last executing test programs: 2.884623335s ago: executing program 3 (id=4249): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000000)=0x4, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) sendto$inet(r1, &(0x7f0000000040)='\v\x00', 0xffec, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) 2.828787409s ago: executing program 3 (id=4251): r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r1, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x335}) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000940)) tkill(r0, 0x7) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r4}, 0x10) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8) close(r6) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r7 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000400)='GPL\x00', 0x0, 0x99, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) close(r3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r7, 0x0, 0x11, 0x0, &(0x7f0000000600)="61df712bc884fef053a7a9a26e9b722780", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) close(r3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r2}, 0x10) setsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000000640)={{{@in=@local, @in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x4e21, 0x0, 0x4e21, 0x9, 0x2, 0x20, 0x0, 0x2f}, {0x10, 0x10, 0x6, 0xffffffff80000001, 0x8001, 0x2, 0x8, 0x4}, {0x4, 0x5, 0x2, 0x4}, 0x81, 0x6e6bbd, 0x0, 0x1, 0x3, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d2, 0x33}, 0xa, @in6=@empty, 0x0, 0x3, 0x2, 0x7, 0x1, 0x5}}, 0xe8) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000130000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00'}, 0x10) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r10 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r11 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) readv(r11, &(0x7f0000000b00)=[{&(0x7f0000000540)=""/198, 0xc6}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r9, @ANYBLOB="0000000004000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 2.024974113s ago: executing program 3 (id=4280): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000380)={0x1}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000000)) fcntl$lock(r1, 0x25, &(0x7f00000000c0)) 1.960793898s ago: executing program 3 (id=4281): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000217100000001010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000016d8ce4db711d5e46c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e30000000000000000000000014000100677265e52ea619052f9c08000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e64300000000000000000000000140001006970766c616e31"], 0x4b0}}, 0x8000) 1.944744059s ago: executing program 3 (id=4282): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x408e, &(0x7f0000000240), 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=") r0 = open(&(0x7f0000000040)='./bus\x00', 0x1459c2, 0x0) ftruncate(r0, 0x2007ffd) r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x3000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 1.804404438s ago: executing program 3 (id=4284): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) ptrace(0x10, 0x1) r2 = inotify_init1(0x0) fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000380)={0x0, 0x0}) ptrace$getenv(0x4204, r3, 0x201, &(0x7f0000000000)) 1.540882876s ago: executing program 4 (id=4292): r0 = epoll_create1(0x0) r1 = socket$unix(0x1, 0x1, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa0028000}) 1.301222982s ago: executing program 4 (id=4295): bpf$ENABLE_STATS(0x20, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeea, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) mlockall(0x3) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) 920.421558ms ago: executing program 2 (id=4307): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r0}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sysinfo(&(0x7f0000000200)=""/19) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r1, &(0x7f0000000040)={0x23, 0x0, 0x0, 0x1}, 0x10) 917.648768ms ago: executing program 2 (id=4308): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0', [], 0xa, "1f411d2552ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bda4de504f5a3c7c04055f1f70e4064d46b2bb9e5100d446bb6a"}, 0x2) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10) openat(0xffffffffffffff9c, 0x0, 0x107242, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) syz_emit_ethernet(0xaa, 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 896.72805ms ago: executing program 2 (id=4309): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x7d98, &(0x7f0000000140)={0x0, 0x3, 0x800}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x18}) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) 875.521981ms ago: executing program 2 (id=4310): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000001c0)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x42}]}, 0x10) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getpgrp(0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x5, 0x6, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 769.142459ms ago: executing program 4 (id=4313): r0 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x80000) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) statx(r0, 0x0, 0x0, 0x80, 0x0) 768.495269ms ago: executing program 4 (id=4314): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="871000000000000000000100000008000300000001000500060000000000050005"], 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x0) 744.65733ms ago: executing program 4 (id=4315): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7620000000000007b8af8ff00000080bfa200000000000007020000f8dfffffa103200008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$evdev(&(0x7f0000000180), 0x3, 0x88000) ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f00000001c0)) ioctl$EVIOCGRAB(r2, 0x40044590, 0x0) 704.598543ms ago: executing program 4 (id=4317): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) inotify_init1(0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) set_mempolicy(0x3, &(0x7f0000000000)=0x1, 0x7) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}}, 0x0) 636.030637ms ago: executing program 0 (id=4321): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xffd, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r2 = socket$unix(0x1, 0x5, 0x0) bind$unix(r2, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) 622.210618ms ago: executing program 0 (id=4322): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x4, &(0x7f0000000280)={[{@prjquota}, {@init_itable_val={'init_itable', 0x3d, 0x5}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xae2}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xa9}}, {@minixdf}, {@usrquota}, {@quota}]}, 0x1, 0x791, &(0x7f00000017c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCzbdhsQ80mW7Kb0oSALSJ4EVQ8CHrp2Zd68+rLVf8LD9JSNS1WPEhkNrPtttlNN212N5DPByb7PDPP5nm++8zLMzvDTgB71lj6JxdxKCI+SiJGsvlJRAzUUv0RJzbK3V5bLaRTEuvrb/6R1MrcWlstRMN7UgeyzJMR8eP7EYdzm+utLK/MTZdKxcUsP1GdPz9RWV45cm5+erY4W1w4Njk1dfT4C8eP7Vysf/2ycvD6x689+82Jf9574uqHPyVxIg5myxrj2CljMZZ9JgPpR3iPV3e6sh5Let0AHkq6afZtbOVxKEair5ZqYaibLQMAOuXdiFgHAPaYZOvjf/aFYNeaAwB0XP17gFtrq4X61MOvI7ruxisRsX8j/vr1zY0l/dk1u/2166DDt5J7rowkETG6A/WPRcQX3739VTpF1g+upQHdcOlyRJwZHdu8/0823bOwXc9ttXB9sPYydt/svXb8gV76Ph3/vNhs/Je7M/6JJuOfwSbb7sN48Pafu7YD1bSUjv9ebri37XZD/JnRviz3v9qYbyA5e65UTPdt/4+I8RgYTPOTtaLNR27jN/+92ar+xvHfn5+882Vaf/p6t0TuWv/gve+Zma5OP2rcdTcuRzzV3yz+5E7/Jy3Gv6farOP1lz74vNWyNP403vq0Of7OWr8S8UzT/r/bl8mW9ydO1FaHifpK0cS3v3423Kr+xv5Pp7T++rlAN6T9P7x1/KNJ4/2ale3X8fOVkR9aLXtw/M3X/33JW7X0vmzexelqdXEyYl/yxub5R+++t56vl0/jH3+6+fa/UW3z9T89JzzTZvz913//+uHj76w0/plt9f/2E1dvz/W1qr+9/p+qpcazOe3s/9pt4KN8dgAAAAAAAAAAAAAAAAAAAAAAAADQrlxEHIwkl7+TzuXy+Y1neD8ew7lSuVI9fLa8tDATtWdlj8ZArv5TlyMNv4c6mf0efj1/9L788xHxWER8OjhUy+cL5dJMr4MHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMyBFs//T/022OvWAQAds7/XDQAAus7xHwD2nvaO//VSQx1tCwDQHc7/AWDvafv4f6az7QAAusf5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB126uTJdFr/e221kOZnLiwvzZUvHJkpVuby80uFfKG8eD4/Wy7Plor5Qnm+5T+6tPFSKpfPT8XC0sWJarFSnagsr5yeLy8tVE+fm5+eLZ4uDnQtMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoX2V5ZW66VCouSmyZGNodzdg1if7YFc2Q6FiicS8x1LsdFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAu918AAAD//908I78=") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='ext4_allocate_blocks\x00', r1}, 0x10) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305839, 0x0) openat(0xffffffffffffff9c, 0x0, 0x141042, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0xfe, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) 496.781317ms ago: executing program 0 (id=4323): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e850000000800000095"], 0x0, 0xc0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 496.565367ms ago: executing program 0 (id=4324): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r0}, &(0x7f0000000680), &(0x7f00000006c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1e, 0x12, r3, 0x0) 496.384987ms ago: executing program 0 (id=4325): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x5, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x51, &(0x7f0000000180)={[{@norecovery}, {@grpid}, {@init_itable_val={'init_itable', 0x3d, 0x5}}, {}, {@nombcache}]}, 0x6, 0x605, &(0x7f00000017c0)="$eJzs3c9vFFUcAPDvTLc/aNUWYlQ8SBNjIFFaWsAQYyLcCcEfN0+VFoIUSmiNFkksCV5MjBcPJp48iP+Fknj1YOLJgxdPhoQYw0EMkTWzna3T7W7Zlu5u6X4+ydD3Zth53wG+vLdv38wG0LVGs1/SiL0RcTmJGC4cK0V+cHT5993969qZbEuiXH77zySufZIsFc+V5D+H8hf/OxzJz2nEnp617c4vXr0wNTs7cyWvjy9cvDw+v3j14PmLU+dmzs1cmnx18tjRI0ePTRxaec0vm7i+UqF88sb7Hw5/durdb7++n0x899upJI7Hgzy27LpqX9u/ifaKRmM0ysvu1cZ07BHPvV38Pbz6zziT1O5g2zqb/3vsjYhnYzh6Cn+bw/Hpmx0NDmipchLVPgroOkkT+Z+N7FfvGWhZPEC7VMcB1ff29d4Hr5W2eFQCtMOdE8sTAMu53xsR1fwvLc8NxkBlbmDwbrJqnicbERzagvazNn768dSNbIsG83BAayxdr85y1/b/SSU3R2KgUhu8m67K/7SwZfvf2mT7ozV1+Q/ts3Q9Ip7L+/++2FD+jxby/71mG6z5LFD+AwAAAAAAwNa5dSIiXqm3/i9dWf/TV2f9z1BEHN+C9h/++V96Oy8kW9AcUHDnRMTrddf/rqzxHenJa09W1gP0JmfPz84cioinIuJA9PZn9Yma8xZXCB/8fM9Xjdovrv/Ltqz96lrA/Ey3SzU34k5PLUw96nUDEXeuRzxfWf+7L9+zev1P1v8ndfr/LL8vN9nGnpdunm507OH5D7RK+ZuI/XX7//+H28n6z+cYr4wHxqujgrVe+PiL7xu1L/+hc7L+f3D9/O9Pis/rmd/Y+fsi4vBiqdzo+GbH/33JOz3V82c+mlpYuDIR0ZecXLt/cmMxw05VzYdqvmT5f+DF9ef/Vsb/hTzcFRFLTbb5zIOh3xsd0/9D52T5P71+/z+yuv/feGHy5sgPjdo/3VT/f6TSpx/I95j/g6K1z+NoNkE7Ei4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPObSiHgiknRspZymY2MRQxHxdAyms3PzCy+fnfvg0nR2rPL9/2n1m36Hl+tJ9fv/Rwr1yZr64YjYHRFf9uyq1MfOzM1Od/riAQAAAAAAAAAAAAAAAAAAYJsYqtzzX+6vvf8/80dPp6MDWq6U/5Tv0H1Km35luX9LAwHabvP5Dzzums//3pbGAbRf4/y/d79c0dZwgDYy/ofutcn893EB7AD6f+hWTc7pDbQ6DqAT9P8AAAAAALCj7N5369ckIpZe21XZMn35MYv9YWdLOx0A0DHW8EL3Ks11OgKgU7zHB5KV0j91b/ZvvPo/aU1AAAAAAAAAAAAAAMAa+/e6/x+61fr3/1vbDzvZOvf/10t+jwuAHaTxV3/o+2Gn8x4feFhv7/5/AAAAAAAAAAAAANgGBq5emJqdnbkyv/j4Fd7YHmFsrLA0tS3C2NLCg9acuTcitscFtrtQfQRHB8Po8P9LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiv8CAAD//zT0JFo=") r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000180)={'fscrypt:', @desc2}, &(0x7f00000002c0)={0x0, "2f01c4fd8eab3f09b5611b25b06bab7c64b45713d278a1fc4a8d718eb430fb655e5f65991c3e1e6f89550928b713582f37d43e4b35a9daa5b12d01438c9c4199"}, 0x48, r1) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000000c0)=@chain) keyctl$link(0x8, r2, r1) name_to_handle_at(0xffffffffffffffff, &(0x7f0000004740)='\x00', &(0x7f0000004780)=@fuse={0xc}, &(0x7f00000047c0), 0x1200) 414.379423ms ago: executing program 0 (id=4326): r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r1, &(0x7f0000000200)=""/209, 0xd1) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x335}) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000940)) tkill(r0, 0x7) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x98, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r3}, 0x10) r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8) close(r5) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r6 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000400)='GPL\x00', 0x0, 0x99, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) close(r2) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r6, 0x0, 0x11, 0x0, &(0x7f0000000600)="61df712bc884fef053a7a9a26e9b722780", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) close(r2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10) setsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000000640)={{{@in=@local, @in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x4e21, 0x0, 0x4e21, 0x9, 0x2, 0x20, 0x0, 0x2f}, {0x10, 0x10, 0x6, 0xffffffff80000001, 0x8001, 0x2, 0x8, 0x4}, {0x4, 0x5, 0x2, 0x4}, 0x81, 0x6e6bbd, 0x0, 0x1, 0x3, 0x3}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d2, 0x33}, 0xa, @in6=@empty, 0x0, 0x3, 0x2, 0x7, 0x1, 0x5}}, 0xe8) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000130000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00'}, 0x10) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r9 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r10 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) readv(r10, &(0x7f0000000b00)=[{&(0x7f0000000540)=""/198, 0xc6}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000004000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 314.135649ms ago: executing program 1 (id=4327): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) socketpair(0xf, 0x3, 0x2, &(0x7f0000000040)) r2 = syz_open_dev$loop(&(0x7f0000000200), 0x5, 0x103382) r3 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x141b42, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r1, 0x0, 0xb) splice(r3, 0x0, r2, 0x0, 0x1000, 0x0) write$binfmt_misc(r4, 0x0, 0xfdef) splice(r0, 0x0, r4, 0x0, 0x80, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0x20) 527.44µs ago: executing program 2 (id=4333): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000001f00)) sendmmsg(r2, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 0s ago: executing program 2 (id=4334): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r0, 0x5) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) dup3(r3, r0, 0x0) kernel console output (not intermixed with test programs): 95] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 105.501436][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.521213][ T9726] loop4: detected capacity change from 0 to 256 [ 105.533653][ T9722] loop0: detected capacity change from 0 to 1024 [ 105.549086][ T9722] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.557216][ T9726] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 198) [ 105.561833][ T9722] ext4 filesystem being mounted at /556/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.570007][ T9726] FAT-fs (loop4): Filesystem has been set read-only [ 105.603110][ T9734] loop2: detected capacity change from 0 to 512 [ 105.609703][ T9726] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 198) [ 105.640308][ T3263] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.657853][ T9734] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.671715][ T9734] ext4 filesystem being mounted at /359/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.671936][ T9743] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2102'. [ 105.721019][ T9745] vhci_hcd: invalid port number 23 [ 105.726267][ T9745] vhci_hcd: invalid port number 23 [ 105.733943][ T5042] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.833386][ T9772] netlink: 'syz.1.2120': attribute type 6 has an invalid length. [ 105.928278][ T9771] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2122'. [ 