last executing test programs: 2.088364133s ago: executing program 1 (id=1072): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x24) r1 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100)=0x0, &(0x7f0000000480)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, &(0x7f0000000040)="5f73b7288aa0ea86e64745ed4380c11ef5026429aa", 0x15, 0x12100}) io_uring_enter(r1, 0xe85, 0x0, 0x0, 0x0, 0x0) 2.002741091s ago: executing program 1 (id=1065): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="10010000070a01020000000000000000020000000900010073797a30004b0000"], 0x110}}, 0x0) 1.944263775s ago: executing program 1 (id=1080): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x802, &(0x7f0000000300)={[{@noblock_validity}, {@dioread_nolock}, {@nobh}, {@minixdf}, {@nobh}, {@usrjquota, 0x2e}, {@grpquota}, {@nodiscard}, {@jqfmt_vfsv0}, {@noload}], [], 0x2c}, 0x84, 0x452, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) lseek(r0, 0x400, 0x1) getdents(r0, &(0x7f0000000900)=""/4096, 0x1000) 1.823147366s ago: executing program 1 (id=1073): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000110020850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={0x0}, 0x18) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="3700000013000318680907070000000f0000ff3f13000000170a001700000000040037000d00030001362564aa58b9a6c011f6bbf44dc4", 0x37}], 0x1) 1.647189641s ago: executing program 1 (id=1078): connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x3, 0xfffffffd, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5}, 0x1c) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x35, 0x0, "317f83735b4bb1eadc74dde27798c831eec04c24eeec7ff3d3137a508003d2d5c89ab0220cefebd4687636457b9822766c1bfea4e01ff23c6a4caeaf049a572a9774d3b882eb3b4a66c5ec48c29f065d"}, 0xd8) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", "05e2e505", "12000700"}, 0x38) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x58) 1.19462342s ago: executing program 4 (id=1088): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000080000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f0000000340)='tlb_flush\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r2}, 0x10) 1.114790346s ago: executing program 4 (id=1092): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb15, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6) recvmmsg(r1, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 1.075878679s ago: executing program 4 (id=1093): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) syz_clone(0x4010e000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.07533905s ago: executing program 2 (id=1104): fremovexattr(0xffffffffffffffff, &(0x7f0000000000)=@known='user.incfs.size\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[], 0x0, 0x7b7, &(0x7f00000002c0)="$eJzs3U1sHGf5APBnXbvJ35Wiqv8qjaI0naRFSqXUXa9bF6uHsl2PnWnXu6vdNXKEUBs1TmXFaauWCuoDJZcWEAhx4li49sYNhAQSB+CERA9cuFXqCRUEEgIhJKOZ3XUce/3R1Pmg/f2s+B3PPPO+z7vezLNje2YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIhSbbZcnixFPWssLiXbjEREcn8/dmH79g2D/n51XbPLuBGl/F8cPhzHequO3X9t89H80+k40fvqRBzOm8Oxds/Re5/+/9GRwf67JHSjTu0zrhTxrTypyxdWV5dfvwmJ3ELf/cVuW0eHrfzXev55Pm1knWa2UJ1Pk6zTTGamp8uPn5vrJHNZPe2c73TThaTWTqvdZjs5U3s0mZyZmUrSifPNxcb8bLWeDlY+9VilXJ5OnptopdV2p9l4/LmJTu1cVq9njfkiplL+euQxTyW12fbzWTfpptWFJLm0sro8tdfs8qDJXbafeOTej9788O8ry/kTcqegUv+JWZmcrFQmp5+cefKpcnm0Uq5cv6K8RWxExEhEHnFTnrTcOYpD5m4O5sANB2CkX/+jHlk0YjGWIhnyMRa1mI12NGMh//qPY9si+gb1/wuP/+X3u427uf4Pqvyxa5uPR1H/T/a+OrlT/R+a60F+jPTz2Wn7G/FWrMXluBCrsRrL8fpNz+hTfowcbH/zkUYjsuhEM7JYiGqxJumvSWImpmM6yvFCnIu56EQSc5FFPdLoxPnoRDfS4hlVi3akUY1uNKMdSZyJWjwaSUzGTMzEVCSRxkScj2YsRiPmYzaqRS+XYqV43Ke25HX0my/+/OU/fPRevrwRNLnLREr5i7k86G+7BG0r9/uv/+vRj1D/P+8O+AgON259UP8BAACAz6xS8dP3/Px/LB4sluayevqV250WAAAAcICK3/yfyJuxfOnBKOXn/+UhkR/c8twAAACAg1EqrrErRcR4PNRbGlwuNeyHAAAAAMD/oOL3/yfzZjzi7WKF838AAAD4jPn2TvfY/3Bwj91O61Dpl3+NdnusdLW19EjpSjWPq165q7dfv/nyRo/dueOlw9HrpOhrenTtnlJEjNbSE6XB3S//c6jXflx8Pj66sftO9/ovbUlgY4+7tk4pT+DI2pYEjhYDfy9O9WJOXey1F/tx/TsSj89l9XSi1qw/XdwSMf/XffOVlW9EMf3vNBaOlOLSyuryxEuvrl4scrma93L1Sv8Gitvuozg8l2LE9f4jEA8On/FYcSFGf9zx3rjlzd+A/r2JR3Yfs7R5zHfidC/m9HivHb9+/ofzMScnnp6MavXISDdd6r65vmn2/SwmP+XM34mHezEPn3m41wzJonJdFq9sz6KyOYv9PRZ7ZjHWf2K9d+rtpX/8pllKp/bKYmpLFoc/YRYAt8ul4q4/16rQ/xVV6N/rPXn9v1Z3k15AX/8o98BGV/lRblAGthzlLsXGlsH+m2rdaGyr7ltfXsSWUXY4op/pxZzpvZ4YPT6krpSHHNFfW3ntt/0j+hPv/+jHXz35u5/eeHV7Px7txfSbuO/XO9TYfM7fbyyMDzpdeqa/8JMdx+3UK6UYi7jra1dei6NvvLX22MqVCy8vv7z8SqUyNV1+olx+shJjxUuFfqP2ADDE3u+xs2dE6Yk9zqrv2/iTgol4KV6N1bgYZ4urDSLioeG9jm/6M4SzcTqKk+UdzlrHN73Dy9k9zi2vxVa2xw5eV2yLndr0iD3ww6L55038pgDATXZ6jzq8n/p/do/z7utr+Zaz49i5lg/zxZv6aADA50Pa/rg03n231G5nrRcmZ2Ymq91zadJu1p5P2tnsfJpkjW7arp2rNubTpNVudpu1wQ+OZ9NO0llstZrtbjLXbCetZidbKt75Pem/9XsnXag2ulmt06qn1U6a1JqNbrXWTWazTi1p3f1sPeucS9vFzp1WWsvmslq1mzUbSae52K6lE0nSSdOktTgIzGbTRjeby/LFRtJqZwvV9tWIqC8upMls2qm1s1a32etwMFbWmGu2F4puJ7ZP/8+3+vEGgDvBG2+tXb6wurr8+idcGI1i4U/7Cb7dcwQArqdKAwAAAAAAAAAAAADAnW/75Xr52hu5InDtUHzyvQ7FDV19aGEfC/k38g5I4/YuvPjMM5d3inn27WPn9tfP8P8pwy51ffdIxN0/+0FvzZdu1Uw/iIgb2H29tEvM7T4yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2/w0AAP//naJXlA==") chdir(&(0x7f0000000100)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 990.018057ms ago: executing program 2 (id=1094): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000800000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000032ce8500000004000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='global_dirty_state\x00', r0}, 0x10) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0) pread64(r1, &(0x7f00000009c0)=""/156, 0x9c, 0x0) 830.43701ms ago: executing program 4 (id=1095): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x10, &(0x7f0000001280), 0x4) recvmsg(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000180)=""/82, 0x52}], 0x1}, 0x2100) sendmsg$inet(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000840)='J', 0x1}], 0x1}, 0x0) write$cgroup_int(r0, &(0x7f0000000340)=0x3, 0x12) 829.83687ms ago: executing program 2 (id=1107): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000600000006"], 0x50) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) symlink(0x0, 0x0) 790.242644ms ago: executing program 1 (id=1097): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000080000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000019000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10) sendmsg$rds(r0, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0) 789.406183ms ago: executing program 2 (id=1098): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800eef34d00000000000086bc50722ce4739c000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, 0x0, &(0x7f0000000300)) 750.388447ms ago: executing program 2 (id=1099): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000140)) 638.612036ms ago: executing program 2 (id=1103): perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x9c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0x20000000000000, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x1, 0x0, 0x1}, &(0x7f0000000480)=0x0, &(0x7f0000000500)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) 637.931317ms ago: executing program 4 (id=1116): perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x34, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x34, 0x1, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe}, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) readv(r0, &(0x7f0000000580)=[{&(0x7f0000000100)=""/67, 0x43}], 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f00000003c0)=[{0x20, 0x0, 0xd, 0x0, @time={0x7, 0xfffffff7}, {0x0, 0xe}, {}, @control={0x4, 0x0, 0xa}}, {0x0, 0x0, 0x0, 0x0, @tick=0x9, {0x6, 0x4}, {}, @raw32={[0x2, 0x80000000, 0x8]}}], 0x38) 608.092569ms ago: executing program 3 (id=1106): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x24) r1 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100)=0x0, &(0x7f0000000480)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, &(0x7f0000000040)="5f73b7288aa0ea86e64745ed4380c11ef5026429aa", 0x15, 0x12100}) io_uring_enter(r1, 0xe85, 0x0, 0x0, 0x0, 0x0) 571.831342ms ago: executing program 3 (id=1109): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r2) close_range(r0, 0xffffffffffffffff, 0x0) unshare(0x2000400) 554.912713ms ago: executing program 0 (id=1110): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r3}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) 539.489044ms ago: executing program 3 (id=1123): r0 = epoll_create1(0x0) r1 = socket$unix(0x1, 0x1, 0x0) close(r1) socket(0x2, 0x3, 0x100000001) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa0028000}) 537.937605ms ago: executing program 0 (id=1124): r0 = perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x35, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="c4000000190001", @ANYRES32=0x0, @ANYRES32=0x0], 0xc4}}, 0x0) 517.029876ms ago: executing program 4 (id=1112): openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0) write$UHID_CREATE(r0, &(0x7f0000000480)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000400)=""/32, 0x20, 0x0, 0x4ad}}, 0x120) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[], 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) select(0x40, &(0x7f0000000000)={0x7c, 0x5, 0xffffffffffffffff, 0x8, 0x3, 0x8, 0x9, 0x7fff}, 0x0, 0x0, 0x0) 492.734509ms ago: executing program 3 (id=1113): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800eef34d00000000000086bc50722ce4739c000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, 0x0, &(0x7f0000000300)) 253.170849ms ago: executing program 0 (id=1114): syz_mount_image$tmpfs(0x0, &(0x7f0000002340)='./file0\x00', 0x10000, 0x0, 0x3, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="5300000007000046009d40edce82cd28e1e1edab5168510449b8a5"], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) 252.973439ms ago: executing program 3 (id=1115): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100004b028ee7000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$evdev(&(0x7f0000000180), 0x3, 0x88000) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f00000001c0)) ioctl$EVIOCGRAB(r1, 0x40044590, 0x0) 190.273994ms ago: executing program 0 (id=1117): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x10, &(0x7f0000001280), 0x4) recvmsg(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000180)=""/82, 0x52}], 0x1}, 0x2100) sendmsg$inet(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000840)='J', 0x1}], 0x1}, 0x0) write$cgroup_int(r0, &(0x7f0000000340)=0x3, 0x12) 20.195499ms ago: executing program 0 (id=1118): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000001e00100000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000fcffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000004c0)='kmem_cache_free\x00', r0}, 0x9) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@msize={'msize', 0x3d, 0x1000}}], [], 0x6b}}) 19.989679ms ago: executing program 3 (id=1120): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000180)='mm_page_alloc\x00', r1, 0x0, 0x4}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x48) 0s ago: executing program 0 (id=1121): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$inet_int(r0, 0x0, 0x16, &(0x7f0000000000)=0x9, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5c064c6", 0x15}, {&(0x7f0000000340)="174640b6d80fb2eedc81ba60ccbb9d", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000140)="5825be57aff9352b356be67ca2746357d17879358b394762d6a5387374ccf333", 0x20}], 0x1}}], 0x2, 0x0) kernel console output (not intermixed with test programs): 31.617137][ T3270] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.632209][ T3272] veth1_vlan: entered promiscuous mode [ 31.643820][ T3265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 31.654354][ T3265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.665129][ T3265] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.675873][ T3265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 31.686400][ T3265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.697474][ T3265] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.719878][ T3265] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.728656][ T3265] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.737478][ T3265] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.746280][ T3265] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.769003][ T3270] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 31.772771][ T3272] veth0_macvtap: entered promiscuous mode [ 31.800545][ T3272] veth1_macvtap: entered promiscuous mode [ 31.820435][ T3266] veth0_macvtap: entered promiscuous mode [ 31.834716][ T3272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 31.845296][ T3272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.855219][ T3272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 31.865706][ T3272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.878310][ T3272] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.887239][ T3272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 31.897799][ T3272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.907691][ T3272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 31.918246][ T3272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.929711][ T3272] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.941161][ T3266] veth1_macvtap: entered promiscuous mode [ 31.951541][ T3272] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.960463][ T3272] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.969328][ T3272] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.978107][ T3272] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.020816][ T3273] veth0_vlan: entered promiscuous mode [ 32.040664][ T3266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.051277][ T3266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.061161][ T3266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.071664][ T3266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.081668][ T3266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.092172][ T3266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.105246][ T3266] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.143027][ T3273] veth1_vlan: entered promiscuous mode [ 32.157696][ T3266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.168227][ T3266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.178293][ T3266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.188811][ T3266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.198763][ T3266] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.209295][ T3266] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.219413][ T29] kauditd_printk_skb: 35 callbacks suppressed [ 32.219426][ T29] audit: type=1400 audit(1728783614.761:127): avc: denied { read write } for pid=3427 comm="syz.0.1" name="sg0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 32.220204][ T3342] kernel write not supported for file /2/timerslack_ns (pid: 3342 comm: kworker/0:4) [ 32.225562][ T29] audit: type=1400 audit(1728783614.761:128): avc: denied { open } for pid=3427 comm="syz.0.1" path="/dev/sg0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 32.252696][ T3266] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.280687][ T29] audit: type=1400 audit(1728783614.801:129): avc: denied { create } for pid=3428 comm="syz.3.