(&(0x7f0000000440)='./file1\x00', &(0x7f0000000380)=""/161, 0xa1) 173.067567ms ago: executing program 4 (id=2074): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004015}, 0x0) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f00000005c0)={[{@discard}, {@bh}, {@nomblk_io_submit}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12) write(r1, &(0x7f0000004200)='t', 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 128.480558ms ago: executing program 0 (id=2075): mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0xfffffffffffffde8, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x10) r4 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}}) 112.910658ms ago: executing program 1 (id=2076): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$packet(0x11, 0x2, 0x300) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) socket$netlink(0x10, 0x3, 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x20000000000001f4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_io_uring_setup(0x24fa, &(0x7f00000006c0)={0x0, 0x0, 0x10100, 0x0, 0x1c5}, &(0x7f0000000100)=0x0, &(0x7f0000000180)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[@ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x24844}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 69.26163ms ago: executing program 1 (id=2077): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mknod$loop(0x0, 0x100000000000600d, 0x0) creat(0x0, 0xc9028ba210c11f8b) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0) timer_create(0x2, 0x0, &(0x7f0000000240)) preadv2(r2, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x0, 0x1) 35.14745ms ago: executing program 3 (id=2078): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) 1.485ms ago: executing program 3 (id=2079): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) socket(0x10, 0x80002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) unshare(0x6a040000) mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = gettid() sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r1, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r3], 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 0s ago: executing program 0 (id=2080): socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000240)={'mangle\x00', 0x0, [0x4, 0x6, 0x1, 0x40, 0x7]}, &(0x7f0000000200)=0x54) kernel console output (not intermixed with test programs): d=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6462 comm="syz.0.938" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 86.629087][ T6454] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 86.639025][ T6454] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.729289][ T6454] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 86.739398][ T6454] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.792662][ T6474] loop1: detected capacity change from 0 to 512 [ 86.802873][ T6474] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 86.814905][ T6454] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 86.825003][ T6454] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.840091][ T6474] ext4 filesystem being mounted at /170/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 86.917527][ T6454] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 86.925872][ T6454] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.938986][ T6454] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 86.947283][ T6454] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.962016][ T6454] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 86.970304][ T6454] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.982410][ T6454] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 86.990801][ T6454] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.093639][ T6497] loop1: detected capacity change from 0 to 128 [ 87.130835][ T6500] loop4: detected capacity change from 0 to 512 [ 87.165529][ T6500] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 87.187633][ T6500] EXT4-fs (loop4): 1 truncate cleaned up [ 87.709335][ T6493] syz.1.951 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 87.723480][ T6493] CPU: 1 UID: 0 PID: 6493 Comm: syz.1.951 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(voluntary) [ 87.723516][ T6493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 87.723534][ T6493] Call Trace: [ 87.723542][ T6493] [ 87.723552][ T6493] __dump_stack+0x1d/0x30 [ 87.723575][ T6493] dump_stack_lvl+0xe8/0x140 [ 87.723611][ T6493] dump_stack+0x15/0x1b [ 87.723634][ T6493] dump_header+0x81/0x220 [ 87.723677][ T6493] oom_kill_process+0x334/0x3f0 [ 87.723717][ T6493] out_of_memory+0x979/0xb80 [ 87.723841][ T6493] ? css_next_descendant_pre+0x138/0x160 [ 87.723892][ T6493] mem_cgroup_out_of_memory+0x13d/0x190 [ 87.723930][ T6493] try_charge_memcg+0x5e2/0x870 [ 87.724002][ T6493] obj_cgroup_charge_pages+0xb7/0x1a0 [ 87.724053][ T6493] __memcg_kmem_charge_page+0x9f/0x170 [ 87.724137][ T6493] __alloc_frozen_pages_noprof+0x188/0x360 [ 87.724186][ T6493] alloc_pages_mpol+0xb3/0x250 [ 87.724228][ T6493] alloc_pages_noprof+0x90/0x130 [ 87.724331][ T6493] __vmalloc_node_range_noprof+0x6d5/0xe40 [ 87.724383][ T6493] __kvmalloc_node_noprof+0x312/0x4f0 [ 87.724476][ T6493] ? ip_set_alloc+0x1f/0x30 [ 87.724501][ T6493] ? ip_set_alloc+0x1f/0x30 [ 87.724528][ T6493] ? __kmalloc_cache_noprof+0x189/0x320 [ 87.724607][ T6493] ip_set_alloc+0x1f/0x30 [ 87.724636][ T6493] hash_netiface_create+0x282/0x740 [ 87.724670][ T6493] ? __pfx_hash_netiface_create+0x10/0x10 [ 87.724703][ T6493] ip_set_create+0x3c9/0x960 [ 87.724757][ T6493] ? __nla_parse+0x40/0x60 [ 87.724787][ T6493] nfnetlink_rcv_msg+0x4c6/0x590 [ 87.724827][ T6493] ? fixup_exception+0x72e/0xd00 [ 87.724870][ T6493] ? selinux_capable+0x1f9/0x270 [ 87.724980][ T6493] netlink_rcv_skb+0x123/0x220 [ 87.725027][ T6493] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 87.725101][ T6493] nfnetlink_rcv+0x16b/0x1690 [ 87.725170][ T6493] ? __kfree_skb+0x109/0x150 [ 87.725198][ T6493] ? nlmon_xmit+0x4f/0x60 [ 87.725223][ T6493] ? consume_skb+0x49/0x150 [ 87.725308][ T6493] ? nlmon_xmit+0x4f/0x60 [ 87.725370][ T6493] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 87.725404][ T6493] ? __dev_queue_xmit+0x11c0/0x1fb0 [ 87.725434][ T6493] ? __dev_queue_xmit+0x182/0x1fb0 [ 87.725522][ T6493] ? ref_tracker_free+0x37d/0x3e0 [ 87.725566][ T6493] ? __netlink_deliver_tap+0x4dc/0x500 [ 87.725596][ T6493] netlink_unicast+0x59e/0x670 [ 87.725624][ T6493] netlink_sendmsg+0x58b/0x6b0 [ 87.725679][ T6493] ? __pfx_netlink_sendmsg+0x10/0x10 [ 87.725716][ T6493] __sock_sendmsg+0x142/0x180 [ 87.725756][ T6493] ____sys_sendmsg+0x31e/0x4e0 [ 87.725849][ T6493] ___sys_sendmsg+0x17b/0x1d0 [ 87.725934][ T6493] __x64_sys_sendmsg+0xd4/0x160 [ 87.725962][ T6493] x64_sys_call+0x2999/0x2fb0 [ 87.725982][ T6493] do_syscall_64+0xd2/0x200 [ 87.726006][ T6493] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 87.726097][ T6493] ? clear_bhb_loop+0x40/0x90 [ 87.726117][ T6493] ? clear_bhb_loop+0x40/0x90 [ 87.726137][ T6493] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.726157][ T6493] RIP: 0033:0x7f6766a6e969 [ 87.726171][ T6493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.726187][ T6493] RSP: 002b:00007f67650d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 87.726282][ T6493] RAX: ffffffffffffffda RBX: 00007f6766c95fa0 RCX: 00007f6766a6e969 [ 87.726293][ T6493] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005 [ 87.726305][ T6493] RBP: 00007f6766af0ab1 R08: 0000000000000000 R09: 0000000000000000 [ 87.726316][ T6493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.726327][ T6493] R13: 0000000000000000 R14: 00007f6766c95fa0 R15: 00007ffec7034af8 [ 87.726420][ T6493] [ 88.087780][ T6493] memory: usage 307200kB, limit 307200kB, failcnt 454 [ 88.094656][ T6493] memory+swap: usage 307456kB, limit 9007199254740988kB, failcnt 0 [ 88.102634][ T6493] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 88.110045][ T6493] Memory cgroup stats for /syz1: [ 88.112635][ T6493] cache 0 [ 88.120718][ T6493] rss 4096 [ 88.123901][ T6493] shmem 0 [ 88.126930][ T6493] mapped_file 0 [ 88.130446][ T6493] dirty 0 [ 88.133407][ T6493] writeback 0 [ 88.136799][ T6493] workingset_refault_anon 57 [ 88.141409][ T6493] workingset_refault_file 178 [ 88.146111][ T6493] swap 262144 [ 88.149513][ T6493] swapcached 4096 [ 88.153166][ T6493] nr_memmap_boot_pages 49525 [ 88.157814][ T6493] pgpgin 49524 [ 88.160695][ T6511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.958'. [ 88.161184][ T6493] pglazyfree 51963 [ 88.161195][ T6493] pgfault 33 [ 88.176999][ T6493] a_other 4096 [ 88.180395][ T6493] inactive_anon 0 [ 88.184140][ T6493] active_anon 0 [ 88.187655][ T6493] inactive_file 0 [ 88.190620][ T6510] netlink: 'syz.3.957': attribute type 13 has an invalid length. [ 88.191284][ T6493] active_file 0 [ 88.191295][ T6493] hierarchical_memory_limit 314572800 [ 88.208037][ T6493] hierarchical_memsw_limit 9223372036854771712 [ 88.214208][ T6493] total_cache 0 [ 88.217747][ T6493] total_rss 4096 [ 88.221369][ T6493] total_shmem 0 [ 88.224852][ T6493] total_mapped_file 0 [ 88.228918][ T6493] total_dirty 0 [ 88.232424][ T6493] total_writeback 0 [ 88.236250][ T6493] total_workingset_refault_anon 57 [ 88.241517][ T6493] total_workingset_refault_file 178 [ 88.246774][ T6493] total_swap 262144 [ 88.250646][ T6493] total_swapcached 4096 [ 88.254802][ T6493] total_nr_memmap_boot_pages 49525 [ 88.259973][ T6493] total_pgpgin 49524 [ 88.263862][ T6493] total_pglazyfree 51963 [ 88.268153][ T6493] total_pgfault 33 [ 88.271867][ T6493] total_a_other 4096 [ 88.275818][ T6493] total_inactive_anon 0 [ 88.279992][ T6493] total_active_anon 0 [ 88.283970][ T6493] total_inactive_file 0 [ 88.288165][ T6493] total_active_file 0 [ 88.292244][ T6493] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.951,pid=6492,uid=0 [ 88.306868][ T6493] Memory cgroup out of memory: Killed process 6492 (syz.1.951) total-vm:95796kB, anon-rss:1064kB, file-rss:22448kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 88.451928][ T6510] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.460374][ T6510] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.468993][ T6510] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.477523][ T6510] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.488415][ T6510] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 88.497049][ T6510] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 88.505473][ T6510] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 88.513993][ T6510] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 88.544438][ T6508] pim6reg1: entered promiscuous mode [ 88.549837][ T6508] pim6reg1: entered allmulticast mode [ 88.658020][ T6515] syzkaller0: entered promiscuous mode [ 88.663554][ T6515] syzkaller0: entered allmulticast mode [ 88.923774][ T6524] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.968651][ T6524] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.009230][ T6524] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.058382][ T6524] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.114254][ T6524] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.125713][ T6524] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.138085][ T6524] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.149626][ T6524] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.402840][ T6531] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.461690][ T6531] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.508771][ T6531] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.588903][ T6531] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.615562][ T6544] loop0: detected capacity change from 0 to 512 [ 89.626867][ T6544] EXT4-fs: Ignoring removed mblk_io_submit option [ 89.648161][ T6531] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.656839][ T6544] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 89.661183][ T6531] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.689374][ T6550] loop2: detected capacity change from 0 to 2048 [ 89.691393][ T6531] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.710024][ T6531] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.728631][ T6544] EXT4-fs (loop0): 1 truncate cleaned up [ 89.858332][ T6556] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 89.873587][ T6556] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1328 with error 28 [ 89.886242][ T6556] EXT4-fs (loop2): This should not happen!! Data will be lost [ 89.886242][ T6556] [ 89.895971][ T6556] EXT4-fs (loop2): Total free blocks count 0 [ 89.902007][ T6556] EXT4-fs (loop2): Free/Dirty block details [ 89.907959][ T6556] EXT4-fs (loop2): free_blocks=2415919104 [ 89.913744][ T6556] EXT4-fs (loop2): dirty_blocks=1344 [ 89.919286][ T6556] EXT4-fs (loop2): Block reservation details [ 89.925377][ T6556] EXT4-fs (loop2): i_reserved_data_blocks=84 [ 90.128187][ T4143] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 90.140555][ T4143] EXT4-fs (loop2): This should not happen!! Data will be lost [ 90.140555][ T4143] [ 90.382280][ T6572] loop0: detected capacity change from 0 to 1024 [ 90.389312][ T6572] EXT4-fs: Ignoring removed nobh option [ 90.396455][ T6572] EXT4-fs: Ignoring removed bh option [ 90.456169][ T6581] loop4: detected capacity change from 0 to 256 [ 90.469833][ T6581] netlink: 'syz.4.983': attribute type 13 has an invalid length. [ 90.547804][ T6581] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.555124][ T6581] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.633834][ T6581] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.645373][ T6581] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.674022][ T6581] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.682797][ T6581] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.691628][ T6581] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.700332][ T6581] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.701775][ T6610] netlink: 'syz.1.993': attribute type 13 has an invalid length. [ 91.709768][ T6610] netlink: 64 bytes leftover after parsing attributes in process `syz.1.993'. [ 92.212386][ T6640] loop2: detected capacity change from 0 to 512 [ 92.248933][ T6640] ext4 filesystem being mounted at /197/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 92.262737][ T6640] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.1007: corrupted inode contents [ 92.277763][ T6640] EXT4-fs error (device loop2): ext4_dirty_inode:6459: inode #2: comm syz.2.1007: mark_inode_dirty error [ 92.293970][ T6640] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.1007: corrupted inode contents [ 92.310314][ T6640] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.1007: mark_inode_dirty error [ 92.384636][ T6640] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.1007: corrupted inode contents [ 92.398050][ T6640] EXT4-fs error (device loop2): ext4_dirty_inode:6459: inode #2: comm syz.2.1007: mark_inode_dirty error [ 92.409931][ T6640] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.1007: corrupted inode contents [ 92.424917][ T6640] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.1007: corrupted inode contents [ 92.438589][ T6640] EXT4-fs error (device loop2): ext4_setent:3643: inode #2: comm syz.2.1007: mark_inode_dirty error [ 92.563896][ T6654] netlink: 'syz.1.1010': attribute type 4 has an invalid length. [ 92.629049][ T6656] netlink: 'syz.1.1011': attribute type 10 has an invalid length. [ 92.660750][ T6656] team0 (unregistering): Port device team_slave_0 removed [ 92.684427][ T6656] team0 (unregistering): Port device team_slave_1 removed [ 93.078406][ T29] kauditd_printk_skb: 21 callbacks suppressed [ 93.078424][ T29] audit: type=1326 audit(1748745591.962:1929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6664 comm="syz.4.