106.009206][ T9810] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2137'. [ 106.224760][ T9852] loop0: detected capacity change from 0 to 1024 [ 106.253918][ T9852] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 106.264914][ T9852] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 106.280235][ T9852] JBD2: no valid journal superblock found [ 106.286069][ T9852] EXT4-fs (loop0): Could not load journal inode [ 106.757376][ T9952] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2203'. [ 106.765572][ T9957] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2202'. [ 106.805842][ T9962] netlink: 'syz.1.2209': attribute type 2 has an invalid length. [ 106.813651][ T9962] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2209'. [ 106.916477][ T9984] netlink: 'syz.4.2216': attribute type 1 has an invalid length. [ 107.052389][T10008] loop0: detected capacity change from 0 to 1024 [ 107.080856][T10008] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.148891][ T3263] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.384009][T10071] loop0: detected capacity change from 0 to 1024 [ 107.392781][T10077] loop4: detected capacity change from 0 to 128 [ 107.402075][T10077] EXT4-fs: Ignoring removed bh option [ 107.407679][T10071] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 107.407934][T10077] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 107.434699][T10079] netlink: 'syz.3.2255': attribute type 29 has an invalid length. [ 107.443772][T10081] netlink: 'syz.2.2258': attribute type 2 has an invalid length. [ 107.447437][T10074] netlink: 'syz.3.2255': attribute type 29 has an invalid length. [ 107.451773][T10081] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2258'. [ 107.460750][T10071] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #11: comm syz.0.2253: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 107.487787][T10071] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2253: couldn't read orphan inode 11 (err -117) [ 107.501068][T10077] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 107.513824][T10071] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.515827][T10077] ext2 filesystem being mounted at /502/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 107.531708][T10071] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.2253: Invalid block bitmap block 0 in block_group 0 [ 107.574678][T10071] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.2253: Failed to acquire dquot type 0 [ 107.595866][T10077] EXT4-fs warning (device loop4): verify_group_input:137: Cannot add at group 25 (only 1 groups) [ 107.657917][ T3267] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 107.667904][ T3263] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.684410][ T3361] EXT4-fs error (device loop0): ext4_release_dquot:6871: comm kworker/u8:7: Failed to release dquot type 0 [ 107.775435][T10124] loop0: detected capacity change from 0 to 128 [ 107.838322][T10132] loop4: detected capacity change from 0 to 512 [ 107.859950][T10132] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 107.868403][T10132] EXT4-fs (loop4): orphan cleanup on readonly fs [ 107.878102][T10132] EXT4-fs warning (device loop4): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 107.902460][T10143] loop0: detected capacity change from 0 to 1024 [ 107.903038][T10132] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 107.909357][T10143] EXT4-fs: Ignoring removed orlov option [ 107.922603][T10143] EXT4-fs: Ignoring removed nomblk_io_submit option [ 107.930161][T10132] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2279: bg 0: block 40: padding at end of block bitmap is not set [ 107.945378][T10132] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 107.955653][T10143] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.974453][T10132] EXT4-fs (loop4): 1 truncate cleaned up [ 107.980540][T10132] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 108.023095][ T3267] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.035949][ T3263] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.093876][T10172] netlink: 'syz.3.2294': attribute type 27 has an invalid length. [ 108.098903][T10171] loop4: detected capacity change from 0 to 1024 [ 108.137917][T10171] EXT4-fs: Ignoring removed nobh option [ 108.143818][T10171] EXT4-fs: Ignoring removed nomblk_io_submit option [ 108.145424][T10183] syz.3.2299[10183] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.150573][T10183] syz.3.2299[10183] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.166664][T10171] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.227536][ T3267] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.263920][T10195] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2303'. [ 108.298843][T10205] Â: renamed from vlan0 (while UP) [ 108.375661][T10218] loop3: detected capacity change from 0 to 2048 [ 108.405412][T10218] Alternate GPT is invalid, using primary GPT. [ 108.411736][T10218] loop3: p1 p2 p3 [ 108.417229][T10224] netlink: 'syz.4.2310': attribute type 29 has an invalid length. [ 108.435432][T10217] netlink: 'syz.4.2310': attribute type 29 has an invalid length. [ 108.536038][T10245] loop4: detected capacity change from 0 to 1024 [ 108.545553][T10245] EXT4-fs: Ignoring removed orlov option [ 108.551750][T10245] EXT4-fs: Ignoring removed nomblk_io_submit option [ 108.579566][T10245] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.611373][ T3267] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.863059][T10303] loop4: detected capacity change from 0 to 512 [ 108.869958][T10301] program syz.3.2346 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 108.887505][T10303] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 108.910498][T10303] ext4 filesystem being mounted at /518/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.958191][ T3267] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 109.161591][T10341] loop3: detected capacity change from 0 to 1024 [ 109.168814][T10341] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 109.180582][T10341] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #11: comm syz.3.2361: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 109.199540][T10341] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2361: couldn't read orphan inode 11 (err -117) [ 109.212155][T10341] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.226749][T10341] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.2361: Invalid block bitmap block 0 in block_group 0 [ 109.241700][T10341] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.2361: Failed to acquire dquot type 0 [ 109.270931][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.293579][T10353] loop3: detected capacity change from 0 to 512 [ 109.301929][T10353] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 109.319274][T10353] EXT4-fs (loop3): 1 truncate cleaned up [ 109.326495][T10353] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.360684][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.514681][T10383] syz.0.2375[10383] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 109.514782][T10383] syz.0.2375[10383] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 109.545213][T10387] loop0: detected capacity change from 0 to 512 [ 109.565379][T10387] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.2376: corrupted in-inode xattr: invalid ea_ino [ 109.579116][T10387] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2376: couldn't read orphan inode 15 (err -117) [ 109.593109][T10387] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.624673][ T3263] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.662758][ T29] kauditd_printk_skb: 328 callbacks suppressed [ 109.662827][ T29] audit: type=1400 audit(2000000002.540:5302): avc: denied { execute } for pid=10400 comm="syz.0.2382" path="/603/bus" dev="tmpfs" ino=3138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 109.706803][T10410] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 109.716803][T10410] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.776314][T10410] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 109.786287][T10410] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.832701][ T29] audit: type=1400 audit(2000000002.710:5303): avc: denied { validate_trans } for pid=10431 comm="syz.1.2393" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 109.872681][ T29] audit: type=1400 audit(2000000002.750:5304): avc: denied { ioctl } for pid=10433 comm="syz.3.2394" path="socket:[28686]" dev="sockfs" ino=28686 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 109.906642][T10410] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 109.916581][T10410] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.921979][ T29] audit: type=1400 audit(2000000002.800:5305): avc: denied { connect } for pid=10437 comm="syz.2.2396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 109.933622][T10444] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 109.956363][ T29] audit: type=1400 audit(2000000002.810:5306): avc: denied { read write } for pid=10443 comm="syz.4.2398" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 109.981174][ T29] audit: type=1400 audit(2000000002.810:5307): avc: denied { open } for pid=10443 comm="syz.4.2398" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 110.006976][T10442] __nla_validate_parse: 3 callbacks suppressed [ 110.006993][T10442] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2397'. [ 110.023199][ T29] audit: type=1326 audit(2000000002.900:5308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10445 comm="syz.4.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 110.046809][ T29] audit: type=1326 audit(2000000002.900:5309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10445 comm="syz.4.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 110.070806][ T29] audit: type=1326 audit(2000000002.920:5310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10445 comm="syz.4.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 110.094524][ T29] audit: type=1326 audit(2000000002.930:5311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10445 comm="syz.4.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 110.125959][T10410] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 110.135903][T10410] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.193857][T10410] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.202233][T10410] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.229604][T10410] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.237908][T10410] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.251809][T10470] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2408'. [ 110.269219][T10410] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.277547][T10410] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.307249][T10410] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 110.315563][T10410] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.466767][T10501] dvmrp0: left allmulticast mode [ 110.531722][T10516] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2426'. [ 110.540805][T10516] tipc: Started in network mode [ 110.546010][T10516] tipc: Node identity ., cluster identity 8 [ 110.579900][T10520] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2427'. [ 110.675592][T10520] team0: Port device netdevsim1 removed [ 110.822381][T10574] syz.0.2451[10574] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 110.822531][T10574] syz.0.2451[10574] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 110.840614][T10578] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 110.944876][T10596] program syz.0.2458 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 111.038112][T10616] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.2468' sets config #0 [ 111.069205][T10623] loop3: detected capacity change from 0 to 512 [ 111.124466][T10632] tun0: tun_chr_ioctl cmd 1074812117 [ 111.133719][T10623] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.155916][T10623] ext4 filesystem being mounted at /491/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.171762][T10641] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2479'. [ 111.174963][T10623] EXT4-fs error (device loop3): ext4_do_update_inode:5154: inode #2: comm syz.3.2472: corrupted inode contents [ 111.193010][T10623] EXT4-fs error (device loop3): ext4_dirty_inode:6014: inode #2: comm syz.3.2472: mark_inode_dirty error [ 111.220064][T10623] EXT4-fs error (device loop3): ext4_do_update_inode:5154: inode #2: comm syz.3.2472: corrupted inode contents [ 111.234314][T10650] EXT4-fs warning (device loop3): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed [ 111.272755][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.488340][T10690] syz.1.2499[10690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.488415][T10690] syz.1.2499[10690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 111.597595][T10714] program syz.2.2505 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 111.604821][T10708] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2507'. [ 111.704514][T10730] SELinux: policydb version -1681192944 does not match my version range 15-33 [ 111.722946][T10730] SELinux: failed to load policy [ 111.779580][T10738] loop3: detected capacity change from 0 to 512 [ 111.799381][T10738] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 111.823005][T10738] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.2518: bad orphan inode 15 [ 111.841336][T10738] ext4_test_bit(bit=14, block=4) = 1 [ 111.846849][T10738] is_bad_inode(inode)=0 [ 111.851070][T10738] NEXT_ORPHAN(inode)=0 [ 111.855198][T10738] max_ino=32 [ 111.858623][T10738] i_nlink=1 [ 111.862868][T10738] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.915279][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.008699][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.016562][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.023988][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.031528][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.038979][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.046470][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.053886][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.061309][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.068713][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.076173][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.083586][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.091059][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.098483][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.106891][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.115465][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.122852][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.131263][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.139575][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.147957][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.156507][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.163990][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.172591][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.181135][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.189685][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.198326][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.206949][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.215503][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.222926][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.231454][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.240066][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.248632][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.257174][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.265812][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.273275][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.281747][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.290289][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.298628][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.307042][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.315495][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.322950][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.330715][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.338137][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.345559][ T5505] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 112.355471][ T5505] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz0] on syz0 [ 112.757576][T10881] netlink: 'syz.4.2575': attribute type 64 has an invalid length. [ 112.766568][T10881] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2575'. [ 112.929009][T10903] nftables ruleset with unbound chain [ 113.129469][T10937] program syz.3.2599 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 113.442451][T10999] syz.3.2625[10999] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 113.442528][T10999] syz.3.2625[10999] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 113.457873][T10999] xt_CT: You must specify a L4 protocol and not use inversions on it [ 113.492246][T11007] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2629'. [ 113.509396][T11007] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2629'. [ 113.992108][T11039] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 114.090888][T11058] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 114.133724][T11068] syz.4.2657[11068] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.133872][T11068] syz.4.2657[11068] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.194352][T11078] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2661'. [ 114.373554][T11111] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.2676' sets config #0 [ 114.409647][T11122] syz.0.2681[11122] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.409714][T11122] syz.0.2681[11122] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.586008][T11152] usb usb8: usbfs: process 11152 (syz.3.2694) did not claim interface 0 before use [ 114.608303][T11152] vhci_hcd: default hub control req: 010b v0000 i0000 l0 [ 114.613902][T11154] sctp: [Deprecated]: syz.4.2692 (pid 11154) Use of struct sctp_assoc_value in delayed_ack socket option. [ 114.613902][T11154] Use struct sctp_sack_info instead [ 114.678781][ T29] kauditd_printk_skb: 288 callbacks suppressed [ 114.678799][ T29] audit: type=1400 audit(2000000007.560:5600): avc: granted { setsecparam } for pid=11159 comm="syz.3.2697" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 114.711218][ T29] audit: type=1400 audit(2000000007.590:5601): avc: denied { write } for pid=11161 comm="syz.0.2698" name="netstat" dev="proc" ino=4026532508 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 114.838039][ T29] audit: type=1400 audit(2000000007.720:5602): avc: denied { create } for pid=11182 comm="syz.0.2704" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 114.862403][ T29] audit: type=1400 audit(2000000007.720:5603): avc: denied { write } for pid=11182 comm="syz.0.2704" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 114.883941][ T29] audit: type=1400 audit(2000000007.720:5604): avc: denied { nlmsg_read } for pid=11182 comm="syz.0.2704" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 114.906440][ T29] audit: type=1400 audit(2000000007.770:5605): avc: denied { read } for pid=11188 comm="syz.0.2706" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 115.000040][T11198] usb usb8: usbfs: process 11198 (syz.0.2708) did not claim interface 0 before use [ 115.012418][T11198] vhci_hcd: default hub control req: 010b v0000 i0000 l0 [ 115.020860][ T29] audit: type=1400 audit(2000000007.900:5606): avc: denied { name_bind } for pid=11199 comm="syz.3.2710" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 115.056799][ T29] audit: type=1326 audit(2000000007.910:5607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38c6f9def9 code=0x7ffc0000 [ 115.081540][ T29] audit: type=1326 audit(2000000007.910:5608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38c6f9def9 code=0x7ffc0000 [ 115.106187][ T29] audit: type=1326 audit(2000000007.920:5609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11201 comm="syz.3.2711" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f38c6f9def9 code=0x7ffc0000 [ 115.131358][T11206] syz.0.2713[11206] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 115.131501][T11206] syz.0.2713[11206] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 115.310022][T11229] lo: entered allmulticast mode [ 115.501773][T11256] xt_CT: You must specify a L4 protocol and not use inversions on it [ 115.532728][T11262] loop3: detected capacity change from 0 to 512 [ 115.542471][T11262] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.2737: corrupted in-inode xattr: invalid ea_ino [ 115.557844][T11262] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2737: couldn't read orphan inode 15 (err -117) [ 115.558092][T11266] IPv6: NLM_F_CREATE should be specified when creating new route [ 115.570845][T11262] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.593238][T11266] IPv6: Can't replace route, no match found [ 115.610641][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.843664][T11319] tipc: Enabling of bearer rejected, failed to enable media [ 116.534068][T11421] sch_fq: defrate 0 ignored. [ 116.919041][T11474] x_tables: ip6_tables: sctp match: only valid for protocol 132 [ 116.965412][T11483] loop3: detected capacity change from 0 to 128 [ 116.988053][T11483] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 117.020496][T11483] ext4 filesystem being mounted at /566/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 117.054591][ T3815] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 117.076168][T11501] __nla_validate_parse: 3 callbacks suppressed [ 117.076189][T11501] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2824'. [ 117.091717][T11501] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2824'. [ 117.611748][T11602] sctp: [Deprecated]: syz.4.2865 (pid 11602) Use of struct sctp_assoc_value in delayed_ack socket option. [ 117.611748][T11602] Use struct sctp_sack_info instead [ 117.901010][T11665] syz.3.2890[11665] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 117.901082][T11665] syz.3.2890[11665] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.437238][T11649] syz.1.2884 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 118.459743][T11649] CPU: 0 UID: 0 PID: 11649 Comm: syz.1.2884 Not tainted 6.11.0-rc7-syzkaller-00135-gb7718454f937 #0 [ 118.470603][T11649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 118.480739][T11649] Call Trace: [ 118.484030][T11649] [ 118.486977][T11649] dump_stack_lvl+0xf2/0x150 [ 118.491601][T11649] dump_stack+0x15/0x20 [ 118.495882][T11649] dump_header+0x83/0x2d0 [ 118.500311][T11649] oom_kill_process+0x341/0x4c0 [ 118.505353][T11649] out_of_memory+0x9af/0xbe0 [ 118.509983][T11649] mem_cgroup_out_of_memory+0x13e/0x190 [ 118.515625][T11649] try_charge_memcg+0x51b/0x810 [ 118.520648][T11649] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 118.526813][T11649] __read_swap_cache_async+0x2b7/0x520 [ 118.532410][T11649] swap_cluster_readahead+0x276/0x3f0 [ 118.537835][T11649] swapin_readahead+0xe4/0x760 [ 118.542655][T11649] ? __filemap_get_folio+0x420/0x5b0 [ 118.547963][T11649] ? __lruvec_stat_mod_folio+0xdb/0x120 [ 118.553604][T11649] ? swap_cache_get_folio+0x77/0x210 [ 118.558984][T11649] do_swap_page+0x3da/0x1ef0 [ 118.563591][T11649] ? cgroup_rstat_updated+0x99/0x550 [ 118.568896][T11649] ? __rcu_read_lock+0x36/0x50 [ 118.573698][T11649] ? pte_offset_map_nolock+0x124/0x1d0 [ 118.579203][T11649] handle_mm_fault+0x8cb/0x2a30 [ 118.584098][T11649] exc_page_fault+0x3b9/0x650 [ 118.588870][T11649] asm_exc_page_fault+0x26/0x30 [ 118.593771][T11649] RIP: 0033:0x7f40449919b8 [ 118.598196][T11649] Code: 31 d2 48 f7 f1 48 01 d8 49 39 c4 4c 0f 42 e0 83 3d e8 60 2e 00 00 0f 8e 99 fd ff ff e8 21 e5 fe ff 49 39 c4 72 64 0f 1f 40 00 <69> 3d d6 3c e1 00 e8 03 00 00 48 8d 1d b7 45 2e 00 e8 82 c4 12 00 [ 118.618084][T11649] RSP: 002b:00007fff6d635ba0 EFLAGS: 00010212 [ 118.624161][T11649] RAX: 000000000001ce57 RBX: 00007f4044c77a80 RCX: 000000000001ccf0 [ 118.632141][T11649] RDX: 0000000000000167 RSI: 00007fff6d635b80 RDI: 0000000000000001 [ 118.640120][T11649] RBP: 00007f4044c77a80 R08: 00000000156f72e9 R09: 7fffffffffffffff [ 118.648214][T11649] R10: 00007f40457b70b8 R11: 00007f40457b7080 R12: 000000000001cf81 [ 118.656194][T11649] R13: 00007fff6d635ca0 R14: 0000000000000032 R15: ffffffffffffffff [ 118.664287][T11649] [ 118.667570][T11649] memory: usage 302260kB, limit 307200kB, failcnt 8431 [ 118.674508][T11649] memory+swap: usage 302496kB, limit 9007199254740988kB, failcnt 0 [ 118.682623][T11649] kmem: usage 302172kB, limit 9007199254740988kB, failcnt 0 [ 118.690163][T11649] Memory cgroup stats for /syz1: [ 118.709231][T11649] cache 40960 [ 118.717586][T11649] rss 0 [ 118.720444][T11649] shmem 0 [ 118.723402][T11649] mapped_file 40960 [ 118.727326][T11649] dirty 40960 [ 118.730646][T11649] writeback 0 [ 118.733998][T11649] workingset_refault_anon 62 [ 118.738776][T11649] workingset_refault_file 2532 [ 118.743557][T11649] swap 270336 [ 118.746938][T11649] swapcached 20480 [ 118.750744][T11649] pgpgin 110539 [ 118.754254][T11649] pgpgout 110524 [ 118.757816][T11649] pgfault 102752 [ 118.761367][T11649] pgmajfault 108 [ 118.764973][T11649] inactive_anon 20480 [ 118.768963][T11649] active_anon 0 [ 118.772482][T11649] inactive_file 40960 [ 118.776505][T11649] active_file 0 [ 118.779972][T11649] unevictable 0 [ 118.783884][T11649] hierarchical_memory_limit 314572800 [ 118.789346][T11649] hierarchical_memsw_limit 9223372036854771712 [ 118.795634][T11649] total_cache 40960 [ 118.799452][T11649] total_rss 0 [ 118.802854][T11649] total_shmem 0 [ 118.806356][T11649] total_mapped_file 40960 [ 118.810795][T11649] total_dirty 40960 [ 118.814644][T11649] total_writeback 0 [ 118.818501][T11649] total_workingset_refault_anon 62 [ 118.823628][T11649] total_workingset_refault_file 2532 [ 118.829042][T11649] total_swap 270336 [ 118.832896][T11649] total_swapcached 20480 [ 118.837317][T11649] total_pgpgin 110539 [ 118.841318][T11649] total_pgpgout 110524 [ 118.845629][T11649] total_pgfault 102760 [ 118.849816][T11649] total_pgmajfault 108 [ 118.853899][T11649] total_inactive_anon 20480 [ 118.858520][T11649] total_active_anon 0 [ 118.862522][T11649] total_inactive_file 40960 [ 118.867085][T11649] total_active_file 0 [ 118.871101][T11649] total_unevictable 0 [ 118.875264][T11649] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.2884,pid=11649,uid=0 [ 118.890246][T11649] Memory cgroup out of memory: Killed process 11649 (syz.1.2884) total-vm:87116kB, anon-rss:612kB, file-rss:15904kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 118.909104][T11711] sctp: [Deprecated]: syz.0.2905 (pid 11711) Use of struct sctp_assoc_value in delayed_ack socket option. [ 118.909104][T11711] Use struct sctp_sack_info instead [ 119.035905][T11719] netlink: 'syz.2.2909': attribute type 3 has an invalid length. [ 119.043870][T11719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2909'. [ 119.073943][T11719] netlink: 'syz.2.2909': attribute type 3 has an invalid length. [ 119.082967][T11719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2909'. [ 119.109490][T11723] netlink: 'syz.2.2913': attribute type 4 has an invalid length. [ 119.117378][T11723] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2913'. [ 119.128395][T11723] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 119.145977][T11723] netlink: 'syz.2.2913': attribute type 33 has an invalid length. [ 119.267560][T11740] loop3: detected capacity change from 0 to 256 [ 119.275553][T11742] syz.2.2919[11742] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.275682][T11742] syz.2.2919[11742] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.287636][T11740] msdos: Unknown parameter 'fowner>00000000000000000000' [ 119.354464][ T8] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x4 [ 119.362286][ T8] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x2 [ 119.379452][ T8] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x3 [ 119.398276][ T8] hid-generic 0000:3000000:0000.0006: hidraw0: HID v0.00 Device [sy] on syz0 [ 119.470143][T11762] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2927'. [ 119.490810][T11762] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.550189][T11762] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.609723][T11762] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.646696][T11762] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.685302][ T29] kauditd_printk_skb: 258 callbacks suppressed [ 119.685350][ T29] audit: type=1326 audit(2000000012.560:5868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11794 comm="syz.4.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 119.739756][T11762] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.743314][ T29] audit: type=1326 audit(2000000012.600:5869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11794 comm="syz.4.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 119.766290][T11762] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.773872][ T29] audit: type=1326 audit(2000000012.600:5870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11794 comm="syz.4.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 119.786732][T11762] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.805564][ T29] audit: type=1326 audit(2000000012.600:5871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11794 comm="syz.4.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 119.822143][T11762] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.837169][ T29] audit: type=1326 audit(2000000012.600:5872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11794 comm="syz.4.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 119.870046][ T29] audit: type=1326 audit(2000000012.730:5873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11803 comm="syz.0.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff83e34def9 code=0x7ffc0000 [ 119.894711][ T29] audit: type=1326 audit(2000000012.730:5874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11803 comm="syz.0.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff83e34def9 code=0x7ffc0000 [ 119.920013][ T29] audit: type=1326 audit(2000000012.800:5875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11803 comm="syz.0.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7ff83e34def9 code=0x7ffc0000 [ 119.949020][ T29] audit: type=1326 audit(2000000012.800:5876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11803 comm="syz.0.