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 32.295388][ T3266] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.308971][ T29] audit: type=1400 audit(1728783614.801:130): avc: denied { bind } for pid=3428 comm="syz.3.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 32.317727][ T3266] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.336560][ T29] audit: type=1400 audit(1728783614.801:131): avc: denied { name_bind } for pid=3428 comm="syz.3.9" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 32.345256][ T3266] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.365671][ T29] audit: type=1400 audit(1728783614.801:132): avc: denied { node_bind } for pid=3428 comm="syz.3.9" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 32.374312][ T3266] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.394757][ T29] audit: type=1400 audit(1728783614.801:133): avc: denied { listen } for pid=3428 comm="syz.3.9" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 32.423891][ T29] audit: type=1400 audit(1728783614.801:134): avc: denied { connect } for pid=3428 comm="syz.3.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 32.443142][ T29] audit: type=1400 audit(1728783614.801:135): avc: denied { name_connect } for pid=3428 comm="syz.3.9" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 32.464008][ T29] audit: type=1400 audit(1728783614.801:136): avc: denied { getopt } for pid=3428 comm="syz.3.9" laddr=172.20.20.10 lport=33548 faddr=172.20.20.187 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 32.519590][ T3434] process 'syz.0.11' launched './file0' with NULL argv: empty string added [ 32.547929][ T3273] veth0_macvtap: entered promiscuous mode [ 32.586236][ T3273] veth1_macvtap: entered promiscuous mode [ 32.620951][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.631541][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.641537][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.652108][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.662097][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.672542][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.682401][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.692913][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.703767][ T3273] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.724794][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.735307][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.745225][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.755773][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.765730][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.776508][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.786376][ T3273] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.797038][ T3273] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.808263][ T3273] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.817394][ T3273] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.826203][ T3273] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.826817][ T3451] mmap: syz.2.18 (3451) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 32.834911][ T3273] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.855487][ T3273] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.910301][ T3454] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 32.924307][ T3454] macsec1: entered promiscuous mode [ 32.929898][ T3454] macsec1: entered allmulticast mode [ 32.935303][ T3454] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 32.950400][ T3454] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 32.957983][ T3454] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 32.977316][ T3457] IPv6: Can't replace route, no match found [ 33.020719][ T3469] loop4: detected capacity change from 0 to 512 [ 33.027734][ T3469] EXT4-fs: Ignoring removed nobh option [ 33.033408][ T3469] EXT4-fs: Ignoring removed nobh option [ 33.091921][ T3469] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 33.101592][ T3469] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.5: invalid indirect mapped block 2683928664 (level 1) [ 33.127808][ T3469] EXT4-fs (loop4): 1 truncate cleaned up [ 33.138338][ T3469] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.203554][ T3273] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.492358][ T3525] loop0: detected capacity change from 0 to 512 [ 33.538019][ T3525] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 33.546739][ T3525] System zones: 0-2, 18-18, 34-35 [ 33.555404][ T3532] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3532 comm=syz.3.51 [ 33.568599][ T3525] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.583298][ T3525] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.641861][ T3272] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.722169][ T3551] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.723338][ T3549] syz.2.58 uses obsolete (PF_INET,SOCK_PACKET) [ 33.862267][ T3561] vlan2: entered allmulticast mode [ 34.223824][ C1] ------------[ cut here ]------------ [ 34.229318][ C1] refcount_t: underflow; use-after-free. [ 34.235216][ C1] WARNING: CPU: 1 PID: 23 at lib/refcount.c:28 refcount_warn_saturate+0x1c6/0x230 [ 34.244460][ C1] Modules linked in: [ 34.248422][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.12.0-rc2-syzkaller-00305-g7234e2ea0edd #0 [ 34.259054][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 34.269153][ C1] RIP: 0010:refcount_warn_saturate+0x1c6/0x230 [ 34.275384][ C1] Code: 72 ff ff ff e8 ab 85 71 ff 48 c7 c7 3e d9 b2 86 e8 2f 6b 8a ff c6 05 16 31 f4 04 01 90 48 c7 c7 fb a1 1b 86 e8 ab 4b 53 ff 90 <0f> 0b 90 90 e9 43 ff ff ff e8 7c 85 71 ff 48 c7 c7 3b d9 b2 86 e8 [ 34.295146][ C1] RSP: 0018:ffffc900000cf9e8 EFLAGS: 00010246 [ 34.301246][ C1] RAX: af39d38d2bca4500 RBX: ffff88810101d4e4 RCX: ffff888100f92100 [ 34.309281][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 34.317298][ C1] RBP: 0000000000000003 R08: ffffffff8111f547 R09: 0000000000000000 [ 34.317318][ C1] R10: 0001ffffffffffff R11: ffff888100f92100 R12: 0000000000000001 [ 34.317331][ C1] R13: ffff8881158db400 R14: ffff88810101d4e4 R15: 0000000000000000 [ 34.317346][ C1] FS: 0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 [ 34.317375][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.356860][ C1] CR2: 00007fd21d8e0f98 CR3: 00000001158d4000 CR4: 00000000003506f0 [ 34.364867][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.372913][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.380981][ C1] Call Trace: [ 34.384273][ C1] [ 34.387290][ C1] ? __warn+0x141/0x350 [ 34.391531][ C1] ? report_bug+0x315/0x420 [ 34.396094][ C1] ? refcount_warn_saturate+0x1c6/0x230 [ 34.401706][ C1] ? handle_bug+0x60/0x90 [ 34.406109][ C1] ? exc_invalid_op+0x1a/0x50 [ 34.407690][ T3579] loop3: detected capacity change from 0 to 512 [ 34.410822][ C1] ? asm_exc_invalid_op+0x1a/0x20 [ 34.417575][ T3579] ======================================================= [ 34.417575][ T3579] WARNING: The mand mount option has been deprecated and [ 34.417575][ T3579] and is ignored by this kernel. Remove the mand [ 34.417575][ T3579] option from the mount to silence this warning. [ 34.417575][ T3579] ======================================================= [ 34.422151][ C1] ? __warn_printk+0x167/0x1b0 [ 34.461811][ C1] ? refcount_warn_saturate+0x1c6/0x230 [ 34.463311][ T3579] EXT4-fs: Ignoring removed i_version option [ 34.467412][ C1] ? refcount_warn_saturate+0x1c5/0x230 [ 34.467442][ C1] sk_skb_reason_drop+0xe9/0x290 [ 34.473970][ T3579] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 34.478983][ C1] j1939_xtp_rx_cts+0x3c4/0x6c0 [ 34.479025][ C1] j1939_tp_recv+0x699/0xa80 [ 34.479056][ C1] j1939_can_recv+0x45f/0x550 [ 34.479084][ C1] ? __pfx_j1939_can_recv+0x10/0x10 [ 34.479116][ C1] can_rcv_filter+0x225/0x4c0 [ 34.479146][ C1] can_receive+0x182/0x1f0 [ 34.493071][ T3579] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a016c018, mo2=0002] [ 34.497093][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 34.497136][ C1] can_rcv+0xe7/0x180 [ 34.502748][ T3579] System zones: [ 34.506570][ C1] ? __pfx_can_rcv+0x10/0x10 [ 34.506604][ C1] __netif_receive_skb+0x123/0x280 [ 34.511256][ T3579] 1-12 [ 34.516468][ C1] process_backlog+0x22e/0x440 [ 34.516499][ C1] __napi_poll+0x63/0x3c0 [ 34.525574][ C1] ? net_rx_action+0x376/0x7f0 [ 34.533643][ T3579] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.72: bg 0: block 131: padding at end of block bitmap is not set [ 34.537960][ C1] net_rx_action+0x3a1/0x7f0 [ 34.537995][ C1] handle_softirqs+0xbf/0x280 [ 34.538017][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 34.538068][ C1] run_ksoftirqd+0x1c/0x30 [ 34.543742][ T3579] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 34.545576][ C1] smpboot_thread_fn+0x31c/0x4c0 [ 34.550548][ T3579] EXT4-fs (loop3): 1 truncate cleaned up [ 34.555272][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 34.555329][ C1] kthread+0x1d1/0x210 [ 34.555371][ C1] ? __pfx_kthread+0x10/0x10 [ 34.561666][ T3579] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.562783][ C1] ret_from_fork+0x4b/0x60 [ 34.655181][ C1] ? __pfx_kthread+0x10/0x10 [ 34.659825][ C1] ret_from_fork_asm+0x1a/0x30 [ 34.664625][ C1] [ 34.667672][ C1] ---[ end trace 0000000000000000 ]--- [ 34.679080][ T3270] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.786820][ T3586] netlink: 12 bytes leftover after parsing attributes in process `syz.3.73'. [ 35.694427][ C1] vcan0: j1939_tp_rxtimer: 0xffff8881158db400: rx timeout, send abort [ 35.702680][ C1] vcan0: j1939_tp_rxtimer: 0xffff8881158db600: rx timeout, send abort [ 35.710999][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8881158db400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 35.725326][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8881158db600: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 36.552801][ T3597] netlink: 16 bytes leftover after parsing attributes in process `syz.4.78'. [ 36.574816][ T3599] Driver unsupported XDP return value 0 on prog (id 50) dev N/A, expect packet loss! [ 36.577471][ T3597] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (14) [ 36.600723][ T3597] Zero length message leads to an empty skb [ 36.679471][ T3615] loop3: detected capacity change from 0 to 128 [ 36.696124][ T3611] loop1: detected capacity change from 0 to 164 [ 36.731482][ T3611] Unable to read rock-ridge attributes [ 36.771173][ T3623] loop4: detected capacity change from 0 to 164 [ 36.778945][ T3611] Unable to read rock-ridge attributes [ 36.823080][ T3623] Unable to read rock-ridge attributes [ 36.844539][ T3623] Unable to read rock-ridge attributes [ 37.041579][ T3642] syz.4.100[3642] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.041726][ T3642] syz.4.100[3642] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.054119][ T3642] syz.4.100[3642] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.172865][ T3648] loop4: detected capacity change from 0 to 1024 [ 37.217501][ T3648] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.234406][ T3648] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 37.246386][ T29] kauditd_printk_skb: 135 callbacks suppressed [ 37.246403][ T29] audit: type=1326 audit(1728783619.791:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3647 comm="syz.4.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd21ec6c990 code=0x7ffc0000 [ 37.276377][ T29] audit: type=1326 audit(1728783619.791:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3647 comm="syz.4.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fd21ec6cd77 code=0x7ffc0000 [ 37.299867][ T29] audit: type=1326 audit(1728783619.791:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3647 comm="syz.4.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd21ec6c990 code=0x7ffc0000 [ 37.323132][ T29] audit: type=1326 audit(1728783619.791:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3647 comm="syz.4.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 37.346559][ T29] audit: type=1326 audit(1728783619.791:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3647 comm="syz.4.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 37.372033][ T29] audit: type=1326 audit(1728783619.891:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3647 comm="syz.4.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 37.395306][ T29] audit: type=1400 audit(1728783619.891:278): avc: denied { read write } for pid=3647 comm="syz.4.103" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 37.417817][ T29] audit: type=1400 audit(1728783619.891:279): avc: denied { open } for pid=3647 comm="syz.4.103" path="/23/file1/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 37.440863][ T29] audit: type=1326 audit(1728783619.891:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3647 comm="syz.4.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 37.464479][ T29] audit: type=1326 audit(1728783619.891:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3647 comm="syz.4.