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 93.108180][ T29] audit: type=1326 audit(1748745591.962:1930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6664 comm="syz.4.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 93.131708][ T29] audit: type=1326 audit(1748745591.962:1931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6664 comm="syz.4.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 93.155085][ T29] audit: type=1326 audit(1748745591.962:1932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6664 comm="syz.4.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 93.180846][ T6665] SELinux: Context system_u:object_r:fixed_disk_device_t:s0 is not valid (left unmapped). [ 93.191513][ T29] audit: type=1326 audit(1748745592.062:1933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6664 comm="syz.4.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 93.215341][ T29] audit: type=1326 audit(1748745592.062:1934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6664 comm="syz.4.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 93.239057][ T29] audit: type=1326 audit(1748745592.062:1935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6664 comm="syz.4.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 93.262640][ T29] audit: type=1326 audit(1748745592.062:1936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6664 comm="syz.4.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 93.286220][ T29] audit: type=1326 audit(1748745592.062:1937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6664 comm="syz.4.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 93.309871][ T29] audit: type=1326 audit(1748745592.062:1938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6664 comm="syz.4.1014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 93.481318][ T6671] syzkaller0: entered promiscuous mode [ 93.486905][ T6671] syzkaller0: entered allmulticast mode [ 93.569266][ T6673] loop4: detected capacity change from 0 to 128 [ 93.587432][ T6673] bio_check_eod: 11 callbacks suppressed [ 93.587451][ T6673] syz.4.1017: attempt to access beyond end of device [ 93.587451][ T6673] loop4: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 93.642969][ T6673] syz.4.1017: attempt to access beyond end of device [ 93.642969][ T6673] loop4: rw=34817, sector=113, nr_sectors = 16 limit=128 [ 93.670219][ T6678] loop0: detected capacity change from 0 to 2048 [ 93.681383][ T6673] syz.4.1017: attempt to access beyond end of device [ 93.681383][ T6673] loop4: rw=34817, sector=145, nr_sectors = 8 limit=128 [ 93.714592][ T6685] loop2: detected capacity change from 0 to 512 [ 93.722488][ T6685] EXT4-fs (loop2): orphan cleanup on readonly fs [ 93.729616][ T6685] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1021: bg 0: block 248: padding at end of block bitmap is not set [ 93.744386][ T6685] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1021: Failed to acquire dquot type 1 [ 93.757613][ T6685] EXT4-fs (loop2): 1 truncate cleaned up [ 93.767227][ T6685] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 93.805487][ T6685] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 93.833687][ T6687] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 93.848719][ T6687] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2026 with error 28 [ 93.861309][ T6687] EXT4-fs (loop0): This should not happen!! Data will be lost [ 93.861309][ T6687] [ 93.871062][ T6687] EXT4-fs (loop0): Total free blocks count 0 [ 93.877238][ T6687] EXT4-fs (loop0): Free/Dirty block details [ 93.883239][ T6687] EXT4-fs (loop0): free_blocks=2415919104 [ 93.889019][ T6687] EXT4-fs (loop0): dirty_blocks=2032 [ 93.894368][ T6687] EXT4-fs (loop0): Block reservation details [ 93.900395][ T6687] EXT4-fs (loop0): i_reserved_data_blocks=127 [ 93.951272][ T6698] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 94.027309][ T4144] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 94.039778][ T4144] EXT4-fs (loop0): This should not happen!! Data will be lost [ 94.039778][ T4144] [ 94.043772][ T6704] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1037'. [ 94.259773][ T6721] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.357617][ T6721] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.438005][ T6737] loop3: detected capacity change from 0 to 2048 [ 94.508106][ T6721] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.583149][ T6721] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.665693][ T6721] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.692619][ T6721] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.718786][ T6721] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.744796][ T6721] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.863566][ T6742] pim6reg1: entered promiscuous mode [ 94.868950][ T6742] pim6reg1: entered allmulticast mode [ 95.093195][ T6751] loop4: detected capacity change from 0 to 1024 [ 95.100567][ T6751] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 95.111579][ T6751] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869) [ 95.122764][ T6751] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 95.134638][ T6751] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #3: comm syz.4.1043: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 2, max 15(4), depth 0(0) [ 95.153640][ T6751] EXT4-fs (loop4): no journal found [ 95.159027][ T6751] EXT4-fs (loop4): can't get journal size [ 95.240914][ T6758] loop3: detected capacity change from 0 to 256 [ 95.249540][ T6758] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 95.447267][ T6765] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.488482][ T6765] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.578568][ T6765] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.617660][ T6771] loop3: detected capacity change from 0 to 128 [ 95.619498][ T6773] 9pnet_fd: p9_fd_create_tcp (6773): problem connecting socket to 127.0.0.1 [ 95.636178][ T6765] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.664200][ T4110] kworker/u8:25: attempt to access beyond end of device [ 95.664200][ T4110] loop3: rw=1, sector=145, nr_sectors = 8 limit=128 [ 95.683893][ T6771] syz.3.1049: attempt to access beyond end of device [ 95.683893][ T6771] loop3: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 95.697757][ T6771] syz.3.1049: attempt to access beyond end of device [ 95.697757][ T6771] loop3: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 95.711532][ T4110] kworker/u8:25: attempt to access beyond end of device [ 95.711532][ T4110] loop3: rw=1, sector=161, nr_sectors = 8 limit=128 [ 95.727625][ T4110] kworker/u8:25: attempt to access beyond end of device [ 95.727625][ T4110] loop3: rw=1, sector=225, nr_sectors = 8 limit=128 [ 95.749679][ T6765] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.758185][ T4110] kworker/u8:25: attempt to access beyond end of device [ 95.758185][ T4110] loop3: rw=1, sector=241, nr_sectors = 8 limit=128 [ 95.775707][ T6765] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.784155][ T4110] kworker/u8:25: attempt to access beyond end of device [ 95.784155][ T4110] loop3: rw=1, sector=257, nr_sectors = 8 limit=128 [ 95.803536][ T6765] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.817892][ T6765] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.209449][ T6783] loop4: detected capacity change from 0 to 512 [ 96.267097][ T6783] EXT4-fs: Ignoring removed mblk_io_submit option [ 96.283702][ T6783] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 96.463618][ T6783] EXT4-fs (loop4): 1 truncate cleaned up [ 96.652647][ T6769] syz.3.1049 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 96.663748][ T6769] CPU: 1 UID: 0 PID: 6769 Comm: syz.3.1049 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(voluntary) [ 96.663782][ T6769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 96.663799][ T6769] Call Trace: [ 96.663807][ T6769] [ 96.663834][ T6769] __dump_stack+0x1d/0x30 [ 96.663933][ T6769] dump_stack_lvl+0xe8/0x140 [ 96.663960][ T6769] dump_stack+0x15/0x1b [ 96.663982][ T6769] dump_header+0x81/0x220 [ 96.664039][ T6769] oom_kill_process+0x334/0x3f0 [ 96.664082][ T6769] out_of_memory+0x979/0xb80 [ 96.664123][ T6769] ? css_next_descendant_pre+0x138/0x160 [ 96.664152][ T6769] mem_cgroup_out_of_memory+0x13d/0x190 [ 96.664267][ T6769] try_charge_memcg+0x5e2/0x870 [ 96.664323][ T6769] charge_memcg+0x51/0xc0 [ 96.664364][ T6769] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 96.664404][ T6769] __read_swap_cache_async+0x1df/0x350 [ 96.664524][ T6769] swap_cluster_readahead+0x277/0x3e0 [ 96.664659][ T6769] swapin_readahead+0xde/0x6f0 [ 96.664696][ T6769] ? __filemap_get_folio+0x49f/0x650 [ 96.664738][ T6769] ? swap_cache_get_folio+0x77/0x200 [ 96.664830][ T6769] do_swap_page+0x301/0x2460 [ 96.664847][ T6769] ? __rb_insert_augmented+0x76/0x2c0 [ 96.664871][ T6769] ? __pfx_min_vruntime_cb_rotate+0x10/0x10 [ 96.664902][ T6769] ? update_curr+0x186/0x320 [ 96.664947][ T6769] ? enqueue_task_fair+0x35e/0x980 [ 96.664979][ T6769] ? tracing_record_taskinfo_sched_switch+0x71/0x260 [ 96.665014][ T6769] ? __pfx_default_wake_function+0x10/0x10 [ 96.665083][ T6769] handle_mm_fault+0x9a5/0x2c00 [ 96.665107][ T6769] ? mas_walk+0xf2/0x120 [ 96.665140][ T6769] do_user_addr_fault+0x636/0x1090 [ 96.665226][ T6769] ? fpregs_restore_userregs+0xe2/0x1d0 [ 96.665283][ T6769] ? arch_exit_work+0x30/0x40 [ 96.665356][ T6769] exc_page_fault+0x62/0xa0 [ 96.665380][ T6769] asm_exc_page_fault+0x26/0x30 [ 96.665402][ T6769] RIP: 0033:0x7ff0b35df1d5 [ 96.665420][ T6769] Code: 0f 1f 44 00 00 48 8b 70 08 48 39 72 f8 0f 84 1f 03 00 00 48 89 d0 48 8d 52 08 48 39 ea 75 e6 48 8b 04 24 48 29 c5 48 c1 fd 03 <80> 7b 4e 00 8b 53 48 89 e8 0f 85 46 03 00 00 85 d2 0f 85 62 03 00 [ 96.665441][ T6769] RSP: 002b:00007fffd88b1ce0 EFLAGS: 00010206 [ 96.665459][ T6769] RAX: 00007ff0b2d6f008 RBX: 00007ff0b4455720 RCX: ffffffff85608a8c [ 96.665491][ T6769] RDX: 00007ff0b316f000 RSI: ffffffff8127826d RDI: 00007ff0b2d6f008 [ 96.665506][ T6769] RBP: 00000000000008ac R08: 00007ff0b2d6f080 R09: 00007ff0b3912000 [ 96.665521][ T6769] R10: 00007ff0b2d6f008 R11: 0000000000000005 R12: 00007ff0b316f000 [ 96.665535][ T6769] R13: 00007ff0b3926038 R14: ffffffffffffffff R15: 00007ff0b2d6f008 [ 96.665553][ T6769] ? xa_load+0xac/0xe0 [ 96.665582][ T6769] ? get_gate_vma+0xd/0x90 [ 96.665670][ T6769] [ 96.665740][ T6769] memory: usage 307200kB, limit 307200kB, failcnt 219 [ 96.936833][ T6769] memory+swap: usage 307644kB, limit 9007199254740988kB, failcnt 0 [ 96.944748][ T6769] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 [ 96.952156][ T6769] Memory cgroup stats for /syz3: [ 96.952503][ T6769] cache 8192 [ 96.960718][ T6769] rss 0 [ 96.963512][ T6769] shmem 0 [ 96.966487][ T6769] mapped_file 0 [ 96.969963][ T6769] dirty 0 [ 96.972925][ T6769] writeback 0 [ 96.976268][ T6769] workingset_refault_anon 1463 [ 96.981115][ T6769] workingset_refault_file 239 [ 96.985894][ T6769] swap 454656 [ 96.989352][ T6769] swapcached 4096 [ 96.992997][ T6769] nr_memmap_boot_pages 51484 [ 96.997848][ T6769] pgpgin 51481 [ 97.001242][ T6769] pglazyfree 69534 [ 97.005053][ T6769] pgfault 217 [ 97.008426][ T6769] a_other 4096 [ 97.011813][ T6769] inactive_anon 0 [ 97.015520][ T6769] active_anon 8192 [ 97.019462][ T6769] inactive_file 0 [ 97.023111][ T6769] active_file 0 [ 97.026642][ T6769] hierarchical_memory_limit 314572800 [ 97.032045][ T6769] hierarchical_memsw_limit 9223372036854771712 [ 97.038240][ T6769] total_cache 8192 [ 97.041997][ T6769] total_rss 0 [ 97.045316][ T6769] total_shmem 0 [ 97.048889][ T6769] total_mapped_file 0 [ 97.052887][ T6769] total_dirty 0 [ 97.056402][ T6769] total_writeback 0 [ 97.060234][ T6769] total_workingset_refault_anon 1463 [ 97.065536][ T6769] total_workingset_refault_file 239 [ 97.070921][ T6769] total_swap 454656 [ 97.074738][ T6769] total_swapcached 4096 [ 97.078955][ T6769] total_nr_memmap_boot_pages 51484 [ 97.084093][ T6769] total_pgpgin 51481 [ 97.088026][ T6769] total_pglazyfree 69534 [ 97.092277][ T6769] total_pgfault 217 [ 97.096345][ T6769] total_a_other 4096 [ 97.100289][ T6769] total_inactive_anon 0 [ 97.104499][ T6769] total_active_anon 8192 [ 97.108787][ T6769] total_inactive_file 0 [ 97.112956][ T6769] total_active_file 0 [ 97.117044][ T6769] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1049,pid=6769,uid=0 [ 97.131848][ T6769] Memory cgroup out of memory: Killed process 6769 (syz.3.1049) total-vm:95796kB, anon-rss:936kB, file-rss:22444kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 97.403633][ T3314] EXT4-fs unmount: 25 callbacks suppressed [ 97.403653][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.440747][ T6815] netlink: 'syz.4.1059': attribute type 10 has an invalid length. [ 97.451693][ T6815] team0 (unregistering): Port device team_slave_0 removed [ 97.468414][ T6815] team0 (unregistering): Port device team_slave_1 removed [ 97.743548][ T6838] netlink: 'syz.4.1061': attribute type 13 has an invalid length. [ 97.824298][ T6846] loop3: detected capacity change from 0 to 256 [ 97.846564][ T6846] FAT-fs (loop3): Directory bread(block 1285) failed [ 97.856269][ T6855] loop2: detected capacity change from 0 to 256 [ 97.863952][ T6846] FAT-fs (loop3): Directory bread(block 1285) failed [ 97.875101][ T6846] FAT-fs (loop3): Directory bread(block 1285) failed [ 97.883661][ T6855] netlink: 'syz.2.1064': attribute type 13 has an invalid length. [ 97.893222][ T6846] FAT-fs (loop3): Directory bread(block 1285) failed [ 97.924901][ T6846] FAT-fs (loop3): Directory bread(block 1285) failed [ 97.992261][ T6861] FAT-fs (loop3): Directory bread(block 1285) failed [ 98.005798][ T6861] FAT-fs (loop3): Directory bread(block 1285) failed [ 98.057335][ T6861] FAT-fs (loop3): Directory bread(block 1285) failed [ 98.086186][ T6846] FAT-fs (loop3): Directory bread(block 1285) failed [ 98.121834][ T6861] FAT-fs (loop3): FAT read failed (blocknr 1281) [ 98.169126][ T6879] random: crng reseeded on system resumption [ 98.248554][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 98.248572][ T29] audit: type=1326 audit(1748745597.132:1952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6878 comm="syz.2.1068" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa5dc4de969 code=0x0 [ 98.758403][ T6890] Set syz1 is full, maxelem 65536 reached [ 99.124257][ T6959] loop1: detected capacity change from 0 to 256 [ 99.170079][ T6959] netlink: 'syz.1.1079': attribute type 13 has an invalid length. [ 99.298519][ T6959] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.305787][ T6959] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.435110][ T6959] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.480162][ T6959] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 99.583565][ T6959] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.592233][ T6959] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.600746][ T6959] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.609271][ T6959] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.718230][ T3453] syz2: Port: 1 Link DOWN [ 99.796030][ T6973] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1086'. [ 99.809975][ T29] audit: type=1400 audit(1748745598.672:1953): avc: denied { ioctl } for pid=6972 comm="syz.0.1086" path="socket:[15214]" dev="sockfs" ino=15214 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 99.917656][ T29] audit: type=1326 audit(1748745598.802:1954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6766a65927 code=0x7ffc0000 [ 99.941164][ T29] audit: type=1326 audit(1748745598.802:1955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6766a0ab39 code=0x7ffc0000 [ 99.964624][ T29] audit: type=1326 audit(1748745598.802:1956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6766a65927 code=0x7ffc0000 [ 99.988011][ T29] audit: type=1326 audit(1748745598.802:1957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6766a0ab39 code=0x7ffc0000 [ 100.011507][ T29] audit: type=1326 audit(1748745598.802:1958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6766a6e969 code=0x7ffc0000 [ 100.035034][ T29] audit: type=1326 audit(1748745598.802:1959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6766a6e969 code=0x7ffc0000 [ 100.073902][ T6978] loop4: detected capacity change from 0 to 512 [ 100.080652][ T6978] ext4: Unknown parameter 'uid<00000000000000000000' [ 100.091979][ T6978] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1088'. [ 100.143027][ T6969] loop2: detected capacity change from 0 to 512 [ 100.165569][ T6969] EXT4-fs: Ignoring removed mblk_io_submit option [ 100.183927][ T6983] loop1: detected capacity change from 0 to 512 [ 100.188841][ T29] audit: type=1326 audit(1748745598.802:1960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6766a6e969 code=0x7ffc0000 [ 100.203348][ T6983] EXT4-fs: Ignoring removed nobh option [ 100.213826][ T29] audit: type=1326 audit(1748745598.802:1961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6974 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6766a6e969 code=0x7ffc0000 [ 100.219942][ T6969] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 100.258651][ T6983] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 100.283154][ T6969] EXT4-fs (loop2): 1 truncate cleaned up [ 100.294424][ T6983] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.300852][ T6969] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.327914][ T6983] ext4 filesystem being mounted at /197/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.493391][ T7000] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1098'. [ 100.620402][ T7009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.634020][ T7009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.707711][ T7020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1106'. [ 100.722720][ T7020] 8021q: adding VLAN 0 to HW filter on device team1 [ 100.876875][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.006834][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.402652][ T7043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.414251][ T7043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.921159][ T7064] syz.2.1124 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 102.089457][ T7076] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1128'. [ 102.221124][ T7082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.230078][ T7082] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.240224][ T7082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.248778][ T7082] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.257643][ T7082] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.266196][ T7082] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.271241][ T7086] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22 [ 102.276763][ T7082] 9pnet: p9_errstr2errno: server reported unknown error q’ H [ 102.317601][ T7090] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1135'. [ 102.350242][ T7090] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 102.379230][ T7090] 8021q: adding VLAN 0 to HW filter on device bond3 [ 102.485489][ T7099] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.514464][ T7105] netlink: 'syz.3.1141': attribute type 1 has an invalid length. [ 102.529225][ T7105] 8021q: adding VLAN 0 to HW filter on device bond1 [ 102.537867][ T7105] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1141'. [ 102.548249][ T7105] bond1 (unregistering): Released all slaves [ 102.573221][ T7099] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.624366][ T7108] loop3: detected capacity change from 0 to 128 [ 102.632827][ T7108] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 102.646069][ T7108] ext4 filesystem being mounted at /205/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 102.694559][ T7099] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.694663][ T3320] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 102.763267][ T7099] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.844759][ T7116] netlink: 'syz.4.1145': attribute type 10 has an invalid length. [ 103.009832][ T7099] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.104447][ T7099] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.230844][ T7099] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.248051][ T7112] infiniband syz0: set down [ 103.252621][ T7112] infiniband syz0: added veth0_virt_wifi [ 103.321889][ T7112] RDS/IB: syz0: added [ 103.379032][ T7099] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.445158][ T7112] smc: adding ib device syz0 with port count 1 [ 103.452567][ T7112] smc: ib device syz0 port 1 has pnetid [ 103.753159][ T29] kauditd_printk_skb: 117 callbacks suppressed [ 103.753236][ T29] audit: type=1326 audit(1748745602.632:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7139 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 103.809213][ T29] audit: type=1326 audit(1748745602.672:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7139 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 103.832726][ T29] audit: type=1326 audit(1748745602.672:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7139 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 103.856331][ T29] audit: type=1326 audit(1748745602.672:2082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7139 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 103.879959][ T29] audit: type=1326 audit(1748745602.672:2083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7139 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 103.903953][ T29] audit: type=1326 audit(1748745602.672:2084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7139 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 103.927589][ T29] audit: type=1326 audit(1748745602.672:2085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7139 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 103.951140][ T29] audit: type=1326 audit(1748745602.672:2086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7139 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 103.974730][ T29] audit: type=1326 audit(1748745602.672:2087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7139 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 103.998283][ T29] audit: type=1326 audit(1748745602.672:2088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7139 comm="syz.2.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 104.034454][ T7145] rdma_rxe: rxe_newlink: failed to add batadv_slave_1 [ 104.050785][ T7143] loop3: detected capacity change from 0 to 512 [ 104.067156][ T7143] EXT4-fs: Ignoring removed mblk_io_submit option [ 104.087484][ T7143] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.1150: iget: bad extended attribute block 1 [ 104.101919][ T7143] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.1150: couldn't read orphan inode 15 (err -117) [ 104.120673][ T7143] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.194404][ T7148] veth0: entered promiscuous mode [ 104.202652][ T7148] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1165'. [ 104.233522][ T7148] veth0 (unregistering): left promiscuous mode [ 104.507891][ T7164] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=7164 comm=syz.2.1161 [ 104.574262][ T7171] netlink: 'syz.0.1163': attribute type 4 has an invalid length. [ 104.615699][ T7171] netlink: 'syz.0.1163': attribute type 4 has an invalid length. [ 104.746575][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.872100][ T7193] veth1_macvtap: left promiscuous mode [ 104.885907][ T7193] macsec0: entered promiscuous mode [ 104.979634][ T7201] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1177'. [ 105.017760][ T7205] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1178'. [ 105.068095][ T7207] syzkaller0: entered promiscuous mode [ 105.073634][ T7207] syzkaller0: entered allmulticast mode [ 105.105862][ T7209] 9pnet_fd: p9_fd_create_tcp (7209): problem connecting socket to 127.0.0.1 [ 105.127691][ T7211] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1182'. [ 105.176753][ T7211] syz_tun: entered promiscuous mode [ 105.196310][ T7217] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1186'. [ 105.206213][ T7211] syz_tun: left promiscuous mode [ 105.227861][ T7219] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22 [ 105.259485][ T7227] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7227 comm=syz.4.1186 [ 105.482277][ T7253] rdma_rxe: rxe_newlink: failed to add batadv_slave_1 [ 105.568742][ T7261] loop2: detected capacity change from 0 to 128 [ 105.640920][ T7261] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 105.708614][ T7261] ext4 filesystem being mounted at /238/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 105.750479][ T7269] loop1: detected capacity change from 0 to 512 [ 105.757621][ T7269] EXT4-fs: Ignoring removed orlov option [ 105.764571][ T7269] ext4: Unknown parameter 'uid>00000000000000000000' [ 105.829379][ T3323] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 105.939982][ T7277] netlink: 'syz.4.1211': attribute type 1 has an invalid length. [ 105.965864][ T7277] 8021q: adding VLAN 0 to HW filter on device bond3 [ 105.980692][ T7277] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1211'. [ 105.992493][ T7277] bond3 (unregistering): Released all slaves [ 106.104043][ T7293] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1216'. [ 106.168943][ T7293] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1216'. [ 106.304566][ T7301] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1229'. [ 106.372409][ T7301] 8021q: adding VLAN 0 to HW filter on device bond1 [ 106.512695][ T7304] syzkaller0: entered promiscuous mode [ 106.518483][ T7304] syzkaller0: entered allmulticast mode [ 106.806538][ T7319] loop2: detected capacity change from 0 to 128 [ 106.828256][ T7319] batadv_slave_0: entered promiscuous mode [ 106.834557][ T7319] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1224'. [ 106.844253][ T7319] batadv_slave_0 (unregistering): left promiscuous mode [ 106.853509][ T7319] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 107.254004][ T7357] syzkaller0: entered promiscuous mode [ 107.259598][ T7357] syzkaller0: entered allmulticast mode [ 107.357207][ T7376] loop1: detected capacity change from 0 to 128 [ 107.367169][ T7376] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 107.382917][ T7376] ext4 filesystem being mounted at /217/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 107.443905][ T3315] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 107.472521][ T7389] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1238'. [ 107.524057][ T7399] loop2: detected capacity change from 0 to 128 [ 107.531722][ T7393] loop1: detected capacity change from 0 to 2048 [ 107.547531][ T7399] EXT4-fs: Ignoring removed nomblk_io_submit option [ 107.555129][ T7399] EXT4-fs error (device loop2): __ext4_fill_super:5500: inode #2: comm syz.2.1248: iget: checksum invalid [ 107.568046][ T7399] EXT4-fs (loop2): get root inode failed [ 107.573719][ T7399] EXT4-fs (loop2): mount failed [ 107.579895][ T7393] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.610363][ T7393] EXT4-fs (loop1): stripe (248) is not aligned with cluster size (16), stripe is disabled [ 107.621019][ T7393] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 107.655998][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.782792][ T7431] team0 (unregistering): Port device team_slave_0 removed [ 107.792322][ T7431] team0 (unregistering): Failed to send options change via netlink (err -105) [ 107.801706][ T7431] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105) [ 107.813028][ T7431] team0 (unregistering): Port device team_slave_1 removed [ 107.977740][ T7453] loop4: detected capacity change from 0 to 512 [ 107.999674][ T7453] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.018869][ T7453] ext4 filesystem being mounted at /287/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 108.044294][ T7453] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1246: corrupted inode contents [ 108.063044][ T7453] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.1246: mark_inode_dirty error [ 108.075016][ T7453] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1246: corrupted inode contents [ 108.097276][ T7453] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.1246: mark_inode_dirty error [ 108.138809][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.184366][ T3395] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 108.199727][ T3395] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 108.442205][ T7496] loop4: detected capacity change from 0 to 1024 [ 108.448981][ T7496] EXT4-fs: Ignoring removed orlov option [ 108.457483][ T7496] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.538891][ T7502] 9pnet_fd: Insufficient options for proto=fd [ 108.564269][ T3390] IPVS: starting estimator thread 0... [ 108.641432][ T7509] pim6reg1: entered promiscuous mode [ 108.646858][ T7509] pim6reg1: entered allmulticast mode [ 108.656580][ T7505] IPVS: using max 2160 ests per chain, 108000 per kthread [ 109.519019][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.571395][ T7540] loop4: detected capacity change from 0 to 512 [ 109.586982][ T7538] syzkaller0: entered allmulticast mode [ 109.593193][ T7538] syzkaller0: entered promiscuous mode [ 109.601761][ T7540] EXT4-fs (loop4): 1 orphan inode deleted [ 109.608117][ T7540] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.623135][ T7538] syzkaller0 (unregistering): left allmulticast mode [ 109.629932][ T7538] syzkaller0 (unregistering): left promiscuous mode [ 109.810330][ T7540] ext4 filesystem being mounted at /290/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.826572][ T4109] __quota_error: 268 callbacks suppressed [ 109.826592][ T4109] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 109.842205][ T4109] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:24: Failed to release dquot type 1 [ 109.854526][ T29] audit: type=1400 audit(1748745608.672:2357): avc: denied { listen } for pid=7544 comm="syz.3.1269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 109.951349][ T7550] loop1: detected capacity change from 0 to 512 [ 109.967814][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.995009][ T7550] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 110.039086][ T7550] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.067341][ T7550] ext4 filesystem being mounted at /222/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.115966][ T7566] __nla_validate_parse: 1 callbacks suppressed [ 110.115986][ T7566] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1277'. [ 110.167100][ T7550] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.1270: corrupted xattr block 19: overlapping e_value [ 110.181519][ T7550] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 110.224715][ T7550] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.1270: corrupted xattr block 19: overlapping e_value [ 110.241741][ T7550] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 110.251425][ T7550] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.1270: corrupted xattr block 19: overlapping e_value [ 110.257420][ T29] audit: type=1400 audit(1748745609.132:2358): avc: denied { setattr } for pid=7547 comm="syz.1.1270" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 110.298177][ T7582] pim6reg1: entered promiscuous mode [ 110.303548][ T7582] pim6reg1: entered allmulticast mode [ 110.321305][ T7576] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #15: comm syz.1.1270: corrupted xattr block 19: overlapping e_value [ 110.335454][ T7576] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 110.350561][ T7576] EXT4-fs error (device loop1): ext4_xattr_block_find:1869: inode #15: comm syz.1.1270: corrupted xattr block 19: overlapping e_value [ 110.378366][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.464307][ T7588] loop2: detected capacity change from 0 to 164 [ 110.482591][ T7588] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 110.505201][ T7588] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 110.523292][ T7588] Symlink component flag not implemented [ 110.529045][ T7588] Symlink component flag not implemented [ 110.535792][ T7588] Symlink component flag not implemented (7) [ 110.542004][ T7588] Symlink component flag not implemented (116) [ 110.801350][ T29] audit: type=1400 audit(1748745609.682:2359): avc: denied { bind } for pid=7607 comm="syz.2.1290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 110.884499][ T7615] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1303'. [ 110.898685][ T7615] team0 (unregistering): Port device team_slave_0 removed [ 110.912171][ T7615] team0 (unregistering): Port device team_slave_1 removed [ 110.923167][ T7616] pim6reg1: entered promiscuous mode [ 110.928599][ T7616] pim6reg1: entered allmulticast mode [ 110.974427][ T7621] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1291'. [ 110.987910][ T29] audit: type=1326 audit(1748745609.862:2360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7622 comm="syz.2.1295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 111.011721][ T29] audit: type=1326 audit(1748745609.862:2361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7622 comm="syz.2.1295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 111.035150][ T29] audit: type=1326 audit(1748745609.862:2362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7622 comm="syz.2.1295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 111.058615][ T29] audit: type=1326 audit(1748745609.862:2363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7622 comm="syz.2.1295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 111.082159][ T29] audit: type=1326 audit(1748745609.862:2364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7622 comm="syz.2.1295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 111.105661][ T29] audit: type=1326 audit(1748745609.862:2365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7622 comm="syz.2.1295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa5dc4de969 code=0x7ffc0000 [ 111.163627][ T7628] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7628 comm=syz.0.1291 [ 111.181441][ T7629] loop2: detected capacity change from 0 to 512 [ 111.199304][ T7631] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1298'. [ 111.209957][ T7631] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1298'. [ 111.227078][ T7629] EXT4-fs (loop2): 1 orphan inode deleted [ 111.233717][ T7629] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.247708][ T4141] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:52: Failed to release dquot type 1 [ 111.259286][ T7629] ext4 filesystem being mounted at /264/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.307631][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.345925][ T7645] loop2: detected capacity change from 0 to 128 [ 111.353141][ T7645] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 111.365299][ T7645] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 111.428898][ T7650] syzkaller0: entered promiscuous mode [ 111.434439][ T7650] syzkaller0: entered allmulticast mode [ 111.835047][ T7684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1318'. [ 111.844204][ T7684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1318'. [ 111.853123][ T7684] netlink: 'syz.0.1318': attribute type 11 has an invalid length. [ 112.143860][ T7698] sch_tbf: burst 4398 is lower than device lo mtu (11337746) ! [ 112.189083][ T7707] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1326'. [ 112.195687][ T7704] loop3: detected capacity change from 0 to 1024 [ 112.205461][ T7704] ext4: Unknown parameter 'uid<00000000000000000000' [ 112.217778][ T7707] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7707 comm=syz.2.1326 [ 112.263488][ T7714] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1329'. [ 112.433549][ T7741] pim6reg1: entered promiscuous mode [ 112.439029][ T7741] pim6reg1: entered allmulticast mode [ 112.991781][ T7828] loop1: detected capacity change from 0 to 1024 [ 113.014856][ T7828] ext4: Unknown parameter 'uid<00000000000000000000' [ 113.269360][ T7874] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1343'. [ 113.312709][ T7878] loop1: detected capacity change from 0 to 764 [ 113.550161][ T7902] syzkaller0: entered allmulticast mode [ 113.642994][ T7909] bridge0: port 3(macvlan2) entered blocking state [ 113.653154][ T7909] bridge0: port 3(macvlan2) entered disabled state [ 113.673109][ T7909] macvlan2: entered allmulticast mode [ 113.680354][ T7909] bridge0: entered allmulticast mode [ 113.713047][ T7909] macvlan2: left allmulticast mode [ 113.720293][ T7909] bridge0: left allmulticast mode [ 113.822653][ T7902] syzkaller0 (unregistering): left allmulticast mode [ 114.161543][ T7978] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.282647][ T7978] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.329580][ T8018] loop7: detected capacity change from 0 to 16384 [ 114.378332][ T8022] netlink: 'syz.4.1370': attribute type 13 has an invalid length. [ 114.390973][ T7978] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.507830][ T7978] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.632850][ T7978] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.659893][ T7978] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.683478][ T7978] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.710402][ T7978] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.896707][ T8040] loop1: detected capacity change from 0 to 1024 [ 114.911072][ T8040] EXT4-fs (loop1): inodes count not valid: 32 vs 1312 [ 114.926432][ T29] kauditd_printk_skb: 220 callbacks suppressed [ 114.926450][ T29] audit: type=1400 audit(1748745613.802:2585): avc: denied { write } for pid=8039 comm="syz.1.1363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 115.122064][ T8051] netlink: 'syz.1.1369': attribute type 1 has an invalid length. [ 115.139491][ T8051] 8021q: adding VLAN 0 to HW filter on device bond2 [ 115.177905][ T8051] __nla_validate_parse: 2 callbacks suppressed [ 115.177938][ T8051] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1369'. [ 115.182720][ T8042] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.200375][ T8042] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.220061][ T8042] wg2: left promiscuous mode [ 115.224720][ T8042] wg2: left allmulticast mode [ 115.246865][ T8042] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 115.258269][ T8042] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 115.289256][ T8042] macsec0: left promiscuous mode [ 115.296035][ T8042] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.304711][ T8042] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.313286][ T8042] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.321762][ T8042] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.332110][ T8042] bond1: left promiscuous mode [ 115.337325][ T8042] bridge1: left promiscuous mode [ 115.342426][ T8042] bond1: left allmulticast mode [ 115.347350][ T8042] bridge1: left allmulticast mode [ 115.355151][ T8042] bond2: left promiscuous mode [ 115.360066][ T8042] bond2: left allmulticast mode [ 115.375432][ T8051] bond2 (unregistering): Released all slaves [ 115.390252][ T8057] loop3: detected capacity change from 0 to 512 [ 115.399027][ T8055] sch_tbf: burst 3504 is lower than device lo mtu (65550) ! [ 115.407254][ T8057] EXT4-fs: Ignoring removed mblk_io_submit option [ 115.423503][ T8057] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 115.484291][ T8057] EXT4-fs (loop3): 1 truncate cleaned up [ 115.518129][ T8057] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.897275][ T8084] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1382'. [ 116.340319][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.508903][ T8147] loop3: detected capacity change from 0 to 1024 [ 116.547751][ T8147] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.571351][ T8148] loop4: detected capacity change from 0 to 2048 [ 116.578024][ T8147] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.1390: Allocating blocks 385-513 which overlap fs metadata [ 116.593805][ T8148] EXT4-fs: Ignoring removed mblk_io_submit option [ 116.600429][ T8148] EXT4-fs: Ignoring removed i_version option [ 116.608830][ T8146] EXT4-fs (loop3): pa ffff88810072d3f0: logic 16, phys. 129, len 24 [ 116.617067][ T8146] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 116.666751][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.699437][ T8148] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.751973][ T8180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1394'. [ 116.770054][ T8181] loop2: detected capacity change from 0 to 1024 [ 116.791437][ T8181] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 116.807863][ T8181] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 116.816057][ T8181] EXT4-fs (loop2): orphan cleanup on readonly fs [ 116.822479][ T8181] EXT4-fs error (device loop2): ext4_quota_enable:7124: inode #3: comm syz.2.1396: iget: bad i_size value: 1407392063428608 [ 116.845951][ T8181] EXT4-fs error (device loop2): ext4_quota_enable:7127: comm syz.2.1396: Bad quota inode: 3, type: 0 [ 116.872714][ T8181] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 116.874364][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.887465][ T8181] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 116.900317][ T8181] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 116.989804][ T8181] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1396'. [ 117.056178][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.075438][ T29] audit: type=1400 audit(1748745615.952:2586): avc: denied { bind } for pid=8212 comm="syz.4.1401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 117.098610][ T8213] loop4: detected capacity change from 0 to 512 [ 117.105219][ T8213] EXT4-fs: Ignoring removed nobh option [ 117.119617][ T8213] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 117.132006][ T8213] EXT4-fs (loop4): 1 truncate cleaned up [ 117.143629][ T8213] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.158180][ T8187] loop1: detected capacity change from 0 to 128 [ 117.166686][ T8187] FAT-fs (loop1): Invalid FSINFO signature: 0x00615252, 0x61417272 (sector = 1) [ 117.177262][ T8213] EXT4-fs error (device loop4): ext4_search_dir:1474: inode #12: block 7: comm syz.4.1401: bad entry in directory: inode out of bounds - offset=0, inode=16777215, rec_len=16, size=56 fake=0 [ 117.198336][ T8213] EXT4-fs (loop4): Remounting filesystem read-only [ 117.214171][ T8187] netlink: 'syz.1.1397': attribute type 10 has an invalid length. [ 117.245819][ T8187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.263591][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.366305][ T8187] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 117.641335][ T8258] 9pnet_fd: p9_fd_create_tcp (8258): problem connecting socket to 127.0.0.1 [ 117.687507][ T8265] loop4: detected capacity change from 0 to 256 [ 117.698943][ T8264] netlink: 876 bytes leftover after parsing attributes in process `syz.1.1408'. [ 117.795700][ T8232] bio_check_eod: 3 callbacks suppressed [ 117.795723][ T8232] syz.4.1403: attempt to access beyond end of device [ 117.795723][ T8232] loop4: rw=2049, sector=256, nr_sectors = 288 limit=256 [ 117.817366][ T8232] syz.4.1403: attempt to access beyond end of device [ 117.817366][ T8232] loop4: rw=2049, sector=608, nr_sectors = 320 limit=256 [ 117.831614][ T8232] syz.4.1403: attempt to access beyond end of device [ 117.831614][ T8232] loop4: rw=2049, sector=960, nr_sectors = 64 limit=256 [ 117.847649][ T8232] syz.4.1403: attempt to access beyond end of device [ 117.847649][ T8232] loop4: rw=2049, sector=1056, nr_sectors = 1380 limit=256 [ 118.023473][ T8280] netlink: 6 bytes leftover after parsing attributes in process `syz.4.1411'. [ 118.571661][ T8288] bridge0: port 3(macvlan2) entered blocking state [ 118.581801][ T8288] bridge0: port 3(macvlan2) entered disabled state [ 118.590607][ T29] audit: type=1400 audit(1748745617.442:2587): avc: denied { bind } for pid=8289 comm="syz.3.1415" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 118.610129][ T29] audit: type=1400 audit(1748745617.442:2588): avc: denied { node_bind } for pid=8289 comm="syz.3.1415" saddr=224.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 118.635663][ T8288] macvlan2: entered allmulticast mode [ 118.641845][ T8288] bridge0: entered allmulticast mode [ 118.663384][ T8295] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1413'. [ 118.672371][ T8295] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1413'. [ 118.766468][ T8288] macvlan2: left allmulticast mode [ 118.773678][ T8288] bridge0: left allmulticast mode [ 118.820927][ T8295] bond2: entered promiscuous mode [ 118.826028][ T8295] bond2: entered allmulticast mode [ 118.836769][ T8295] 8021q: adding VLAN 0 to HW filter on device bond2 [ 118.988509][ T8313] atomic_op ffff8881203ae928 conn xmit_atomic 0000000000000000 [ 119.009439][ T8305] syzkaller0: entered promiscuous mode [ 119.014983][ T8305] syzkaller0: entered allmulticast mode [ 119.033554][ T29] audit: type=1400 audit(1748745617.912:2589): avc: denied { accept } for pid=8317 comm="syz.0.1425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 119.082641][ T29] audit: type=1400 audit(1748745617.952:2590): avc: denied { read } for pid=8320 comm="syz.2.1427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 119.313062][ T8331] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1431'. [ 119.400780][ T29] audit: type=1400 audit(1748745618.282:2591): avc: denied { create } for pid=8330 comm="syz.1.1431" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 119.497430][ T3390] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 119.505991][ T3390] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 119.674840][ T8343] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1435'. [ 119.742169][ T8346] netlink: 'syz.1.1436': attribute type 1 has an invalid length. [ 119.768923][ T8346] 8021q: adding VLAN 0 to HW filter on device bond4 [ 119.777930][ T8346] bond3: (slave bond4): making interface the new active one [ 119.802864][ T8346] bond3: (slave bond4): Enslaving as an active interface with an up link [ 119.825104][ T8346] 8021q: adding VLAN 0 to HW filter on device bond3 [ 119.865370][ T8353] loop1: detected capacity change from 0 to 2048 [ 119.895777][ T8357] netlink: 'syz.3.1439': attribute type 39 has an invalid length. [ 119.897291][ T8353] loop1: p1 < > p4 [ 119.909839][ T8353] loop1: p4 size 8388608 extends beyond EOD, truncated [ 120.034048][ T8366] loop4: detected capacity change from 0 to 128 [ 120.043001][ T8366] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 120.070153][ T8366] ext4 filesystem being mounted at /324/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 120.125142][ T29] audit: type=1400 audit(1748745619.002:2592): avc: denied { create } for pid=8365 comm="syz.4.1442" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 120.198640][ T3314] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 120.208109][ T29] audit: type=1400 audit(1748745619.052:2593): avc: denied { rename } for pid=8365 comm="syz.4.1442" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 120.320426][ T8380] futex_wake_op: syz.0.1447 tries to shift op by -1; fix this program [ 120.361778][ T29] audit: type=1326 audit(1748745619.242:2594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8383 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 120.394225][ T29] audit: type=1326 audit(1748745619.242:2595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8383 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 120.430227][ T29] audit: type=1326 audit(1748745619.302:2596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8383 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 120.453838][ T29] audit: type=1326 audit(1748745619.302:2597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8383 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 120.477504][ T29] audit: type=1326 audit(1748745619.302:2598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8383 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 120.501108][ T29] audit: type=1326 audit(1748745619.312:2599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8383 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 120.524632][ T29] audit: type=1326 audit(1748745619.312:2600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8383 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 120.548130][ T29] audit: type=1326 audit(1748745619.312:2601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8383 comm="syz.0.1448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 120.580511][ T8389] netlink: 'syz.2.1451': attribute type 39 has an invalid length. [ 120.621025][ T8396] __nla_validate_parse: 1 callbacks suppressed [ 120.621046][ T8396] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1455'. [ 120.638575][ T8398] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1456'. [ 120.683579][ T8407] x_tables: duplicate entry at hook 3 [ 120.692898][ T8405] loop4: detected capacity change from 0 to 512 [ 120.719443][ T8403] SELinux: ebitmap start bit (1728054080) is beyond the end of the bitmap (1472) [ 120.729473][ T8403] SELinux: failed to load policy [ 120.735030][ T8398] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8398 comm=syz.0.1456 [ 120.787898][ T8405] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.801120][ T8405] ext4 filesystem being mounted at /328/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 120.831970][ T8405] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1459: corrupted inode contents [ 120.846409][ T8405] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.1459: mark_inode_dirty error [ 120.860744][ T8405] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1459: corrupted inode contents [ 120.895579][ T8405] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1459: corrupted inode contents [ 120.908705][ T8405] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.1459: mark_inode_dirty error [ 120.921082][ T8405] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1459: corrupted inode contents [ 120.935747][ T8405] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.1459: mark_inode_dirty error [ 120.951766][ T8405] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.1459: corrupted inode contents [ 120.989950][ T8405] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.1459: mark_inode_dirty error [ 121.051149][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.213924][ T8439] loop3: detected capacity change from 0 to 256 [ 121.217923][ T8442] syzkaller0: entered promiscuous mode [ 121.222925][ T8439] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 121.225693][ T8442] syzkaller0: entered allmulticast mode [ 121.248041][ T8449] loop2: detected capacity change from 0 to 128 [ 121.255254][ T8447] rdma_rxe: rxe_newlink: failed to add veth0_to_bond [ 121.258662][ T8439] FAT-fs (loop3): Directory bread(block 64) failed [ 121.268713][ T8439] FAT-fs (loop3): Directory bread(block 65) failed [ 121.282052][ T8439] FAT-fs (loop3): Directory bread(block 66) failed [ 121.290819][ T8449] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 121.303347][ T8439] FAT-fs (loop3): Directory bread(block 67) failed [ 121.306476][ T8449] ext4 filesystem being mounted at /298/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 121.317845][ T8439] FAT-fs (loop3): Directory bread(block 68) failed [ 121.361094][ T8439] FAT-fs (loop3): Directory bread(block 69) failed [ 121.367861][ T8439] FAT-fs (loop3): Directory bread(block 70) failed [ 121.374478][ T8439] FAT-fs (loop3): Directory bread(block 71) failed [ 121.382120][ T8439] FAT-fs (loop3): Directory bread(block 72) failed [ 121.388884][ T8439] FAT-fs (loop3): Directory bread(block 73) failed [ 121.439393][ T3323] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 121.501617][ T8460] syzkaller0: entered allmulticast mode [ 121.508085][ T8463] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1480'. [ 121.958821][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.966291][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.973892][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.982594][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.990016][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.997531][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.004948][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.012459][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.019898][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.027334][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.034910][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.042379][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.049894][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.057343][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.098101][ T8505] loop4: detected capacity change from 0 to 164 [ 122.108452][ T8505] ISOFS: unable to read i-node block [ 122.113833][ T8505] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 