last executing test programs: 3.98644435s ago: executing program 1 (id=609): r0 = syz_socket_connect_nvme_tcp() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000200)=0xc) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) read$nci(0xffffffffffffffff, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0) socket$inet(0x2, 0x1, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) fsmount(r3, 0x0, 0x0) 3.94400702s ago: executing program 1 (id=611): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x14, 0x2, 0x6, 0x5}, 0x14}}, 0x0) 3.896080291s ago: executing program 1 (id=614): r0 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) fsopen(&(0x7f0000000200)='mqueue\x00', 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a) mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="0001000000000000000000"]) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000080)='wg2\x00', 0x4) sendto$inet(r0, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 2.194185072s ago: executing program 0 (id=647): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000210c0009800800014000000005600000000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a300000000034000380300000802c000180250001002130404c6bfef3a31e2587ebd76200"], 0xf0}}, 0x0) 2.124210283s ago: executing program 0 (id=648): socket(0x11, 0x800000003, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000000)=0x7, 0x4) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000580)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000a00000000000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000fe8000000000000000000000000000bb00000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007fc820ee26cdb0f7a561e82515a9488c96f992b29237d7d33b971b246ac04d186574c7d0a4c4d61fccf0e07e93b35f"], 0x190) syz_emit_ethernet(0x3e, &(0x7f0000000300)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x8, 0x3a, 0x0, @remote, @mcast2, {[], @mlv2_report={0x8f, 0x0, 0x0, 0x2}}}}}}, 0x0) 2.109609693s ago: executing program 1 (id=649): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000020900010073797a30000000002c000000030a010200000000030000000100ffff0900010073797a30000000000900030073797a3100000000d4040000060a010400000000000000000100000008000b4000000000ac0404802c000180080001006c6f6700200002800900024073797a300000000008000340000000060800034000000002380401800c000100626974776973650028040280080003400000000808000240000000140800064000000002080006400000000064020580bb0001001d92704a203d5ecc985c4e4280e5378a36a2856959ffa601c237cc270251cf18420d11613ec98e629c7d84c655efcb2b5ecd71666675bf512cadfe09e4d05a4f60f60e007ca1cf70a5185f973cec0f1ab052acf1acf6a2df83dd88facc62c6e94a1b6368d6bda68abcaed2ee48c3d589bf2a814b728efb93401dfa1d1063200c10e56294dba0e7b780ce0f6090bd0de9f5e000c98c4b97cd985c91284c2bca23e4757407bb41fd8de797502a72e122032d4ef3160f9f7b00fd000100854e3cb6d05d310db3d528811da7f7450ebb2d62cddc6981343570b9f4ab17d75de9411dea482f508c0dce42c25c4778ebc56bb303f9f51c489eedffcb1490560ab26ab7507ec029cca3ddfe7c4f4f6d91db07cbc008636bc7bea7f96954d31da9d8a9ca043df7b409ca2864d56fc6b2a70fcc2f1a3579737bf47542dae337d5203869caff9ab95a317c25521ebf848fad8ceb87f4655ace0701dbe961e9dcaeffa37bfa2e9d127d61b8d6edc1437b46f54c061e1c9d68120ac8300e91d19c708aa9589c37de59a9f8df5546855e934599a2f31b6cb847347fc02231fec395b906e60300340d60ebe7a3f23e1aa6eec9e0150a9d16b3c25e590000002400028008000340fffffff8080003400000000908000340684dbc5808000180ffffffff6200010091de8d9ca3503f5a0a8259007bc5088ccfe97cfebb5ebb90e05d4e8a63fcbee6f14ab7eff7469cf243a6ef6e528b811dfd72af1e7e08de8fbdd4849367ea82016412fab2ccc0fb94fa63fac7fd0c6ea48c0e9ac7d1a30ecf3e70e44ed5ff00001c0002800800034080000000080003400000000308000180fffffffc080001400000000d600004804000028008000180fffffffb0d00020073797a3000000000080001802b30a3bc08000180000000000900020073797a31000000002900020073797a31000000001c0002800900020073797a31000000000900020073797a3200000000080002400000000a30010480380002800900020073797a3200000000080003400000000908000180fffffffc0800018000000007080003408000000108000340000000050b0001000bca99f460f4b0002800028008000180fffffffb0900020073797a3000000000080003400000000308000340000001ff04000100bc000100e27404a10a99dbcc4575917adc29373e2cc46e5e8f99d7a36b7c42c92713cce62084d863a11eb9c2e19fde212924e527db981a9be0c2c15f6a04a67e9e20f86e4bebd07665e2d01da200712427a5525403c1c75468f31b91a60def25f7757c9921d08b9a5b0bc6f8953efbd0416091bf2b30d9a37e789198313dd07b7b70cebff25c562434b67e9a6b70708dd84c86135ab9b0ffda2c4b2fb4a139220c101f4c0a3d58eb124346005c82dea6f0f36444b28300758475eb3d34000180090001006d65746100000000240002800800024000000002080003400000000d08000340000000090800034000000001100001800a0001006c696d6974000000090001"], 0x548}}, 0x0) 2.066482494s ago: executing program 1 (id=650): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x841, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)='h', 0x34000}], 0x1}, 0x0) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000040)=',', 0x34000}], 0x1) 1.813667207s ago: executing program 4 (id=651): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x3c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_ID={0x8}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x84}}, 0x0) 1.701763529s ago: executing program 3 (id=652): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x4c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x4c}}, 0x0) 1.701188579s ago: executing program 4 (id=653): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 1.656919119s ago: executing program 4 (id=654): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r0, 0x0) sendto$inet6(r0, &(0x7f0000000180), 0x0, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000007900)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000940)='[', 0x1}], 0x1}}], 0x1, 0x40000) shutdown(r0, 0x1) 1.62256967s ago: executing program 3 (id=655): socket(0x2000000000000021, 0x2, 0x10000000000002) r0 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)={0x38, 0x1403, 0x1, 0x70bd28, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ipvlan0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x40080c0) 1.536633851s ago: executing program 4 (id=656): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="20000000000000004000128008000100687372003400028008000200", @ANYRES32, @ANYBLOB="050006000000000008000100", @ANYRES32=r2], 0x60}}, 0x0) 1.533211461s ago: executing program 3 (id=657): socket$can_bcm(0x1d, 0x2, 0x2) socket$unix(0x1, 0x0, 0x0) gettid() getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001840)={{{@in6=@empty, @in=@multicast1}}, {{@in=@initdev}, 0x0, @in=@empty}}, &(0x7f0000001940)=0xe8) r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r2, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r0}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) 1.496815061s ago: executing program 0 (id=658): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000210c0009800800014000000005600000000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a300000000034000380300000802c000180250001002130404c6bfef3a31e2587ebd76200"], 0xf0}}, 0x0) 1.473070162s ago: executing program 0 (id=659): r0 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) fsopen(&(0x7f0000000200)='mqueue\x00', 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a) mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="0001000000000000000000"]) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000080)='wg2\x00', 0x4) sendto$inet(r0, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 1.459690812s ago: executing program 4 (id=660): perf_event_open(0x0, 0x0, 0x2, 0xffffffffffffffff, 0x8) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000300)='4', 0x1}], 0x1) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="04000000031401002dbd0a29292e7770"], 0x38}}, 0x20008010) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r3) r4 = syz_clone(0x40200, 0x0, 0x49, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, &(0x7f0000000000)={0xffffffffffffffff, 0x10000002000, 0x8000000000000003, 0x4000000000004}) io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x22}}) io_uring_enter(0xffffffffffffffff, 0x27e2, 0x0, 0x0, 0x0, 0x0) close_range(r6, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x2, 0x82, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x11b80, 0xa1, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffe, 0x0, 0x0, 0x0, 0xffff}, r4, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYRES8], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff7, @void, @value}, 0x94) 1.129786006s ago: executing program 1 (id=662): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x2, 0xff, 0x4}, 0xfe}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000340)={0x1d, r3, 0x0, {0x2, 0x0, 0x6}, 0xfd}, 0x18) sendmsg$inet(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x80) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) connect$can_j1939(r0, &(0x7f0000000540)={0x1d, r5, 0x0, {0x0, 0xff, 0x3}, 0xfd}, 0x18) writev(r0, &(0x7f0000000880)=[{&(0x7f0000000380)="14055f7e4487be4648", 0xfdef}], 0x1) 914.533739ms ago: executing program 2 (id=663): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x3c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_ID={0x8}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x84}}, 0x0) 839.989139ms ago: executing program 2 (id=664): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x474}}, 0x0) 834.89442ms ago: executing program 3 (id=665): bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) creat(&(0x7f00000005c0)='./file0\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe28, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000000)={[{@errors_remount}, {@nobh}]}, 0x1, 0x513, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tcuTEXE1f9tURHztyxHfTA7Gbe7sri/WatWtvFxp1TcrzZ3d62v1xdXqanVjfn7ujYU3F15fmM1yT9TOUi/zky99/vanv/W7G3++9u12tT73kShEXztOUrfphc626Glvo63TCDYCE3l7CqOuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//ysA4A0=") bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) io_setup(0x200, &(0x7f0000000140)=0x0) io_pgetevents(r1, 0x5, 0x5, &(0x7f0000000000)=[{}, {}, {}, {}, {}], &(0x7f00000000c0)={0x0, 0x3938700}, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000002c0)={[{@noauto_da_alloc}, {@jqfmt_vfsold}, {@noquota}, {@norecovery}, {}]}, 0x1, 0x4be, &(0x7f0000000540)="$eJzs3ctrW1caAPBPUvyMZ/KYYUgyMAlkIPMglh8MsWdmM6uZWQSGCXTTQuraiutatowlp7EJ1Gl3WXRRWlooXXRZ6D/QbppVQ6F03e5LFiWlTV1oCwUVXUmO/JArGjsC398PbnTuOTf6zrH4jq+OrnUDSK1ztX8yEUMR8UlEHKvvbj3gXP1h48HN6dqWiWr1yleZ5LjafvPQ5v87GhHrEdEfEf//d8QzmZ1xy6tr81PFYmG5sZ+vLCzly6trF+cWpmYLs4XF0YlLk5MTI+Njk/s21tsvP3f78vv/7X33u5fu333lww9q3RpqtLWOYz/Vh94TJ1rqjkTEPw8iWBfkGuMZ6HZH+EVqr99vIuJ8kv/HIpe8mkAaVKvV6o/VvnbN61Xg0Mom58CZ7HBE1MvZ7PBw/Rz+tzGYLZbKlb9eK60sztTPlY9HT/baXLEw0nivcDx6MrX90aT8cH9s2/54RHIO/GpuINkfni4VZx7vVAdsc3Rb/n+bq+c/kBLe8kN6yX9IL/kP6SX/Ib3kP6SX/If0kv+QXvIf0kv+Q3rJf0gv+Q+p9L/Ll2tbtfn37zPXV1fmS9cvzhTK88MLK9PD06XlGJ4t9b3X2fMVS6Wl0b/Fyo18pVCu5Mura1cXSiuLlatzC1OzvVHoOeDxAJ07cfbOZ5mIWP/7QLLV9Dba5CocbtUX6t8BAKRPrtsTENA1lv4gvbzHB3b5it4t+ts1LD1S1J8LCxygbLc7AHTNhdM+/4O0sv4P6WX9H9Jr6zm+swFIo+6s/wPdZP0f0muo5f4/mZb7f/2q5d5dIxHx64j4NNfT17zXF3AYZL/INHL/wrE/Dm1v7c18nywK9EbE829eef3GVKWyPFqr/3qzvvJGvb63G90HOpbk71jj0S9yAEi1jQc3p5vbZuXxg4/75b/qFyHsjH+ksTbZn3xGObiR2XKtQmafrl1YvxURp3aLn2nc77z+ycfgRm5H/JONx0z9KZL+Hknum/4o8e+902n80y3x/9AS/8wj/1QgHe7U5p+R3fI/m+R0bObf1vlnaJ+uj24//2U3579cm/nvbIcxnn3rxXtt49+KOLNr/Ga8/iTW9vi1vl3oMP79p574Xbu26tv159ktflOtlK8sLOXLq2sX5xamZguzhcXRiUuTkxMj42OT+WSNOt9cqd7pH6c+vrvX+AfbxN9r/LW6P3c4/h9+/9GT5/aI/6fzu7/+J/eIPxARf+kw/jdjnz/drq0Wf6bN+LPb47cs8NXqxjuMX37tP30dHgoAPAbl1bX5qWKxsKygoKCwWej2zAQctIdJ3+2eAAAAAAAAAAAAAJ16HJcTd3uMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHwU8BAAD//zAx0oQ=") 790.89184ms ago: executing program 4 (id=666): bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x7f, 0x7ffc0002}]}) bpf$MAP_CREATE(0x0, 0x0, 0x48) creat(&(0x7f00000005c0)='./file0\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe28, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000000)={[{@errors_remount}, {@nobh}]}, 0x1, 0x513, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tcuTEXE1f9tURHztyxHfTA7Gbe7sri/WatWtvFxp1TcrzZ3d62v1xdXqanVjfn7ujYU3F15fmM1yT9TOUi/zky99/vanv/W7G3++9u12tT73kShEXztOUrfphc626Glvo63TCDYCE3l7CqOuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//ysA4A0=") bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x10) io_setup(0x200, &(0x7f0000000140)=0x0) io_pgetevents(r3, 0x5, 0x5, &(0x7f0000000000)=[{}, {}, {}, {}, {}], &(0x7f00000000c0)={0x0, 0x3938700}, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000002c0)={[{@noauto_da_alloc}, {@jqfmt_vfsold}, {@noquota}, {@norecovery}, {}]}, 0x1, 0x4be, &(0x7f0000000540)="$eJzs3ctrW1caAPBPUvyMZ/KYYUgyMAlkIPMglh8MsWdmM6uZWQSGCXTTQuraiutatowlp7EJ1Gl3WXRRWlooXXRZ6D/QbppVQ6F03e5LFiWlTV1oCwUVXUmO/JArGjsC398PbnTuOTf6zrH4jq+OrnUDSK1ztX8yEUMR8UlEHKvvbj3gXP1h48HN6dqWiWr1yleZ5LjafvPQ5v87GhHrEdEfEf//d8QzmZ1xy6tr81PFYmG5sZ+vLCzly6trF+cWpmYLs4XF0YlLk5MTI+Njk/s21tsvP3f78vv/7X33u5fu333lww9q3RpqtLWOYz/Vh94TJ1rqjkTEPw8iWBfkGuMZ6HZH+EVqr99vIuJ8kv/HIpe8mkAaVKvV6o/VvnbN61Xg0Mom58CZ7HBE1MvZ7PBw/Rz+tzGYLZbKlb9eK60sztTPlY9HT/baXLEw0nivcDx6MrX90aT8cH9s2/54RHIO/GpuINkfni4VZx7vVAdsc3Rb/n+bq+c/kBLe8kN6yX9IL/kP6SX/Ib3kP6SX/If0kv+QXvIf0kv+Q3rJf0gv+Q+p9L/Ll2tbtfn37zPXV1fmS9cvzhTK88MLK9PD06XlGJ4t9b3X2fMVS6Wl0b/Fyo18pVCu5Mura1cXSiuLlatzC1OzvVHoOeDxAJ07cfbOZ5mIWP/7QLLV9Dba5CocbtUX6t8BAKRPrtsTENA1lv4gvbzHB3b5it4t+ts1LD1S1J8LCxygbLc7AHTNhdM+/4O0sv4P6WX9H9Jr6zm+swFIo+6s/wPdZP0f0muo5f4/mZb7f/2q5d5dIxHx64j4NNfT17zXF3AYZL/INHL/wrE/Dm1v7c18nywK9EbE829eef3GVKWyPFqr/3qzvvJGvb63G90HOpbk71jj0S9yAEi1jQc3p5vbZuXxg4/75b/qFyHsjH+ksTbZn3xGObiR2XKtQmafrl1YvxURp3aLn2nc77z+ycfgRm5H/JONx0z9KZL+Hknum/4o8e+902n80y3x/9AS/8wj/1QgHe7U5p+R3fI/m+R0bObf1vlnaJ+uj24//2U3579cm/nvbIcxnn3rxXtt49+KOLNr/Ga8/iTW9vi1vl3oMP79p574Xbu26tv159ktflOtlK8sLOXLq2sX5xamZguzhcXRiUuTkxMj42OT+WSNOt9cqd7pH6c+vrvX+AfbxN9r/LW6P3c4/h9+/9GT5/aI/6fzu7/+J/eIPxARf+kw/jdjnz/drq0Wf6bN+LPb47cs8NXqxjuMX37tP30dHgoAPAbl1bX5qWKxsKygoKCwWej2zAQctIdJ3+2eAAAAAAAAAAAAAJ16HJcTd3uMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHwU8BAAD//zAx0oQ=") 