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff83e34def9 code=0x7ffc0000 [ 119.972612][ T29] audit: type=1326 audit(2000000012.800:5877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11803 comm="syz.0.2942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff83e34def9 code=0x7ffc0000 [ 120.161203][T11838] syz.1.2954[11838] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 120.161282][T11838] syz.1.2954[11838] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 120.373432][T11868] netlink: 'syz.4.2963': attribute type 4 has an invalid length. [ 120.393766][T11868] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2963'. [ 120.406651][T11864] usb usb7: usbfs: process 11864 (syz.2.2962) did not claim interface 7 before use [ 120.417671][T11868] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 120.451635][T11875] netlink: 'syz.4.2963': attribute type 33 has an invalid length. [ 120.549759][T11887] block device autoloading is deprecated and will be removed. [ 120.557747][T11887] syz.4.2970: attempt to access beyond end of device [ 120.557747][T11887] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 120.592051][T11898] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2975'. [ 120.647337][T11906] usb usb7: usbfs: process 11906 (syz.0.2978) did not claim interface 7 before use [ 120.733103][T11925] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2987'. [ 120.752881][T11925] netlink: 'syz.2.2987': attribute type 10 has an invalid length. [ 120.765897][T11925] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 121.226055][T12011] 9pnet_fd: Insufficient options for proto=fd [ 121.232744][T12016] geneve0: entered allmulticast mode [ 121.243259][T12018] syz.2.3027: attempt to access beyond end of device [ 121.243259][T12018] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 121.507769][T12059] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3045'. [ 121.517524][T12061] 9pnet_fd: p9_fd_create_tcp (12061): problem connecting socket to 127.0.0.1 [ 121.843125][T12117] xt_SECMARK: invalid security context 'system_u:object_r:devicekit_exec_t:s0' [ 122.196778][T12181] SELinux: failed to load policy [ 122.245842][T12193] syz.2.3098[12193] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 122.245914][T12193] syz.2.3098[12193] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 122.530451][T12246] 9pnet_fd: Insufficient options for proto=fd [ 122.588657][T12252] block device autoloading is deprecated and will be removed. [ 122.597770][T12252] syz.0.3124: attempt to access beyond end of device [ 122.597770][T12252] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 122.611697][T12252] FAT-fs (loop1): unable to read boot sector [ 122.870966][T12297] netlink: 'syz.1.3140': attribute type 21 has an invalid length. [ 122.880398][T12297] __nla_validate_parse: 1 callbacks suppressed [ 122.880420][T12297] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3140'. [ 122.916866][T12302] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3142'. [ 122.925839][T12302] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3142'. [ 123.107049][T12331] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3154'. [ 123.160425][T12337] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3157'. [ 123.177264][T12337] geneve3: entered promiscuous mode [ 123.293270][T12355] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3165'. [ 123.309467][T12357] SELinux: security_context_str_to_sid (u) failed with errno=-22 [ 123.622058][T12408] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 123.668061][T12418] ip6gre0: entered promiscuous mode [ 123.683690][T12417] ip6gre0: left promiscuous mode [ 123.684481][T12422] syz.0.3189[12422] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.690374][T12422] syz.0.3189[12422] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.745287][T12424] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 123.930330][T12459] syz.4.3203[12459] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 123.930383][T12459] syz.4.3203[12459] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.085221][T12487] 9pnet_fd: Insufficient options for proto=fd [ 124.163877][T12500] blktrace: Concurrent blktraces are not allowed on sg0 [ 124.167276][T12498] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3219'. [ 124.277521][T12520] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3228'. [ 124.318653][T12524] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 124.325388][T12524] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 124.333978][T12524] vhci_hcd vhci_hcd.0: Device attached [ 124.341287][T12526] vhci_hcd: connection closed [ 124.341553][ T56] vhci_hcd: stop threads [ 124.350808][ T56] vhci_hcd: release socket [ 124.355423][ T56] vhci_hcd: disconnect device [ 124.459534][T12549] loop1: detected capacity change from 0 to 1024 [ 124.467537][T12549] EXT4-fs: Ignoring removed nomblk_io_submit option [ 124.485872][T12549] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.527237][ T3259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.586867][T12566] xt_NFQUEUE: number of total queues is 0 [ 124.615806][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 124.623406][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 124.632101][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 124.640784][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 124.649183][ T24] rtc rtc0: __rtc_set_alarm: err=-22 [ 124.675604][T12579] team_slave_0: entered promiscuous mode [ 124.681391][T12579] team_slave_1: entered promiscuous mode [ 124.688361][T12579] 8021q: adding VLAN 0 to HW filter on device macvlan1 [ 124.695464][ T29] kauditd_printk_skb: 293 callbacks suppressed [ 124.695479][ T29] audit: type=1400 audit(2000000017.570:6171): avc: granted { setsecparam } for pid=12581 comm="syz.3.3253" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 124.715765][T12579] bond0: (slave macvlan1): Enslaving as an active interface with an up link [ 124.780798][ T29] audit: type=1400 audit(2000000017.660:6172): avc: denied { create } for pid=12596 comm="syz.1.3257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 124.801492][ T29] audit: type=1400 audit(2000000017.660:6173): avc: denied { bind } for pid=12596 comm="syz.1.3257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 124.823265][ T29] audit: type=1400 audit(2000000017.700:6174): avc: denied { write } for pid=12591 comm="syz.0.3255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 124.842893][ T29] audit: type=1400 audit(2000000017.700:6175): avc: denied { execute } for pid=12598 comm="syz.1.3258" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=36263 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 124.863468][T12594] netlink: 'syz.4.3256': attribute type 4 has an invalid length. [ 124.869181][ T29] audit: type=1400 audit(2000000017.700:6176): avc: denied { read } for pid=12591 comm="syz.0.3255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 124.908720][ T29] audit: type=1326 audit(2000000017.790:6177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12604 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 124.941437][ T29] audit: type=1326 audit(2000000017.790:6178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12604 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 124.965021][ T29] audit: type=1326 audit(2000000017.790:6179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12604 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 124.989074][ T29] audit: type=1326 audit(2000000017.820:6180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12604 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 125.050175][T12615] loop1: detected capacity change from 0 to 512 [ 125.067664][T12615] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 125.094866][T12615] ext4 filesystem being mounted at /469/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.163252][ T3259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 125.200463][T12635] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3270'. [ 125.229898][T12640] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3269'. [ 125.239280][T12640] tipc: Started in network mode [ 125.242447][T12642] syz.4.3272[12642] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 125.244262][T12640] tipc: Node identity , cluster identity 8 [ 125.244341][T12642] syz.4.3272[12642] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 125.313597][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.317540][T12649] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.325113][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325221][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325247][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325272][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325300][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325324][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325347][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325374][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325402][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325429][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325454][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325488][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325515][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325554][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325580][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325603][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325636][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325663][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325723][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325746][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325773][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325799][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325850][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325878][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325903][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.325973][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.326050][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.326076][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.550446][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.557884][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.565420][ T5488] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 125.572973][T12649] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.577242][ T5488] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz0 [ 125.646098][T12670] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 125.742923][T12688] program syz.0.3290 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 126.088673][T12734] 9pnet_fd: Insufficient options for proto=fd [ 126.188581][T12746] loop1: detected capacity change from 0 to 2048 [ 126.216515][T12746] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.271743][ T3259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.405024][T12776] unsupported nlmsg_type 40 [ 126.499096][T12784] loop1: detected capacity change from 0 to 512 [ 126.528245][T12784] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.3322: corrupted in-inode xattr: bad e_name length [ 126.545641][T12784] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.3322: couldn't read orphan inode 15 (err -117) [ 126.564831][T12784] EXT4-fs (loop1): mounted filesystem 00000004-0000-0000-0000-000000060000 r/w without journal. Quota mode: writeback. [ 126.588639][T12784] EXT4-fs warning (device loop1): __ext4fs_dirhash:283: invalid/unsupported hash tree version 135 [ 126.610602][ T3259] EXT4-fs (loop1): unmounting filesystem 00000004-0000-0000-0000-000000060000. [ 126.628944][T12794] loop1: detected capacity change from 0 to 128 [ 126.772098][T12816] loop3: detected capacity change from 0 to 512 [ 126.779716][T12816] EXT4-fs: Ignoring removed oldalloc option [ 126.787218][T12816] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 126.799348][T12816] EXT4-fs (loop3): 1 truncate cleaned up [ 126.806993][T12816] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.825372][T12816] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 126.858176][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.889429][T12829] loop3: detected capacity change from 0 to 164 [ 126.898498][T12829] Unable to read rock-ridge attributes [ 126.909542][T12829] Unable to read rock-ridge attributes [ 126.941088][T12837] loop3: detected capacity change from 0 to 1024 [ 126.949325][T12837] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 126.962156][T12837] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #11: comm syz.3.3340: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 126.982668][T12837] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3340: couldn't read orphan inode 11 (err -117) [ 126.996258][T12837] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.012788][T12837] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.3340: Invalid block bitmap block 0 in block_group 0 [ 127.028524][T12837] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.3340: Failed to acquire dquot type 0 [ 127.030402][T12846] loop1: detected capacity change from 0 to 512 [ 127.055853][T12846] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.068679][T12846] ext4 filesystem being mounted at /484/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.070535][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.111689][ T3259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.112967][T12851] loop3: detected capacity change from 0 to 1024 [ 127.128887][T12851] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 127.140290][T12851] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 127.152917][T12851] EXT4-fs error (device loop3): ext4_get_journal_inode:5740: inode #32: comm syz.3.3343: iget: special inode unallocated [ 127.168070][T12851] EXT4-fs (loop3): no journal found [ 127.173449][T12851] EXT4-fs (loop3): can't get journal size [ 127.195322][T12851] EXT4-fs error (device loop3): ext4_protect_reserved_inode:160: inode #32: comm syz.3.3343: iget: special inode unallocated [ 127.211834][T12851] EXT4-fs (loop3): failed to initialize system zone (-117) [ 127.219512][T12851] EXT4-fs (loop3): mount failed [ 127.468351][T12915] IPv6: Can't replace route, no match found [ 127.547243][T12923] loop1: detected capacity change from 0 to 512 [ 127.558864][T12923] EXT4-fs: Ignoring removed mblk_io_submit option [ 127.590051][T12923] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.608028][T12923] ext4 filesystem being mounted at /495/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.686707][ T3259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.723528][T12943] loop1: detected capacity change from 0 to 512 [ 127.748109][T12943] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.775325][T12943] ext4 filesystem being mounted at /496/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.788307][T12943] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #2: comm syz.1.3378: corrupted inode contents [ 127.804301][T12943] EXT4-fs error (device loop1): ext4_dirty_inode:6014: inode #2: comm syz.1.3378: mark_inode_dirty error [ 127.816266][T12943] EXT4-fs error (device loop1): ext4_do_update_inode:5154: inode #2: comm syz.1.3378: corrupted inode contents [ 127.837901][T12943] EXT4-fs error (device loop1): ext4_add_entry:2435: inode #2: comm syz.1.3378: Directory hole found for htree leaf block 0 [ 127.863724][ T3259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.920886][T12976] __nla_validate_parse: 3 callbacks suppressed [ 127.920901][T12976] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3389'. [ 128.229570][T13035] netlink: 'syz.1.3415': attribute type 29 has an invalid length. [ 128.239578][T13035] netlink: 'syz.1.3415': attribute type 29 has an invalid length. [ 128.249554][T13035] netlink: 'syz.1.3415': attribute type 29 has an invalid length. [ 128.260556][T13035] netlink: 'syz.1.3415': attribute type 29 has an invalid length. [ 128.273915][T13039] loop3: detected capacity change from 0 to 128 [ 128.320483][T13047] xt_CT: You must specify a L4 protocol and not use inversions on it [ 128.519359][T13086] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3439'. [ 128.652198][T13102] loop3: detected capacity change from 0 to 128 [ 128.659980][T13102] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 128.672549][T13102] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 128.716763][T13108] xt_CT: No such helper "pptp" [ 128.725342][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x1 [ 128.732785][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.740329][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.748016][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.755463][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x2 [ 128.762865][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.771019][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.778618][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.786037][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.793458][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x4 [ 128.800882][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.808414][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.815925][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x2 [ 128.823565][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.831011][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.838416][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.845835][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.853230][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.860627][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.868060][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.875608][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.883001][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.890476][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.897887][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.905292][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.912725][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.920184][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.927638][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.935082][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.942471][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.949916][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.957405][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.964919][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.972347][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.979776][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.987393][ T9] hid-generic 0001:0000:0000.0008: unknown main item tag 0x0 [ 128.995725][ T9] hid-generic 0001:0000:0000.0008: hidraw0: HID v7.f7 Device [syz1] on syz1 [ 129.033986][T13122] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 129.068681][T13123] loop1: detected capacity change from 0 to 1024 [ 129.182344][T13123] EXT4-fs: Ignoring removed orlov option [ 129.188132][T13123] EXT4-fs: Ignoring removed nomblk_io_submit option [ 129.208326][T13123] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 129.220438][T13123] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869) [ 129.245977][T13123] EXT4-fs (loop1): invalid journal inode [ 129.252039][T13123] EXT4-fs (loop1): can't get journal size [ 129.261889][T13123] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 129.305479][ T3259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.338964][T13155] tipc: Enabling of bearer rejected, failed to enable media [ 129.361522][T13162] syz.0.3473[13162] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 129.361627][T13162] syz.0.3473[13162] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 129.539401][T13201] pimreg: entered allmulticast mode [ 129.557638][T13201] pimreg: left allmulticast mode [ 129.562796][T13201] lo: left allmulticast mode [ 129.715971][T13223] loop3: detected capacity change from 0 to 2048 [ 129.776885][T13223] loop3: p1 < > p4 [ 129.782048][T13223] loop3: p4 size 8388608 extends beyond EOD, truncated [ 130.032897][ T29] kauditd_printk_skb: 333 callbacks suppressed [ 130.032915][ T29] audit: type=1326 audit(2000000022.910:6512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13242 comm="syz.4.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 130.062711][ T29] audit: type=1326 audit(2000000022.910:6513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13242 comm="syz.4.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 130.086250][ T29] audit: type=1326 audit(2000000022.910:6514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13242 comm="syz.4.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 130.110130][ T29] audit: type=1326 audit(2000000022.910:6515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13242 comm="syz.4.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 130.133830][ T29] audit: type=1326 audit(2000000022.910:6516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13242 comm="syz.4.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 130.157518][ T29] audit: type=1326 audit(2000000022.910:6517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13242 comm="syz.4.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 130.181202][ T29] audit: type=1326 audit(2000000022.910:6518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13242 comm="syz.4.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 130.204864][ T29] audit: type=1326 audit(2000000022.910:6519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13242 comm="syz.4.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 130.242272][ T29] audit: type=1326 audit(2000000023.120:6520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13242 comm="syz.4.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 130.265870][ T29] audit: type=1326 audit(2000000023.120:6521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13242 comm="syz.4.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff4f5afdef9 code=0x7ffc0000 [ 130.466340][T13270] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=13270 comm=syz.3.3520 [ 130.487260][T13277] Invalid ELF header magic: != ELF [ 130.577632][T13289] loop3: detected capacity change from 0 to 256 [ 130.585639][T13289] msdos: Unknown parameter '' [ 130.592708][T13291] netlink: 44 bytes leftover after parsing attributes in process `+}[@'. [ 130.619987][T13296] loop3: detected capacity change from 0 to 512 [ 130.633038][T13297] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 130.665858][T13296] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.680651][T13296] ext4 filesystem being mounted at /688/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.712567][T13296] SELinux: Context system_u:object_r:apt_var_lib_t:s0 is not valid (left unmapped). [ 130.746237][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.778291][T13319] loop3: detected capacity change from 0 to 512 [ 130.790450][T13321] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3539'. [ 130.792586][T13319] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.3537: casefold flag without casefold feature [ 130.813675][T13319] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3537: couldn't read orphan inode 15 (err -117) [ 130.826648][T13319] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.845946][T13319] EXT4-fs error (device loop3): ext4_add_entry:2435: inode #2: comm syz.3.3537: Directory hole found for htree leaf block 0 [ 130.888562][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.999609][T13349] program syz.0.3551 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 131.044743][T13357] IPv6: Can't replace route, no match found [ 131.077396][T13355] netlink: 'syz.1.3554': attribute type 3 has an invalid length. [ 131.168929][T13377] SELinux: failure in selinux_parse_skb(), unable to parse packet [ 131.217522][T13386] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3566'. [ 131.219246][T13388] syz.0.3567[13388] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.226871][T13388] syz.0.3567[13388] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.231070][T13386] xfrm1: entered promiscuous mode [ 131.255265][T13386] xfrm1: entered allmulticast mode [ 131.402989][T13411] loop3: detected capacity change from 0 to 2048 [ 131.410338][T13411] EXT4-fs (loop3): stripe (154) is not aligned with cluster size (16), stripe is disabled [ 131.421881][T13415] atomic_op ffff888123d4f528 conn xmit_atomic 0000000000000000 [ 131.431378][T13411] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.583090][T13432] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3584'. [ 131.593700][T13411] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 131.611054][T13411] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28 [ 131.623891][T13411] EXT4-fs (loop3): This should not happen!! Data will be lost [ 131.623891][T13411] [ 131.633654][T13411] EXT4-fs (loop3): Total free blocks count 0 [ 131.639913][T13411] EXT4-fs (loop3): Free/Dirty block details [ 131.646937][T13411] EXT4-fs (loop3): free_blocks=2415919504 [ 131.652737][T13411] EXT4-fs (loop3): dirty_blocks=32 [ 131.658986][T13411] EXT4-fs (loop3): Block reservation details [ 131.666215][T13411] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 131.716109][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.946808][T13467] syz.4.3598[13467] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.946894][T13467] syz.4.3598[13467] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 132.295134][T13488] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=13488 comm=syz.4.3608 [ 132.333116][T13490] rtc_cmos 00:00: Alarms can be up to one day in the future [ 132.509329][ T9] IPVS: starting estimator thread 0... [ 132.509578][T13498] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3613'. [ 132.604212][T13499] IPVS: using max 1968 ests per chain, 98400 per kthread [ 132.789978][T13523] program syz.3.3621 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 132.890146][T13528] loop3: detected capacity change from 0 to 2048 [ 132.906553][T13528] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.936094][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.610327][T13574] program syz.2.3641 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 133.638761][T13577] IPVS: Error joining to the multicast group [ 133.679899][T13586] syz.2.3644[13586] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.680032][T13586] syz.2.3644[13586] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.784585][T13575] chnl_net:caif_netlink_parms(): no params data found [ 133.849990][T13606] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3650'. [ 133.861133][ T56] bridge_slave_1: left allmulticast mode [ 133.866871][ T56] bridge_slave_1: left promiscuous mode [ 133.869454][T13604] loop3: detected capacity change from 0 to 512 [ 133.872562][ T56] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.889542][T13604] EXT4-fs: Ignoring removed bh option [ 133.896966][ T56] bridge_slave_0: left allmulticast mode [ 133.902652][ T56] bridge_slave_0: left promiscuous mode [ 133.909453][ T56] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.920903][T13604] EXT4-fs error (device loop3): __ext4_iget:4985: inode #15: block 1803188595: comm syz.3.3649: invalid block [ 133.934237][T13604] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3649: couldn't read orphan inode 15 (err -117) [ 133.947134][T13604] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.973593][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.982845][ T56] bond0 (unregistering): (slave geneve1): Releasing backup interface [ 134.035979][ T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 134.045369][ T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 134.054903][ T56] bond0 (unregistering): Released all slaves [ 134.064079][ T56] bond1 (unregistering): Released all slaves [ 134.079716][T13610] netlink: 'syz.2.3652': attribute type 21 has an invalid length. [ 134.087590][T13610] IPv6: NLM_F_CREATE should be specified when creating new route [ 134.097489][ T56] tipc: Left network mode [ 134.102021][T13575] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.109163][T13575] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.116609][T13575] bridge_slave_0: entered allmulticast mode [ 134.123635][T13575] bridge_slave_0: entered promiscuous mode [ 134.140588][T13575] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.147723][T13575] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.155189][T13575] bridge_slave_1: entered allmulticast mode [ 134.162160][T13575] bridge_slave_1: entered promiscuous mode [ 134.189635][ T56] hsr_slave_0: left promiscuous mode [ 134.195614][ T56] hsr_slave_1: left promiscuous mode [ 134.205009][ T56] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 134.212967][ T56] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 134.264300][ T56] team0 (unregistering): Port device team_slave_1 removed [ 134.274751][ T56] team0 (unregistering): Port device team_slave_0 removed [ 134.328775][T13575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 134.347249][T13575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 134.378552][T13575] team0: Port device team_slave_0 added [ 134.391788][T13575] team0: Port device team_slave_1 added [ 134.425709][T13575] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 134.432734][T13575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.458867][T13575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 134.473504][T13575] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 134.480580][T13575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 134.506654][T13575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 134.540852][T13575] hsr_slave_0: entered promiscuous mode [ 134.550090][T13575] hsr_slave_1: entered promiscuous mode [ 134.558182][T13575] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 134.575276][T13575] Cannot create hsr debugfs directory [ 134.596004][T13649] loop3: detected capacity change from 0 to 512 [ 134.623814][T13649] EXT4-fs error (device loop3): ext4_acquire_dquot:6848: comm syz.3.3667: Failed to acquire dquot type 1 [ 134.636103][T13649] EXT4-fs (loop3): 1 truncate cleaned up [ 134.642186][T13649] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.655751][T13649] ext4 filesystem being mounted at /709/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.686700][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.739776][T13668] loop3: detected capacity change from 0 to 1024 [ 134.748746][T13668] EXT4-fs: Ignoring removed orlov option [ 134.749857][T13672] loop1: detected capacity change from 0 to 128 [ 134.754586][T13668] EXT4-fs: Ignoring removed nomblk_io_submit option [ 134.771984][T13668] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84ec018, mo2=0002] [ 134.780160][T13668] System zones: 0-1, 3-36 [ 134.785929][T13668] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.793269][T13676] loop1: detected capacity change from 0 to 128 [ 134.805687][T13668] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 134.807066][T13676] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 134.829231][T13676] ext4 filesystem being mounted at /537/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 134.829666][T13668] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84ec018, mo2=0002] [ 134.858075][T13668] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 134.859384][ T3259] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 134.880047][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.896322][T13679] loop1: detected capacity change from 0 to 1024 [ 134.903114][T13679] EXT4-fs: Ignoring removed nomblk_io_submit option [ 134.916753][T13679] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a043c018, mo2=0002] [ 134.925723][T13679] System zones: 0-1, 3-12 [ 134.929069][T13685] loop3: detected capacity change from 0 to 128 [ 134.930864][T13679] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.938301][T13685] vfat: Unknown parameter '00000000000000000000' [ 134.967718][ T3259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.045479][T13697] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3684'. [ 135.076646][T13575] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 135.089373][T13575] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 135.101901][T13575] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 135.132219][T13575] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 135.187696][T13575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 135.213873][T13575] 8021q: adding VLAN 0 to HW filter on device team0 [ 135.224618][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.231755][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.241916][T13712] serio: Serial port ptm0 [ 135.248215][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.255318][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.265504][ T29] kauditd_printk_skb: 108 callbacks suppressed [ 135.265520][ T29] audit: type=1400 audit(2000000028.150:6628): avc: denied { egress } for pid=5505 comm="kworker/1:17" daddr=ff02::16 netif=gretap0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 135.294369][ T29] audit: type=1400 audit(2000000028.150:6629): avc: denied { sendto } for pid=5505 comm="kworker/1:17" daddr=ff02::16 netif=gretap0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1 [ 135.342924][T13575] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.478118][T13575] veth0_vlan: entered promiscuous mode [ 135.487092][T13575] veth1_vlan: entered promiscuous mode [ 135.503856][T13575] veth0_macvtap: entered promiscuous mode [ 135.511919][T13575] veth1_macvtap: entered promiscuous mode [ 135.523917][T13575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 135.534511][T13575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.547046][T13575] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 135.558847][T13575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 135.559199][ T29] audit: type=1400 audit(2000000028.440:6630): avc: denied { create } for pid=13731 comm="syz.3.3692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 135.569401][T13575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 135.599793][T13575] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 135.611788][T13575] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.620870][T13575] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.629774][T13575] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.638526][T13575] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.651004][ T29] audit: type=1400 audit(2000000028.530:6631): avc: denied { append } for pid=13733 comm="syz.2.3693" path="socket:[39163]" dev="sockfs" ino=39163 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 135.675152][ T29] audit: type=1400 audit(2000000028.530:6632): avc: denied { write } for pid=13733 comm="syz.2.3693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 135.716327][ T29] audit: type=1400 audit(2000000028.600:6633): avc: denied { mounton } for pid=13575 comm="syz-executor" path="/root/syzkaller.tnYBsQ/syz-tmp" dev="sda1" ino=1954 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 135.744684][ T29] audit: type=1400 audit(2000000028.630:6634): avc: denied { mount } for pid=13575 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 135.766942][ T29] audit: type=1400 audit(2000000028.630:6635): avc: denied { mount } for pid=13575 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 135.800290][ T29] audit: type=1400 audit(2000000028.680:6636): avc: denied { mounton } for pid=13575 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=454 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 135.832906][ T29] audit: type=1326 audit(2000000028.680:6637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13743 comm="syz.2.3696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 135.944933][T13762] usb usb8: usbfs: process 13762 (syz.3.3704) did not claim interface 0 before use [ 136.215511][T13807] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3722'. [ 138.587301][T13829] loop3: detected capacity change from 0 to 128 [ 138.619960][T13834] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125 [ 138.643702][T13842] syz.2.3737[13842] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.643775][T13842] syz.2.3737[13842] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 138.682796][T13846] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 138.731125][T13854] loop1: detected capacity change from 0 to 512 [ 138.739861][T13854] EXT4-fs: Ignoring removed mblk_io_submit option [ 138.741717][T13856] macvlan3: entered promiscuous mode [ 138.749749][T13854] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.3742: corrupted in-inode xattr: invalid ea_ino [ 138.751731][T13856] macvlan3: entered allmulticast mode [ 138.766993][T13854] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.3742: couldn't read orphan inode 15 (err -117) [ 138.770987][T13856] batman_adv: batadv0: Adding interface: macvlan3 [ 138.783815][T13854] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.788938][T13856] batman_adv: batadv0: The MTU of interface macvlan3 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.788973][T13856] batman_adv: batadv0: Not using interface macvlan3 (retrying later): interface not active [ 138.847594][T13854] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.905941][T13864] dummy0: entered promiscuous mode [ 138.933481][T13872] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 138.941070][T13872] vhci_hcd: invalid port number 219 [ 138.946451][T13872] vhci_hcd: default hub control req: ecdb v6ab1 i00db l1556 [ 138.971032][T13880] loop3: detected capacity change from 0 to 1024 [ 138.990318][T13880] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.049554][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.063405][T13897] syz.4.3760[13897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.063486][T13897] syz.4.3760[13897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.142249][T13911] loop3: detected capacity change from 0 to 1024 [ 139.185588][T13911] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.202209][T13911] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 139.217279][T13911] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 16384 with max blocks 1 with error 28 [ 139.229931][T13911] EXT4-fs (loop3): This should not happen!! Data will be lost [ 139.229931][T13911] [ 139.239713][T13911] EXT4-fs (loop3): Total free blocks count 0 [ 139.245750][T13911] EXT4-fs (loop3): Free/Dirty block details [ 139.251724][T13911] EXT4-fs (loop3): free_blocks=68451041280 [ 139.257586][T13911] EXT4-fs (loop3): dirty_blocks=16 [ 139.262715][T13911] EXT4-fs (loop3): Block reservation details [ 139.268802][T13911] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 139.303561][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.316771][T13933] 9pnet_fd: Insufficient options for proto=fd [ 139.365719][T13945] netlink: 264 bytes leftover after parsing attributes in process `syz.3.3779'. [ 139.406292][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:2. Sending cookies. [ 139.447607][T13960] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3787'. [ 139.447660][T13960] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3787'. [ 139.745863][T13998] loop3: detected capacity change from 0 to 512 [ 139.752867][T13998] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 139.775800][T13998] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 139.788454][T13998] ext4 filesystem being mounted at /755/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.802023][T13998] EXT4-fs error (device loop3): __ext4_remount:6491: comm syz.3.3804: Abort forced by user [ 139.812346][T13998] EXT4-fs (loop3): Remounting filesystem read-only [ 139.827686][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 139.892332][T14002] loop3: detected capacity change from 0 to 128 [ 140.264518][T14040] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3821'. [ 140.298462][ T29] kauditd_printk_skb: 79 callbacks suppressed [ 140.298479][ T29] audit: type=1326 audit(2000000033.180:6717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.2.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 140.332624][ T29] audit: type=1326 audit(2000000033.190:6718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.2.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 140.356274][ T29] audit: type=1326 audit(2000000033.190:6719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.2.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 140.379874][ T29] audit: type=1326 audit(2000000033.190:6720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.2.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 140.390584][T14055] dummy0: entered promiscuous mode [ 140.403861][ T29] audit: type=1326 audit(2000000033.190:6721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.2.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 140.414295][T14055] batman_adv: batadv0: Adding interface: macsec1 [ 140.432408][ T29] audit: type=1326 audit(2000000033.190:6722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.2.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 140.438545][T14055] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.462386][ T29] audit: type=1326 audit(2000000033.190:6723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.2.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 140.504722][T14055] batman_adv: batadv0: Interface activated: macsec1 [ 140.510928][ T29] audit: type=1326 audit(2000000033.190:6724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.2.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 140.541151][ T29] audit: type=1326 audit(2000000033.190:6725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.2.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 140.564668][ T29] audit: type=1326 audit(2000000033.200:6726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14045 comm="syz.2.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 140.628926][T14063] loop1: detected capacity change from 0 to 512 [ 140.646693][T14063] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.659571][T14063] ext4 filesystem being mounted at /566/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 140.702675][ T3259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.793109][T14081] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 140.872175][T14083] loop3: detected capacity change from 0 to 2048 [ 140.898783][T14083] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.913893][T14083] EXT4-fs (loop3): shut down requested (0) [ 141.000305][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.835238][T14174] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3874'. [ 141.943576][T14182] syz.1.3878[14182] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.943704][T14182] syz.1.3878[14182] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.238066][T14203] loop3: detected capacity change from 0 to 256 [ 142.256623][T14203] vfat: Deprecated parameter 'posix' [ 142.257226][T14207] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3890'. [ 142.261997][T14203] FAT-fs: "posix" option is obsolete, not supported now [ 142.313612][T14212] loop3: detected capacity change from 0 to 512 [ 142.347489][T14212] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.360314][T14212] ext4 filesystem being mounted at /773/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.373797][T14212] syz.3.3893[14212] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.373863][T14212] syz.3.3893[14212] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.406177][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.653664][T14252] can0: slcan on ttyS3. [ 142.694081][T14258] loop3: detected capacity change from 0 to 512 [ 142.706570][T14258] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.719679][T14252] can0 (unregistered): slcan off ttyS3. [ 142.725595][T14258] ext4 filesystem being mounted at /780/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.726825][T14252] Falling back ldisc for ttyS3. [ 142.746938][T14258] Process accounting resumed [ 142.753611][T14258] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 142.779619][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.895683][T14283] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3923'. [ 142.904756][T14283] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3923'. [ 142.973442][T14293] loop1: detected capacity change from 0 to 512 [ 142.980375][T14293] EXT4-fs: Ignoring removed bh option [ 142.990159][T14293] EXT4-fs: Ignoring removed mblk_io_submit option [ 143.026432][T14293] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #12: comm syz.1.3927: corrupted in-inode xattr: invalid ea_ino [ 143.040780][T14293] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.3927: couldn't read orphan inode 12 (err -117) [ 143.053744][T14293] EXT4-fs (loop1): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.080474][ T3259] EXT4-fs (loop1): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 143.201566][T14309] 9pnet: Could not find request transport: f [ 143.447418][T14335] loop1: detected capacity change from 0 to 1024 [ 143.476748][T14335] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.527500][ T3259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.645240][T14343] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 145.099520][T14365] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.3956'. [ 145.109469][T14361] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.3956'. [ 145.187657][T14375] loop0: detected capacity change from 0 to 256 [ 145.203543][T14375] FAT-fs (loop0): Directory bread(block 64) failed [ 145.210562][T14375] FAT-fs (loop0): Directory bread(block 65) failed [ 145.218053][T14375] FAT-fs (loop0): Directory bread(block 66) failed [ 145.225138][T14375] FAT-fs (loop0): Directory bread(block 67) failed [ 145.231818][T14375] FAT-fs (loop0): Directory bread(block 68) failed [ 145.238622][T14375] FAT-fs (loop0): Directory bread(block 69) failed [ 145.255992][T14375] FAT-fs (loop0): Directory bread(block 70) failed [ 145.262776][T14375] FAT-fs (loop0): Directory bread(block 71) failed [ 145.269429][T14375] FAT-fs (loop0): Directory bread(block 72) failed [ 145.276422][T14375] FAT-fs (loop0): Directory bread(block 73) failed [ 145.297806][T14375] syz.0.3960: attempt to access beyond end of device [ 145.297806][T14375] loop0: rw=524288, sector=1736, nr_sectors = 32 limit=256 [ 145.311802][T14375] syz.0.3960: attempt to access beyond end of device [ 145.311802][T14375] loop0: rw=0, sector=1736, nr_sectors = 8 limit=256 [ 145.396268][T14393] loop0: detected capacity change from 0 to 128 [ 145.404582][T14393] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 145.506987][ T29] kauditd_printk_skb: 150 callbacks suppressed [ 145.507003][ T29] audit: type=1400 audit(2000000038.390:6877): avc: granted { setsecparam } for pid=14400 comm="syz.4.3971" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 145.588922][T14403] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 145.647494][T14409] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3974'. [ 145.658219][T14409] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.668122][T14409] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.786236][T14409] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.796138][T14409] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.867802][T14409] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.877683][T14409] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.901165][T14417] TCP: request_sock_TCP: Possible SYN flooding on port 0.0.0.0:20002. Sending cookies. [ 145.912211][T14419] netlink: 'syz.1.3978': attribute type 21 has an invalid length. [ 145.958596][ T29] audit: type=1400 audit(2000000038.840:6878): avc: granted { setsecparam } for pid=14423 comm="syz.1.3980" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 145.997312][T14409] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 146.007164][T14409] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.091493][T14409] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.099980][T14409] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.128154][T14409] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.136590][T14409] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.171111][T14409] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.179395][T14409] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.208153][T14409] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.216604][T14409] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.285880][ T29] audit: type=1326 audit(2000000039.170:6879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14439 comm="syz.2.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 146.309480][ T29] audit: type=1326 audit(2000000039.170:6880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14439 comm="syz.2.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 146.374139][ T29] audit: type=1326 audit(2000000039.220:6881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14439 comm="syz.2.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 146.397785][ T29] audit: type=1326 audit(2000000039.220:6882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14439 comm="syz.2.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 146.421803][ T29] audit: type=1326 audit(2000000039.220:6883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14439 comm="syz.2.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 146.434465][T14449] loop1: detected capacity change from 0 to 512 [ 146.445508][ T29] audit: type=1326 audit(2000000039.220:6884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14439 comm="syz.2.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 146.475562][ T29] audit: type=1326 audit(2000000039.220:6885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14439 comm="syz.2.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 146.499125][ T29] audit: type=1326 audit(2000000039.220:6886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14439 comm="syz.2.3985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa2551ddef9 code=0x7ffc0000 [ 146.527014][T14455] netlink: 'syz.4.3990': attribute type 21 has an invalid length. [ 146.537536][T14449] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.554640][T14449] ext4 filesystem being mounted at /595/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.651718][ T3259] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.697730][T14473] syz.1.3996[14473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.697865][T14473] syz.1.3996[14473] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.756145][T14478] can0: slcan on ttyS3. [ 146.813795][T14478] can0 (unregistered): slcan off ttyS3. [ 146.819971][T14478] Falling back ldisc for ttyS3. [ 146.837806][T14489] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=14489 comm=syz.2.4002 [ 146.916073][T14501] loop0: detected capacity change from 0 to 128 [ 146.941523][T14501] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 146.982923][T14501] ext4 filesystem being mounted at /954/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 147.123159][ T3263] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 147.202853][T14515] syz.0.4013[14515] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.202933][T14515] syz.0.4013[14515] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.434132][T14543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4024'. [ 147.521377][T14554] loop0: detected capacity change from 0 to 512 [ 147.528367][T14554] EXT4-fs: test_dummy_encryption option not supported [ 147.705406][T14568] loop0: detected capacity change from 0 to 512 [ 147.712924][T14568] EXT4-fs: Ignoring removed mblk_io_submit option [ 147.720801][T14568] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 147.732754][T14568] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.4034: corrupted in-inode xattr: e_value out of bounds [ 147.748787][T14568] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.4034: couldn't read orphan inode 15 (err -117) [ 147.761827][T14568] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.789634][ T3263] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.815362][T14574] syz.0.4035[14574] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.815448][T14574] syz.0.4035[14574] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.831106][T14573] loop3: detected capacity change from 0 to 512 [ 147.868124][T14573] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.883922][T14582] loop0: detected capacity change from 0 to 1024 [ 147.888865][T14573] ext4 filesystem being mounted at /789/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.899640][T14582] EXT4-fs: Ignoring removed orlov option [ 147.906821][T14582] EXT4-fs: Ignoring removed nomblk_io_submit option [ 147.906864][T14584] netlink: 'syz.4.4040': attribute type 4 has an invalid length. [ 147.921694][T14573] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 147.941309][T14582] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.956534][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.987640][ T3263] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.029488][T14594] loop0: detected capacity change from 0 to 256 [ 148.233654][T14612] x_tables: ip6_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT [ 148.327605][T14619] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=14619 comm=syz.0.4053 [ 148.574062][T14637] loop1: detected capacity change from 0 to 512 [ 148.587323][T14637] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.600719][T14637] ext4 filesystem being mounted at /613/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.617099][T14637] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 148.631982][T14637] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 2 with error 28 [ 148.644348][T14637] EXT4-fs (loop1): This should not happen!! Data will be lost [ 148.644348][T14637] [ 148.654005][T14637] EXT4-fs (loop1): Total free blocks count 0 [ 148.660045][T14637] EXT4-fs (loop1): Free/Dirty block details [ 148.665981][T14637] EXT4-fs (loop1): free_blocks=65280 [ 148.671322][T14637] EXT4-fs (loop1): dirty_blocks=2 [ 148.676396][T14637] EXT4-fs (loop1): Block reservation details [ 148.682389][T14637] EXT4-fs (loop1): i_reserved_data_blocks=2 [ 148.690457][T14640] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 28 [ 149.342281][T14672] bridge0: port 3(veth0_to_bond) entered blocking state [ 149.349858][T14672] bridge0: port 3(veth0_to_bond) entered disabled state [ 149.357376][T14672] veth0_to_bond: entered allmulticast mode [ 149.363968][T14672] veth0_to_bond: entered promiscuous mode [ 149.369933][T14672] bridge0: port 3(veth0_to_bond) entered blocking state [ 149.376932][T14672] bridge0: port 3(veth0_to_bond) entered forwarding state [ 149.664264][T14693] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 150.034705][T14714] SELinux: security_context_str_to_sid () failed with errno=-22 [ 150.098477][T14722] loop0: detected capacity change from 0 to 512 [ 150.127617][T14722] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.140576][T14722] ext4 filesystem being mounted at /979/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 150.164756][ T3263] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.351352][T14743] loop0: detected capacity change from 0 to 2048 [ 150.368581][T14745] syz.4.4103[14745] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.368714][T14745] syz.4.4103[14745] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.384672][T14743] loop0: p1 < > p4 [ 150.400606][T14743] loop0: p4 size 8388608 extends beyond EOD, truncated [ 150.400768][T14747] SELinux: failure in selinux_parse_skb(), unable to parse packet [ 150.646405][ T29] kauditd_printk_skb: 89 callbacks suppressed [ 150.646425][ T29] audit: type=1326 audit(2000000043.530:6976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14767 comm="syz.4.4113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 150.723933][ T29] audit: type=1326 audit(2000000043.530:6977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14767 comm="syz.4.4113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 150.747700][ T29] audit: type=1326 audit(2000000043.530:6978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14767 comm="syz.4.4113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 150.771250][ T29] audit: type=1326 audit(2000000043.530:6979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14767 comm="syz.4.4113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 150.795090][ T29] audit: type=1326 audit(2000000043.530:6980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14767 comm="syz.4.4113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 150.818609][ T29] audit: type=1326 audit(2000000043.530:6981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14767 comm="syz.4.4113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 150.842363][ T29] audit: type=1326 audit(2000000043.560:6982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14767 comm="syz.4.4113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 150.866003][ T29] audit: type=1326 audit(2000000043.560:6983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14767 comm="syz.4.4113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 150.889541][ T29] audit: type=1326 audit(2000000043.560:6984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14767 comm="syz.4.4113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 150.913500][ T29] audit: type=1326 audit(2000000043.560:6985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14767 comm="syz.4.4113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 150.961069][ T9] IPVS: starting estimator thread 0... [ 151.074498][T14777] IPVS: using max 2064 ests per chain, 103200 per kthread [ 151.242175][T14805] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 151.592831][T14839] Cannot find del_set index 2 as target [ 151.671486][T14852] loop3: detected capacity change from 0 to 512 [ 151.689712][T14852] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.702623][T14852] ext4 filesystem being mounted at /800/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 151.718992][T14852] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 3: comm syz.3.4145: path /800/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 151.743883][T14852] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 12: comm syz.3.4145: path /800/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 151.765449][T14852] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 13: comm syz.3.4145: path /800/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 151.788010][T14852] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 14: comm syz.3.4145: path /800/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 151.791219][T14859] loop0: detected capacity change from 0 to 512 [ 151.810170][T14852] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 15: comm syz.3.4145: path /800/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 151.836134][T14861] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4117: comm syz.3.4145: Allocating blocks 18-19 which overlap fs metadata [ 151.851669][T14852] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz.3.4145: path /800/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 151.872445][T14859] EXT4-fs (loop0): orphan cleanup on readonly fs [ 151.879550][T14859] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.4146: bg 0: block 248: padding at end of block bitmap is not set [ 151.896495][T14852] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 17: comm syz.3.4145: path /800/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 151.904570][T14859] EXT4-fs error (device loop0): ext4_acquire_dquot:6848: comm syz.0.4146: Failed to acquire dquot type 1 [ 151.929617][T14852] EXT4-fs error (device loop3): ext4_map_blocks:609: inode #2: block 18: comm syz.3.4145: lblock 23 mapped to illegal pblock 18 (length 1) [ 151.948264][T14852] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 19: comm syz.3.4145: path /800/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 151.967329][T14859] EXT4-fs (loop0): 1 truncate cleaned up [ 151.984057][T14859] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 152.067368][ T3263] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.077178][T14870] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 152.137053][T14874] all: renamed from team_slave_0 [ 152.357708][T14898] 9pnet_fd: Insufficient options for proto=fd [ 152.547385][T14923] SELinux: failure in selinux_parse_skb(), unable to parse packet [ 152.559764][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.640602][T14934] loop3: detected capacity change from 0 to 1024 [ 152.649243][T14936] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4178'. [ 152.658725][T14934] EXT4-fs: Ignoring removed nobh option [ 152.664603][T14934] EXT4-fs: Ignoring removed nomblk_io_submit option [ 152.671482][T14934] EXT4-fs: Ignoring removed i_version option [ 152.705230][T14934] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.736692][ T3815] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.960968][T14972] serio: Serial port ptm0 [ 153.322186][T15002] loop3: detected capacity change from 0 to 128 [ 153.349503][T15002] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 153.365683][T15002] ext4 filesystem being mounted at /805/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 153.411909][T15009] loop1: detected capacity change from 0 to 512 [ 153.433235][T15009] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 153.444888][T15009] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 