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 37.550254][ T3628] syz.2.90 (3628) used greatest stack depth: 10656 bytes left [ 37.564637][ T3273] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.660042][ T3671] raw_sendmsg: syz.0.112 forgot to set AF_INET. Fix it! [ 37.676838][ T3666] loop2: detected capacity change from 0 to 8192 [ 37.707088][ T3666] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 2068) [ 37.716052][ T3666] FAT-fs (loop2): Filesystem has been set read-only [ 37.729569][ T3666] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 2068) [ 37.729772][ T3678] netlink: 40 bytes leftover after parsing attributes in process `syz.4.115'. [ 37.738426][ T3666] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 2068) [ 37.746762][ T3678] netlink: 40 bytes leftover after parsing attributes in process `syz.4.115'. [ 37.767191][ T3678] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 37.966305][ T3701] loop4: detected capacity change from 0 to 1024 [ 37.973526][ T3701] EXT4-fs: Ignoring removed oldalloc option [ 37.986805][ T3705] loop2: detected capacity change from 0 to 512 [ 37.998231][ T3701] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.024759][ T3711] loop0: detected capacity change from 0 to 256 [ 38.025347][ T3705] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 38.052755][ T3273] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.106892][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.128905][ T3722] netlink: 8 bytes leftover after parsing attributes in process `syz.0.134'. [ 38.321451][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x1 [ 38.328943][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.336377][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.343785][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.351229][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.358655][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.369046][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.376501][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.383979][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.391480][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.399172][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.406631][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.414084][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.421630][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.429216][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.436645][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.444054][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.451528][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.459036][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.466540][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.469938][ T3750] netlink: 10 bytes leftover after parsing attributes in process `syz.3.146'. [ 38.473975][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.491204][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.498725][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.506188][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.513601][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.521116][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.528547][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.535981][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.543397][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.550848][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.558529][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.566135][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.573554][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.581030][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.588477][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.595920][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.603392][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.610928][ T3341] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 38.620417][ T3341] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 38.701709][ T3766] netlink: 'syz.4.153': attribute type 21 has an invalid length. [ 38.709671][ T3766] netlink: 132 bytes leftover after parsing attributes in process `syz.4.153'. [ 38.744401][ T3769] netlink: 204 bytes leftover after parsing attributes in process `syz.4.154'. [ 38.996873][ T3786] loop2: detected capacity change from 0 to 512 [ 39.017867][ T3786] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.061459][ T3786] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.166434][ T3794] SELinux: Context is not valid (left unmapped). [ 39.177017][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.248620][ T3798] loop0: detected capacity change from 0 to 512 [ 39.265573][ T3798] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.166: corrupted in-inode xattr: invalid ea_ino [ 39.281863][ T3798] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.166: couldn't read orphan inode 15 (err -117) [ 39.295220][ T3798] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.384152][ T3272] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.593103][ T3822] tipc: Started in network mode [ 39.598123][ T3822] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 39.622872][ T3822] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 39.631352][ T3822] tipc: Enabled bearer , priority 10 [ 39.640928][ T3823] tipc: Started in network mode [ 39.645903][ T3823] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 39.660507][ T3825] loop2: detected capacity change from 0 to 512 [ 39.667079][ T3823] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 39.675581][ T3823] tipc: Enabled bearer , priority 10 [ 39.698001][ T3825] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.710788][ T3825] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.740404][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.831011][ T3841] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 39.870324][ T3847] veth1_macvtap: left promiscuous mode [ 39.872810][ T3849] loop4: detected capacity change from 0 to 512 [ 39.896728][ T3849] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.910446][ T3849] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.927315][ T3849] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.188: corrupted xattr block 33: invalid header [ 39.945093][ T3849] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 39.957968][ T3858] netlink: 192 bytes leftover after parsing attributes in process `syz.0.191'. [ 39.963553][ T3849] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.188: corrupted xattr block 33: invalid header [ 39.985348][ T3849] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 39.996158][ T3849] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.188: corrupted xattr block 33: invalid header [ 40.009955][ T3849] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 40.050749][ T3273] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.084367][ T3869] loop4: detected capacity change from 0 to 512 [ 40.119440][ T3869] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.132212][ T3869] ext4 filesystem being mounted at /49/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 40.204499][ T3273] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.260565][ T3888] netlink: 12 bytes leftover after parsing attributes in process `syz.0.206'. [ 40.304463][ T3895] loop0: detected capacity change from 0 to 512 [ 40.313662][ T3895] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 40.341912][ T3895] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 40.365263][ T3895] EXT4-fs (loop0): orphan cleanup on readonly fs [ 40.371845][ T3895] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.207: bg 0: block 361: padding at end of block bitmap is not set [ 40.386442][ T3895] EXT4-fs (loop0): Remounting filesystem read-only [ 40.405172][ T3895] EXT4-fs (loop0): 1 truncate cleaned up [ 40.411419][ T3895] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 40.426405][ T3895] SELinux: (dev loop0, type ext4) getxattr errno 5 [ 40.433681][ T3895] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 40.730706][ T3930] vcan0: entered allmulticast mode [ 40.746608][ T3930] vcan0: left allmulticast mode [ 40.755050][ T988] tipc: Node number set to 1 [ 40.795179][ T3341] tipc: Node number set to 1 [ 40.938129][ T3950] 9pnet: p9_errstr2errno: server reported unknown error [ 41.682102][ T3997] loop0: detected capacity change from 0 to 512 [ 41.693935][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.701584][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.709090][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.712185][ T3997] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.253: invalid indirect mapped block 4294967295 (level 1) [ 41.716532][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.716558][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.716652][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.732088][ T3997] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.253: invalid indirect mapped block 4294967295 (level 1) [ 41.737895][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.737925][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.748578][ T3997] EXT4-fs (loop0): 2 truncates cleaned up [ 41.752770][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.768544][ T3997] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.773985][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.810307][ T3997] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 41.814446][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.814477][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.837903][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.845360][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.852765][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.860207][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.867612][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.874990][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.875244][ T3997] EXT4-fs error (device loop0): __ext4_remount:6522: comm syz.0.253: Abort forced by user [ 41.882409][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.894251][ T3997] EXT4-fs (loop0): Remounting filesystem read-only [ 41.899764][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.908305][ T3997] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 41.913645][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.931709][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.939144][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.946593][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.954002][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.961432][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.968980][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.976426][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.983850][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.991489][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 41.998979][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 42.006495][ T35] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 42.014541][ T3272] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.016413][ T35] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 42.193009][ T4017] loop2: detected capacity change from 0 to 1024 [ 42.218306][ T4017] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.242522][ T4031] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.264'. [ 42.256252][ T4023] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.264'. [ 42.298622][ T29] kauditd_printk_skb: 187 callbacks suppressed [ 42.298635][ T4036] EXT4-fs (loop2): shut down requested (0) [ 42.298638][ T29] audit: type=1400 audit(1728783624.841:469): avc: denied { ioctl } for pid=4015 comm="syz.2.261" path="/51/file1/cpuacct.usage_percpu" dev="loop2" ino=19 ioctlcmd=0x587d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 42.367465][ T29] audit: type=1400 audit(1728783624.881:470): avc: denied { create } for pid=4039 comm="syz.0.271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 42.387908][ T29] audit: type=1400 audit(1728783624.881:471): avc: denied { getopt } for pid=4039 comm="syz.0.271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 42.399109][ T4041] syz.4.268[4041] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 42.407335][ T29] audit: type=1400 audit(1728783624.881:472): avc: denied { write } for pid=4039 comm="syz.0.271" path="socket:[5598]" dev="sockfs" ino=5598 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 42.407902][ T4041] syz.4.268[4041] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 42.418687][ T29] audit: type=1400 audit(1728783624.881:473): avc: denied { nlmsg_read } for pid=4039 comm="syz.0.271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 42.442796][ T29] audit: type=1400 audit(1728783624.941:474): avc: denied { write } for pid=4033 comm="syz.4.268" name="001" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 42.475518][ T4045] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 42.497337][ T29] audit: type=1400 audit(1728783624.961:475): avc: denied { read } for pid=4039 comm="syz.0.271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 42.544615][ T4041] syz.4.268[4041] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 42.575100][ T29] audit: type=1400 audit(1728783625.101:476): avc: denied { mount } for pid=4047 comm="syz.3.274" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 42.608373][ T29] audit: type=1326 audit(1728783625.111:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4043 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21d966dff9 code=0x7ffc0000 [ 42.631667][ T29] audit: type=1326 audit(1728783625.111:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4043 comm="syz.0.