733.263611ms ago: executing program 2 (id=667): socket(0x2000000000000021, 0x2, 0x10000000000002) r0 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)={0x38, 0x1403, 0x1, 0x70bd28, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ipvlan0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x40080c0) 571.057353ms ago: executing program 0 (id=668): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$vcsa(&(0x7f0000000080), 0x6, 0xe3bb1d41db6cb2ae) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) rt_sigaction(0x19, 0x0, 0x0, 0x8, &(0x7f0000000440)) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f00000005c0)={'ip6gre0\x00', 0x0, 0x29, 0x2, 0x4, 0x4, 0x2, @mcast2, @dev={0xfe, 0x80, '\x00', 0x1f}, 0x700, 0x40, 0xfffffffc, 0x4}}) r2 = socket$key(0xf, 0x3, 0x2) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}, 0x10000000}}, 0xb8}}, 0x0) sendmsg$key(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="021600000a0000000000000000000000080012000007a18208"], 0x50}}, 0x0) 557.172903ms ago: executing program 2 (id=669): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000210c0009800800014000000005600000000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a300000000034000380300000802c000180250001002130404c6bfef3a31e2587ebd76200eb3ea056f39e3ab8a93c358099bf"], 0xf0}}, 0x0) 536.217873ms ago: executing program 0 (id=670): socket(0x11, 0x800000003, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000000)=0x7, 0x4) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000580)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000a00000000000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000fe8000000000000000000000000000bb00000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007fc820ee26cdb0f7a561e82515a9488c96f992b29237d7d33b971b246ac04d186574c7d0a4c4d61fccf0e07e93b35f"], 0x190) syz_emit_ethernet(0x3e, &(0x7f0000000300)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x8, 0x3a, 0x0, @remote, @mcast2, {[], @mlv2_report={0x8f, 0x0, 0x0, 0x2}}}}}}, 0x0) 499.055014ms ago: executing program 2 (id=671): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r0 = gettid() mount$tmpfs(0x0, &(0x7f0000000080)='.\x00', &(0x7f00000000c0), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)}) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) add_key$keyring(0x0, &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x401, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = eventfd2(0x0, 0x0) write$eventfd(r5, &(0x7f0000000140)=0xfffffffffffffff8, 0x8) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x248, 0x0, 0x11, 0x148, 0x0, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xc8, 0x110, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a8) ioctl$TIOCL_SETSEL(r6, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x0, 0x2fd, 0xffff, 0x101, 0x300}}) 305.604756ms ago: executing program 2 (id=672): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x841, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)='h', 0x34000}], 0x1}, 0x0) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000040)=',', 0x34000}], 0x1) 63.29503ms ago: executing program 3 (id=673): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @sack_perm], 0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000210c0009800800014000000005600000000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a300000000034000380300000802c000180250001002130404c6bfef3a31e2587ebd76200eb3ea056f39e3ab8a93c358099bf8cf3007d00000014000000110001"], 0xf0}}, 0x0) 0s ago: executing program 3 (id=674): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): e [ 38.126396][ T3308] veth1_macvtap: entered promiscuous mode [ 38.129406][ T3447] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3'. [ 38.143661][ T3307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.154166][ T3307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.164199][ T3307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.174673][ T3307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.184588][ T3307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.195205][ T3307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.210414][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.238926][ T3307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.249680][ T3307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.259679][ T3307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.270320][ T3307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.270641][ T29] kauditd_printk_skb: 35 callbacks suppressed [ 38.270656][ T29] audit: type=1400 audit(1745492081.670:126): avc: denied { perfmon } for pid=3445 comm="syz.2.3" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 38.280158][ T3307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.280176][ T3307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.285839][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.286247][ T29] audit: type=1400 audit(1745492081.670:127): avc: denied { prog_load } for pid=3446 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 38.309819][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.317249][ T29] audit: type=1400 audit(1745492081.670:128): avc: denied { bpf } for pid=3446 comm="syz.0.1" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 38.317278][ T29] audit: type=1400 audit(1745492081.670:129): avc: denied { open } for pid=3452 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 38.327078][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.327092][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.334302][ T29] audit: type=1400 audit(1745492081.670:130): avc: denied { kernel } for pid=3452 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 38.352993][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.353007][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.363544][ T29] audit: type=1400 audit(1745492081.670:131): avc: denied { map_read map_write } for pid=3445 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 38.383764][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.383779][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 38.383793][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.389087][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.402953][ T29] audit: type=1400 audit(1745492081.670:132): avc: denied { prog_run } for pid=3445 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 38.427537][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.443031][ T29] audit: type=1400 audit(1745492081.670:133): avc: denied { ioctl } for pid=3446 comm="syz.0.1" path="socket:[4487]" dev="sockfs" ino=4487 ioctlcmd=0x48d4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 38.452887][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.452905][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.463338][ T29] audit: type=1400 audit(1745492081.670:134): avc: denied { setopt } for pid=3446 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 38.482786][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.625952][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.636507][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.646717][ T3308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 38.657276][ T3308] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 38.680282][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.688009][ T3448] syzkaller0: entered allmulticast mode [ 38.697999][ T3307] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.706993][ T3307] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.715904][ T3307] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.725028][ T3307] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.740587][ T3462] team_slave_0: entered promiscuous mode [ 38.746311][ T3462] team_slave_1: entered promiscuous mode [ 38.753153][ T3462] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 38.761357][ T3462] team0: Device macvtap1 is already an upper device of the team interface [ 38.770815][ T3462] team_slave_0: left promiscuous mode [ 38.776302][ T3462] team_slave_1: left promiscuous mode [ 38.785743][ T3446] syzkaller0: left allmulticast mode [ 38.793209][ T3308] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.802121][ T3308] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.810932][ T3308] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.819682][ T3308] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.871380][ T29] audit: type=1400 audit(1745492082.290:135): avc: denied { create } for pid=3464 comm="syz.0.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 38.899310][ T3469] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8'. [ 38.915823][ T3466] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 38.924093][ T3466] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 38.947839][ T3472] FAULT_INJECTION: forcing a failure. [ 38.947839][ T3472] name failslab, interval 1, probability 0, space 0, times 1 [ 38.960686][ T3472] CPU: 0 UID: 0 PID: 3472 Comm: syz.2.9 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 38.960813][ T3472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 38.960829][ T3472] Call Trace: [ 38.960834][ T3472] [ 38.960841][ T3472] dump_stack_lvl+0xf6/0x150 [ 38.960921][ T3472] dump_stack+0x15/0x1a [ 38.960937][ T3472] should_fail_ex+0x261/0x270 [ 38.960960][ T3472] should_failslab+0x8f/0xb0 [ 38.960985][ T3472] __kmalloc_cache_noprof+0x55/0x320 [ 38.961020][ T3472] ? audit_log_d_path+0x8e/0x150 [ 38.961081][ T3472] audit_log_d_path+0x8e/0x150 [ 38.961115][ T3472] audit_log_d_path_exe+0x42/0x70 [ 38.961183][ T3472] audit_log_task+0x1f1/0x250 [ 38.961246][ T3472] ? kstrtouint+0x7b/0xc0 [ 38.961338][ T3472] audit_seccomp+0x62/0x100 [ 38.961367][ T3472] __seccomp_filter+0x694/0x10e0 [ 38.961394][ T3472] ? vfs_write+0x669/0x950 [ 38.961446][ T3472] ? putname+0xe1/0x100 [ 38.961470][ T3472] __secure_computing+0x7e/0x150 [ 38.961490][ T3472] syscall_trace_enter+0xcf/0x1f0 [ 38.961588][ T3472] ? fpregs_assert_state_consistent+0x83/0xa0 [ 38.961626][ T3472] do_syscall_64+0xaa/0x1a0 [ 38.961655][ T3472] ? clear_bhb_loop+0x25/0x80 [ 38.961689][ T3472] ? clear_bhb_loop+0x25/0x80 [ 38.961714][ T3472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 38.961791][ T3472] RIP: 0033:0x7f0cb1f0e969 [ 38.961816][ T3472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 38.961833][ T3472] RSP: 002b:00007f0cb0577038 EFLAGS: 00000246 ORIG_RAX: 0000000000000132 [ 38.961899][ T3472] RAX: ffffffffffffffda RBX: 00007f0cb2135fa0 RCX: 00007f0cb1f0e969 [ 38.961914][ T3472] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 38.961927][ T3472] RBP: 00007f0cb0577090 R08: 0000000000000000 R09: 0000000000000000 [ 38.962011][ T3472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 38.962025][ T3472] R13: 0000000000000000 R14: 00007f0cb2135fa0 R15: 00007fff344e29a8 [ 38.962046][ T3472] [ 38.980233][ T3469] lo speed is unknown, defaulting to 1000 [ 39.178183][ T3478] FAULT_INJECTION: forcing a failure. [ 39.178183][ T3478] name failslab, interval 1, probability 0, space 0, times 0 [ 39.193426][ T3469] lo speed is unknown, defaulting to 1000 [ 39.194376][ T3478] CPU: 0 UID: 0 PID: 3478 Comm: syz.3.10 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 39.194449][ T3478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 39.194464][ T3478] Call Trace: [ 39.194471][ T3478] [ 39.194481][ T3478] dump_stack_lvl+0xf6/0x150 [ 39.194513][ T3478] dump_stack+0x15/0x1a [ 39.194534][ T3478] should_fail_ex+0x261/0x270 [ 39.194565][ T3478] should_failslab+0x8f/0xb0 [ 39.194645][ T3478] __kmalloc_cache_noprof+0x55/0x320 [ 39.194685][ T3478] ? audit_log_d_path+0x8e/0x150 [ 39.194725][ T3478] audit_log_d_path+0x8e/0x150 [ 39.194858][ T3478] audit_log_d_path_exe+0x42/0x70 [ 39.194923][ T3478] audit_log_task+0x1f1/0x250 [ 39.194954][ T3478] ? kstrtouint+0x7b/0xc0 [ 39.194981][ T3478] audit_seccomp+0x62/0x100 [ 39.195040][ T3478] __seccomp_filter+0x694/0x10e0 [ 39.195068][ T3478] ? vfs_write+0x669/0x950 [ 39.195089][ T3478] ? putname+0xe1/0x100 [ 39.195123][ T3478] __secure_computing+0x7e/0x150 [ 39.195148][ T3478] syscall_trace_enter+0xcf/0x1f0 [ 39.195219][ T3478] ? fpregs_assert_state_consistent+0x83/0xa0 [ 39.195259][ T3478] do_syscall_64+0xaa/0x1a0 [ 39.195292][ T3478] ? clear_bhb_loop+0x25/0x80 [ 39.195356][ T3478] ? clear_bhb_loop+0x25/0x80 [ 39.195452][ T3478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 39.195478][ T3478] RIP: 0033:0x7fda2436e969 [ 39.195563][ T3478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 39.195584][ T3478] RSP: 002b:00007fda229d7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3 [ 39.195686][ T3478] RAX: ffffffffffffffda RBX: 00007fda24595fa0 RCX: 00007fda2436e969 [ 39.195701][ T3478] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 39.195716][ T3478] RBP: 00007fda229d7090 R08: 0000000000000000 R09: 0000000000000000 [ 39.195731][ T3478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 39.195745][ T3478] R13: 0000000000000000 R14: 00007fda24595fa0 R15: 00007ffe0bbaa558 [ 39.195814][ T3478] [ 39.408637][ T3469] lo speed is unknown, defaulting to 1000 [ 39.414982][ T3469] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 39.423639][ T3469] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 39.436091][ T3469] lo speed is unknown, defaulting to 1000 [ 39.442739][ T3469] lo speed is unknown, defaulting to 1000 [ 39.448807][ T3469] lo speed is unknown, defaulting to 1000 [ 39.455286][ T3469] lo speed is unknown, defaulting to 1000 [ 39.463922][ T3469] lo speed is unknown, defaulting to 1000 [ 39.482855][ T3469] syz.4.8 (3469) used greatest stack depth: 10776 bytes left [ 39.500011][ T3484] mmap: syz.0.12 (3484) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 39.516710][ T3484] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 39.567894][ C1] hrtimer: interrupt took 44823 ns [ 39.584564][ T3382] IPVS: starting estimator thread 0... [ 39.637800][ T3498] loop3: detected capacity change from 0 to 512 [ 39.725488][ T3505] 9pnet_fd: Insufficient options for proto=fd [ 39.739208][ T3507] loop4: detected capacity change from 0 to 128 [ 39.750611][ T3494] IPVS: using max 2400 ests per chain, 120000 per kthread [ 39.782197][ T3507] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0002] [ 39.819516][ T3507] System zones: 1-3, 19-19, 35-36 [ 39.847178][ T3507] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 39.870959][ T3505] netlink: 356 bytes leftover after parsing attributes in process `syz.2.13'. [ 39.880020][ T3505] netlink: 356 bytes leftover after parsing attributes in process `syz.2.13'. [ 39.908645][ T3503] loop3: detected capacity change from 0 to 8192 [ 39.928634][ T3507] ext4 filesystem being mounted at /3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 39.969491][ T3503] ======================================================= [ 39.969491][ T3503] WARNING: The mand mount option has been deprecated and [ 39.969491][ T3503] and is ignored by this kernel. Remove the mand [ 39.969491][ T3503] option from the mount to silence this warning. [ 39.969491][ T3503] ======================================================= [ 40.039630][ T3503] Zero length message leads to an empty skb [ 40.110508][ T3519] FAULT_INJECTION: forcing a failure. [ 40.110508][ T3519] name failslab, interval 1, probability 0, space 0, times 0 [ 40.123418][ T3519] CPU: 1 UID: 0 PID: 3519 Comm: syz.0.25 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 40.123446][ T3519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 40.123457][ T3519] Call Trace: [ 40.123462][ T3519] [ 40.123469][ T3519] dump_stack_lvl+0xf6/0x150 [ 40.123496][ T3519] dump_stack+0x15/0x1a [ 40.123516][ T3519] should_fail_ex+0x261/0x270 [ 40.123685][ T3519] should_failslab+0x8f/0xb0 [ 40.123766][ T3519] kmem_cache_alloc_node_noprof+0x5c/0x340 [ 40.123801][ T3519] ? __alloc_skb+0x10d/0x320 [ 40.123821][ T3519] __alloc_skb+0x10d/0x320 [ 40.123922][ T3519] netlink_alloc_large_skb+0xad/0xe0 [ 40.124010][ T3519] netlink_sendmsg+0x3da/0x720 [ 40.124035][ T3519] ? __pfx_netlink_sendmsg+0x10/0x10 [ 40.124085][ T3519] __sock_sendmsg+0x140/0x180 [ 40.124122][ T3519] ____sys_sendmsg+0x350/0x4e0 [ 40.124155][ T3519] __sys_sendmsg+0x1a0/0x240 [ 40.124199][ T3519] __x64_sys_sendmsg+0x46/0x50 [ 40.124231][ T3519] x64_sys_call+0x26f3/0x2e10 [ 40.124257][ T3519] do_syscall_64+0xc9/0x1a0 [ 40.124288][ T3519] ? clear_bhb_loop+0x25/0x80 [ 40.124385][ T3519] ? clear_bhb_loop+0x25/0x80 [ 40.124411][ T3519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 40.124435][ T3519] RIP: 0033:0x7f55f02ae969 [ 40.124523][ T3519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 40.124579][ T3519] RSP: 002b:00007f55ee917038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 40.124601][ T3519] RAX: ffffffffffffffda RBX: 00007f55f04d5fa0 RCX: 00007f55f02ae969 [ 40.124615][ T3519] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 40.124628][ T3519] RBP: 00007f55ee917090 R08: 0000000000000000 R09: 0000000000000000 [ 40.124638][ T3519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 40.124649][ T3519] R13: 0000000000000000 R14: 00007f55f04d5fa0 R15: 00007ffcf1fb75e8 [ 40.124668][ T3519] [ 40.386479][ T3527] FAULT_INJECTION: forcing a failure. [ 40.386479][ T3527] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 40.400515][ T3527] CPU: 1 UID: 0 PID: 3527 Comm: syz.0.27 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 40.400548][ T3527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 40.400563][ T3527] Call Trace: [ 40.400591][ T3527] [ 40.400601][ T3527] dump_stack_lvl+0xf6/0x150 [ 40.400624][ T3527] dump_stack+0x15/0x1a [ 40.400697][ T3527] should_fail_ex+0x261/0x270 [ 40.400728][ T3527] should_fail+0xb/0x10 [ 40.400860][ T3527] should_fail_usercopy+0x1a/0x20 [ 40.400884][ T3527] _copy_from_iter+0xd8/0xd10 [ 40.400960][ T3527] ? kmalloc_reserve+0x16e/0x190 [ 40.400980][ T3527] ? __build_skb_around+0x199/0x1f0 [ 40.401004][ T3527] ? __alloc_skb+0x227/0x320 [ 40.401026][ T3527] ? __virt_addr_valid+0x1ed/0x250 [ 40.401047][ T3527] ? __check_object_size+0x367/0x510 [ 40.401148][ T3527] netlink_sendmsg+0x492/0x720 [ 40.401174][ T3527] ? __pfx_netlink_sendmsg+0x10/0x10 [ 40.401207][ T3527] __sock_sendmsg+0x140/0x180 [ 40.401253][ T3527] ____sys_sendmsg+0x350/0x4e0 [ 40.401286][ T3527] __sys_sendmmsg+0x22a/0x4b0 [ 40.401400][ T3527] __x64_sys_sendmmsg+0x57/0x70 [ 40.401481][ T3527] x64_sys_call+0x2b53/0x2e10 [ 40.401509][ T3527] do_syscall_64+0xc9/0x1a0 [ 40.401590][ T3527] ? clear_bhb_loop+0x25/0x80 [ 40.401626][ T3527] ? clear_bhb_loop+0x25/0x80 [ 40.401646][ T3527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 40.401668][ T3527] RIP: 0033:0x7f55f02ae969 [ 40.401683][ T3527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 40.401699][ T3527] RSP: 002b:00007f55ee917038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 40.401716][ T3527] RAX: ffffffffffffffda RBX: 00007f55f04d5fa0 RCX: 00007f55f02ae969 [ 40.401798][ T3527] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003 [ 40.401813][ T3527] RBP: 00007f55ee917090 R08: 0000000000000000 R09: 0000000000000000 [ 40.401825][ T3527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 40.401836][ T3527] R13: 0000000000000000 R14: 00007f55f04d5fa0 R15: 00007ffcf1fb75e8 [ 40.401915][ T3527] [ 40.683303][ T3531] FAULT_INJECTION: forcing a failure. [ 40.683303][ T3531] name failslab, interval 1, probability 0, space 0, times 0 [ 40.696507][ T3531] CPU: 0 UID: 0 PID: 3531 Comm: syz.1.24 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 40.696536][ T3531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 40.696550][ T3531] Call Trace: [ 40.696557][ T3531] [ 40.696565][ T3531] dump_stack_lvl+0xf6/0x150 [ 40.696591][ T3531] dump_stack+0x15/0x1a [ 40.696609][ T3531] should_fail_ex+0x261/0x270 [ 40.696635][ T3531] should_failslab+0x8f/0xb0 [ 40.696659][ T3531] kmem_cache_alloc_noprof+0x59/0x340 [ 40.696690][ T3531] ? vm_area_alloc+0x2c/0xb0 [ 40.696709][ T3531] ? vma_merge_new_range+0x2df/0x340 [ 40.696737][ T3531] vm_area_alloc+0x2c/0xb0 [ 40.696756][ T3531] mmap_region+0x83e/0x1490 [ 40.696806][ T3531] do_mmap+0x9ef/0xc80 [ 40.696831][ T3531] vm_mmap_pgoff+0x16d/0x2d0 [ 40.696869][ T3531] ksys_mmap_pgoff+0xd0/0x340 [ 40.696890][ T3531] ? fpregs_assert_state_consistent+0x83/0xa0 [ 40.696924][ T3531] x64_sys_call+0x1945/0x2e10 [ 40.696948][ T3531] do_syscall_64+0xc9/0x1a0 [ 40.696974][ T3531] ? clear_bhb_loop+0x25/0x80 [ 40.696996][ T3531] ? clear_bhb_loop+0x25/0x80 [ 40.697042][ T3531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 40.697064][ T3531] RIP: 0033:0x7fe21d30e9a3 [ 40.697080][ T3531] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7 [ 40.697098][ T3531] RSP: 002b:00007fe21b955e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 40.697118][ T3531] RAX: ffffffffffffffda RBX: 0000000000000302 RCX: 00007fe21d30e9a3 [ 40.697131][ T3531] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000 [ 40.697143][ T3531] RBP: 0000200000000442 R08: 00000000ffffffff R09: 0000000000000000 [ 40.697155][ T3531] R10: 0000000000000022 R11: 0000000000000246 R12: 000000000000000a [ 40.697167][ T3531] R13: 00007fe21b955ef0 R14: 00007fe21b955eb0 R15: 0000200000000240 [ 40.697185][ T3531] [ 40.947528][ T3303] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 40.959704][ T3537] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 40.961175][ T3532] loop2: detected capacity change from 0 to 128 [ 40.988907][ T3532] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 41.006675][ T3532] ext4 filesystem being mounted at /5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 41.043770][ T3540] loop4: detected capacity change from 0 to 512 [ 41.079818][ T3540] EXT4-fs: Ignoring removed nobh option [ 41.097677][ T3540] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 41.165310][ T3540] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #16: comm syz.4.31: corrupted inode contents [ 41.189112][ T3540] EXT4-fs (loop4): Remounting filesystem read-only [ 41.206813][ T3540] EXT4-fs (loop4): 1 truncate cleaned up [ 41.229982][ T296] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 41.241637][ T296] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 41.260288][ T3540] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.300054][ T3540] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.314304][ T296] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 41.336408][ T3311] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 41.346073][ T3540] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.348468][ T3552] lo speed is unknown, defaulting to 1000 [ 41.492861][ T3559] loop4: detected capacity change from 0 to 512 [ 41.516283][ T3559] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 41.572537][ T3559] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.588361][ T3564] loop2: detected capacity change from 0 to 512 [ 41.597414][ T3564] EXT4-fs: Ignoring removed nobh option [ 41.613943][ T3559] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.655986][ T3559] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.661495][ T3544] loop3: detected capacity change from 0 to 2048 [ 41.712850][ T3564] EXT4-fs error (device loop2): ext4_do_update_inode:5211: inode #16: comm syz.2.39: corrupted inode contents [ 41.730169][ T3571] loop0: detected capacity change from 0 to 512 [ 41.763831][ T3564] EXT4-fs (loop2): Remounting filesystem read-only [ 41.802074][ T3564] EXT4-fs (loop2): 1 truncate cleaned up [ 41.814163][ T3571] EXT4-fs: Ignoring removed nobh option [ 41.821503][ T121] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 41.832653][ T121] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 41.850605][ T3564] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.879953][ T3564] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.901765][ T3575] loop4: detected capacity change from 0 to 128 [ 41.913301][ T3575] FAT-fs (loop4): Directory bread(block 32) failed [ 41.922590][ T3571] EXT4-fs error (device loop0): ext4_do_update_inode:5211: inode #16: comm syz.0.41: corrupted inode contents [ 41.935252][ T3575] FAT-fs (loop4): Directory bread(block 33) failed [ 41.940175][ T121] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 41.942412][ T3575] FAT-fs (loop4): Directory bread(block 34) failed [ 41.960725][ T3564] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.970283][ T3571] EXT4-fs (loop0): Remounting filesystem read-only [ 41.976940][ T3571] EXT4-fs (loop0): 1 truncate cleaned up [ 41.990302][ T121] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 41.991298][ T3575] FAT-fs (loop4): Directory bread(block 35) failed [ 42.001073][ T121] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 42.010519][ T3571] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.036888][ T3575] FAT-fs (loop4): Directory bread(block 36) failed [ 42.043533][ T3575] FAT-fs (loop4): Directory bread(block 37) failed [ 42.049975][ T121] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 42.070362][ T3575] FAT-fs (loop4): Directory bread(block 38) failed [ 42.076976][ T3575] FAT-fs (loop4): Directory bread(block 39) failed [ 42.094498][ T3575] FAT-fs (loop4): Directory bread(block 40) failed [ 42.101243][ T3571] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.120000][ T3575] FAT-fs (loop4): Directory bread(block 41) failed [ 42.181949][ T3571] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.207053][ T3564] loop2: detected capacity change from 0 to 512 [ 42.236074][ T3564] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 42.276138][ T3575] syz.4.42: attempt to access beyond end of device [ 42.276138][ T3575] loop4: rw=0, sector=4108, nr_sectors = 4 limit=128 [ 42.303003][ T3575] FAT-fs (loop4): Filesystem has been set read-only [ 42.309800][ T3575] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 42.321367][ T3575] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 42.330164][ T3564] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.349971][ T3564] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.363250][ T3584] loop0: detected capacity change from 0 to 512 [ 42.370870][ T3564] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.390198][ T3584] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 42.455575][ T3584] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.489467][ T3382] IPVS: starting estimator thread 0... [ 42.536952][ T3584] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.558310][ T3584] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.601057][ T3592] IPVS: using max 2448 ests per chain, 122400 per kthread [ 42.691752][ T3593] 9pnet_fd: Insufficient options for proto=fd [ 42.788099][ T3593] netlink: 356 bytes leftover after parsing attributes in process `syz.3.43'. [ 42.797111][ T3593] netlink: 356 bytes leftover after parsing attributes in process `syz.3.43'. [ 42.936811][ T3606] netlink: 16 bytes leftover after parsing attributes in process `syz.3.49'. [ 42.976849][ T3606] syzkaller0: entered allmulticast mode [ 43.003888][ T3605] syzkaller0: left allmulticast mode [ 43.053107][ T3610] netlink: 16 bytes leftover after parsing attributes in process `syz.2.51'. [ 43.064630][ T3610] syzkaller0: entered allmulticast mode [ 43.071953][ T3608] syzkaller0: left allmulticast mode [ 43.105508][ T3614] FAULT_INJECTION: forcing a failure. [ 43.105508][ T3614] name failslab, interval 1, probability 0, space 0, times 0 [ 43.118269][ T3614] CPU: 0 UID: 0 PID: 3614 Comm: syz.3.52 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 43.118321][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 43.118336][ T3614] Call Trace: [ 43.118342][ T3614] [ 43.118350][ T3614] dump_stack_lvl+0xf6/0x150 [ 43.118450][ T3614] dump_stack+0x15/0x1a [ 43.118469][ T3614] should_fail_ex+0x261/0x270 [ 43.118493][ T3614] should_failslab+0x8f/0xb0 [ 43.118541][ T3614] kmem_cache_alloc_noprof+0x59/0x340 [ 43.118643][ T3614] ? security_file_alloc+0x32/0x100 [ 43.118700][ T3614] security_file_alloc+0x32/0x100 [ 43.118754][ T3614] init_file+0x5e/0x1e0 [ 43.118782][ T3614] alloc_empty_file+0x8e/0x200 [ 43.118826][ T3614] path_openat+0x6f/0x2000 [ 43.118861][ T3614] ? _parse_integer_limit+0x167/0x180 [ 43.118891][ T3614] ? kstrtoull+0x115/0x140 [ 43.118914][ T3614] ? kstrtouint+0x7b/0xc0 [ 43.118936][ T3614] do_filp_open+0x115/0x240 [ 43.118995][ T3614] do_sys_openat2+0xaa/0x110 [ 43.119103][ T3614] __x64_sys_openat+0xf8/0x120 [ 43.119139][ T3614] x64_sys_call+0x1ac/0x2e10 [ 43.119188][ T3614] do_syscall_64+0xc9/0x1a0 [ 43.119218][ T3614] ? clear_bhb_loop+0x25/0x80 [ 43.119264][ T3614] ? clear_bhb_loop+0x25/0x80 [ 43.119290][ T3614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 43.119349][ T3614] RIP: 0033:0x7fda2436e969 [ 43.119367][ T3614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 43.119388][ T3614] RSP: 002b:00007fda229d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 43.119410][ T3614] RAX: ffffffffffffffda RBX: 00007fda24595fa0 RCX: 00007fda2436e969 [ 43.119424][ T3614] RDX: 0000000000005400 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 43.119435][ T3614] RBP: 00007fda229d7090 R08: 0000000000000000 R09: 0000000000000000 [ 43.119446][ T3614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 43.119536][ T3614] R13: 0000000000000000 R14: 00007fda24595fa0 R15: 00007ffe0bbaa558 [ 43.119555][ T3614] [ 43.580635][ T3623] FAULT_INJECTION: forcing a failure. [ 43.580635][ T3623] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 43.594560][ T3623] CPU: 1 UID: 0 PID: 3623 Comm: syz.3.55 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 43.594649][ T3623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 43.594662][ T3623] Call Trace: [ 43.594669][ T3623] [ 43.594676][ T3623] dump_stack_lvl+0xf6/0x150 [ 43.594702][ T3623] dump_stack+0x15/0x1a [ 43.594717][ T3623] should_fail_ex+0x261/0x270 [ 43.594740][ T3623] should_fail+0xb/0x10 [ 43.594758][ T3623] should_fail_usercopy+0x1a/0x20 [ 43.594823][ T3623] _copy_to_user+0x20/0xa0 [ 43.594852][ T3623] __se_sys_move_pages+0xfd3/0x1390 [ 43.594894][ T3623] __x64_sys_move_pages+0x78/0x90 [ 43.594925][ T3623] x64_sys_call+0x2ba3/0x2e10 [ 43.595026][ T3623] do_syscall_64+0xc9/0x1a0 [ 43.595051][ T3623] ? clear_bhb_loop+0x25/0x80 [ 43.595076][ T3623] ? clear_bhb_loop+0x25/0x80 [ 43.595102][ T3623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 43.595127][ T3623] RIP: 0033:0x7fda2436e969 [ 43.595144][ T3623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 43.595195][ T3623] RSP: 002b:00007fda229d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 43.595217][ T3623] RAX: ffffffffffffffda RBX: 00007fda24595fa0 RCX: 00007fda2436e969 [ 43.595231][ T3623] RDX: 0000200000000080 RSI: 0000000000001efe RDI: 0000000000000000 [ 43.595245][ T3623] RBP: 00007fda229d7090 R08: 0000200000000040 R09: 0000000000000000 [ 43.595259][ T3623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 43.595353][ T3623] R13: 0000000000000000 R14: 00007fda24595fa0 R15: 00007ffe0bbaa558 [ 43.595375][ T3623] [ 43.789442][ T29] kauditd_printk_skb: 293 callbacks suppressed [ 43.789458][ T29] audit: type=1400 audit(1745492087.210:411): avc: denied { write } for pid=3627 comm="syz.4.58" name="001" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 43.813389][ T3628] hub 9-0:1.0: USB hub found [ 43.840249][ T29] audit: type=1400 audit(1745492087.250:412): avc: denied { execmem } for pid=3624 comm="syz.1.57" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.914768][ T3628] hub 9-0:1.0: 8 ports detected [ 44.023323][ T3632] 9pnet_fd: Insufficient options for proto=fd [ 44.042113][ T3632] netlink: 356 bytes leftover after parsing attributes in process `syz.2.59'. [ 44.051103][ T3632] netlink: 356 bytes leftover after parsing attributes in process `syz.2.59'. [ 44.101610][ T3633] hub 2-0:1.0: USB hub found [ 44.106589][ T3633] hub 2-0:1.0: 8 ports detected [ 44.241659][ T3635] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 44.366551][ T29] audit: type=1400 audit(1745492087.780:413): avc: denied { create } for pid=3637 comm="syz.0.60" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 44.631238][ T3641] loop3: detected capacity change from 0 to 512 [ 44.720120][ T29] audit: type=1400 audit(1745492087.830:414): avc: denied { create } for pid=3637 comm="syz.0.60" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 44.740114][ T29] audit: type=1400 audit(1745492088.110:415): avc: denied { connect } for pid=3637 comm="syz.0.60" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 44.759826][ T29] audit: type=1400 audit(1745492088.110:416): avc: denied { shutdown } for pid=3637 comm="syz.0.60" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 44.779342][ T29] audit: type=1400 audit(1745492088.120:417): avc: denied { watch } for pid=3637 comm="syz.0.60" path="/12/file0" dev="tmpfs" ino=81 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 44.891590][ T3644] netlink: 16 bytes leftover after parsing attributes in process `syz.2.63'. [ 44.935801][ T3644] syzkaller0: entered allmulticast mode [ 44.966265][ T3643] syzkaller0: left allmulticast mode [ 45.147173][ T3641] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.188104][ T29] audit: type=1326 audit(1745492088.470:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3647 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd380e969 code=0x7ffc0000 [ 45.211484][ T29] audit: type=1326 audit(1745492088.470:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3647 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd380e969 code=0x7ffc0000 [ 45.234698][ T29] audit: type=1326 audit(1745492088.470:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3647 comm="syz.4.64" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7fabd380e969 code=0x7ffc0000 [ 45.318057][ T3641] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.369520][ T3658] 9pnet_fd: Insufficient options for proto=fd [ 45.510073][ T3663] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 45.725873][ T3641] netlink: 'syz.3.61': attribute type 3 has an invalid length. [ 45.818935][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.830846][ T3673] loop2: detected capacity change from 0 to 2048 [ 45.837498][ T3673] EXT4-fs: Ignoring removed i_version option [ 45.906733][ T3673] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.050654][ T3673] SELinux: security_context_str_to_sid (defcontext) failed with errno=-22 [ 46.082935][ T3673] SELinux: security_context_str_to_sid (defcontext) failed with errno=-22 [ 46.091539][ T3697] netlink: 16 bytes leftover after parsing attributes in process `syz.0.74'. [ 46.141223][ T3697] syzkaller0: entered allmulticast mode [ 46.144478][ T3702] netlink: 12 bytes leftover after parsing attributes in process `syz.4.75'. [ 46.157867][ T3695] syzkaller0: left allmulticast mode [ 46.321563][ T3698] loop3: detected capacity change from 0 to 2048 [ 46.370799][ T3719] loop0: detected capacity change from 0 to 512 [ 46.389898][ T3719] EXT4-fs: Ignoring removed nobh option [ 46.418831][ T3673] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 1 with max blocks 1 with error 28 [ 46.431146][ T3673] EXT4-fs (loop2): This should not happen!! Data will be lost [ 46.431146][ T3673] [ 46.440831][ T3673] EXT4-fs (loop2): Total free blocks count 0 [ 46.445036][ T3721] loop4: detected capacity change from 0 to 2048 [ 46.446884][ T3673] EXT4-fs (loop2): Free/Dirty block details [ 46.446941][ T3673] EXT4-fs (loop2): free_blocks=0 [ 46.446953][ T3673] EXT4-fs (loop2): dirty_blocks=0 [ 46.446964][ T3673] EXT4-fs (loop2): Block reservation details [ 46.475836][ T3673] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 46.540094][ T3719] EXT4-fs error (device loop0): ext4_do_update_inode:5211: inode #16: comm syz.0.78: corrupted inode contents [ 46.609779][ T3721] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.623339][ T3719] EXT4-fs (loop0): Remounting filesystem read-only [ 46.631888][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.652683][ T3719] EXT4-fs (loop0): 1 truncate cleaned up [ 46.658826][ T3719] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.672325][ T37] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 46.683141][ T37] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 46.732448][ T3721] FAULT_INJECTION: forcing a failure. [ 46.732448][ T3721] name failslab, interval 1, probability 0, space 0, times 0 [ 46.745553][ T3721] CPU: 0 UID: 0 PID: 3721 Comm: syz.4.79 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 46.745580][ T3721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 46.745653][ T3721] Call Trace: [ 46.745661][ T3721] [ 46.745671][ T3721] dump_stack_lvl+0xf6/0x150 [ 46.745699][ T3721] dump_stack+0x15/0x1a [ 46.745716][ T3721] should_fail_ex+0x261/0x270 [ 46.745739][ T3721] should_failslab+0x8f/0xb0 [ 46.745760][ T3721] kmem_cache_alloc_noprof+0x59/0x340 [ 46.745801][ T3721] ? __es_insert_extent+0x563/0xed0 [ 46.745828][ T3721] __es_insert_extent+0x563/0xed0 [ 46.745849][ T3721] ? mod_objcg_state+0x3f6/0x530 [ 46.746061][ T3721] ext4_es_insert_delayed_extent+0x316/0x8b0 [ 46.746094][ T3721] ext4_da_get_block_prep+0x7a1/0xbb0 [ 46.746120][ T3721] ext4_block_write_begin+0x350/0x9d0 [ 46.746209][ T3721] ? __pfx_ext4_da_get_block_prep+0x10/0x10 [ 46.746262][ T3721] ext4_generic_write_inline_data+0x2c7/0x750 [ 46.746300][ T3721] ext4_da_write_begin+0x2a3/0x590 [ 46.746337][ T3721] generic_perform_write+0x189/0x4b0 [ 46.746449][ T3721] ext4_buffered_write_iter+0x1ed/0x3c0 [ 46.746472][ T3721] ext4_file_write_iter+0x3b2/0xf80 [ 46.746498][ T3721] ? 0xffffffff81000000 [ 46.746513][ T3721] ? __rcu_read_unlock+0x4e/0x70 [ 46.746613][ T3721] ? avc_policy_seqno+0x15/0x20 [ 46.746639][ T3721] ? selinux_file_permission+0x22d/0x360 [ 46.746661][ T3721] vfs_write+0x79b/0x950 [ 46.746678][ T3721] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 46.746706][ T3721] __x64_sys_pwrite64+0xfb/0x150 [ 46.746728][ T3721] x64_sys_call+0xab9/0x2e10 [ 46.746795][ T3721] do_syscall_64+0xc9/0x1a0 [ 46.746826][ T3721] ? clear_bhb_loop+0x25/0x80 [ 46.746847][ T3721] ? clear_bhb_loop+0x25/0x80 [ 46.746866][ T3721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 46.746896][ T3721] RIP: 0033:0x7fabd380e969 [ 46.746913][ T3721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 46.746934][ T3721] RSP: 002b:00007fabd1e77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 46.746976][ T3721] RAX: ffffffffffffffda RBX: 00007fabd3a35fa0 RCX: 00007fabd380e969 [ 46.746990][ T3721] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000007 [ 46.747004][ T3721] RBP: 00007fabd1e77090 R08: 0000000000000000 R09: 0000000000000000 [ 46.747015][ T3721] R10: 0000000000009000 R11: 0000000000000246 R12: 0000000000000001 [ 46.747093][ T3721] R13: 0000000000000000 R14: 00007fabd3a35fa0 R15: 00007ffff3299fb8 [ 46.747115][ T3721] [ 46.799985][ T37] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 46.812253][ T3719] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.074439][ T3719] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.149514][ T3732] Driver unsupported XDP return value 0 on prog (id 66) dev N/A, expect packet loss! [ 47.265886][ T3733] hub 2-0:1.0: USB hub found [ 47.270959][ T3733] hub 2-0:1.0: 8 ports detected [ 47.378683][ T296] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 47.563456][ T296] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 47.575904][ T296] EXT4-fs (loop4): This should not happen!! Data will be lost [ 47.575904][ T296] [ 47.585654][ T296] EXT4-fs (loop4): Total free blocks count 0 [ 47.591818][ T296] EXT4-fs (loop4): Free/Dirty block details [ 47.597722][ T296] EXT4-fs (loop4): free_blocks=2415919104 [ 47.603700][ T296] EXT4-fs (loop4): dirty_blocks=2592 [ 47.609127][ T296] EXT4-fs (loop4): Block reservation details [ 47.615153][ T296] EXT4-fs (loop4): i_reserved_data_blocks=162 [ 47.671594][ T3719] loop0: detected capacity change from 0 to 512 [ 47.786512][ T3719] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 47.928803][ T31] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 47.967328][ T3719] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.066027][ T3719] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.175664][ T3719] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.189385][ T3749] loop4: detected capacity change from 0 to 512 [ 48.244976][ T3749] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.282238][ T3749] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.331292][ T3749] EXT4-fs (loop4): shut down requested (0) [ 48.341595][ T3749] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 48.381088][ T3749] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 48.443335][ T3749] netlink: 'syz.4.83': attribute type 3 has an invalid length. [ 48.533395][ T3761] loop0: detected capacity change from 0 to 512 [ 48.563629][ T3762] 9pnet_fd: Insufficient options for proto=fd [ 48.582872][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.616365][ T3762] netlink: 356 bytes leftover after parsing attributes in process `syz.2.86'. [ 48.625539][ T3762] netlink: 356 bytes leftover after parsing attributes in process `syz.2.86'. [ 48.669778][ T3764] program syz.3.91 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 48.737989][ T3769] loop4: detected capacity change from 0 to 1024 [ 48.746906][ T3770] loop0: detected capacity change from 0 to 1024 [ 48.811541][ T3770] Falling back ldisc for ttyS3. [ 48.819168][ T3770] ucma_write: process 50 (syzkaller) changed security contexts after opening file descriptor, this is not allowed. [ 48.835285][ T3769] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.862687][ T3769] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 48.895660][ T3769] EXT4-fs (loop4): Remounting filesystem read-only [ 48.906970][ T3787] loop0: detected capacity change from 0 to 512 [ 48.914827][ T3787] EXT4-fs: Ignoring removed nobh option [ 48.926005][ T29] kauditd_printk_skb: 131 callbacks suppressed [ 48.926032][ T29] audit: type=1400 audit(1745492092.350:546): avc: denied { setcheckreqprot } for pid=3788 comm="syz.1.98" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 48.992200][ T3787] EXT4-fs error (device loop0): ext4_do_update_inode:5211: inode #16: comm syz.0.97: corrupted inode contents [ 49.005784][ T3769] EXT4-fs (loop4): error restoring inline_data for inode -- potential data loss! (inode 15, error -30) [ 49.022611][ T3797] netlink: 156 bytes leftover after parsing attributes in process `syz.1.99'. [ 49.043644][ T3797] netlink: 24 bytes leftover after parsing attributes in process `syz.1.99'. [ 49.057002][ T3802] syzkaller0: entered allmulticast mode [ 49.065663][ T3787] EXT4-fs (loop0): Remounting filesystem read-only [ 49.078216][ T3769] ieee802154 phy0 wpan0: encryption failed: -22 [ 49.084699][ T29] audit: type=1400 audit(1745492092.500:547): avc: denied { write } for pid=3768 comm="syz.4.