122.208496][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.216006][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.223566][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.231426][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.238952][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.246505][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.253940][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.261462][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.269081][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.276652][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.284125][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.291615][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.299043][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.306490][ T23] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 122.316597][ T23] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz0 [ 122.467334][ T8533] loop1: detected capacity change from 0 to 128 [ 122.481503][ T8535] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1513'. [ 122.520650][ T8537] syzkaller1: entered promiscuous mode [ 122.526200][ T8537] syzkaller1: entered allmulticast mode [ 122.848350][ T8552] loop4: detected capacity change from 0 to 512 [ 122.877688][ T8552] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 122.891600][ T8552] EXT4-fs (loop4): 1 truncate cleaned up [ 122.897775][ T8552] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.934822][ T8558] pim6reg1: entered promiscuous mode [ 122.940252][ T8558] pim6reg1: entered allmulticast mode [ 122.968588][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.310503][ T8581] netlink: 344 bytes leftover after parsing attributes in process `syz.3.1535'. [ 123.370603][ T8588] netlink: 'syz.3.1538': attribute type 1 has an invalid length. [ 123.420534][ T8588] 8021q: adding VLAN 0 to HW filter on device bond2 [ 123.489969][ T8588] bond2: (slave gretap1): making interface the new active one [ 123.558041][ T8588] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 123.577431][ T8606] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1543'. [ 123.578466][ T8598] xt_CT: No such helper "pptp" [ 123.853869][ T8631] syzkaller0: entered promiscuous mode [ 123.859470][ T8631] syzkaller0: entered allmulticast mode [ 123.949107][ T8627] siw: device registration error -23 [ 124.034765][ T8625] loop3: detected capacity change from 0 to 128 [ 124.041159][ T23] page_pool_release_retry() stalled pool shutdown: id 27, 2 inflight 61 sec [ 124.122678][ T8656] netlink: 'syz.2.1561': attribute type 13 has an invalid length. [ 124.130716][ T8656] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1561'. [ 124.167053][ T8662] loop3: detected capacity change from 0 to 164 [ 124.174328][ T8662] isofs_fill_super: root inode is not a directory. Corrupted media? [ 124.184981][ T8662] netlink: 'syz.3.1566': attribute type 13 has an invalid length. [ 124.468444][ T8694] atomic_op ffff888138677d28 conn xmit_atomic 0000000000000000 [ 124.638272][ T8712] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1585'. [ 124.679792][ T8718] ip6gre1: entered allmulticast mode [ 124.891610][ T8733] netlink: 'syz.4.1595': attribute type 39 has an invalid length. [ 125.030422][ T8743] loop1: detected capacity change from 0 to 512 [ 125.051976][ T8743] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.1600: casefold flag without casefold feature [ 125.065992][ T8743] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.1600: couldn't read orphan inode 15 (err -117) [ 125.078687][ T8743] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.102247][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.132641][ T29] kauditd_printk_skb: 447 callbacks suppressed [ 125.132664][ T29] audit: type=1326 audit(1748745624.012:3049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8704 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbc873a5927 code=0x7ffc0000 [ 125.167066][ T29] audit: type=1326 audit(1748745624.012:3050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8704 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbc8734ab39 code=0x7ffc0000 [ 125.189950][ T29] audit: type=1326 audit(1748745624.012:3051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8704 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 125.213307][ T29] audit: type=1326 audit(1748745624.022:3052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8704 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbc873a5927 code=0x7ffc0000 [ 125.236170][ T29] audit: type=1326 audit(1748745624.022:3053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8704 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbc8734ab39 code=0x7ffc0000 [ 125.259166][ T29] audit: type=1326 audit(1748745624.022:3054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8704 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 125.282106][ T29] audit: type=1326 audit(1748745624.022:3055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8704 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbc873a5927 code=0x7ffc0000 [ 125.305011][ T29] audit: type=1326 audit(1748745624.022:3056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8704 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbc8734ab39 code=0x7ffc0000 [ 125.328012][ T29] audit: type=1326 audit(1748745624.022:3057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8704 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 125.351019][ T29] audit: type=1326 audit(1748745624.042:3058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8704 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbc873a5927 code=0x7ffc0000 [ 125.400537][ T8761] loop3: detected capacity change from 0 to 256 [ 125.705936][ T8785] serio: Serial port ptm0 [ 126.051670][ T8812] tipc: Enabling of bearer rejected, failed to enable media [ 126.228403][ T8828] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1632'. [ 126.524169][ T8851] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1640'. [ 126.533872][ T8851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1640'. [ 126.554163][ T8854] atomic_op ffff8881220ad128 conn xmit_atomic 0000000000000000 [ 126.583240][ T8858] netlink: 'syz.4.1644': attribute type 11 has an invalid length. [ 126.591367][ T8858] netlink: 448 bytes leftover after parsing attributes in process `syz.4.1644'. [ 126.798441][ T4141] nci: nci_rsp_packet: unknown rsp opcode 0x116 [ 126.909711][ T8886] loop4: detected capacity change from 0 to 512 [ 126.918951][ T8886] EXT4-fs (loop4): orphan cleanup on readonly fs [ 126.925631][ T8886] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1654: bg 0: block 131: padding at end of block bitmap is not set [ 126.941164][ T8886] EXT4-fs (loop4): Remounting filesystem read-only [ 126.948093][ T8886] EXT4-fs (loop4): 1 truncate cleaned up [ 126.954341][ T8886] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 126.978122][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.167760][ T8899] pim6reg1: entered promiscuous mode [ 127.173248][ T8899] pim6reg1: entered allmulticast mode [ 127.468347][ T8912] ip6tnl1: entered allmulticast mode [ 127.621869][ T8927] loop1: detected capacity change from 0 to 256 [ 127.647155][ T8927] FAT-fs (loop1): Directory bread(block 64) failed [ 127.648993][ T8931] loop2: detected capacity change from 0 to 164 [ 127.659826][ T8930] loop3: detected capacity change from 0 to 1024 [ 127.661623][ T8927] FAT-fs (loop1): Directory bread(block 65) failed [ 127.668556][ T8930] EXT4-fs (loop3): inodes count not valid: 32 vs 1312 [ 127.673426][ T8927] FAT-fs (loop1): Directory bread(block 66) failed [ 127.686937][ T8927] FAT-fs (loop1): Directory bread(block 67) failed [ 127.703556][ T8931] isofs_fill_super: root inode is not a directory. Corrupted media? [ 127.710510][ T8927] FAT-fs (loop1): Directory bread(block 68) failed [ 127.725204][ T8927] FAT-fs (loop1): Directory bread(block 69) failed [ 127.732248][ T8927] FAT-fs (loop1): Directory bread(block 70) failed [ 127.739856][ T8927] FAT-fs (loop1): Directory bread(block 71) failed [ 127.746688][ T8927] FAT-fs (loop1): Directory bread(block 72) failed [ 127.759967][ T8931] netlink: 'syz.2.1669': attribute type 13 has an invalid length. [ 127.760948][ T8933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1670'. [ 127.776953][ T8933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1670'. [ 127.791542][ T8927] FAT-fs (loop1): Directory bread(block 73) failed [ 127.848055][ T8941] SELinux: Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped). [ 127.897522][ T8945] syzkaller0: entered allmulticast mode [ 127.921266][ T8945] syzkaller0 (unregistering): left allmulticast mode [ 128.110404][ T8951] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1687'. [ 128.253044][ T8967] serio: Serial port ptm0 [ 128.982635][ T8987] netlink: 'syz.3.1688': attribute type 1 has an invalid length. [ 129.032669][ T8987] 8021q: adding VLAN 0 to HW filter on device bond3 [ 129.041921][ T8992] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1688'. [ 129.080659][ T8992] bond3 (unregistering): Released all slaves [ 129.375892][ T9011] No such timeout policy "syz0" [ 129.466274][ T9015] loop1: detected capacity change from 0 to 2048 [ 129.533328][ T9015] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.589482][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.610492][ T9032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1704'. [ 129.619603][ T9032] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1704'. [ 129.661341][ T9032] bond3: entered promiscuous mode [ 129.666476][ T9032] bond3: entered allmulticast mode [ 129.688391][ T9032] 8021q: adding VLAN 0 to HW filter on device bond3 [ 129.825004][ T9027] loop2: detected capacity change from 0 to 128 [ 129.860175][ T9027] FAT-fs (loop2): Invalid FSINFO signature: 0x00615252, 0x61417272 (sector = 1) [ 129.889747][ T9027] netlink: 'syz.2.1702': attribute type 10 has an invalid length. [ 129.898991][ T9061] siw: device registration error -23 [ 129.918446][ T9027] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.933885][ T9027] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 130.127861][ T9091] netlink: 'syz.3.1727': attribute type 1 has an invalid length. [ 130.186241][ T9091] 8021q: adding VLAN 0 to HW filter on device bond5 [ 130.204303][ T9091] bond4: (slave bond5): making interface the new active one [ 130.212619][ T9091] bond4: (slave bond5): Enslaving as an active interface with an up link [ 130.223044][ T9088] loop1: detected capacity change from 0 to 1024 [ 130.254764][ T9091] 8021q: adding VLAN 0 to HW filter on device bond4 [ 130.271328][ T9088] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 130.323900][ T9088] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.1716: Invalid block bitmap block 0 in block_group 0 [ 130.348657][ T9088] __quota_error: 290 callbacks suppressed [ 130.348735][ T9088] Quota error (device loop1): write_blk: dquota write failed [ 130.362996][ T9088] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 130.376019][ T9088] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1716: Failed to acquire dquot type 0 [ 130.391723][ T9088] EXT4-fs error (device loop1): ext4_free_blocks:6587: comm syz.1.1716: Freeing blocks not in datazone - block = 0, count = 4096 [ 130.409235][ T9088] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.1716: Invalid inode bitmap blk 0 in block_group 0 [ 130.422730][ T9088] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem [ 130.433674][ T4109] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-7 [ 130.442726][ T4109] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:24: Failed to release dquot type 0 [ 130.455095][ T9088] EXT4-fs (loop1): 1 orphan inode deleted [ 130.471117][ T9088] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.508308][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.411432][ T9187] bond2: (slave gretap1): Releasing active interface [ 131.430817][ T9187] bond4: (slave bond5): Releasing backup interface [ 131.450285][ T9190] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9190 comm=syz.2.1719 [ 131.506449][ T9187] netlink: 'syz.3.1720': attribute type 10 has an invalid length. [ 131.517431][ T9187] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 131.626457][ T29] audit: type=1400 audit(1748745630.502:3349): avc: denied { mount } for pid=9206 comm="syz.3.1728" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 131.676245][ T9209] loop2: detected capacity change from 0 to 512 [ 131.683113][ T9209] EXT4-fs: Ignoring removed mblk_io_submit option [ 131.697035][ T9209] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 131.713050][ T29] audit: type=1400 audit(1748745630.592:3350): avc: denied { unmount } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 131.715545][ T9209] EXT4-fs (loop2): 1 truncate cleaned up [ 131.738742][ T29] audit: type=1400 audit(1748745630.622:3351): avc: denied { unmount } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 131.761506][ T9209] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.777690][ T29] audit: type=1400 audit(1748745630.662:3352): avc: denied { add_name } for pid=9203 comm="syz.2.1726" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 131.839193][ T29] audit: type=1400 audit(1748745630.682:3353): avc: denied { write } for pid=9203 comm="syz.2.1726" path="/347/file0/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 131.880342][ T29] audit: type=1326 audit(1748745630.762:3354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9218 comm="syz.3.1731" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff0b36fe969 code=0x0 [ 131.958055][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.976161][ T29] audit: type=1400 audit(1748745630.852:3355): avc: denied { write } for pid=9221 comm="syz.2.1732" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 131.995592][ T9222] loop2: detected capacity change from 0 to 2048 [ 132.026867][ T9222] loop2: p1 < > p4 [ 132.031731][ T9222] loop2: p4 size 8388608 extends beyond EOD, truncated [ 132.670930][ T9248] netlink: 'syz.0.1752': attribute type 10 