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f21d966dff9 code=0x7ffc0000 [ 42.720364][ T4060] loop1: detected capacity change from 0 to 2048 [ 42.750475][ T4068] SELinux: security_context_str_to_sid (u) failed with errno=-22 [ 42.760032][ T4060] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.794763][ T3266] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.816528][ T4073] xt_CT: You must specify a L4 protocol and not use inversions on it [ 42.933624][ T28] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 42.963765][ T28] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 42.976311][ T28] EXT4-fs (loop2): This should not happen!! Data will be lost [ 42.976311][ T28] [ 42.986004][ T28] EXT4-fs (loop2): Total free blocks count 0 [ 42.992078][ T28] EXT4-fs (loop2): Free/Dirty block details [ 42.998032][ T28] EXT4-fs (loop2): free_blocks=68451041280 [ 43.003945][ T28] EXT4-fs (loop2): dirty_blocks=16384 [ 43.009427][ T28] EXT4-fs (loop2): Block reservation details [ 43.015452][ T28] EXT4-fs (loop2): i_reserved_data_blocks=1024 [ 43.121062][ T4106] loop3: detected capacity change from 0 to 512 [ 43.178290][ T4106] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.192072][ T4106] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.208717][ T4106] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.294: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 43.225305][ T4106] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 43.234304][ T4106] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.294: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 43.242123][ T4113] loop4: detected capacity change from 0 to 1024 [ 43.257824][ T4106] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 43.271487][ T4113] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 43.282545][ T4113] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 43.293632][ T4106] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.294: bg 0: block 18: invalid block bitmap [ 43.295285][ T4113] JBD2: no valid journal superblock found [ 43.311720][ T4113] EXT4-fs (loop4): Could not load journal inode [ 43.320575][ T4106] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.294: Failed to acquire dquot type 1 [ 43.342041][ T4116] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.294: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 43.376214][ T4116] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.294: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 43.425632][ T4116] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 43.444906][ T4116] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.294: Failed to acquire dquot type 1 [ 43.464601][ T4122] syzkaller0: entered promiscuous mode [ 43.470192][ T4122] syzkaller0: entered allmulticast mode [ 43.493565][ T4106] syz.3.294 (4106) used greatest stack depth: 9520 bytes left [ 43.503682][ T3270] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.505901][ T4126] vhci_hcd: default hub control req: ff03 v0010 i0005 l5 [ 43.588718][ T4140] loop3: detected capacity change from 0 to 256 [ 43.623690][ T4140] FAT-fs (loop3): Directory bread(block 64) failed [ 43.635982][ T4140] FAT-fs (loop3): Directory bread(block 65) failed [ 43.651613][ T4140] FAT-fs (loop3): Directory bread(block 66) failed [ 43.659884][ T4140] FAT-fs (loop3): Directory bread(block 67) failed [ 43.667958][ T4140] FAT-fs (loop3): Directory bread(block 68) failed [ 43.686821][ T4140] FAT-fs (loop3): Directory bread(block 69) failed [ 43.700261][ T4140] FAT-fs (loop3): Directory bread(block 70) failed [ 43.707294][ T4140] FAT-fs (loop3): Directory bread(block 71) failed [ 43.717812][ T4140] FAT-fs (loop3): Directory bread(block 72) failed [ 43.724410][ T4140] FAT-fs (loop3): Directory bread(block 73) failed [ 43.730993][ T4154] hub 9-0:1.0: USB hub found [ 43.731087][ T4154] hub 9-0:1.0: 8 ports detected [ 43.765529][ T4158] netlink: 132 bytes leftover after parsing attributes in process `syz.2.318'. [ 43.943972][ T4173] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 44.148826][ T28] kworker/u8:1: attempt to access beyond end of device [ 44.148826][ T28] loop3: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 44.181259][ T28] kworker/u8:1: attempt to access beyond end of device [ 44.181259][ T28] loop3: rw=1, sector=1864, nr_sectors = 7184 limit=256 [ 44.267918][ T28] kworker/u8:1: attempt to access beyond end of device [ 44.267918][ T28] loop3: rw=1, sector=9048, nr_sectors = 24752 limit=256 [ 44.323708][ T4191] 9pnet: p9_errstr2errno: server reported unknown error Ӯ [ 44.454318][ T4201] loop3: detected capacity change from 0 to 512 [ 44.474260][ T4203] @: renamed from veth0_vlan (while UP) [ 44.483605][ T4201] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 44.538310][ T4201] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.338: bg 0: block 64: padding at end of block bitmap is not set [ 44.555448][ T4201] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.338: Failed to acquire dquot type 0 [ 44.571265][ T4201] EXT4-fs (loop3): 1 truncate cleaned up [ 44.580097][ T4201] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.601618][ T4201] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.338: Failed to acquire dquot type 0 [ 44.633757][ T4201] syz.3.338 (4201) used greatest stack depth: 9352 bytes left [ 44.649037][ T3270] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.650905][ T4225] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4225 comm=syz.2.347 [ 44.711876][ T4227] netlink: 'syz.1.348': attribute type 10 has an invalid length. [ 44.729872][ T4227] team0: Port device geneve0 added [ 44.790550][ T4235] loop1: detected capacity change from 0 to 512 [ 44.798316][ T4235] EXT4-fs: Ignoring removed bh option [ 44.820693][ T4235] EXT4-fs error (device loop1): __ext4_iget:4952: inode #15: block 1803188595: comm syz.1.351: invalid block [ 44.835115][ T4235] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.351: couldn't read orphan inode 15 (err -117) [ 44.852587][ T4235] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.913363][ T3266] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.969107][ T4257] loop3: detected capacity change from 0 to 512 [ 44.976598][ T4257] EXT4-fs: Ignoring removed oldalloc option [ 44.986094][ T4257] EXT4-fs error (device loop3): ext4_xattr_inode_iget:436: comm syz.3.360: Parent and EA inode have the same ino 15 [ 44.999075][ T4257] EXT4-fs (loop3): Remounting filesystem read-only [ 45.005700][ T4257] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 45.018887][ T4257] EXT4-fs warning (device loop3): ext4_evict_inode:259: couldn't mark inode dirty (err -5) [ 45.029404][ T4257] EXT4-fs (loop3): 1 orphan inode deleted [ 45.035705][ T4257] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.047951][ T4257] SELinux: (dev loop3, type ext4) getxattr errno 5 [ 45.058381][ T4257] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.120963][ T4268] usb usb7: usbfs: process 4268 (+}[@) did not claim interface 7 before use [ 45.137508][ T4270] netlink: 256 bytes leftover after parsing attributes in process `syz.1.364'. [ 45.171208][ T4276] usb usb9: usbfs: process 4276 (syz.3.367) did not claim interface 0 before use [ 45.243424][ T4282] netlink: 12 bytes leftover after parsing attributes in process `syz.3.370'. [ 45.485531][ T4311] 9pnet: p9_errstr2errno: server reported unknown error @΂(QhQI [ 45.836692][ T4324] syz.3.388[4324] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.836834][ T4324] syz.3.388[4324] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.848380][ T4324] syz.3.388[4324] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.916380][ T4331] netlink: 'syz.3.391': attribute type 1 has an invalid length. [ 45.964522][ T4334] netlink: 4 bytes leftover after parsing attributes in process `syz.3.393'. [ 46.012416][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.019976][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.027478][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.033765][ T4340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 46.034949][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.051051][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.058601][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.066059][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.073465][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.081001][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.088448][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.095944][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.103336][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.110877][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.118333][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.125883][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.133287][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.140818][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.148394][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.155864][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.163380][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.170866][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.178388][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.185818][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.193283][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.200719][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.208164][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.215600][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.223153][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.230740][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.238338][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.245984][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.253533][ T3345] hid-generic 0000:04AD:0000.0003: unknown main item tag 0x0 [ 46.261209][ T4340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 46.265318][ T3345] hid-generic 0000:04AD:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 46.391688][ T4359] loop0: detected capacity change from 0 to 512 [ 46.426572][ T4363] loop4: detected capacity change from 0 to 256 [ 46.433291][ T4363] vfat: Unknown parameter '0xffffffffffffffff' [ 46.440586][ T4363] netlink: 16 bytes leftover after parsing attributes in process `syz.4.407'. [ 46.449615][ T4363] netlink: 'syz.4.407': attribute type 2 has an invalid length. [ 46.457690][ T4363] netlink: 4 bytes leftover after parsing attributes in process `syz.4.407'. [ 46.490860][ T4359] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.512659][ T4359] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.512672][ T4365] netlink: 20 bytes leftover after parsing attributes in process `syz.1.408'. [ 46.517685][ T4373] loop4: detected capacity change from 0 to 512 [ 46.535887][ T4359] EXT4-fs error (device loop0): ext4_acquire_dquot:6879: comm syz.0.405: Failed to acquire dquot type 0 [ 46.561269][ T4373] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.574030][ T4373] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.606533][ T3273] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.632243][ T3272] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.738665][ T4397] IPVS: Error joining to the multicast group [ 46.842061][ T4411] loop3: detected capacity change from 0 to 512 [ 46.898575][ T4411] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.911413][ T4411] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.922409][ T4428] loop2: detected capacity change from 0 to 2048 [ 46.946063][ T4428] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a842e01c, mo2=0082] [ 46.954898][ T4428] System zones: 0-7 [ 46.954979][ T4434] 9pnet_fd: Insufficient options for proto=fd [ 46.959517][ T4428] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.982741][ T3270] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.004320][ T3265] EXT4-fs error (device loop2): __ext4_iget:4952: inode #17: block 1803188595: comm syz-executor: invalid block [ 47.020041][ T4439] netlink: 240 bytes leftover after parsing attributes in process `syz.4.439'. [ 47.021513][ T3265] EXT4-fs error (device loop2): __ext4_iget:4952: inode #17: block 1803188595: comm syz-executor: invalid block [ 47.130768][ T4448] loop3: detected capacity change from 0 to 128 [ 47.196171][ T4457] loop4: detected capacity change from 0 to 764 [ 47.203496][ T4457] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 47.226358][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.246647][ T3376] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.314640][ T3376] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.333862][ T29] kauditd_printk_skb: 290 callbacks suppressed [ 47.333935][ T29] audit: type=1400 audit(1728783629.871:759): avc: denied { read } for pid=4467 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 47.361860][ T29] audit: type=1400 audit(1728783629.871:760): avc: denied { open } for pid=4467 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 47.385573][ T29] audit: type=1400 audit(1728783629.871:761): avc: denied { mounton } for pid=4467 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 47.407219][ T29] audit: type=1400 audit(1728783629.891:762): avc: denied { sys_module } for pid=4467 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 47.447790][ T3376] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.498625][ T3376] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.514096][ T29] audit: type=1400 audit(1728783630.051:763): avc: denied { setopt } for pid=4482 comm="syz.3.464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 47.587840][ T4489] SELinux: policydb version -570608695 does not match my version range 15-33 [ 47.589459][ T29] audit: type=1400 audit(1728783630.131:764): avc: denied { load_policy } for pid=4487 comm="syz.4.457" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 47.598759][ T4489] SELinux: failed to load policy [ 47.624515][ T4467] chnl_net:caif_netlink_parms(): no params data found [ 47.674309][ T29] audit: type=1326 audit(1728783630.211:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.4.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 47.698419][ T29] audit: type=1326 audit(1728783630.211:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.4.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 47.709702][ T4495] netlink: 12 bytes leftover after parsing attributes in process `syz.3.459'. [ 47.722050][ T29] audit: type=1326 audit(1728783630.211:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4491 comm="syz.4.