153.455131][T15009] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.4208: Corrupt directory, running e2fsck is recommended [ 153.470520][T15009] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 153.478928][T15009] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.4208: corrupted in-inode xattr: invalid ea_ino [ 153.493699][T15009] EXT4-fs (loop1): Remounting filesystem read-only [ 153.500730][T15009] SELinux: (dev loop1, type ext4) getxattr errno 5 [ 153.519823][T15012] loop3: detected capacity change from 0 to 512 [ 153.534716][T15012] EXT4-fs: Ignoring removed nobh option [ 153.548524][T15012] journal_path: Lookup failure for '.' [ 153.554151][T15012] EXT4-fs: error: could not find journal device path [ 153.877149][T15058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4227'. [ 154.214752][T15094] netlink: 'syz.1.4239': attribute type 10 has an invalid length. [ 154.228416][T15094] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 154.478849][T15106] loop3: detected capacity change from 0 to 1024 [ 154.485825][T15106] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 154.496851][T15106] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 154.504973][T15106] EXT4-fs (loop3): orphan cleanup on readonly fs [ 154.511633][T15106] EXT4-fs error (device loop3): ext4_free_blocks:6590: comm syz.3.4244: Freeing blocks not in datazone - block = 0, count = 4096 [ 154.525588][T15106] EXT4-fs (loop3): 1 orphan inode deleted [ 154.552355][T15109] loop3: detected capacity change from 0 to 164 [ 154.560398][T15109] Unsupported NM flag settings (8) [ 154.592643][T15113] loop0: detected capacity change from 0 to 128 [ 154.601295][T15113] ext4 filesystem being mounted at /1007/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 154.735422][T15130] IPv6: Can't replace route, no match found [ 154.792497][T15139] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4256'. [ 154.938469][T15157] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 155.049244][T15173] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4269'. [ 155.152940][T15187] loop1: detected capacity change from 0 to 256 [ 155.160628][T15187] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 155.187943][T15189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 155.197871][T15189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 155.618066][T15202] loop3: detected capacity change from 0 to 512 [ 155.625123][T15202] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 155.636365][T15202] EXT4-fs (loop3): 1 truncate cleaned up [ 155.759509][T15210] loop0: detected capacity change from 0 to 128 [ 155.777315][T15210] ext4 filesystem being mounted at /1021/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 155.813031][ T29] kauditd_printk_skb: 129 callbacks suppressed [ 155.813048][ T29] audit: type=1400 audit(2000000048.700:7113): avc: denied { link } for pid=15208 comm="syz.0.4286" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 155.862654][ T29] audit: type=1400 audit(2000000048.700:7114): avc: denied { rename } for pid=15208 comm="syz.0.4286" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 155.905910][ T29] audit: type=1400 audit(2000000048.700:7115): avc: denied { unlink } for pid=15208 comm="syz.0.4286" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 156.021640][ T29] audit: type=1326 audit(2000000048.900:7116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.4.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 156.046681][ T29] audit: type=1326 audit(2000000048.910:7117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.4.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 156.061242][ T5502] hid-generic 0000:0000:0000.0009: unknown main item tag 0x7 [ 156.070537][ T29] audit: type=1326 audit(2000000048.910:7118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.4.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 156.077775][ T5502] hid-generic 0000:0000:0000.0009: ignoring exceeding usage max [ 156.082354][ T5502] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 156.101519][ T29] audit: type=1326 audit(2000000048.910:7119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.4.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 156.111493][ T5502] hid-generic 0000:0000:0000.0009: unknown main item tag 0x6 [ 156.117092][ T29] audit: type=1326 audit(2000000048.910:7120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.4.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 156.140214][ T5502] hid-generic 0000:0000:0000.0009: unknown main item tag 0xd [ 156.142348][ T5502] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz0] on syz0 [ 156.147937][ T29] audit: type=1326 audit(2000000048.910:7121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.4.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 156.212895][ T29] audit: type=1326 audit(2000000048.920:7122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15228 comm="syz.4.4292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59574ddef9 code=0x7ffc0000 [ 156.505686][T15256] rdma_op ffff8881154cf980 conn xmit_rdma 0000000000000000 [ 156.712486][T15275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.721412][T15275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 156.792944][T15279] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4314'. [ 156.836572][T15287] program syz.0.4318 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 156.950281][T15297] loop0: detected capacity change from 0 to 2048 [ 156.957890][T15297] EXT4-fs: Invalid want_extra_isize 2786 [ 156.976206][T15297] loop0: detected capacity change from 0 to 1024 [ 156.982848][T15297] EXT4-fs: Ignoring removed orlov option [ 156.988689][T15297] EXT4-fs: Ignoring removed nomblk_io_submit option [ 157.067266][T15305] loop0: detected capacity change from 0 to 1024 [ 157.075700][T15305] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 157.086120][T15305] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 157.098459][T15305] EXT4-fs error (device loop0): ext4_protect_reserved_inode:182: inode #4: comm syz.0.4325: blocks 32-33 from inode overlap system zone [ 157.112855][T15305] EXT4-fs (loop0): failed to initialize system zone (-117) [ 157.121120][T15305] EXT4-fs (loop0): mount failed [ 157.350111][T15319] loop1: detected capacity change from 0 to 512 [ 157.357182][T15319] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 157.371506][T15319] EXT4-fs (loop1): 1 orphan inode deleted [ 157.377297][T15319] EXT4-fs (loop1): 1 truncate cleaned up [ 157.388015][T15319] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 157.422635][T15322] rdma_op ffff88812561b580 conn xmit_rdma 0000000000000000 [ 157.612209][T15286] ================================================================== [ 157.620333][T15286] BUG: KCSAN: data-race in mem_cgroup_iter / mem_cgroup_iter [ 157.627811][T15286] [ 157.630140][T15286] read to 0xffff888107502668 of 4 bytes by task 15284 on cpu 1: [ 157.637794][T15286] mem_cgroup_iter+0xba/0x380 [ 157.642481][T15286] shrink_node+0x458/0x1d40 [ 157.646999][T15286] do_try_to_free_pages+0x3c6/0xc50 [ 157.652219][T15286] try_to_free_mem_cgroup_pages+0x1f3/0x4f0 [ 157.658135][T15286] try_charge_memcg+0x2bc/0x810 [ 157.662992][T15286] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 157.669174][T15286] __read_swap_cache_async+0x2b7/0x520 [ 157.674649][T15286] swap_cluster_readahead+0x276/0x3f0 [ 157.680128][T15286] swapin_readahead+0xe4/0x760 [ 157.684909][T15286] do_swap_page+0x3da/0x1ef0 [ 157.689522][T15286] handle_mm_fault+0x8cb/0x2a30 [ 157.694437][T15286] exc_page_fault+0x3b9/0x650 [ 157.699144][T15286] asm_exc_page_fault+0x26/0x30 [ 157.704016][T15286] [ 157.706341][T15286] read-write to 0xffff888107502668 of 4 bytes by task 15286 on cpu 0: [ 157.714497][T15286] mem_cgroup_iter+0x28e/0x380 [ 157.719271][T15286] shrink_node+0x74a/0x1d40 [ 157.723782][T15286] do_try_to_free_pages+0x3c6/0xc50 [ 157.729017][T15286] try_to_free_mem_cgroup_pages+0x1f3/0x4f0 [ 157.734942][T15286] try_charge_memcg+0x2bc/0x810 [ 157.739810][T15286] obj_cgroup_charge_pages+0xbd/0x1a0 [ 157.745202][T15286] __memcg_kmem_charge_page+0x9d/0x170 [ 157.750680][T15286] __alloc_pages_noprof+0x1bc/0x360 [ 157.755912][T15286] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 157.761313][T15286] alloc_pages_noprof+0xe1/0x100 [ 157.766275][T15286] __vmalloc_node_range_noprof+0x736/0xec0 [ 157.772095][T15286] __kvmalloc_node_noprof+0x121/0x170 [ 157.777498][T15286] ip_set_alloc+0x1f/0x30 [ 157.781860][T15286] hash_netiface_create+0x273/0x730 [ 157.787077][T15286] ip_set_create+0x359/0x8a0 [ 157.791693][T15286] nfnetlink_rcv_msg+0x4a9/0x570 [ 157.796641][T15286] netlink_rcv_skb+0x12c/0x230 [ 157.801424][T15286] nfnetlink_rcv+0x16c/0x15e0 [ 157.806211][T15286] netlink_unicast+0x599/0x670 [ 157.810987][T15286] netlink_sendmsg+0x5cc/0x6e0 [ 157.815776][T15286] __sock_sendmsg+0x140/0x180 [ 157.820488][T15286] ____sys_sendmsg+0x312/0x410 [ 157.825280][T15286] __sys_sendmsg+0x1e9/0x280 [ 157.829895][T15286] __x64_sys_sendmsg+0x46/0x50 [ 157.834674][T15286] x64_sys_call+0x2689/0x2d60 [ 157.839367][T15286] do_syscall_64+0xc9/0x1c0 [ 157.843883][T15286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.849804][T15286] [ 157.852125][T15286] value changed: 0x0000041d -> 0x00000422 [ 157.857852][T15286] [ 157.860180][T15286] Reported by Kernel Concurrency Sanitizer on: [ 157.866330][T15286] CPU: 0 UID: 0 PID: 15286 Comm: syz.4.4317 Not tainted 6.11.0-rc7-syzkaller-00135-gb7718454f937 #0 [ 157.877185][T15286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 157.887242][T15286] ================================================================== [ 157.911168][T15286] syz.4.4317 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 157.925360][T15286] CPU: 0 UID: 0 PID: 15286 Comm: syz.4.4317 Not tainted 6.11.0-rc7-syzkaller-00135-gb7718454f937 #0 [ 157.936291][T15286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 157.946359][T15286] Call Trace: [ 157.949641][T15286] [ 157.952574][T15286] dump_stack_lvl+0xf2/0x150 [ 157.957269][T15286] dump_stack+0x15/0x20 [ 157.961483][T15286] dump_header+0x83/0x2d0 [ 157.965859][T15286] oom_kill_process+0x341/0x4c0 [ 157.970818][T15286] out_of_memory+0x9af/0xbe0 [ 157.975492][T15286] ? __rcu_read_unlock+0x4e/0x70 [ 157.980494][T15286] mem_cgroup_out_of_memory+0x13e/0x190 [ 157.986082][T15286] try_charge_memcg+0x51b/0x810 [ 157.991011][T15286] obj_cgroup_charge_pages+0xbd/0x1a0 [ 157.996412][T15286] __memcg_kmem_charge_page+0x9d/0x170 [ 158.001902][T15286] __alloc_pages_noprof+0x1bc/0x360 [ 158.007200][T15286] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 158.012698][T15286] alloc_pages_noprof+0xe1/0x100 [ 158.017665][T15286] __vmalloc_node_range_noprof+0x736/0xec0 [ 158.023502][T15286] __kvmalloc_node_noprof+0x121/0x170 [ 158.028972][T15286] ? ip_set_alloc+0x1f/0x30 [ 158.033520][T15286] ip_set_alloc+0x1f/0x30 [ 158.037866][T15286] hash_netiface_create+0x273/0x730 [ 158.043119][T15286] ? __nla_parse+0x40/0x60 [ 158.047549][T15286] ? __pfx_hash_netiface_create+0x10/0x10 [ 158.053284][T15286] ip_set_create+0x359/0x8a0 [ 158.057901][T15286] ? strnstr+0xf1/0x100 [ 158.062084][T15286] ? __nla_parse+0x40/0x60 [ 158.066648][T15286] nfnetlink_rcv_msg+0x4a9/0x570 [ 158.071639][T15286] netlink_rcv_skb+0x12c/0x230 [ 158.076412][T15286] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 158.081890][T15286] nfnetlink_rcv+0x16c/0x15e0 [ 158.086579][T15286] ? kmem_cache_free+0xd8/0x280 [ 158.091449][T15286] ? nlmon_xmit+0x51/0x60 [ 158.095789][T15286] ? __kfree_skb+0x102/0x150 [ 158.100388][T15286] ? consume_skb+0x57/0x180 [ 158.104902][T15286] ? nlmon_xmit+0x51/0x60 [ 158.109326][T15286] ? dev_hard_start_xmit+0x3c1/0x3f0 [ 158.114623][T15286] ? __dev_queue_xmit+0xb86/0x1fe0 [ 158.119746][T15286] ? ref_tracker_free+0x3a5/0x410 [ 158.124857][T15286] ? __pfx_cmp_ex_search+0x10/0x10 [ 158.130013][T15286] ? __dev_queue_xmit+0x161/0x1fe0 [ 158.135155][T15286] ? __netlink_deliver_tap+0x495/0x4c0 [ 158.140751][T15286] netlink_unicast+0x599/0x670 [ 158.145525][T15286] netlink_sendmsg+0x5cc/0x6e0 [ 158.150306][T15286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.155657][T15286] __sock_sendmsg+0x140/0x180 [ 158.160459][T15286] ____sys_sendmsg+0x312/0x410 [ 158.165302][T15286] __sys_sendmsg+0x1e9/0x280 [ 158.169965][T15286] ? futex_wait+0x18e/0x1c0 [ 158.174571][T15286] __x64_sys_sendmsg+0x46/0x50 [ 158.179406][T15286] x64_sys_call+0x2689/0x2d60 [ 158.184102][T15286] do_syscall_64+0xc9/0x1c0 [ 158.188619][T15286] ? clear_bhb_loop+0x55/0xb0 [ 158.193302][T15286] ? clear_bhb_loop+0x55/0xb0 [ 158.197986][T15286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.204090][T15286] RIP: 0033:0x7f59574ddef9 [ 158.208569][T15286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.228309][T15286] RSP: 002b:00007f5956157038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.236818][T15286] RAX: ffffffffffffffda RBX: 00007f5957695f80 RCX: 00007f59574ddef9 [ 158.244877][T15286] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 158.252855][T15286] RBP: 00007f5957550b76 R08: 0000000000000000 R09: 0000000000000000 [ 158.260834][T15286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 158.268857][T15286] R13: 0000000000000000 R14: 00007f5957695f80 R15: 00007ffe0169de38 [ 158.276875][T15286] [ 158.280087][T15286] memory: usage 307200kB, limit 307200kB, failcnt 170 [ 158.286986][T15286] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0 [ 158.295000][T15286] kmem: usage 307108kB, limit 9007199254740988kB, failcnt 0 [ 158.302295][T15286] Memory cgroup stats for /syz4: [ 158.302526][T15286] cache 81920 [ 158.310853][T15286] rss 0 [ 158.313606][T15286] shmem 0 [ 158.316556][T15286] mapped_file 81920 [ 158.320363][T15286] dirty 81920 [ 158.323813][T15286] writeback 0 [ 158.327179][T15286] workingset_refault_anon 108 [ 158.331902][T15286] workingset_refault_file 1582 [ 158.336698][T15286] swap 204800 [ 158.340075][T15286] swapcached 8192 [ 158.343719][T15286] pgpgin 153470 [ 158.347202][T15286] pgpgout 153447 [ 158.350757][T15286] pgfault 191561 [ 158.354402][T15286] pgmajfault 143 [ 158.357977][T15286] inactive_anon 8192 [ 158.361868][T15286] active_anon 0 [ 158.365442][T15286] inactive_file 81920 [ 158.369516][T15286] active_file 4096 [ 158.373223][T15286] unevictable 0 [ 158.376737][T15286] hierarchical_memory_limit 314572800 [ 158.382113][T15286] hierarchical_memsw_limit 9223372036854771712 [ 158.388298][T15286] total_cache 81920 [ 158.392092][T15286] total_rss 0 [ 158.395379][T15286] total_shmem 0 [ 158.398873][T15286] total_mapped_file 81920 [ 158.403214][T15286] total_dirty 81920 [ 158.407028][T15286] total_writeback 0 [ 158.410849][T15286] total_workingset_refault_anon 108 [ 158.416064][T15286] total_workingset_refault_file 1582 [ 158.421380][T15286] total_swap 204800 [ 158.425210][T15286] total_swapcached 8192 [ 158.429387][T15286] total_pgpgin 153470 [ 158.433380][T15286] total_pgpgout 153447 [ 158.437475][T15286] total_pgfault 191561 [ 158.441538][T15286] total_pgmajfault 143 [ 158.445616][T15286] total_inactive_anon 8192 [ 158.450050][T15286] total_active_anon 0 [ 158.454029][T15286] total_inactive_file 81920 [ 158.458552][T15286] total_active_file 4096 [ 158.462789][T15286] total_unevictable 0 [ 158.466779][T15286] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4317,pid=15284,uid=0 [ 158.481889][T15286] Memory cgroup out of memory: Killed process 15284 (syz.4.4317) total-vm:86984kB, anon-rss:616kB, file-rss:15908kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000