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 49.105481][ T3787] EXT4-fs (loop0): 1 truncate cleaned up [ 49.111527][ T3787] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.125068][ T3787] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.125834][ T51] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 49.136110][ T3787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.146199][ T51] Quota error (device loop0): write_blk: dquota write failed [ 49.157834][ T29] audit: type=1400 audit(1745492092.590:548): avc: denied { name_bind } for pid=3796 comm="syz.1.99" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 49.162906][ T51] Quota error (device loop0): remove_free_dqentry: Can't write block (5) with free entries [ 49.162931][ T51] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 49.205808][ T51] Quota error (device loop0): write_blk: dquota write failed [ 49.213347][ T51] Quota error (device loop0): free_dqentry: Can't move quota data block (5) to free list [ 49.230059][ T3801] syzkaller0: left allmulticast mode [ 49.235673][ T51] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 49.245853][ T51] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 49.277190][ T51] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 49.281829][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.301322][ T3797] loop1: detected capacity change from 0 to 512 [ 49.304351][ T29] audit: type=1400 audit(1745492092.700:549): avc: denied { sqpoll } for pid=3796 comm="syz.1.99" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 49.352755][ T3797] EXT4-fs error (device loop1): ext4_iget_extra_inode:4693: inode #15: comm syz.1.99: corrupted in-inode xattr: invalid ea_ino [ 49.370203][ T3797] EXT4-fs error (device loop1): ext4_orphan_get:1395: comm syz.1.99: couldn't read orphan inode 15 (err -117) [ 49.400136][ T3816] loop2: detected capacity change from 0 to 512 [ 49.408990][ T3816] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 49.418515][ T3816] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 49.430006][ T3797] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.445852][ T3823] loop0: detected capacity change from 0 to 512 [ 49.456050][ T3823] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 49.492614][ T3816] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 49.494825][ T3820] loop4: detected capacity change from 0 to 512 [ 49.508590][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.519549][ T3816] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 49.534350][ T3816] System zones: 0-2, 18-18, 34-34 [ 49.543584][ T3820] EXT4-fs warning (device loop4): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 49.558530][ T3816] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1132: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 49.580180][ T3823] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.593845][ T3820] EXT4-fs (loop4): mount failed [ 49.647365][ T3823] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.689811][ T3823] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.701513][ T3816] EXT4-fs (loop2): 1 truncate cleaned up [ 49.707750][ T3816] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.743791][ T3840] loop4: detected capacity change from 0 to 512 [ 49.754851][ T3840] EXT4-fs: Ignoring removed nobh option [ 49.786352][ T3837] ªªªªªª: renamed from vlan0 (while UP) [ 49.805103][ T3842] syz.1.107 (3842) used greatest stack depth: 10104 bytes left [ 49.859259][ T3840] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #16: comm syz.4.106: corrupted inode contents [ 49.881058][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.941150][ T3840] EXT4-fs (loop4): Remounting filesystem read-only [ 49.948968][ T3840] EXT4-fs (loop4): 1 truncate cleaned up [ 49.958332][ T3840] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.970545][ T3380] IPVS: starting estimator thread 0... [ 49.977190][ T51] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 49.988466][ T51] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 49.988619][ T3840] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.007673][ T51] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 50.031934][ T3855] loop3: detected capacity change from 0 to 1764 [ 50.062775][ T3855] netlink: 40 bytes leftover after parsing attributes in process `syz.3.111'. [ 50.077198][ T3840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.090333][ T3860] syzkaller0: entered allmulticast mode [ 50.091092][ T3856] IPVS: using max 2496 ests per chain, 124800 per kthread [ 50.103677][ T3859] syzkaller0: left allmulticast mode [ 50.111232][ T3861] 9pnet_fd: Insufficient options for proto=fd [ 50.148671][ T3861] netlink: 356 bytes leftover after parsing attributes in process `syz.0.110'. [ 50.157741][ T3861] netlink: 356 bytes leftover after parsing attributes in process `syz.0.110'. [ 50.234376][ T3866] loop4: detected capacity change from 0 to 512 [ 50.246849][ T3868] netlink: 156 bytes leftover after parsing attributes in process `syz.2.115'. [ 50.280903][ T3866] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 50.332650][ T3868] netlink: 24 bytes leftover after parsing attributes in process `syz.2.115'. [ 50.379633][ T3870] loop2: detected capacity change from 0 to 512 [ 50.473740][ T3875] loop3: detected capacity change from 0 to 1024 [ 50.523765][ T3875] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869) [ 50.533433][ T3875] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 50.545164][ T3875] EXT4-fs (loop3): invalid journal inode [ 50.553296][ T3866] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.585772][ T3870] EXT4-fs error (device loop2): ext4_iget_extra_inode:4693: inode #15: comm syz.2.115: corrupted in-inode xattr: invalid ea_ino [ 50.664584][ T3866] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.691225][ T3870] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.115: couldn't read orphan inode 15 (err -117) [ 50.765325][ T3869] loop3: detected capacity change from 0 to 256 [ 50.778274][ T3866] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.787942][ T3870] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.830674][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.859400][ T3884] program syz.0.117 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 51.001439][ T3892] FAULT_INJECTION: forcing a failure. [ 51.001439][ T3892] name failslab, interval 1, probability 0, space 0, times 0 [ 51.014145][ T3892] CPU: 0 UID: 0 PID: 3892 Comm: syz.2.121 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 51.014234][ T3892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 51.014245][ T3892] Call Trace: [ 51.014252][ T3892] [ 51.014261][ T3892] dump_stack_lvl+0xf6/0x150 [ 51.014284][ T3892] dump_stack+0x15/0x1a [ 51.014303][ T3892] should_fail_ex+0x261/0x270 [ 51.014402][ T3892] should_failslab+0x8f/0xb0 [ 51.014427][ T3892] __kmalloc_node_track_caller_noprof+0xaa/0x410 [ 51.014457][ T3892] ? sidtab_sid2str_get+0xb8/0x140 [ 51.014478][ T3892] ? vsnprintf+0x84d/0x8a0 [ 51.014545][ T3892] kmemdup_noprof+0x2b/0x70 [ 51.014580][ T3892] sidtab_sid2str_get+0xb8/0x140 [ 51.014604][ T3892] security_sid_to_context_core+0x1eb/0x2f0 [ 51.014661][ T3892] security_sid_to_context+0x27/0x30 [ 51.014698][ T3892] selinux_lsmprop_to_secctx+0x6c/0xf0 [ 51.014722][ T3892] security_lsmprop_to_secctx+0x40/0x80 [ 51.014762][ T3892] audit_log_task_context+0x7a/0x180 [ 51.014801][ T3892] audit_log_task+0xfb/0x250 [ 51.014825][ T3892] ? kstrtouint+0x7b/0xc0 [ 51.014859][ T3892] audit_seccomp+0x62/0x100 [ 51.014893][ T3892] __seccomp_filter+0x694/0x10e0 [ 51.014919][ T3892] ? vfs_write+0x669/0x950 [ 51.014941][ T3892] ? putname+0xe1/0x100 [ 51.014972][ T3892] __secure_computing+0x7e/0x150 [ 51.014997][ T3892] syscall_trace_enter+0xcf/0x1f0 [ 51.015024][ T3892] ? fpregs_assert_state_consistent+0x83/0xa0 [ 51.015061][ T3892] do_syscall_64+0xaa/0x1a0 [ 51.015089][ T3892] ? clear_bhb_loop+0x25/0x80 [ 51.015114][ T3892] ? clear_bhb_loop+0x25/0x80 [ 51.015141][ T3892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.015175][ T3892] RIP: 0033:0x7f0cb1f0e969 [ 51.015190][ T3892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.015206][ T3892] RSP: 002b:00007f0cb0577038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 51.015223][ T3892] RAX: ffffffffffffffda RBX: 00007f0cb2135fa0 RCX: 00007f0cb1f0e969 [ 51.015234][ T3892] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000008 [ 51.015279][ T3892] RBP: 00007f0cb0577090 R08: 0000000000000000 R09: 0000000000000000 [ 51.015293][ T3892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 51.015306][ T3892] R13: 0000000000000000 R14: 00007f0cb2135fa0 R15: 00007fff344e29a8 [ 51.015326][ T3892] [ 51.018169][ T3894] loop0: detected capacity change from 0 to 512 [ 51.322043][ T3900] netlink: 8 bytes leftover after parsing attributes in process `syz.2.124'. [ 51.364283][ T3894] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.418362][ T3894] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.431210][ T3909] FAULT_INJECTION: forcing a failure. [ 51.431210][ T3909] name failslab, interval 1, probability 0, space 0, times 0 [ 51.443948][ T3909] CPU: 0 UID: 0 PID: 3909 Comm: syz.1.127 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 51.444000][ T3909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 51.444012][ T3909] Call Trace: [ 51.444019][ T3909] [ 51.444026][ T3909] dump_stack_lvl+0xf6/0x150 [ 51.444105][ T3909] dump_stack+0x15/0x1a [ 51.444146][ T3909] should_fail_ex+0x261/0x270 [ 51.444174][ T3909] should_failslab+0x8f/0xb0 [ 51.444195][ T3909] __kmalloc_noprof+0xad/0x410 [ 51.444257][ T3909] ? bpf_test_init+0xa9/0x160 [ 51.444387][ T3909] bpf_test_init+0xa9/0x160 [ 51.444481][ T3909] bpf_prog_test_run_xdp+0x31f/0x8e0 [ 51.444500][ T3909] ? kstrtouint_from_user+0xbf/0x100 [ 51.444525][ T3909] ? __rcu_read_unlock+0x4e/0x70 [ 51.444553][ T3909] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 51.444578][ T3909] bpf_prog_test_run+0x20e/0x3a0 [ 51.444656][ T3909] __sys_bpf+0x440/0x800 [ 51.444695][ T3909] __x64_sys_bpf+0x43/0x50 [ 51.444717][ T3909] x64_sys_call+0x23da/0x2e10 [ 51.444744][ T3909] do_syscall_64+0xc9/0x1a0 [ 51.444777][ T3909] ? clear_bhb_loop+0x25/0x80 [ 51.444803][ T3909] ? clear_bhb_loop+0x25/0x80 [ 51.444840][ T3909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.444865][ T3909] RIP: 0033:0x7fe21d30e969 [ 51.444880][ T3909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.444897][ T3909] RSP: 002b:00007fe21b977038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 51.444914][ T3909] RAX: ffffffffffffffda RBX: 00007fe21d535fa0 RCX: 00007fe21d30e969 [ 51.444990][ T3909] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 51.445004][ T3909] RBP: 00007fe21b977090 R08: 0000000000000000 R09: 0000000000000000 [ 51.445017][ T3909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 51.445031][ T3909] R13: 0000000000000000 R14: 00007fe21d535fa0 R15: 00007ffd4066d5b8 [ 51.445052][ T3909] [ 51.650705][ T3912] 9pnet_fd: Insufficient options for proto=fd [ 51.658721][ T3912] netlink: 356 bytes leftover after parsing attributes in process `syz.2.126'. [ 51.667760][ T3912] netlink: 356 bytes leftover after parsing attributes in process `syz.2.126'. [ 51.690999][ T3894] EXT4-fs (loop0): shut down requested (0) [ 51.702580][ T3894] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 51.712122][ T3894] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 51.746188][ T3894] netlink: 'syz.0.122': attribute type 3 has an invalid length. [ 51.792348][ T3916] netlink: 8 bytes leftover after parsing attributes in process `syz.4.129'. [ 51.810656][ T3916] capability: warning: `syz.4.129' uses deprecated v2 capabilities in a way that may be insecure [ 51.830642][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.897954][ T3919] loop0: detected capacity change from 0 to 512 [ 51.920466][ T3919] EXT4-fs: Ignoring removed nobh option [ 52.035158][ T3919] EXT4-fs error (device loop0): ext4_do_update_inode:5211: inode #16: comm syz.0.130: corrupted inode contents [ 52.069534][ T3931] loop2: detected capacity change from 0 to 512 [ 52.089979][ T3919] EXT4-fs (loop0): Remounting filesystem read-only [ 52.103404][ T3935] netlink: 156 bytes leftover after parsing attributes in process `syz.3.137'. [ 52.116388][ T3919] EXT4-fs (loop0): 1 truncate cleaned up [ 52.119010][ T3931] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.129015][ T3919] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.138078][ T3931] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.159261][ T37] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 52.162896][ T3935] loop3: detected capacity change from 0 to 512 [ 52.169854][ T37] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 52.188605][ T37] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 52.191270][ T3919] ext4 filesystem