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 47.754057][ T29] audit: type=1400 audit(1728783630.241:768): avc: denied { listen } for pid=4494 comm="syz.1.460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 47.806012][ T4467] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.813128][ T4467] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.820509][ T4467] bridge_slave_0: entered allmulticast mode [ 47.827002][ T4467] bridge_slave_0: entered promiscuous mode [ 47.833208][ T4502] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 47.834185][ T4467] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.849858][ T4467] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.857823][ T4467] bridge_slave_1: entered allmulticast mode [ 47.864397][ T4467] bridge_slave_1: entered promiscuous mode [ 47.901094][ T4467] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.910573][ T3376] bridge_slave_1: left allmulticast mode [ 47.916412][ T3376] bridge_slave_1: left promiscuous mode [ 47.922078][ T3376] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.929957][ T3376] bridge_slave_0: left allmulticast mode [ 47.935675][ T3376] bridge_slave_0: left promiscuous mode [ 47.941369][ T3376] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.038241][ T3376] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 48.048776][ T3376] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 48.059050][ T3376] bond0 (unregistering): Released all slaves [ 48.071130][ T4467] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.122410][ T4467] team0: Port device team_slave_0 added [ 48.129316][ T4467] team0: Port device team_slave_1 added [ 48.146290][ T4467] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.153277][ T4467] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.179435][ T4467] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.192224][ T3376] hsr_slave_0: left promiscuous mode [ 48.197971][ T3376] hsr_slave_1: left promiscuous mode [ 48.203701][ T3376] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.211158][ T3376] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 48.213259][ T988] kernel write not supported for file /221/timerslack_ns (pid: 988 comm: kworker/1:2) [ 48.235553][ T3376] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.243094][ T3376] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 48.251571][ T4520] ./file0: Can't lookup blockdev [ 48.274872][ T3376] veth1_macvtap: left promiscuous mode [ 48.280440][ T3376] veth0_macvtap: left promiscuous mode [ 48.286164][ T3376] veth1_vlan: left promiscuous mode [ 48.291597][ T3376] @: left promiscuous mode [ 48.418870][ T3376] team0 (unregistering): Port device team_slave_1 removed [ 48.430017][ T3376] team0 (unregistering): Port device team_slave_0 removed [ 48.471522][ T4467] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.478558][ T4467] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.504614][ T4467] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.556421][ T4467] hsr_slave_0: entered promiscuous mode [ 48.570407][ T4467] hsr_slave_1: entered promiscuous mode [ 48.586753][ T4467] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 48.604770][ T4467] Cannot create hsr debugfs directory [ 48.758970][ T4561] netlink: 16 bytes leftover after parsing attributes in process `syz.1.487'. [ 48.844792][ T4571] netlink: 'syz.3.492': attribute type 39 has an invalid length. [ 48.853270][ T4571] veth1_macvtap: left promiscuous mode [ 48.926504][ T4579] IPv6: Can't replace route, no match found [ 48.978145][ T4583] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 48.987563][ T4583] macsec1: entered promiscuous mode [ 48.992953][ T4583] macsec1: entered allmulticast mode [ 48.998420][ T4583] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 49.010407][ T4583] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 49.017871][ T4583] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 49.052066][ T4467] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 49.061856][ T4467] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 49.076116][ T4467] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 49.109788][ T4467] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 49.178616][ T4467] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.197479][ T4467] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.219153][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.226347][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.238982][ C1] hrtimer: interrupt took 38310 ns [ 49.287297][ T4618] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 49.303142][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.310328][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.320666][ T4611] IPVS: stopping master sync thread 4618 ... [ 49.418542][ T4467] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.540615][ T4467] veth0_vlan: entered promiscuous mode [ 49.549012][ T4467] veth1_vlan: entered promiscuous mode [ 49.568049][ T4467] veth0_macvtap: entered promiscuous mode [ 49.577997][ T4467] veth1_macvtap: entered promiscuous mode [ 49.588103][ T4467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.598754][ T4467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.608612][ T4467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.619122][ T4467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.620596][ T4667] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 49.628994][ T4467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.629030][ T4467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.629041][ T4467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.629056][ T4467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.629994][ T4467] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.686197][ T4467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.696771][ T4467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.706695][ T4467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.717170][ T4467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.719546][ T4671] loop1: detected capacity change from 0 to 128 [ 49.727003][ T4467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.727024][ T4467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.727099][ T4467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.757118][ T4671] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 49.764103][ T4467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.786937][ T4467] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.800002][ T4467] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.808899][ T4467] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.817738][ T4467] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.826513][ T4467] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.826867][ T4671] ext4 filesystem being mounted at /86/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 49.877589][ T4675] netlink: 28 bytes leftover after parsing attributes in process `syz.0.533'. [ 49.886652][ T4675] netlink: 'syz.0.533': attribute type 7 has an invalid length. [ 49.894470][ T4675] netlink: 'syz.0.533': attribute type 8 has an invalid length. [ 49.913643][ T4675] erspan0: entered promiscuous mode [ 49.923804][ T4675] batadv_slave_1: entered promiscuous mode [ 49.935114][ T4675] gretap0: entered promiscuous mode [ 49.959220][ T4681] bond1: entered promiscuous mode [ 49.961551][ T3266] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 49.964379][ T4681] bond1: entered allmulticast mode [ 49.979092][ T4681] 8021q: adding VLAN 0 to HW filter on device bond1 [ 49.998897][ T4684] loop1: detected capacity change from 0 to 1024 [ 50.007264][ T4681] bond1 (unregistering): Released all slaves [ 50.013789][ T4684] EXT4-fs: Ignoring removed nobh option [ 50.019559][ T4684] EXT4-fs: Ignoring removed orlov option [ 50.037926][ T4684] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.108822][ T3266] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.292211][ T8] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4 [ 50.300036][ T8] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2 [ 50.309312][ T4716] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 50.320540][ T8] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x3 [ 50.331011][ T8] hid-generic 0000:3000000:0000.0004: hidraw0: HID v0.00 Device [sy] on syz0 [ 50.365235][ T4722] loop2: detected capacity change from 0 to 512 [ 50.409726][ T4722] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.552: corrupted in-inode xattr: invalid ea_ino [ 50.442949][ T4722] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.552: couldn't read orphan inode 15 (err -117) [ 50.456091][ T4722] EXT4-fs (loop2): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.528282][ T4467] EXT4-fs (loop2): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 50.580652][ T4740] __nla_validate_parse: 1 callbacks suppressed [ 50.580666][ T4740] netlink: 28 bytes leftover after parsing attributes in process `syz.2.559'. [ 50.685454][ T4754] loop2: detected capacity change from 0 to 512 [ 50.692546][ T4754] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 50.708026][ T4754] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.742373][ T4754] EXT4-fs error (device loop2): ext4_do_update_inode:5121: inode #2: comm syz.2.565: corrupted inode contents [ 50.758004][ T4754] EXT4-fs error (device loop2): ext4_dirty_inode:5984: inode #2: comm syz.2.565: mark_inode_dirty error [ 50.779499][ T4754] EXT4-fs error (device loop2): ext4_do_update_inode:5121: inode #2: comm syz.2.565: corrupted inode contents [ 50.816353][ T4467] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.867187][ T4766] loop3: detected capacity change from 0 to 512 [ 50.905778][ T4766] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 50.914846][ T4766] System zones: 0-2, 18-18, 34-35 [ 50.921709][ T4766] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.934866][ T4766] ext4 filesystem being mounted at /132/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.002224][ T3270] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.019210][ T4783] netlink: 'syz.0.577': attribute type 21 has an invalid length. [ 51.027559][ T4783] netlink: 132 bytes leftover after parsing attributes in process `syz.0.577'. [ 51.098689][ T4789] loop0: detected capacity change from 0 to 2048 [ 51.146134][ T4789] loop0: p1 < > p4 [ 51.151448][ T4789] loop0: p4 size 8388608 extends beyond EOD, truncated [ 51.244620][ T4818] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 51.298141][ T4824] Cannot find add_set index 0 as target [ 51.320376][ T4830] loop2: detected capacity change from 0 to 512 [ 51.328625][ T4830] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 51.420139][ T4844] loop2: detected capacity change from 0 to 512 [ 51.427325][ T4846] netlink: 4 bytes leftover after parsing attributes in process `syz.3.606'. [ 51.459271][ T4844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.472082][ T4844] ext4 filesystem being mounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 51.476331][ T4854] loop0: detected capacity change from 0 to 256 [ 51.512236][ T4467] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.518832][ T4854] FAT-fs (loop0): Directory bread(block 64) failed [ 51.528112][ T4854] FAT-fs (loop0): Directory bread(block 65) failed [ 51.534771][ T4854] FAT-fs (loop0): Directory bread(block 66) failed [ 51.541709][ T4854] FAT-fs (loop0): Directory bread(block 67) failed [ 51.548531][ T4854] FAT-fs (loop0): Directory bread(block 68) failed [ 51.555558][ T4854] FAT-fs (loop0): Directory bread(block 69) failed [ 51.563697][ T4854] FAT-fs (loop0): Directory bread(block 70) failed [ 51.571692][ T4854] FAT-fs (loop0): Directory bread(block 71) failed [ 51.578377][ T4854] FAT-fs (loop0): Directory bread(block 72) failed [ 51.584977][ T4854] FAT-fs (loop0): Directory bread(block 73) failed [ 51.615658][ T4866] loop2: detected capacity change from 0 to 512 [ 51.624132][ T4866] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.611: invalid block [ 51.636764][ T4866] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.611: invalid indirect mapped block 4294967295 (level 1) [ 51.650942][ T4866] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.611: invalid indirect mapped block 4294967295 (level 1) [ 51.673995][ T4866] EXT4-fs (loop2): 2 truncates cleaned up [ 51.703185][ T4866] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.743846][ T4866] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 51.757817][ T4866] EXT4-fs error (device loop2): __ext4_remount:6522: comm syz.2.611: Abort forced by user [ 51.769219][ T4866] EXT4-fs (loop2): Remounting filesystem read-only [ 51.776252][ T4866] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 51.812982][ T4879] netlink: 16 bytes leftover after parsing attributes in process `syz.3.620'. [ 51.822299][ T4467] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.835322][ T4879] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (14) [ 52.724838][ T29] kauditd_printk_skb: 242 callbacks suppressed [ 52.724858][ T29] audit: type=1400 audit(1728783635.251:1011): avc: denied { create } for pid=4890 comm="syz.1.624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 52.750669][ T29] audit: type=1400 audit(1728783635.251:1012): avc: denied { setopt } for pid=4890 comm="syz.1.624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 52.770231][ T29] audit: type=1400 audit(1728783635.251:1013): avc: denied { connect } for pid=4890 comm="syz.1.624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 52.789965][ T29] audit: type=1400 audit(1728783635.251:1014): avc: denied { write } for pid=4890 comm="syz.1.624" laddr=fe80::11 lport=2 faddr=ff01::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 52.817072][ T4899] syz.2.627[4899] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.817196][ T4899] syz.2.627[4899] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.818589][ T164] kworker/u8:5: attempt to access beyond end of device [ 52.818589][ T164] loop0: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 52.832642][ T4899] syz.2.627[4899] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.842578][ T164] kworker/u8:5: attempt to access beyond end of device [ 52.842578][ T164] loop0: rw=1, sector=1864, nr_sectors = 2048 limit=256 [ 52.890375][ T164] kworker/u8:5: attempt to access beyond end of device [ 52.890375][ T164] loop0: rw=1, sector=3912, nr_sectors = 2048 limit=256 [ 52.910328][ T164] kworker/u8:5: attempt to access beyond end of device [ 52.910328][ T164] loop0: rw=1, sector=5960, nr_sectors = 2048 limit=256 [ 52.928211][ T4903] IPVS: stopping master sync thread 4904 ... [ 52.944130][ T164] kworker/u8:5: attempt to access beyond end of device [ 52.944130][ T164] loop0: rw=1, sector=8008, nr_sectors = 2048 limit=256 [ 52.966158][ T164] kworker/u8:5: attempt to access beyond end of device [ 52.966158][ T164] loop0: rw=1, sector=10056, nr_sectors = 2088 limit=256 [ 52.984112][ T164] kworker/u8:5: attempt to access beyond end of device [ 52.984112][ T164] loop0: rw=1, sector=12144, nr_sectors = 2584 limit=256 [ 53.003282][ T164] kworker/u8:5: attempt to access beyond end of device [ 53.003282][ T164] loop0: rw=1, sector=14728, nr_sectors = 