has an invalid length. [ 132.680755][ T9248] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.357077][ T9262] loop1: detected capacity change from 0 to 256 [ 133.534667][ T9262] FAT-fs (loop1): codepage cp950 not found [ 133.710201][ T9265] loop2: detected capacity change from 0 to 2048 [ 133.765749][ T9271] __nla_validate_parse: 2 callbacks suppressed [ 133.765795][ T9271] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1749'. [ 133.785895][ T9265] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.864677][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.932868][ T9284] loop2: detected capacity change from 0 to 128 [ 133.944705][ T9281] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 133.952612][ T9281] FAT-fs (loop2): Filesystem has been set read-only [ 133.977244][ T9281] syz.2.1750: attempt to access beyond end of device [ 133.977244][ T9281] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 134.006447][ T9281] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 134.014413][ T9281] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 134.034742][ T9284] syz.2.1750: attempt to access beyond end of device [ 134.034742][ T9284] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 134.048128][ T9284] syz.2.1750: attempt to access beyond end of device [ 134.048128][ T9284] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 134.117812][ T9296] netlink: 'syz.3.1761': attribute type 4 has an invalid length. [ 134.364168][ T9316] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1766'. [ 134.406219][ T9318] loop1: detected capacity change from 0 to 128 [ 134.429661][ T9318] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 134.445319][ T9318] ext4 filesystem being mounted at /323/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.522090][ T9321] SELinux: failed to load policy [ 134.654939][ T9328] netlink: 'syz.3.1772': attribute type 1 has an invalid length. [ 134.662939][ T9328] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1772'. [ 134.709373][ T9332] loop3: detected capacity change from 0 to 512 [ 134.768747][ T9332] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1772: bg 0: block 393: padding at end of block bitmap is not set [ 134.793375][ T9332] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 134.809965][ T9332] EXT4-fs (loop3): 2 truncates cleaned up [ 134.816289][ T9332] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.883290][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.923651][ T3315] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 134.968598][ T9340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.986826][ T9340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.037022][ T9349] loop1: detected capacity change from 0 to 128 [ 135.063609][ T9349] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 135.085158][ T9349] ext4 filesystem being mounted at /325/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 135.159174][ T9358] bridge_slave_0: left allmulticast mode [ 135.164916][ T9358] bridge_slave_0: left promiscuous mode [ 135.170736][ T9358] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.211222][ T9358] bridge_slave_1: left allmulticast mode [ 135.217007][ T9358] bridge_slave_1: left promiscuous mode [ 135.222717][ T9358] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.236716][ T3315] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 135.248407][ T9358] bond0: (slave bond_slave_0): Releasing backup interface [ 135.258897][ T9358] bond0: (slave bond_slave_1): Releasing backup interface [ 135.273406][ T9358] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 135.281472][ T9358] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 135.290186][ T9358] bond1: (slave bridge1): Removing an active aggregator [ 135.297793][ T9358] bond1: (slave bridge1): Releasing backup interface [ 135.326649][ T9358] netlink: 'syz.0.1783': attribute type 10 has an invalid length. [ 135.395476][ T29] kauditd_printk_skb: 108 callbacks suppressed [ 135.395493][ T29] audit: type=1326 audit(1748745634.272:3464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9334 comm="syz.4.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 135.425539][ T29] audit: type=1326 audit(1748745634.272:3465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9334 comm="syz.4.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 135.789472][ T9388] loop4: detected capacity change from 0 to 128 [ 135.800377][ T29] audit: type=1400 audit(1748745634.682:3466): avc: denied { append } for pid=9387 comm="syz.4.1791" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 135.826303][ T29] audit: type=1400 audit(1748745634.712:3467): avc: denied { ioctl } for pid=9387 comm="syz.4.1791" path="/dev/loop-control" dev="devtmpfs" ino=99 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 135.920744][ T9391] syzkaller0: entered promiscuous mode [ 135.926419][ T9391] syzkaller0: entered allmulticast mode [ 136.129592][ T9396] netlink: 'syz.4.1805': attribute type 1 has an invalid length. [ 136.137470][ T9396] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1805'. [ 136.151629][ T9396] loop4: detected capacity change from 0 to 512 [ 136.165297][ T9396] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1805: bg 0: block 393: padding at end of block bitmap is not set [ 136.180316][ T9396] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 136.190518][ T9396] EXT4-fs (loop4): 2 truncates cleaned up [ 136.197102][ T9396] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.227316][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.361355][ T29] audit: type=1326 audit(1748745635.242:3468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9410 comm="syz.0.1801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 136.384986][ T29] audit: type=1326 audit(1748745635.242:3469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9410 comm="syz.0.1801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 136.491134][ T29] audit: type=1326 audit(1748745635.292:3470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9410 comm="syz.0.1801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 136.514782][ T29] audit: type=1326 audit(1748745635.292:3471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9410 comm="syz.0.1801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 136.538626][ T29] audit: type=1326 audit(1748745635.292:3472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9410 comm="syz.0.1801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 136.562115][ T29] audit: type=1326 audit(1748745635.292:3473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9410 comm="syz.0.1801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 136.618108][ T9416] SELinux: security_context_str_to_sid () failed with errno=-22 [ 136.627757][ T9418] netlink: 'syz.1.1806': attribute type 1 has an invalid length. [ 136.646718][ T9418] 8021q: adding VLAN 0 to HW filter on device bond5 [ 136.688042][ T9418] 8021q: adding VLAN 0 to HW filter on device bond5 [ 136.695538][ T9418] bond5: (slave vti0): The slave device specified does not support setting the MAC address [ 136.727589][ T9418] bond5: (slave vti0): Error -95 calling set_mac_address [ 136.758684][ T9422] bond5: (slave gretap1): making interface the new active one [ 136.773528][ T9422] bond5: (slave gretap1): Enslaving as an active interface with an up link [ 137.119601][ T9456] SELinux: Context @ is not valid (left unmapped). [ 137.207782][ T9467] netlink: 'syz.2.1825': attribute type 1 has an invalid length. [ 137.235641][ T9467] 8021q: adding VLAN 0 to HW filter on device bond1 [ 137.257337][ T9472] pim6reg1: entered promiscuous mode [ 137.262705][ T9472] pim6reg1: entered allmulticast mode [ 137.272863][ T9467] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1825'. [ 137.283972][ T9467] bond1 (unregistering): Released all slaves [ 137.393417][ T9480] loop4: detected capacity change from 0 to 512 [ 137.400283][ T9480] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 137.412107][ T9480] EXT4-fs (loop4): 1 truncate cleaned up [ 137.419541][ T9480] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.707272][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.054212][ T9512] loop3: detected capacity change from 0 to 512 [ 139.139519][ T9512] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.299858][ T9512] ext4 filesystem being mounted at /346/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.049678][ T9532] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1845'. [ 140.050324][ T9532] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1845'. [ 140.114365][ T9537] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1846'. [ 140.127522][ T9534] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1846'. [ 140.140374][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.152667][ T9537] loop4: detected capacity change from 0 to 512 [ 140.249324][ T9537] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.263978][ T9547] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1853'. [ 140.273459][ T9537] ext4 filesystem being mounted at /400/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.287725][ T9552] loop3: detected capacity change from 0 to 512 [ 140.296441][ T9552] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 140.308468][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.321478][ T9552] EXT4-fs (loop3): 1 truncate cleaned up [ 140.327741][ T9552] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.356744][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.381247][ T9560] ALSA: seq fatal error: cannot create timer (-19) [ 140.399075][ T29] kauditd_printk_skb: 125 callbacks suppressed [ 140.399091][ T29] audit: type=1400 audit(1748745639.282:3599): avc: denied { create } for pid=9562 comm="syz.0.1859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 140.454324][ T29] audit: type=1400 audit(1748745639.312:3600): avc: denied { ioctl } for pid=9562 comm="syz.0.1859" path="socket:[23107]" dev="sockfs" ino=23107 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 140.479166][ T29] audit: type=1400 audit(1748745639.332:3601): avc: denied { sys_module } for pid=9562 comm="syz.0.1859" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 140.510422][ T9563] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1859'. [ 140.536692][ T29] audit: type=1400 audit(1748745639.392:3602): avc: denied { bind } for pid=9562 comm="syz.0.1859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 140.656538][ T29] audit: type=1400 audit(1748745639.532:3603): avc: denied { create } for pid=9576 comm="syz.0.1862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 140.690357][ T9577] vlan2: entered promiscuous mode [ 140.695648][ T9577] ip6gretap0: entered promiscuous mode [ 140.910863][ T29] audit: type=1400 audit(1748745639.792:3604): avc: denied { create } for pid=9582 comm="syz.0.1863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 140.988204][ T29] audit: type=1400 audit(1748745639.872:3605): avc: denied { read } for pid=9582 comm="syz.0.1863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 141.027610][ T29] audit: type=1400 audit(1748745639.912:3606): avc: denied { read write } for pid=9584 comm="syz.3.1865" name="rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 141.051915][ T29] audit: type=1400 audit(1748745639.912:3607): avc: denied { open } for pid=9584 comm="syz.3.1865" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 141.081559][ T29] audit: type=1400 audit(1748745639.932:3608): avc: denied { write } for pid=9582 comm="syz.0.1863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 141.128570][ T9591] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1867'. [ 141.137756][ T9591] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1867'. [ 141.148306][ T9591] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1867'. [ 141.175199][ T9591] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1867'. [ 141.593732][ T9612] sd 0:0:1:0: device reset [ 141.756882][ T9618] netlink: 'syz.1.1875': attribute type 4 has an invalid length. [ 141.766185][ T9618] netlink: 'syz.1.1875': attribute type 4 has an invalid length. [ 141.805130][ T9620] netlink: 'syz.1.1876': attribute type 1 has an invalid length. [ 143.342104][ T9715] sd 0:0:1:0: device reset [ 144.196614][ T3395] page_pool_release_retry() stalled pool shutdown: id 38, 1 inflight 60 sec [ 144.464153][ T9765] loop4: detected capacity change from 0 to 4096 [ 144.489067][ T9765] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.639008][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.651086][ T9772] netlink: 'syz.3.1934': attribute type 4 has an invalid length. [ 144.678925][ T9774] xt_hashlimit: size too large, truncated to 1048576 [ 144.903903][ T9781] loop4: detected capacity change from 0 to 512 [ 144.943633][ T9781] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.966524][ T9781] ext4 filesystem being mounted at /412/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 145.113969][ T9789] __nla_validate_parse: 8 callbacks suppressed [ 145.113987][ T9789] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1939'. [ 145.129106][ T9789] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1939'. [ 145.343937][ T9798] tipc: New replicast peer: 10.1.1.2 [ 145.343979][ T9798] tipc: Enabled bearer , priority 10 [ 145.870995][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.905939][ T9809] loop4: detected capacity change from 0 to 1024 [ 145.928254][ T9809] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.951583][ T29] kauditd_printk_skb: 147 callbacks suppressed [ 145.951602][ T29] audit: type=1326 audit(1748745644.832:3756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.0.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 145.986450][ T29] audit: type=1326 audit(1748745644.832:3757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.0.