2048 limit=256 [ 53.020857][ T164] kworker/u8:5: attempt to access beyond end of device [ 53.020857][ T164] loop0: rw=1, sector=16776, nr_sectors = 2056 limit=256 [ 53.021936][ T4915] loop3: detected capacity change from 0 to 512 [ 53.052520][ T164] kworker/u8:5: attempt to access beyond end of device [ 53.052520][ T164] loop0: rw=1, sector=18832, nr_sectors = 12488 limit=256 [ 53.090791][ T4915] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.633: invalid block [ 53.103600][ T4915] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.633: invalid indirect mapped block 4294967295 (level 1) [ 53.118374][ T4915] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.633: invalid indirect mapped block 4294967295 (level 1) [ 53.166827][ T29] audit: type=1400 audit(1728783635.711:1015): avc: denied { setopt } for pid=4926 comm="syz.0.638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 53.190196][ T4915] EXT4-fs (loop3): 2 truncates cleaned up [ 53.205055][ T4915] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.229954][ T29] audit: type=1400 audit(1728783635.771:1016): avc: denied { ioctl } for pid=4932 comm="syz.2.637" path="socket:[8489]" dev="sockfs" ino=8489 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 53.234938][ T4915] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 53.257481][ T29] audit: type=1400 audit(1728783635.801:1017): avc: denied { bind } for pid=4932 comm="syz.2.637" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 53.282259][ T29] audit: type=1400 audit(1728783635.801:1018): avc: denied { write } for pid=4932 comm="syz.2.637" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 53.301609][ T4915] EXT4-fs error (device loop3): __ext4_remount:6522: comm syz.3.633: Abort forced by user [ 53.311798][ T4915] EXT4-fs (loop3): Remounting filesystem read-only [ 53.318518][ T4915] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 53.342735][ T3270] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.401956][ T4944] loop3: detected capacity change from 0 to 256 [ 53.454077][ T29] audit: type=1400 audit(1728783635.991:1019): avc: denied { ioctl } for pid=4949 comm="syz.3.645" path="socket:[8517]" dev="sockfs" ino=8517 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 53.480326][ T4950] netlink: 8 bytes leftover after parsing attributes in process `syz.3.645'. [ 53.809193][ T29] audit: type=1400 audit(1728783636.351:1020): avc: denied { bind } for pid=4952 comm="syz.3.650" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 53.954623][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x1 [ 53.962234][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 53.969884][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 53.977450][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 53.984886][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 53.992464][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 53.999996][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.007419][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.014825][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.022242][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.029657][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.037165][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.044565][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.052002][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.059430][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.066867][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.074269][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.081815][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.089364][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.096815][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.104348][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.111773][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.119194][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.126682][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.134164][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.141604][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.149104][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.156739][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.164162][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.171647][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.179147][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.186572][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.194007][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.201519][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.209113][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.216744][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.224157][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.231656][ T3345] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 54.241912][ T3345] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz0] on syz0 [ 54.294345][ T4986] netlink: 'syz.0.663': attribute type 21 has an invalid length. [ 54.304395][ T4991] loop1: detected capacity change from 0 to 512 [ 54.304809][ T4986] netlink: 132 bytes leftover after parsing attributes in process `syz.0.663'. [ 54.317407][ T4991] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.667: corrupted in-inode xattr: invalid ea_ino [ 54.324618][ T4993] netlink: 204 bytes leftover after parsing attributes in process `syz.2.668'. [ 54.334597][ T4991] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.667: couldn't read orphan inode 15 (err -117) [ 54.354945][ T4991] EXT4-fs (loop1): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.411256][ T4998] loop3: detected capacity change from 0 to 2048 [ 54.443864][ T3266] EXT4-fs (loop1): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 54.466198][ T4998] loop3: p1 < > p4 [ 54.471108][ T4998] loop3: p4 size 8388608 extends beyond EOD, truncated [ 54.482232][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x1 [ 54.489879][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.497400][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.504813][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.512423][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.519930][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.528770][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.536233][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.543667][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.551287][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.558863][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.566325][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.573859][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.581320][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.588771][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.596212][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.603629][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.611115][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.618559][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.626176][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.633623][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.641175][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.648727][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.656174][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.663574][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.671045][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.678516][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.685941][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.693368][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.700804][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.708249][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.716031][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.723472][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.731190][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.738808][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.746383][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.753766][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.761189][ T3323] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 54.770592][ T3323] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz0] on syz0 [ 54.797580][ T5022] loop3: detected capacity change from 0 to 512 [ 54.809201][ T5024] loop2: detected capacity change from 0 to 512 [ 54.818342][ T5024] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.682: corrupted in-inode xattr: invalid ea_ino [ 54.818714][ T5022] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.833258][ T5024] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.682: couldn't read orphan inode 15 (err -117) [ 54.844761][ T5022] ext4 filesystem being mounted at /166/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.878552][ T5024] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.910988][ T3270] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.944044][ T5032] netlink: 204 bytes leftover after parsing attributes in process `syz.3.684'. [ 54.956423][ T4467] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.971994][ T5038] loop3: detected capacity change from 0 to 512 [ 54.979133][ T5040] netlink: 4 bytes leftover after parsing attributes in process `syz.2.688'. [ 54.980568][ T5038] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.687: corrupted in-inode xattr: invalid ea_ino [ 55.006323][ T5038] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.687: couldn't read orphan inode 15 (err -117) [ 55.020132][ T5038] EXT4-fs (loop3): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.071331][ T3270] EXT4-fs (loop3): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 55.096425][ T5048] tipc: Enabling of bearer rejected, already enabled [ 55.152498][ T5054] loop1: detected capacity change from 0 to 512 [ 55.172293][ T5054] ext4 filesystem being mounted at /112/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 55.226629][ T5060] tipc: Started in network mode [ 55.231555][ T5060] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 55.241835][ T5060] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 55.250224][ T5060] tipc: Enabled bearer , priority 10 [ 55.323896][ T5066] netlink: 204 bytes leftover after parsing attributes in process `syz.1.698'. [ 55.365626][ T5073] loop4: detected capacity change from 0 to 512 [ 55.376265][ T5074] loop1: detected capacity change from 0 to 512 [ 55.386306][ T5074] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 55.393372][ T5073] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.703: corrupted in-inode xattr: invalid ea_ino [ 55.408994][ T5073] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.703: couldn't read orphan inode 15 (err -117) [ 55.474895][ T5089] loop3: detected capacity change from 0 to 512 [ 55.476747][ T5087] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 55.497651][ T5089] ext4 filesystem being mounted at /174/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 55.577030][ T5096] tipc: Started in network mode [ 55.581957][ T5096] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 55.591046][ T5096] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 55.599509][ T5096] tipc: Enabled bearer , priority 10 [ 55.704188][ T5113] loop3: detected capacity change from 0 to 512 [ 55.711280][ T5113] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 55.790590][ T5125] netlink: 12 bytes leftover after parsing attributes in process `syz.3.725'. [ 55.832620][ T5132] loop3: detected capacity change from 0 to 512 [ 55.855169][ T5134] tipc: Enabling of bearer rejected, already enabled [ 55.857908][ T5132] ext4 filesystem being mounted at /184/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 55.982657][ T5154] loop1: detected capacity change from 0 to 512 [ 55.996457][ T5154] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 56.009340][ T5154] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e12c, mo2=0002] [ 56.017995][ T5154] EXT4-fs (loop1): orphan cleanup on readonly fs [ 56.025128][ T5154] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.736: bg 0: block 361: padding at end of block bitmap is not set [ 56.055375][ T5154] EXT4-fs (loop1): Remounting filesystem read-only [ 56.064580][ T5154] EXT4-fs (loop1): 1 truncate cleaned up [ 56.071537][ T5154] SELinux: (dev loop1, type ext4) getxattr errno 5 [ 56.162306][ T5174] Cannot find add_set index 0 as target [ 56.307101][ T5196] netlink: 28 bytes leftover after parsing attributes in process `syz.2.756'. [ 56.316163][ T5196] netlink: 'syz.2.756': attribute type 7 has an invalid length. [ 56.323890][ T5196] netlink: 'syz.2.756': attribute type 8 has an invalid length. [ 56.331598][ T5196] netlink: 4 bytes leftover after parsing attributes in process `syz.2.756'. [ 56.347379][ T5196] erspan0: entered promiscuous mode [ 56.358381][ T5196] batadv_slave_1: entered promiscuous mode [ 56.364763][ T5196] gretap0: entered promiscuous mode [ 56.365114][ T3323] tipc: Node number set to 1 [ 56.374686][ T5196] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 56.385457][ T5201] loop0: detected capacity change from 0 to 128 [ 56.400316][ T5196] Cannot create hsr debugfs directory [ 56.414558][ T5201] ext4 filesystem being mounted at /148/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 56.558017][ T5216] loop3: detected capacity change from 0 to 512 [ 56.566656][ T5216] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 56.610283][ T5213] vhci_hcd: default hub control req: ff03 v0010 i0005 l5 [ 56.624810][ T5216] EXT4-fs error (device loop3): ext4_do_update_inode:5121: inode #2: comm syz.3.767: corrupted inode contents [ 56.637429][ T5216] EXT4-fs error (device loop3): ext4_dirty_inode:5984: inode #2: comm syz.3.767: mark_inode_dirty error [ 56.665283][ T5216] EXT4-fs error (device loop3): ext4_do_update_inode:5121: inode #2: comm syz.3.767: corrupted inode contents [ 56.714769][ T5238] loop4: detected capacity change from 0 to 128 [ 56.729395][ T3341] tipc: Node number set to 1 [ 56.754728][ T5241] loop0: detected capacity change from 0 to 512 [ 56.764975][ T5238] ext4 filesystem being mounted at /150/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 56.786884][ T5241] ext4 filesystem being mounted at /151/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 57.015496][ T5265] loop0: detected capacity change from 0 to 2048 [ 57.028761][ T5265] EXT4-fs: Ignoring removed orlov option [ 57.041662][ T5265] EXT4-fs: Ignoring removed mblk_io_submit option [ 57.052440][ T5268] netlink: 100 bytes leftover after parsing attributes in process `syz.1.786'. [ 57.191659][ T5278] netlink: 36 bytes leftover after parsing attributes in process `syz.4.790'. [ 57.200705][ T5278] netlink: 16 bytes leftover after parsing attributes in process `syz.4.790'. [ 57.209890][ T5278] netlink: 36 bytes leftover after parsing attributes in process `syz.4.790'. [ 57.220959][ T5278] netlink: 36 bytes leftover after parsing attributes in process `syz.4.790'. [ 57.267019][ T5287] loop4: detected capacity change from 0 to 512 [ 57.273802][ T5287] EXT4-fs: Ignoring removed oldalloc option [ 57.280318][ T5287] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 57.292039][ T5289] : renamed from bond0 (while UP) [ 57.302430][ T5287] EXT4-fs (loop4): 1 truncate cleaned up [ 57.402950][ T5275] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.785: bg 0: block 234: padding at end of block bitmap is not set [ 57.421213][ T5275] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 117 [ 57.433889][ T5275] EXT4-fs (loop0): This should not happen!! Data will be lost [ 57.433889][ T5275] [ 57.465797][ T5265] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 57.478588][ T5265] EXT4-fs (loop0): This should not happen!! Data will be lost [ 57.478588][ T5265] [ 57.488435][ T5265] EXT4-fs (loop0): Total free blocks count 0 [ 57.494426][ T5265] EXT4-fs (loop0): Free/Dirty block details [ 57.500384][ T5265] EXT4-fs (loop0): free_blocks=0 [ 57.505464][ T5265] EXT4-fs (loop0): dirty_blocks=6144 [ 57.510817][ T5265] EXT4-fs (loop0): Block reservation details [ 57.516847][ T5265] EXT4-fs (loop0): i_reserved_data_blocks=384 [ 57.716983][ T5323] netlink: 12 bytes leftover after parsing attributes in process `syz.2.810'. [ 57.760249][ T29] kauditd_printk_skb: 121 callbacks suppressed [ 57.760262][ T29] audit: type=1400 audit(1728783640.301:1142): avc: denied { create } for pid=5334 comm="syz.4.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 57.791041][ T29] audit: type=1400 audit(1728783640.331:1143): avc: denied { sys_admin } for pid=5334 comm="syz.4.816" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 57.812109][ T29] audit: type=1400 audit(1728783640.331:1144): avc: denied { checkpoint_restore } for pid=5334 comm="syz.4.816" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 57.815442][ T5340] netlink: 28 bytes leftover after parsing attributes in process `syz.0.807'. [ 57.868017][ T29] audit: type=1326 audit(1728783640.391:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5336 comm="syz.2.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc11c50dff9 code=0x7ffc0000 [ 57.891536][ T29] audit: type=1326 audit(1728783640.391:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5336 comm="syz.2.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc11c50dff9 code=0x7ffc0000 [ 57.914913][ T29] audit: type=1326 audit(1728783640.391:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5336 comm="syz.2.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc11c50dff9 code=0x7ffc0000 [ 57.938289][ T29] audit: type=1326 audit(1728783640.391:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5336 comm="syz.2.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=326 compat=0 ip=0x7fc11c50dff9 code=0x7ffc0000 [ 57.961768][ T29] audit: type=1326 audit(1728783640.391:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5336 comm="syz.2.817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc11c50dff9 code=0x7ffc0000 [ 57.970065][ T5341] loop1: detected capacity change from 0 to 512 [ 57.985185][ T29] audit: type=1326 audit(1728783640.401:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5338 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f167dabdff9 code=0x7ffc0000 [ 58.014419][ T29] audit: type=1326 audit(1728783640.401:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5338 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f167dabdff9 code=0x7ffc0000 [ 58.014741][ T5341] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 58.057779][ T5341] ext4 filesystem being mounted at /146/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.109244][ T5341] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 58.173645][ T5363] Cannot find set identified by id 0 to match [ 58.381655][ T5392] ALSA: seq fatal error: cannot create timer (-22) [ 58.596174][ T5426] loop4: detected capacity change from 0 to 128 [ 58.704657][ T5447] loop4: detected capacity change from 0 to 1024 [ 58.726539][ T5452] SELinux: policydb version 0 does not match my version range 15-33 [ 58.730217][ T5449] loop1: detected capacity change from 0 to 128 [ 58.741574][ T5452] SELinux: failed to load policy [ 58.756964][ T5449] ext4 filesystem being mounted at /157/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 58.843587][ T164] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 58.858805][ T164] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28 [ 58.871224][ T164] EXT4-fs (loop4): This should not happen!! Data will be lost [ 58.871224][ T164] [ 58.881039][ T164] EXT4-fs (loop4): Total free blocks count 0 [ 58.887133][ T164] EXT4-fs (loop4): Free/Dirty block details [ 58.893117][ T164] EXT4-fs (loop4): free_blocks=68451041280 [ 58.899205][ T164] EXT4-fs (loop4): dirty_blocks=64 [ 58.904389][ T164] EXT4-fs (loop4): Block reservation details [ 58.910463][ T164] EXT4-fs (loop4): i_reserved_data_blocks=4 [ 58.922668][ T5469] loop3: detected capacity change from 0 to 256 [ 59.070655][ T5499] netlink: 'syz.3.892': attribute type 4 has an invalid length. [ 59.161129][ T5514] loop4: detected capacity change from 0 to 128 [ 59.196047][ T5514] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.322517][ T5528] loop1: detected capacity change from 0 to 1024 [ 59.356817][ T5535] loop4: detected capacity change from 0 to 128 [ 59.400354][ T5535] ext4 filesystem being mounted at /186/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 59.441361][ T335] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 59.481623][ T335] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28 [ 59.494137][ T335] EXT4-fs (loop1): This should not happen!! Data will be lost [ 59.494137][ T335] [ 59.504023][ T335] EXT4-fs (loop1): Total free blocks count 0 [ 59.510083][ T335] EXT4-fs (loop1): Free/Dirty block details [ 59.516048][ T335] EXT4-fs (loop1): free_blocks=68451041280 [ 59.521861][ T335] EXT4-fs (loop1): dirty_blocks=64 [ 59.527024][ T335] EXT4-fs (loop1): Block reservation details [ 59.533001][ T335] EXT4-fs (loop1): i_reserved_data_blocks=4 [ 59.621849][ T5559] loop1: detected capacity change from 0 to 128 [ 59.741192][ T5571] loop2: detected capacity change from 0 to 1024 [ 59.800901][ T335] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 59.829024][ T5584] loop0: detected capacity change from 0 to 128 [ 59.862065][ T335] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28 [ 59.874493][ T335] EXT4-fs (loop2): This should not happen!! Data will be lost [ 59.874493][ T335] [ 59.884259][ T335] EXT4-fs (loop2): Total free blocks count 0 [ 59.890317][ T335] EXT4-fs (loop2): Free/Dirty block details [ 59.896326][ T335] EXT4-fs (loop2): free_blocks=68451041280 [ 59.902158][ T335] EXT4-fs (loop2): dirty_blocks=64 [ 59.907438][ T335] EXT4-fs (loop2): Block reservation details [ 59.913434][ T335] EXT4-fs (loop2): i_reserved_data_blocks=4 [ 59.962081][ T5584] ext4 filesystem being mounted at /177/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 60.118978][ T5597] Cannot find set identified by id 0 to match [ 60.140286][ T5603] loop2: detected capacity change from 0 to 128 [ 60.310238][ T5625] loop3: detected capacity change from 0 to 128 [ 60.348768][ T5625] ext4 filesystem being mounted at /223/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 60.409868][ T5629] loop4: detected capacity change from 0 to 256 [ 60.713722][ T5667] Cannot find set identified by id 0 to match [ 60.810797][ T5676] loop0: detected capacity change from 0 to 512 [ 60.840508][ T5676] EXT4-fs: Ignoring removed oldalloc option [ 60.874843][ T5676] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 60.909818][ T5676] EXT4-fs (loop0): 1 truncate cleaned up [ 60.977153][ T5682] loop4: detected capacity change from 0 to 2048 [ 60.997761][ T5682] EXT4-fs: Ignoring removed orlov option [ 61.019279][ T5682] EXT4-fs: Ignoring removed mblk_io_submit option [ 61.147543][ T5697] loop0: detected capacity change from 0 to 128 [ 61.188742][ T5697] ext4 filesystem being mounted at /191/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 61.444576][ T5682] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.971: bg 0: block 234: padding at end of block bitmap is not set [ 61.468252][ T5682] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 117 [ 61.468552][ T5706] __nla_validate_parse: 15 callbacks suppressed [ 61.468615][ T5706] netlink: 36 bytes leftover after parsing attributes in process `syz.1.979'. [ 61.480848][ T5682] EXT4-fs (loop4): This should not happen!! Data will be lost [ 61.480848][ T5682] [ 61.487112][ T5706] netlink: 16 bytes leftover after parsing attributes in process `syz.1.979'. [ 61.514596][ T5706] netlink: 36 bytes leftover after parsing attributes in process `syz.1.979'. [ 61.525507][ T5706] netlink: 36 bytes leftover after parsing attributes in process `syz.1.979'. [ 61.563877][ T5698] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 61.576709][ T5698] EXT4-fs (loop4): This should not happen!! Data will be lost [ 61.576709][ T5698] [ 61.578042][ T5715] loop3: detected capacity change from 0 to 2048 [ 61.586382][ T5698] EXT4-fs (loop4): Total free blocks count 0 [ 61.598753][ T5698] EXT4-fs (loop4): Free/Dirty block details [ 61.604744][ T5698] EXT4-fs (loop4): free_blocks=0 [ 61.609775][ T5698] EXT4-fs (loop4): dirty_blocks=6144 [ 61.615119][ T5698] EXT4-fs (loop4): Block reservation details [ 61.621247][ T5698] EXT4-fs (loop4): i_reserved_data_blocks=384 [ 61.653684][ T5715] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a842e01c, mo2=0082] [ 61.665963][ T5715] System zones: 0-7 [ 61.745443][ T3270] EXT4-fs error (device loop3): __ext4_iget:4952: inode #17: block 1803188595: comm syz-executor: invalid block [ 61.774959][ T3270] EXT4-fs error (device loop3): __ext4_iget:4952: inode #17: block 1803188595: comm syz-executor: invalid block [ 61.900183][ T5742] program syz.1.1006 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 61.976104][ T5754] netlink: 116 bytes leftover after parsing attributes in process `syz.1.1011'. [ 61.988120][ T5757] 9pnet_fd: p9_fd_create_tcp (5757): problem connecting socket to 127.0.0.1 [ 62.022735][ T164] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.069276][ T164] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.124711][ T5772] netlink: 'syz.2.1009': attribute type 10 has an invalid length. [ 62.132616][ T5772] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1009'. [ 62.148830][ T5772] team0: entered promiscuous mode [ 62.153912][ T5772] team_slave_0: entered promiscuous mode [ 62.159768][ T5772] team_slave_1: entered promiscuous mode [ 62.165523][ T5772] team0: entered allmulticast mode [ 62.170708][ T5772] team_slave_0: entered allmulticast mode [ 62.176558][ T5772] team_slave_1: entered allmulticast mode [ 62.189320][ T5772] bridge0: port 3(team0) entered blocking state [ 62.195704][ T5772] bridge0: port 3(team0) entered disabled state [ 62.208276][ T5772] bridge0: port 3(team0) entered blocking state [ 62.214650][ T5772] bridge0: port 3(team0) entered forwarding state [ 62.257840][ T164] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.318485][ T164] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.455613][ T164] bridge_slave_1: left allmulticast mode [ 62.461297][ T164] bridge_slave_1: left promiscuous mode [ 62.467127][ T164] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.477135][ T164] bridge_slave_0: left allmulticast mode [ 62.482817][ T164] bridge_slave_0: left promiscuous mode [ 62.488571][ T164] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.702196][ T164] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 62.727578][ T164] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 62.742267][ T164] bond0 (unregistering): Released all slaves [ 62.751045][ T5819] 9pnet_fd: p9_fd_create_tcp (5819): problem connecting socket to 127.0.0.1 [ 62.762009][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 62.771361][ T5815] netlink: 'syz.1.1022': attribute type 10 has an invalid length. [ 62.779283][ T5815] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1022'. [ 62.789132][ T5815] team0: entered promiscuous mode [ 62.789824][ T5823] loop0: detected capacity change from 0 to 512 [ 62.794278][ T5815] team_slave_0: entered promiscuous mode [ 62.794381][ T5815] team_slave_1: entered promiscuous mode [ 62.802302][ T5823] EXT4-fs: Ignoring removed nobh option [ 62.806406][ T5815] geneve0: entered promiscuous mode [ 62.811961][ T5823] EXT4-fs: Ignoring removed nobh option [ 62.817720][ T5815] team0: entered allmulticast mode [ 62.833505][ T5815] team_slave_0: entered allmulticast mode [ 62.839305][ T5815] team_slave_1: entered allmulticast mode [ 62.845102][ T5815] geneve0: entered allmulticast mode [ 62.851853][ T5815] bridge0: port 3(team0) entered blocking state [ 62.852299][ T5823] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 62.858194][ T5815] bridge0: port 3(team0) entered disabled state [ 62.860954][ T5815] bridge0: port 3(team0) entered blocking state [ 62.878758][ T5815] bridge0: port 3(team0) entered forwarding state [ 62.878965][ T5823] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.1025: invalid indirect mapped block 2683928664 (level 1) [ 62.901705][ T5823] EXT4-fs (loop0): 1 truncate cleaned up [ 62.918127][ T164] tipc: Disabling bearer [ 62.923444][ T164] tipc: Left network mode [ 62.939933][ T29] kauditd_printk_skb: 173 callbacks suppressed [ 62.939950][ T29] audit: type=1326 audit(1728783645.481:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.4.1028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 62.970071][ T29] audit: type=1326 audit(1728783645.491:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.4.1028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 62.993755][ T29] audit: type=1326 audit(1728783645.491:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.4.1028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 63.017262][ T29] audit: type=1326 audit(1728783645.491:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5825 comm="syz.4.1028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd21ec6dff9 code=0x7ffc0000 [ 63.085968][ T164] hsr_slave_0: left promiscuous mode [ 63.091745][ T164] hsr_slave_1: left promiscuous mode [ 63.097694][ T164] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 63.105296][ T164] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 63.112942][ T164] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 63.120507][ T164] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 63.131477][ T164] veth0_macvtap: left promiscuous mode [ 63.137320][ T164] veth1_vlan: left promiscuous mode [ 63.142708][ T164] veth0_vlan: left promiscuous mode [ 63.233411][ T164] team0 (unregistering): Port device team_slave_1 removed [ 63.253487][ T164] team0 (unregistering): Port device team_slave_0 removed [ 63.378257][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.385489][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.400844][ T5768] bridge_slave_0: entered allmulticast mode [ 63.416489][ T5768] bridge_slave_0: entered promiscuous mode [ 63.431111][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.438341][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.452557][ T5768] bridge_slave_1: entered allmulticast mode [ 63.468317][ T5768] bridge_slave_1: entered promiscuous mode [ 63.497701][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.519153][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.544134][ T5768] team0: Port device team_slave_0 added [ 63.553363][ T5768] team0: Port device team_slave_1 added [ 63.608583][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.615667][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.641901][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.654890][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.661905][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.688373][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.727393][ T5768] hsr_slave_0: entered promiscuous mode [ 63.734821][ T5768] hsr_slave_1: entered promiscuous mode [ 63.745122][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.752713][ T5768] Cannot create hsr debugfs directory [ 63.777150][ T5861] netlink: 'syz.1.1036': attribute type 4 has an invalid length. [ 63.813119][ T5861] netlink: 'syz.1.1036': attribute type 4 has an invalid length. [ 63.843636][ T5871] loop2: detected capacity change from 0 to 512 [ 63.871232][ T5871] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.884207][ T5871] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 63.894714][ T5871] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 63.904122][ T5871] EXT4-fs error (device loop2): ext4_acquire_dquot:6879: comm syz.2.1040: Failed to acquire dquot type 0 [ 63.951443][ T29] audit: type=1400 audit(1728783646.491:1329): avc: denied { read } for pid=5883 comm="syz.0.1043" name="ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 63.974298][ T29] audit: type=1400 audit(1728783646.491:1330): avc: denied { open } for pid=5883 comm="syz.0.1043" path="/dev/ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 63.997817][ T29] audit: type=1400 audit(1728783646.491:1331): avc: denied { ioctl } for pid=5883 comm="syz.0.1043" path="/dev/ppp" dev="devtmpfs" ino=116 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 64.023173][ T29] audit: type=1400 audit(1728783646.501:1332): avc: denied { write } for pid=5883 comm="syz.0.1043" name="ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 64.058989][ T5893] 9pnet_fd: Insufficient options for proto=fd [ 64.113252][ T5900] netlink: 'syz.0.1052': attribute type 4 has an invalid length. [ 64.147870][ T5900] netlink: 'syz.0.1052': attribute type 4 has an invalid length. [ 64.236105][ T5908] loop1: detected capacity change from 0 to 512 [ 64.311777][ T5768] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 64.322059][ T5768] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 64.331892][ T5908] ext4 filesystem being mounted at /195/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.344839][ T5908] EXT4-fs error (device loop1): ext4_acquire_dquot:6879: comm syz.1.1056: Failed to acquire dquot type 0 [ 64.360058][ T5768] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 64.380619][ T5768] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 64.440225][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.452060][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.471535][ T5768] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 64.481953][ T5768] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.498123][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.505225][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.516498][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.523590][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.597310][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.701123][ T5768] veth0_vlan: entered promiscuous mode [ 64.709785][ T5768] veth1_vlan: entered promiscuous mode [ 64.726082][ T5768] veth0_macvtap: entered promiscuous mode [ 64.733885][ T5768] veth1_macvtap: entered promiscuous mode [ 64.746805][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.757517][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.767455][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.777926][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.787793][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.798354][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.808238][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.818797][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.830552][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.843689][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.854208][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.864106][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.874620][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.884478][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.894928][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.904823][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.915257][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.926534][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.937663][ T5768] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.946451][ T5768] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.955480][ T5768] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.964346][ T5768] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.966225][ T5941] 9pnet_fd: Insufficient options for proto=fd [ 65.028921][ T5945] netlink: 240 bytes leftover after parsing attributes in process `syz.1.1065'. [ 65.093633][ T5958] loop1: detected capacity change from 0 to 512 [ 65.100888][ T5958] EXT4-fs: Ignoring removed nobh option [ 65.106541][ T5958] EXT4-fs: Ignoring removed nobh option [ 65.127242][ T5958] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 65.136135][ T5958] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.1080: invalid indirect mapped block 2683928664 (level 1) [ 65.151736][ T5958] EXT4-fs (loop1): 1 truncate cleaned up [ 65.249704][ T5964] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1073'. [ 65.259149][ T5964] 0X: renamed from caif0 [ 65.321789][ T5964] 0X: entered allmulticast mode [ 65.327140][ T5964] A link change request failed with some changes committed already. Interface 60X may have been left with an inconsistent configuration, please check. [ 65.385948][ T5973] 9pnet_fd: Insufficient options for proto=fd [ 65.437809][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.445278][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.452714][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.460181][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.467605][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.475105][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.482568][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.490169][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.497604][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.505059][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.512455][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.519945][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.527389][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.534789][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.542312][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.549824][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.557281][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.564675][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.572134][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.579578][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.587042][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.594528][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.602467][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.610054][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.617483][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.624926][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.632352][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.639799][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.647229][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.654623][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.662115][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.669609][ T3341] hid-generic 0000:04AD:0000.0007: unknown main item tag 0x0 [ 65.677832][ T5983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.680975][ T3341] hid-generic 0000:04AD:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz0 [ 65.696371][ T5983] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.732603][ T5985] netlink: 240 bytes leftover after parsing attributes in process `syz.3.1082'. [ 65.854857][ T5999] loop2: detected capacity change from 0 to 128 [ 66.003903][ T6010] loop2: detected capacity change from 0 to 764 [ 66.013320][ T6010] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 66.358856][ T6032] loop0: detected capacity change from 0 to 128 [ 66.498004][ T6054] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1124'. [ 66.507805][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.515414][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.515947][ T6056] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 66.522858][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.538683][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.546134][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.553538][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.561031][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.568480][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.575946][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.583332][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.590790][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.598240][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.605761][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.613235][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.620662][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.628217][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.635760][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.643164][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.650644][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.658052][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.665466][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.672907][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.680322][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.687769][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.695196][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.702584][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.709998][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.717533][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.724916][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.729341][ T6056] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 66.732416][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.747595][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.755091][ T8] hid-generic 0000:04AD:0000.0008: unknown main item tag 0x0 [ 66.764479][ T8] hid-generic 0000:04AD:0000.0008: hidraw0: HID v0.00 Device [syz0] on syz0 [ 66.785217][ T6062] 9pnet: p9_errstr2errno: server reported unknown error @΂(QhQI [ 67.030974][ T6069] ================================================================== [ 67.039209][ T6069] BUG: KCSAN: data-race in pcpu_alloc_noprof / pcpu_balance_workfn [ 67.047123][ T6069] [ 67.049440][ T6069] read-write to 0xffffffff88bdf3ac of 4 bytes by task 8 on cpu 0: [ 67.057237][ T6069] pcpu_balance_workfn+0x94e/0xa60 [ 67.062371][ T6069] process_scheduled_works+0x483/0x9a0 [ 67.067867][ T6069] worker_thread+0x51d/0x6f0 [ 67.072453][ T6069] kthread+0x1d1/0x210 [ 67.076529][ T6069] ret_from_fork+0x4b/0x60 [ 67.080947][ T6069] ret_from_fork_asm+0x1a/0x30 [ 67.085722][ T6069] [ 67.088053][ T6069] read to 0xffffffff88bdf3ac of 4 bytes by task 6069 on cpu 1: [ 67.095615][ T6069] pcpu_alloc_noprof+0x9b6/0x10a0 [ 67.100671][ T6069] bpf_map_alloc_percpu+0xad/0x210 [ 67.105802][ T6069] prealloc_init+0x19f/0x470 [ 67.110401][ T6069] htab_map_alloc+0x630/0x8e0 [ 67.115083][ T6069] map_create+0x850/0xb70 [ 67.119425][ T6069] __sys_bpf+0x667/0x7a0 [ 67.123660][ T6069] __x64_sys_bpf+0x43/0x50 [ 67.128081][ T6069] x64_sys_call+0x2625/0x2d60 [ 67.132802][ T6069] do_syscall_64+0xc9/0x1c0 [ 67.137326][ T6069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.143228][ T6069] [ 67.145560][ T6069] value changed: 0x00000001 -> 0x00000004 [ 67.151271][ T6069] [ 67.153585][ T6069] Reported by Kernel Concurrency Sanitizer on: [ 67.159724][ T6069] CPU: 1 UID: 0 PID: 6069 Comm: syz.3.1120 Tainted: G W 6.12.0-rc2-syzkaller-00305-g7234e2ea0edd #0 [ 67.171869][ T6069] Tainted: [W]=WARN [ 67.175669][ T6069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 67.185741][ T6069] ==================================================================