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 146.010425][ T29] audit: type=1326 audit(1748745644.832:3758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.0.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 146.035243][ T29] audit: type=1326 audit(1748745644.832:3759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.0.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 146.058734][ T29] audit: type=1326 audit(1748745644.832:3760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.0.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 146.082393][ T29] audit: type=1326 audit(1748745644.832:3761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.0.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 146.105852][ T29] audit: type=1326 audit(1748745644.832:3762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.0.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 146.129308][ T29] audit: type=1326 audit(1748745644.832:3763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.0.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 146.152766][ T29] audit: type=1326 audit(1748745644.832:3764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9811 comm="syz.0.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fbc873ae969 code=0x7ffc0000 [ 146.176237][ T29] audit: type=1400 audit(1748745644.832:3765): avc: denied { bind } for pid=9811 comm="syz.0.1947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 146.336400][ T3395] tipc: Node number set to 334816005 [ 146.587230][ T9833] loop3: detected capacity change from 0 to 256 [ 146.713164][ T9839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1958'. [ 146.834568][ T9842] program syz.3.1959 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 146.955687][ T9851] netlink: 'syz.0.1962': attribute type 1 has an invalid length. [ 147.007957][ T9851] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1962'. [ 147.030718][ T9851] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 147.041484][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.051515][ T9851] bond5: (slave batadv1): Enslaving as a backup interface with an up link [ 147.081120][ T9851] bond5 (unregistering): (slave batadv1): Releasing backup interface [ 147.092818][ T9851] bond5 (unregistering): Released all slaves [ 147.536806][ T9887] uprobe: syz.0.1976:9887 failed to unregister, leaking uprobe [ 147.902568][ T9900] loop3: detected capacity change from 0 to 128 [ 148.005998][ T9900] syz.3.1980: attempt to access beyond end of device [ 148.005998][ T9900] loop3: rw=2049, sector=132, nr_sectors = 8 limit=128 [ 148.021403][ T9900] syz.3.1980: attempt to access beyond end of device [ 148.021403][ T9900] loop3: rw=2049, sector=148, nr_sectors = 8 limit=128 [ 148.037095][ T9900] syz.3.1980: attempt to access beyond end of device [ 148.037095][ T9900] loop3: rw=2049, sector=142, nr_sectors = 1 limit=128 [ 148.051523][ T9900] Buffer I/O error on dev loop3, logical block 142, lost async page write [ 148.060628][ T9900] syz.3.1980: attempt to access beyond end of device [ 148.060628][ T9900] loop3: rw=2049, sector=143, nr_sectors = 1 limit=128 [ 148.074521][ T9900] Buffer I/O error on dev loop3, logical block 143, lost async page write [ 148.083523][ T9900] syz.3.1980: attempt to access beyond end of device [ 148.083523][ T9900] loop3: rw=2049, sector=144, nr_sectors = 1 limit=128 [ 148.097632][ T9900] Buffer I/O error on dev loop3, logical block 144, lost async page write [ 148.107462][ T9900] syz.3.1980: attempt to access beyond end of device [ 148.107462][ T9900] loop3: rw=2049, sector=145, nr_sectors = 1 limit=128 [ 148.130482][ T9900] Buffer I/O error on dev loop3, logical block 145, lost async page write [ 148.139963][ T9900] syz.3.1980: attempt to access beyond end of device [ 148.139963][ T9900] loop3: rw=2049, sector=146, nr_sectors = 1 limit=128 [ 148.154496][ T9900] Buffer I/O error on dev loop3, logical block 146, lost async page write [ 148.164986][ T9900] syz.3.1980: attempt to access beyond end of device [ 148.164986][ T9900] loop3: rw=2049, sector=147, nr_sectors = 1 limit=128 [ 148.182775][ T9900] Buffer I/O error on dev loop3, logical block 147, lost async page write [ 148.194983][ T9900] syz.3.1980: attempt to access beyond end of device [ 148.194983][ T9900] loop3: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 148.213294][ T9900] Buffer I/O error on dev loop3, logical block 156, lost async page write [ 148.224466][ T9900] syz.3.1980: attempt to access beyond end of device [ 148.224466][ T9900] loop3: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 148.239830][ T9900] Buffer I/O error on dev loop3, logical block 157, lost async page write [ 148.258005][ T9900] Buffer I/O error on dev loop3, logical block 160, lost async page write [ 148.270449][ T9900] Buffer I/O error on dev loop3, logical block 161, lost async page write [ 148.422447][ T9907] macsec0: entered promiscuous mode [ 148.427761][ T9907] bridge0: entered promiscuous mode [ 148.435331][ T9907] bridge0: port 3(macsec0) entered blocking state [ 148.442199][ T9907] bridge0: port 3(macsec0) entered disabled state [ 148.454854][ T9907] macsec0: entered allmulticast mode [ 148.460264][ T9907] bridge0: entered allmulticast mode [ 148.480103][ T9907] macsec0: left allmulticast mode [ 148.485281][ T9907] bridge0: left allmulticast mode [ 148.500378][ T9907] bridge0: left promiscuous mode [ 148.672537][ T9918] bridge0: port 3(macvlan0) entered blocking state [ 148.680015][ T9918] bridge0: port 3(macvlan0) entered disabled state [ 148.699151][ T9918] macvlan0: entered allmulticast mode [ 148.705329][ T9918] bridge0: entered allmulticast mode [ 148.751764][ T9918] macvlan0: left allmulticast mode [ 148.759871][ T9918] bridge0: left allmulticast mode [ 149.378499][ T9951] pim6reg1: entered promiscuous mode [ 149.383861][ T9951] pim6reg1: entered allmulticast mode [ 149.564441][ T9973] netlink: 'syz.3.2019': attribute type 4 has an invalid length. [ 149.573118][ T9973] netlink: 'syz.3.2019': attribute type 4 has an invalid length. [ 149.926747][ T9989] 9pnet: p9_errstr2errno: server reported unknown error [ 150.037272][ T9997] pim6reg1: entered promiscuous mode [ 150.042725][ T9997] pim6reg1: entered allmulticast mode [ 150.050710][ T9999] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9999 comm=syz.4.2020 [ 150.114486][ T9999] vlan0: entered allmulticast mode [ 150.119818][ T9999] bond3: entered allmulticast mode [ 150.307732][T10006] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2023'. [ 150.361632][T10006] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10006 comm=syz.4.2023 [ 150.548422][T10014] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2026'. [ 150.573230][T10014] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2026'. [ 150.954126][T10028] TCP: out of memory -- consider tuning tcp_mem [ 151.087377][T10035] netlink: 'syz.0.2036': attribute type 1 has an invalid length. [ 151.095401][T10035] netlink: 'syz.0.2036': attribute type 4 has an invalid length. [ 151.103202][T10035] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.2036'. [ 151.138414][T10041] loop3: detected capacity change from 0 to 512 [ 151.148471][T10038] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2037'. [ 151.151370][T10035] netlink: 'syz.0.2036': attribute type 1 has an invalid length. [ 151.165461][T10035] netlink: 'syz.0.2036': attribute type 4 has an invalid length. [ 151.173280][T10035] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.2036'. [ 151.183420][ T29] kauditd_printk_skb: 596 callbacks suppressed [ 151.183444][ T29] audit: type=1400 audit(1748745650.062:4362): avc: denied { append } for pid=10037 comm="syz.4.2038" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 151.405607][ T29] audit: type=1400 audit(1748745650.182:4363): avc: denied { create } for pid=10048 comm="syz.1.2043" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 151.425254][ T29] audit: type=1400 audit(1748745650.182:4364): avc: denied { write } for pid=10048 comm="syz.1.2043" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 151.795665][T10107] loop3: detected capacity change from 0 to 1024 [ 151.996878][T10107] ext4: Unknown parameter 'nouser_xattr' [ 152.445376][T10172] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2052'. [ 152.454536][T10172] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2052'. [ 152.461727][T10174] loop4: detected capacity change from 0 to 1024 [ 152.463673][T10172] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2052'. [ 152.471608][T10174] EXT4-fs: Ignoring removed bh option [ 152.484595][T10174] EXT4-fs: Ignoring removed nomblk_io_submit option [ 152.511716][T10172] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2052'. [ 152.524468][T10174] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.567369][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.602623][ T29] audit: type=1326 audit(1748745651.472:4365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10188 comm="syz.2.2056" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa5dc4de969 code=0x0 [ 152.701066][ T29] audit: type=1400 audit(1748745651.582:4366): avc: denied { accept } for pid=10205 comm="syz.0.2060" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 153.192793][T10223] netlink: 'syz.1.2064': attribute type 4 has an invalid length. [ 153.442532][ T29] audit: type=1400 audit(1748745652.322:4367): avc: denied { read } for pid=10229 comm="syz.2.2067" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 153.466183][ T29] audit: type=1400 audit(1748745652.322:4368): avc: denied { open } for pid=10229 comm="syz.2.2067" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 153.490011][ T29] audit: type=1400 audit(1748745652.322:4369): avc: denied { ioctl } for pid=10229 comm="syz.2.2067" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 153.688525][ T29] audit: type=1326 audit(1748745652.572:4370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10240 comm="syz.4.2071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 153.705808][T10243] loop3: detected capacity change from 0 to 764 [ 153.728864][ T29] audit: type=1326 audit(1748745652.572:4371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10240 comm="syz.4.2071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90e011e969 code=0x7ffc0000 [ 153.762802][T10245] loop4: detected capacity change from 0 to 1024 [ 153.779853][T10245] EXT4-fs: Ignoring removed bh option [ 153.785324][T10245] EXT4-fs: Ignoring removed nomblk_io_submit option [ 153.800008][T10245] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 153.831771][T10243] Symlink component flag not implemented [ 153.838542][T10243] Symlink component flag not implemented (7) [ 154.329723][T10253] ================================================================== [ 154.337882][T10253] BUG: KCSAN: data-race in __writeback_single_inode / xas_set_mark [ 154.346004][T10253] [ 154.348359][T10253] write to 0xffff8881067a3b04 of 4 bytes by task 10245 on cpu 1: [ 154.356659][T10253] xas_set_mark+0x12b/0x140 [ 154.361327][T10253] __folio_start_writeback+0x1dd/0x430 [ 154.366838][T10253] ext4_bio_write_folio+0x5ad/0x9f0 [ 154.372078][T10253] mpage_submit_folio+0xe4/0x170 [ 154.377061][T10253] mpage_process_page_bufs+0x39b/0x4a0 [ 154.382654][T10253] mpage_prepare_extent_to_map+0x741/0xaa0 [ 154.388591][T10253] ext4_do_writepages+0xa1a/0x21c0 [ 154.393735][T10253] ext4_writepages+0x176/0x300 [ 154.398518][T10253] do_writepages+0x1c3/0x310 [ 154.403119][T10253] file_write_and_wait_range+0x156/0x2c0 [ 154.408770][T10253] generic_buffers_fsync_noflush+0x45/0x120 [ 154.414694][T10253] ext4_sync_file+0x1ab/0x690 [ 154.419390][T10253] vfs_fsync_range+0x10a/0x130 [ 154.424159][T10253] ext4_buffered_write_iter+0x34f/0x3c0 [ 154.429721][T10253] ext4_file_write_iter+0x383/0xf00 [ 154.434933][T10253] iter_file_splice_write+0x5ef/0x970 [ 154.440315][T10253] direct_splice_actor+0x156/0x2a0 [ 154.445436][T10253] splice_direct_to_actor+0x312/0x680 [ 154.450818][T10253] do_splice_direct+0xda/0x150 [ 154.455612][T10253] do_sendfile+0x380/0x650 [ 154.460209][T10253] __x64_sys_sendfile64+0x105/0x150 [ 154.465416][T10253] x64_sys_call+0xb39/0x2fb0 [ 154.470008][T10253] do_syscall_64+0xd2/0x200 [ 154.474603][T10253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.480497][T10253] [ 154.482813][T10253] read to 0xffff8881067a3b04 of 4 bytes by task 10253 on cpu 0: [ 154.490436][T10253] __writeback_single_inode+0x1f9/0x7c0 [ 154.495989][T10253] writeback_single_inode+0x167/0x3e0 [ 154.501364][T10253] sync_inode_metadata+0x5b/0x90 [ 154.506302][T10253] generic_buffers_fsync_noflush+0xd9/0x120 [ 154.512213][T10253] ext4_sync_file+0x1ab/0x690 [ 154.516896][T10253] vfs_fsync_range+0x10a/0x130 [ 154.521698][T10253] ext4_buffered_write_iter+0x34f/0x3c0 [ 154.527258][T10253] ext4_file_write_iter+0x383/0xf00 [ 154.532475][T10253] iter_file_splice_write+0x5ef/0x970 [ 154.537971][T10253] direct_splice_actor+0x156/0x2a0 [ 154.543108][T10253] splice_direct_to_actor+0x312/0x680 [ 154.548494][T10253] do_splice_direct+0xda/0x150 [ 154.553279][T10253] do_sendfile+0x380/0x650 [ 154.557706][T10253] __x64_sys_sendfile64+0x105/0x150 [ 154.562922][T10253] x64_sys_call+0xb39/0x2fb0 [ 154.567518][T10253] do_syscall_64+0xd2/0x200 [ 154.572036][T10253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.578017][T10253] [ 154.580342][T10253] value changed: 0x0a000021 -> 0x04000021 [ 154.586315][T10253] [ 154.588638][T10253] Reported by Kernel Concurrency Sanitizer on: [ 154.594792][T10253] CPU: 0 UID: 0 PID: 10253 Comm: syz.4.2074 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(voluntary) [ 154.606946][T10253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 154.617011][T10253] ================================================================== [ 154.919387][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.