being mounted at /26/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.216411][ T3919] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.217126][ T3931] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 52.240382][ T3935] EXT4-fs error (device loop3): ext4_iget_extra_inode:4693: inode #15: comm syz.3.137: corrupted in-inode xattr: invalid ea_ino [ 52.253748][ T3931] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 33 with error 28 [ 52.254804][ T3935] EXT4-fs error (device loop3): ext4_orphan_get:1395: comm syz.3.137: couldn't read orphan inode 15 (err -117) [ 52.266285][ T3931] EXT4-fs (loop2): This should not happen!! Data will be lost [ 52.266285][ T3931] [ 52.266329][ T3931] EXT4-fs (loop2): Total free blocks count 0 [ 52.266340][ T3931] EXT4-fs (loop2): Free/Dirty block details [ 52.280507][ T3935] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.288373][ T3931] EXT4-fs (loop2): free_blocks=65280 [ 52.318298][ T3931] EXT4-fs (loop2): dirty_blocks=33 [ 52.323542][ T3931] EXT4-fs (loop2): Block reservation details [ 52.329568][ T3931] EXT4-fs (loop2): i_reserved_data_blocks=33 [ 52.338288][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.396494][ T3948] loop3: detected capacity change from 0 to 128 [ 52.406210][ T3947] loop4: detected capacity change from 0 to 512 [ 52.406252][ T3931] syz.2.134 (3931) used greatest stack depth: 9592 bytes left [ 52.421774][ T3950] loop0: detected capacity change from 0 to 512 [ 52.431915][ T3950] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 52.461028][ T3948] FAT-fs (loop3): Directory bread(block 32) failed [ 52.467771][ T3948] FAT-fs (loop3): Directory bread(block 33) failed [ 52.476112][ T3947] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.479066][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.491687][ T3947] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.509663][ T3948] FAT-fs (loop3): Directory bread(block 34) failed [ 52.516550][ T3948] FAT-fs (loop3): Directory bread(block 35) failed [ 52.521187][ T3950] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.523372][ T3948] FAT-fs (loop3): Directory bread(block 36) failed [ 52.537250][ T3947] EXT4-fs (loop4): shut down requested (0) [ 52.542118][ T3948] FAT-fs (loop3): Directory bread(block 37) failed [ 52.549473][ T3957] FAULT_INJECTION: forcing a failure. [ 52.549473][ T3957] name failslab, interval 1, probability 0, space 0, times 0 [ 52.554456][ T3948] FAT-fs (loop3): Directory bread(block 38) failed [ 52.567084][ T3957] CPU: 0 UID: 0 PID: 3957 Comm: syz.1.143 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 52.567122][ T3957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 52.567139][ T3957] Call Trace: [ 52.567148][ T3957] [ 52.567159][ T3957] dump_stack_lvl+0xf6/0x150 [ 52.567191][ T3957] dump_stack+0x15/0x1a [ 52.567268][ T3957] should_fail_ex+0x261/0x270 [ 52.567298][ T3957] should_failslab+0x8f/0xb0 [ 52.567327][ T3957] __kmalloc_noprof+0xad/0x410 [ 52.567361][ T3957] ? bpf_test_init+0xa9/0x160 [ 52.567466][ T3957] bpf_test_init+0xa9/0x160 [ 52.567560][ T3957] bpf_prog_test_run_xdp+0x31f/0x8e0 [ 52.567585][ T3957] ? kstrtouint_from_user+0xbf/0x100 [ 52.567703][ T3957] ? __rcu_read_unlock+0x4e/0x70 [ 52.567733][ T3957] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 52.567759][ T3957] bpf_prog_test_run+0x20e/0x3a0 [ 52.567801][ T3957] __sys_bpf+0x440/0x800 [ 52.567908][ T3957] __x64_sys_bpf+0x43/0x50 [ 52.567939][ T3957] x64_sys_call+0x23da/0x2e10 [ 52.567978][ T3957] do_syscall_64+0xc9/0x1a0 [ 52.568017][ T3957] ? clear_bhb_loop+0x25/0x80 [ 52.568103][ T3957] ? clear_bhb_loop+0x25/0x80 [ 52.568131][ T3957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.568274][ T3957] RIP: 0033:0x7fe21d30e969 [ 52.568294][ T3957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.568316][ T3957] RSP: 002b:00007fe21b977038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 52.568339][ T3957] RAX: ffffffffffffffda RBX: 00007fe21d535fa0 RCX: 00007fe21d30e969 [ 52.568423][ T3957] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 52.568438][ T3957] RBP: 00007fe21b977090 R08: 0000000000000000 R09: 0000000000000000 [ 52.568453][ T3957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 52.568467][ T3957] R13: 0000000000000000 R14: 00007fe21d535fa0 R15: 00007ffd4066d5b8 [ 52.568492][ T3957] [ 52.573009][ T3950] ext4 filesystem being mounted at /26/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.574426][ T3948] FAT-fs (loop3): Directory bread(block 39) failed [ 52.596632][ T3950] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.599944][ T3948] FAT-fs (loop3): Directory bread(block 40) failed [ 52.802918][ T3948] FAT-fs (loop3): Directory bread(block 41) failed [ 52.854042][ T3947] netlink: 'syz.4.140': attribute type 3 has an invalid length. [ 52.878598][ T3948] syz.3.138: attempt to access beyond end of device [ 52.878598][ T3948] loop3: rw=0, sector=4108, nr_sectors = 4 limit=128 [ 52.893745][ T3948] FAT-fs (loop3): Filesystem has been set read-only [ 52.901154][ T3948] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 52.920709][ T3948] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 52.928931][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.971498][ T3971] loop3: detected capacity change from 0 to 512 [ 52.989246][ T3971] EXT4-fs error (device loop3): ext4_iget_extra_inode:4693: inode #15: comm syz.3.149: corrupted in-inode xattr: invalid ea_ino [ 53.044477][ T3971] EXT4-fs error (device loop3): ext4_orphan_get:1395: comm syz.3.149: couldn't read orphan inode 15 (err -117) [ 53.082464][ T3971] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.139836][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.224699][ T4001] loop3: detected capacity change from 0 to 128 [ 53.326184][ T4002] hub 2-0:1.0: USB hub found [ 53.331259][ T4002] hub 2-0:1.0: 8 ports detected [ 53.965427][ T3996] loop2: detected capacity change from 0 to 2048 [ 53.979411][ T29] kauditd_printk_skb: 302 callbacks suppressed [ 53.979425][ T29] audit: type=1400 audit(1745492097.410:838): avc: denied { read } for pid=2986 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 54.007661][ T29] audit: type=1400 audit(1745492097.410:839): avc: denied { search } for pid=2986 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 54.029373][ T29] audit: type=1400 audit(1745492097.410:840): avc: denied { open } for pid=2986 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 54.052361][ T29] audit: type=1400 audit(1745492097.410:841): avc: denied { getattr } for pid=2986 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 54.120546][ T4007] FAULT_INJECTION: forcing a failure. [ 54.120546][ T4007] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 54.133885][ T4007] CPU: 0 UID: 0 PID: 4007 Comm: syz.4.160 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 54.133926][ T4007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 54.133939][ T4007] Call Trace: [ 54.133946][ T4007] [ 54.133955][ T4007] dump_stack_lvl+0xf6/0x150 [ 54.133985][ T4007] dump_stack+0x15/0x1a [ 54.134043][ T4007] should_fail_ex+0x261/0x270 [ 54.134067][ T4007] should_fail_alloc_page+0xfd/0x110 [ 54.134129][ T4007] __alloc_frozen_pages_noprof+0x11d/0x360 [ 54.134158][ T4007] alloc_pages_mpol+0xb6/0x260 [ 54.134214][ T4007] alloc_pages_noprof+0xe8/0x130 [ 54.134250][ T4007] pte_alloc_one+0x2f/0x110 [ 54.134294][ T4007] __pte_alloc+0x36/0x2b0 [ 54.134329][ T4007] handle_mm_fault+0x1d69/0x2e80 [ 54.134353][ T4007] ? mas_walk+0x204/0x320 [ 54.134376][ T4007] ? __rcu_read_unlock+0x4e/0x70 [ 54.134409][ T4007] exc_page_fault+0x3b9/0x6a0 [ 54.134511][ T4007] ? do_syscall_64+0xd6/0x1a0 [ 54.134542][ T4007] asm_exc_page_fault+0x26/0x30 [ 54.134560][ T4007] RIP: 0033:0x7fabd36d0d66 [ 54.134580][ T4007] Code: f0 72 6e 48 63 cd 48 01 c1 49 39 4f 08 72 4c 8d 4d ff 85 ed 74 33 66 0f 1f 44 00 00 48 39 f0 72 1b 4d 8b 07 49 89 c1 49 29 f1 <47> 0f b6 0c 08 45 84 c9 74 08 45 88 0c 00 49 8b 47 10 48 83 c0 01 [ 54.134601][ T4007] RSP: 002b:00007fabd1e764a0 EFLAGS: 00010246 [ 54.134619][ T4007] RAX: 0000000000000001 RBX: 00007fabd1e76540 RCX: 0000000000000101 [ 54.134644][ T4007] RDX: 0000000000000030 RSI: 0000000000000001 RDI: 00007fabd1e765e0 [ 54.134658][ T4007] RBP: 0000000000000102 R08: 00007fabc9a57000 R09: 0000000000000000 [ 54.134672][ T4007] R10: 0000000000000000 R11: 00007fabd1e76550 R12: 0000000000000001 [ 54.134686][ T4007] R13: 00007fabd38abfc0 R14: 0000000000000000 R15: 00007fabd1e765e0 [ 54.134707][ T4007] [ 54.134726][ T4007] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 54.299899][ T4001] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0002] [ 54.309163][ T4007] loop4: detected capacity change from 0 to 512 [ 54.362581][ T4001] System zones: 1-3, 19-19, 35-36 [ 54.375057][ T4007] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 54.402991][ T4007] EXT4-fs (loop4): orphan cleanup on readonly fs [ 54.410423][ T4007] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.160: bg 0: block 248: padding at end of block bitmap is not set [ 54.425993][ T4007] Quota error (device loop4): write_blk: dquota write failed [ 54.433616][ T4007] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 54.443600][ T4007] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.160: Failed to acquire dquot type 1 [ 54.456627][ T4007] EXT4-fs (loop4): 1 truncate cleaned up [ 54.462864][ T4007] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 54.477248][ T29] audit: type=1400 audit(1745492097.910:842): avc: denied { mount } for pid=4006 comm="syz.4.160" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 54.501588][ T4001] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 54.524694][ T4007] syz.4.160 (4007) used greatest stack depth: 9456 bytes left [ 54.564838][ T4001] ext4 filesystem being mounted at /29/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 54.597875][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.631075][ T29] audit: type=1400 audit(1745492097.980:843): avc: denied { unmount } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 54.707754][ T29] audit: type=1400 audit(1745492098.130:844): avc: denied { create } for pid=4015 comm="syz.1.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 54.770158][ T4016] syzkaller0: entered allmulticast mode [ 54.790758][ T4015] syzkaller0: left allmulticast mode [ 54.807964][ T29] audit: type=1400 audit(1745492098.160:845): avc: denied { ioctl } for pid=4015 comm="syz.1.164" path="socket:[6329]" dev="sockfs" ino=6329 ioctlcmd=0x89a0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 54.849757][ T4018] syzkaller0: entered allmulticast mode [ 54.888137][ T4017] syzkaller0: left allmulticast mode [ 54.944470][ T4029] loop2: detected capacity change from 0 to 512 [ 55.053981][ T4029] EXT4-fs error (device loop2): ext4_iget_extra_inode:4693: inode #15: comm syz.2.168: corrupted in-inode xattr: invalid ea_ino [ 55.069517][ T4037] loop1: detected capacity change from 0 to 128 [ 55.107549][ T4037] FAT-fs (loop1): Directory bread(block 32) failed [ 55.127049][ T4037] FAT-fs (loop1): Directory bread(block 33) failed [ 55.143246][ T4029] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.168: couldn't read orphan inode 15 (err -117) [ 55.156771][ T4037] FAT-fs (loop1): Directory bread(block 34) failed [ 55.164207][ T4037] FAT-fs (loop1): Directory bread(block 35) failed [ 55.171559][ T4037] FAT-fs (loop1): Directory bread(block 36) failed [ 55.178354][ T4037] FAT-fs (loop1): Directory bread(block 37) failed [ 55.188009][ T4037] FAT-fs (loop1): Directory bread(block 38) failed [ 55.195499][ T4037] FAT-fs (loop1): Directory bread(block 39) failed [ 55.202746][ T4040] loop4: detected capacity change from 0 to 512 [ 55.228022][ T4040] EXT4-fs: Ignoring removed nobh option [ 55.240240][ T3308] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 55.252854][ T4037] FAT-fs (loop1): Directory bread(block 40) failed [ 55.259521][ T4037] FAT-fs (loop1): Directory bread(block 41) failed [ 55.306729][ T4037] syz.1.170: attempt to access beyond end of device [ 55.306729][ T4037] loop1: rw=0, sector=4108, nr_sectors = 4 limit=128 [ 55.321983][ T4029] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.339056][ T4037] FAT-fs (loop1): Filesystem has been set read-only [ 55.376524][ T4040] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #16: comm syz.4.171: corrupted inode contents [ 55.388953][ T4037] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 55.401827][ T4059] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 55.435071][ T4040] EXT4-fs (loop4): Remounting filesystem read-only [ 55.505239][ T4060] hub 2-0:1.0: USB hub found [ 55.510507][ T4060] hub 2-0:1.0: 8 ports detected [ 55.563595][ T4040] EXT4-fs (loop4): 1 truncate cleaned up [ 55.633882][ T4040] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.747178][ T4040] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.773109][ T4068] __nla_validate_parse: 8 callbacks suppressed [ 55.773124][ T4068] netlink: 16 bytes leftover after parsing attributes in process `syz.3.178'. [ 55.883607][ T4070] syzkaller0: entered allmulticast mode [ 55.926781][ T4066] syzkaller0: left allmulticast mode [ 56.238157][ T4087] SELinux: Context system_u:object_r:sudo_exec_t:s0 is not valid (left unmapped). [ 56.358448][ T296] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 56.369107][ T296] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 56.385007][ T296] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 57.080140][ T4094] hub 2-0:1.0: USB hub found [ 57.084986][ T4094] hub 2-0:1.0: 8 ports detected [ 57.178879][ T4098] loop4: detected capacity change from 0 to 512 [ 57.237276][ T4095] loop2: detected capacity change from 0 to 512 [ 57.458868][ T4098] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 57.515429][ T4104] loop3: detected capacity change from 0 to 512 [ 57.522736][ T4098] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.602067][ T4095] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 57.611216][ T4095] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 58.364983][ T4114] lo speed is unknown, defaulting to 1000 [ 58.392015][ T4095] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 58.410630][ T4104] EXT4-fs error (device loop3): ext4_iget_extra_inode:4693: inode #15: comm syz.3.185: corrupted in-inode xattr: invalid ea_ino [ 58.420320][ T4095] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 58.433928][ T4095] System zones: 0-2, 18-18, 34-34 [ 58.434245][ T4104] EXT4-fs error (device loop3): ext4_orphan_get:1395: comm syz.3.185: couldn't read orphan inode 15 (err -117) [ 58.450941][ T4095] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1132: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 58.468838][ T4095] EXT4-fs (loop2): 1 truncate cleaned up [ 58.485779][ T4117] FAULT_INJECTION: forcing a failure. [ 58.485779][ T4117] name failslab, interval 1, probability 0, space 0, times 0 [ 58.498511][ T4117] CPU: 1 UID: 0 PID: 4117 Comm: syz.1.187 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 58.498540][ T4117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 58.498556][ T4117] Call Trace: [ 58.498564][ T4117] [ 58.498573][ T4117] dump_stack_lvl+0xf6/0x150 [ 58.498601][ T4117] dump_stack+0x15/0x1a [ 58.498618][ T4117] should_fail_ex+0x261/0x270 [ 58.498640][ T4117] should_failslab+0x8f/0xb0 [ 58.498686][ T4117] kmem_cache_alloc_noprof+0x59/0x340 [ 58.498720][ T4117] ? security_inode_alloc+0x37/0x100 [ 58.498799][ T4117] security_inode_alloc+0x37/0x100 [ 58.498827][ T4117] inode_init_always_gfp+0x4a2/0x4f0 [ 58.498845][ T4117] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 58.498878][ T4117] alloc_inode+0x86/0x170 [ 58.498895][ T4117] new_inode+0x1e/0xe0 [ 58.498933][ T4117] shmem_get_inode+0x24e/0x730 [ 58.498961][ T4117] __shmem_file_setup+0x127/0x1f0 [ 58.498988][ T4117] shmem_file_setup+0x3b/0x50 [ 58.499008][ T4117] __se_sys_memfd_create+0x2e1/0x5a0 [ 58.499046][ T4117] __x64_sys_memfd_create+0x31/0x40 [ 58.499148][ T4117] x64_sys_call+0x1163/0x2e10 [ 58.499171][ T4117] do_syscall_64+0xc9/0x1a0 [ 58.499202][ T4117] ? clear_bhb_loop+0x25/0x80 [ 58.499233][ T4117] ? clear_bhb_loop+0x25/0x80 [ 58.499310][ T4117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.499336][ T4117] RIP: 0033:0x7fe21d30e969 [ 58.499353][ T4117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.499373][ T4117] RSP: 002b:00007fe21b976e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 58.499395][ T4117] RAX: ffffffffffffffda RBX: 000000000000050a RCX: 00007fe21d30e969 [ 58.499405][ T4117] RDX: 00007fe21b976ef0 RSI: 0000000000000000 RDI: 00007fe21d391444 [ 58.499416][ T4117] RBP: 0000200000000200 R08: 00007fe21b976bb7 R09: 00007fe21b976e40 [ 58.499427][ T4117] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000001c0 [ 58.499516][ T4117] R13: 00007fe21b976ef0 R14: 00007fe21b976eb0 R15: 0000200000000940 [ 58.499539][ T4117] [ 58.729758][ T4114] random: crng reseeded on system resumption [ 58.988418][ T29] kauditd_printk_skb: 223 callbacks suppressed [ 58.988436][ T29] audit: type=1400 audit(1745492102.410:1063): avc: denied { ioctl } for pid=4133 comm="syz.3.196" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 59.021316][ T4137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 59.033685][ T4137] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 59.090184][ T29] audit: type=1400 audit(1745492102.520:1064): avc: denied { write } for pid=4140 comm="syz.2.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 59.415859][ T29] audit: type=1400 audit(1745492102.540:1065): avc: denied { mount } for pid=4131 comm="syz.4.195" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 59.437798][ T29] audit: type=1400 audit(1745492102.540:1066): avc: denied { remount } for pid=4131 comm="syz.4.195" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 59.457552][ T29] audit: type=1400 audit(1745492102.620:1067): avc: denied { ioctl } for pid=4122 comm="syz.1.192" path="socket:[6531]" dev="sockfs" ino=6531 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 59.482338][ T29] audit: type=1400 audit(1745492102.630:1068): avc: denied { module_request } for pid=4122 comm="syz.1.192" kmod="net-pf-16-proto-16-family-nbd" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 59.991976][ T29] audit: type=1400 audit(1745492103.420:1069): avc: denied { unmount } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 60.039999][ T29] audit: type=1400 audit(1745492103.460:1070): avc: denied { create } for pid=4164 comm="syz.4.203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 60.062935][ T29] audit: type=1400 audit(1745492103.470:1071): avc: denied { sys_admin } for pid=4164 comm="syz.4.203" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 60.084477][ T29] audit: type=1400 audit(1745492103.470:1072): avc: denied { sys_ptrace } for pid=4164 comm="syz.4.203" capability=19 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 60.506163][ T4170] cgroup: fork rejected by pids controller in /syz3 [ 63.373243][ T4254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 63.810244][ T4254] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 63.892182][ T4257] syzkaller1: entered promiscuous mode [ 63.897763][ T4257] syzkaller1: entered allmulticast mode [ 64.022278][ T29] kauditd_printk_skb: 18 callbacks suppressed [ 64.022294][ T29] audit: type=1400 audit(1745492107.450:1091): avc: denied { create } for pid=4262 comm="syz.1.224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 64.128947][ T29] audit: type=1400 audit(1745492107.540:1092): avc: denied { create } for pid=4275 comm="syz.0.226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 64.148517][ T29] audit: type=1400 audit(1745492107.540:1093): avc: denied { listen } for pid=4275 comm="syz.0.226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 64.402136][ T29] audit: type=1400 audit(1745492107.830:1094): avc: denied { ioctl } for pid=4288 comm="syz.4.230" path="socket:[6699]" dev="sockfs" ino=6699 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 64.555249][ T29] audit: type=1400 audit(1745492107.980:1095): avc: denied { name_bind } for pid=4290 comm="syz.4.231" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 64.810085][ T29] audit: type=1400 audit(1745492108.070:1096): avc: denied { create } for pid=4290 comm="syz.4.231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 64.830074][ T29] audit: type=1400 audit(1745492108.070:1097): avc: denied { setopt } for pid=4290 comm="syz.4.231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 64.849748][ T29] audit: type=1400 audit(1745492108.180:1098): avc: denied { mount } for pid=4291 comm="syz.3.232" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 65.248575][ T4306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.257375][ T4306] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.294871][ T4308] random: crng reseeded on system resumption [ 65.417420][ T29] audit: type=1400 audit(1745492108.840:1099): avc: denied { create } for pid=4311 comm="syz.3.238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 65.439182][ T29] audit: type=1400 audit(1745492108.860:1100): avc: denied { bind } for pid=4311 comm="syz.3.238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 65.539109][ T4318] netlink: 'syz.3.240': attribute type 10 has an invalid length. [ 65.547158][ T4318] netlink: 40 bytes leftover after parsing attributes in process `syz.3.240'. [ 65.578023][ T4318] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 65.587161][ T4318] team0: Failed to send options change via netlink (err -105) [ 65.595083][ T4318] team0: Port device geneve1 added [ 66.173321][ T4334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 66.203028][ T4334] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 66.254131][ T4340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 66.263002][ T4340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.419382][ T4368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.430508][ T4368] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.472226][ C1] vcan0: j1939_tp_rxtimer: 0xffff888118e53c00: rx timeout, send abort [ 67.480616][ C1] vcan0: j1939_tp_rxtimer: 0xffff888118e53a00: rx timeout, send abort [ 67.980464][ C1] vcan0: j1939_tp_rxtimer: 0xffff888118e53c00: abort rx timeout. Force session deactivation [ 67.990823][ C1] vcan0: j1939_tp_rxtimer: 0xffff888118e53a00: abort rx timeout. Force session deactivation [ 68.055529][ T4384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.074766][ T4384] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 68.705603][ T4400] lo speed is unknown, defaulting to 1000 [ 69.008247][ T4414] netlink: 'syz.3.276': attribute type 4 has an invalid length. [ 69.144024][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 69.144044][ T29] audit: type=1400 audit(1745492112.430:1117): avc: denied { create } for pid=4411 comm="syz.3.276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 69.383950][ T29] audit: type=1400 audit(1745492112.790:1118): avc: denied { write } for pid=4423 comm="syz.2.280" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 69.404227][ T29] audit: type=1400 audit(1745492112.800:1119): avc: denied { getopt } for pid=4423 comm="syz.2.280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 69.545560][ T29] audit: type=1400 audit(1745492112.970:1120): avc: denied { bind } for pid=4441 comm="syz.0.287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 69.565491][ T29] audit: type=1400 audit(1745492112.970:1121): avc: denied { listen } for pid=4441 comm="syz.0.287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 69.586493][ T29] audit: type=1400 audit(1745492112.970:1122): avc: denied { accept } for pid=4441 comm="syz.0.287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 69.618971][ T4451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.630780][ T4451] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 70.606644][ T29] audit: type=1400 audit(1745492114.030:1123): avc: denied { read write } for pid=4465 comm="syz.0.296" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 70.630227][ T29] audit: type=1400 audit(1745492114.030:1124): avc: denied { open } for pid=4465 comm="syz.0.296" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 70.715147][ T4471] random: crng reseeded on system resumption [ 70.834784][ T29] audit: type=1400 audit(1745492114.260:1125): avc: denied { bind } for pid=4481 comm="syz.3.301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 70.885893][ T29] audit: type=1400 audit(1745492114.310:1126): avc: denied { getopt } for pid=4483 comm="syz.2.304" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 70.988105][ T4490] 9pnet_virtio: no channels available for device syz [ 71.357581][ T4511] bond0: (slave caif0): Error: Device type is different from other slaves [ 71.449054][ T4514] random: crng reseeded on system resumption [ 71.868722][ T4554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.899276][ T4554] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 72.226226][ T4570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 72.246525][ T4571] team0: Device gtp0 is of different type [ 72.259426][ T4570] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 72.497080][ T4570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 72.522491][ T4570] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 72.601767][ T4574] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 72.639368][ T4574] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.181449][ T4588] netlink: 'syz.1.338': attribute type 10 has an invalid length. [ 73.270608][ T4588] syz_tun: entered promiscuous mode [ 73.293918][ T4588] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 73.309176][ T4591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.322684][ T4591] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.080606][ T4606] netlink: 4 bytes leftover after parsing attributes in process `syz.0.344'. [ 74.091741][ T4606] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 74.107631][ T4606] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 74.364567][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 74.364585][ T29] audit: type=1400 audit(1745492117.790:1138): avc: denied { ioctl } for pid=4616 comm="syz.0.347" path="socket:[7401]" dev="sockfs" ino=7401 ioctlcmd=0x894b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 74.487188][ T4623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.349'. [ 74.808303][ T4639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.819666][ T4639] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.952865][ T4641] lo speed is unknown, defaulting to 1000 [ 74.958669][ T4641] lo speed is unknown, defaulting to 1000 [ 74.964759][ T4641] lo speed is unknown, defaulting to 1000 [ 74.972382][ T4641] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 74.985261][ T4641] lo speed is unknown, defaulting to 1000 [ 74.992238][ T4641] lo speed is unknown, defaulting to 1000 [ 74.998446][ T4641] lo speed is unknown, defaulting to 1000 [ 75.004832][ T4641] lo speed is unknown, defaulting to 1000 [ 75.011027][ T4641] lo speed is unknown, defaulting to 1000 [ 75.052475][ T4641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 75.061032][ T4641] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 75.408280][ T29] audit: type=1400 audit(1745492118.830:1139): avc: denied { append } for pid=4656 comm="syz.4.363" name="loop6" dev="devtmpfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 75.432410][ T29] audit: type=1400 audit(1745492118.830:1140): avc: denied { execute } for pid=4654 comm="syz.2.362" path="/76/cpu.stat" dev="tmpfs" ino=422 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 75.510829][ T4661] syz_tun: entered allmulticast mode [ 75.896526][ T4670] random: crng reseeded on system resumption [ 76.150750][ T4651] syz_tun: left allmulticast mode [ 76.454547][ T4685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.464642][ T4685] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.544126][ T4688] netlink: 4 bytes leftover after parsing attributes in process `syz.2.374'. [ 76.552962][ C1] vcan0: j1939_tp_rxtimer: 0xffff888118bf0800: rx timeout, send abort [ 77.033501][ T29] audit: type=1400 audit(1745492120.460:1141): avc: denied { setopt } for pid=4693 comm="syz.4.377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 77.054970][ C1] vcan0: j1939_tp_rxtimer: 0xffff888118bf0800: abort rx timeout. Force session deactivation [ 77.066180][ T29] audit: type=1400 audit(1745492120.460:1142): avc: denied { bind } for pid=4693 comm="syz.4.377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 77.110050][ T4698] random: crng reseeded on system resumption [ 77.280042][ T29] audit: type=1400 audit(1745492120.700:1143): avc: denied { bind } for pid=4713 comm="syz.4.385" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 77.300508][ T29] audit: type=1400 audit(1745492120.700:1144): avc: denied { node_bind } for pid=4713 comm="syz.4.385" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 77.322843][ T29] audit: type=1400 audit(1745492120.700:1145): avc: denied { connect } for pid=4713 comm="syz.4.385" laddr=172.20.20.170 lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 77.369307][ T29] audit: type=1400 audit(1745492120.790:1146): avc: denied { name_connect } for pid=4717 comm="syz.3.387" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 77.392712][ T29] audit: type=1400 audit(1745492120.810:1147): avc: denied { listen } for pid=4717 comm="syz.3.387" lport=44446 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 77.462299][ T4727] random: crng reseeded on system resumption [ 77.621625][ T4734] syzkaller1: entered promiscuous mode [ 77.627377][ T4734] syzkaller1: entered allmulticast mode [ 77.824013][ T4744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.397'. [ 77.916360][ T4761] syz.3.404 uses obsolete (PF_INET,SOCK_PACKET) [ 77.935287][ T4763] tipc: Started in network mode [ 77.940485][ T4763] tipc: Node identity , cluster identity 4711 [ 77.948285][ T4763] tipc: Failed to set node id, please configure manually [ 77.956443][ T4763] tipc: Enabling of bearer rejected, failed to enable media [ 78.158802][ T4788] netlink: 8 bytes leftover after parsing attributes in process `syz.3.416'. [ 78.173988][ T4788] IPVS: Error joining to the multicast group [ 78.618969][ C0] vcan0: j1939_tp_rxtimer: 0xffff888119034e00: rx timeout, send abort [ 78.732658][ T4846] netlink: 8 bytes leftover after parsing attributes in process `syz.3.442'. [ 78.756717][ T4848] random: crng reseeded on system resumption [ 78.850061][ T4848] Restarting kernel threads ... done. [ 79.127271][ C0] vcan0: j1939_tp_rxtimer: 0xffff888119034e00: abort rx timeout. Force session deactivation [ 79.142822][ C1] vcan0: j1939_tp_rxtimer: 0xffff888119031c00: rx timeout, send abort [ 79.154135][ C1] vcan0: j1939_tp_rxtimer: 0xffff888119031800: rx timeout, send abort [ 79.390644][ T4900] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.430502][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 79.430520][ T29] audit: type=1400 audit(1745492122.860:1158): avc: denied { getopt } for pid=4898 comm="syz.1.463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 79.461984][ T4900] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.473500][ T29] audit: type=1400 audit(1745492122.900:1159): avc: denied { setopt } for pid=4912 comm="syz.3.467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 79.493996][ T29] audit: type=1400 audit(1745492122.910:1160): avc: denied { ioctl } for pid=4912 comm="syz.3.467" path="socket:[8720]" dev="sockfs" ino=8720 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 79.535973][ T4919] netlink: 24 bytes leftover after parsing attributes in process `syz.2.468'. [ 79.548846][ T4900] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.562931][ T4919] team0: entered promiscuous mode [ 79.568077][ T4919] team_slave_0: entered promiscuous mode [ 79.574042][ T4919] team_slave_1: entered promiscuous mode [ 79.581737][ T4919] batadv_slave_1: entered promiscuous mode [ 79.613267][ T4900] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.651081][ C1] vcan0: j1939_tp_rxtimer: 0xffff888119031c00: abort rx timeout. Force session deactivation [ 79.662425][ C1] vcan0: j1939_tp_rxtimer: 0xffff888119031800: abort rx timeout. Force session deactivation [ 79.682868][ T29] audit: type=1400 audit(1745492123.110:1161): avc: denied { write } for pid=4932 comm="syz.3.474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 79.704528][ T4900] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.725328][ T4900] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.736849][ T4900] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.748760][ T4900] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.019982][ T4962] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4962 comm=syz.4.486 [ 80.033030][ T29] audit: type=1400 audit(1745492123.460:1162): avc: denied { read } for pid=4960 comm="syz.4.486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 80.524252][ T5000] infiniband syz1: set down [ 80.528960][ T5000] infiniband syz1: added ipvlan0 [ 80.543552][ T5000] RDS/IB: syz1: added [ 80.548427][ T5000] smc: adding ib device syz1 with port count 1 [ 80.554797][ T5000] smc: ib device syz1 port 1 has pnetid [ 80.850118][ T5023] netlink: 24 bytes leftover after parsing attributes in process `syz.0.512'. [ 80.885305][ T5034] netlink: 'syz.4.517': attribute type 3 has an invalid length. [ 80.893044][ T5034] netlink: 224 bytes leftover after parsing attributes in process `syz.4.517'. [ 80.906818][ T5030] bridge_slave_0: left allmulticast mode [ 80.912747][ T5030] bridge_slave_0: left promiscuous mode [ 80.918509][ T5030] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.929008][ T5030] bridge_slave_1: left allmulticast mode [ 80.934809][ T5030] bridge_slave_1: left promiscuous mode [ 80.940585][ T5030] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.949181][ T29] audit: type=1400 audit(1745492124.350:1163): avc: denied { read } for pid=5029 comm="syz.3.514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 80.972465][ T5030] bond0: (slave bond_slave_0): Releasing backup interface [ 80.985746][ T5030] bond0: (slave bond_slave_1): Releasing backup interface [ 81.018423][ T5030] team0: Port device team_slave_0 removed [ 81.028779][ T5030] team0: Port device team_slave_1 removed [ 81.036496][ T5030] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 81.044160][ T5030] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 81.055436][ T5030] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 81.063028][ T5030] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 81.089068][ T5030] team0: Port device geneve1 removed [ 81.267134][ T29] audit: type=1400 audit(1745492124.690:1164): avc: denied { create } for pid=5067 comm="syz.2.529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 81.302848][ T29] audit: type=1400 audit(1745492124.710:1165): avc: denied { bind } for pid=5067 comm="syz.2.529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 81.322483][ T29] audit: type=1400 audit(1745492124.710:1166): avc: denied { listen } for pid=5067 comm="syz.2.529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 81.342182][ T29] audit: type=1400 audit(1745492124.710:1167): avc: denied { connect } for pid=5067 comm="syz.2.529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 81.511075][ T5091] bridge_slave_1: entered allmulticast mode [ 81.530539][ T5090] 9pnet_fd: Insufficient options for proto=fd [ 81.587706][ T5090] netlink: 356 bytes leftover after parsing attributes in process `syz.0.534'. [ 81.596805][ T5090] netlink: 356 bytes leftover after parsing attributes in process `syz.0.534'. [ 81.604487][ T5095] loop3: detected capacity change from 0 to 512 [ 81.628721][ T5095] EXT4-fs: Ignoring removed nobh option [ 81.982907][ T5095] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #16: comm syz.3.538: corrupted inode contents [ 82.031712][ T5095] EXT4-fs (loop3): Remounting filesystem read-only [ 82.059570][ T5103] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.087266][ T5104] loop0: detected capacity change from 0 to 512 [ 82.096641][ T5104] EXT4-fs: Ignoring removed nobh option [ 82.108021][ T5095] EXT4-fs (loop3): 1 truncate cleaned up [ 82.126360][ T5095] EXT4-fs mount: 8 callbacks suppressed [ 82.126374][ T5095] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.183206][ T5085] loop4: detected capacity change from 0 to 2048 [ 82.210332][ T5095] ext4 filesystem being mounted at /123/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.241279][ T5095] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.300121][ T51] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 82.310846][ T51] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 82.328653][ T5104] EXT4-fs error (device loop0): ext4_do_update_inode:5211: inode #16: comm syz.0.540: corrupted inode contents [ 82.383010][ T5104] EXT4-fs (loop0): Remounting filesystem read-only [ 82.403237][ T5104] EXT4-fs (loop0): 1 truncate cleaned up [ 82.409083][ T51] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 82.425555][ T5104] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.452534][ T51] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 82.463153][ T51] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 82.487560][ T5104] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.508861][ T5104] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.521270][ T51] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 82.606702][ T5121] loop0: detected capacity change from 0 to 512 [ 82.618779][ T5121] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 82.643434][ T5122] loop3: detected capacity change from 0 to 512 [ 82.661819][ T5122] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 82.673916][ T5121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.688422][ T5121] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.700668][ T5121] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.731134][ T5122] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.754390][ T5122] ext4 filesystem being mounted at /123/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.781971][ T5122] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.848714][ T5140] netlink: 'syz.2.557': attribute type 3 has an invalid length. [ 82.881781][ T5146] syz1: rxe_newlink: already configured on ipvlan0 [ 82.931163][ T5149] netlink: 12 bytes leftover after parsing attributes in process `syz.0.560'. [ 82.981841][ T5152] netlink: 24 bytes leftover after parsing attributes in process `syz.3.562'. [ 83.038587][ T5150] lo speed is unknown, defaulting to 1000 [ 83.300032][ T5171] loop3: detected capacity change from 0 to 512 [ 83.330802][ T5171] EXT4-fs: Ignoring removed nobh option [ 83.442768][ T5171] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #16: comm syz.3.569: corrupted inode contents [ 83.461952][ T5181] loop0: detected capacity change from 0 to 512 [ 83.523992][ T5171] EXT4-fs (loop3): Remounting filesystem read-only [ 83.545318][ T5181] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.566423][ T5195] netlink: 12 bytes leftover after parsing attributes in process `syz.1.574'. [ 83.569038][ T5171] EXT4-fs (loop3): 1 truncate cleaned up [ 83.575384][ T5195] netlink: 12 bytes leftover after parsing attributes in process `syz.1.574'. [ 83.596929][ T37] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 83.597047][ T5181] ext4 filesystem being mounted at /101/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.607515][ T37] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 83.641809][ T37] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 83.660500][ T5171] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.673469][ T5181] EXT4-fs (loop0): shut down requested (0) [ 83.690150][ T5171] ext4 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.714927][ T5171] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.731622][ T5181] netlink: 'syz.0.571': attribute type 3 has an invalid length. [ 83.748323][ T5204] netlink: 24 bytes leftover after parsing attributes in process `syz.1.576'. [ 83.782427][ T3304] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.870689][ T5214] loop3: detected capacity change from 0 to 512 [ 83.893256][ T5214] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 83.938094][ T5214] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.998462][ T5214] ext4 filesystem being mounted at /127/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 84.039458][ T5214] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.066681][ T5231] loop1: detected capacity change from 0 to 512 [ 84.109772][ T5231] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 84.114265][ T5230] netlink: 'syz.2.587': attribute type 3 has an invalid length. [ 84.119165][ T5231] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 84.179693][ T5231] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended [ 84.243331][ T5231] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 84.263700][ T5231] System zones: 0-2, 18-18, 34-34 [ 84.269122][ T5163] syz.4.549 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 84.280189][ T5163] CPU: 0 UID: 0 PID: 5163 Comm: syz.4.549 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 84.280264][ T5163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 84.280343][ T5163] Call Trace: [ 84.280351][ T5163] [ 84.280366][ T5163] dump_stack_lvl+0xf6/0x150 [ 84.280389][ T5163] dump_stack+0x15/0x1a [ 84.280404][ T5163] dump_header+0x83/0x2d0 [ 84.280472][ T5163] oom_kill_process+0x341/0x4c0 [ 84.280546][ T5163] out_of_memory+0x9d1/0xc20 [ 84.280568][ T5163] mem_cgroup_out_of_memory+0x13f/0x190 [ 84.280673][ T5163] try_charge_memcg+0x5f1/0x890 [ 84.280699][ T5163] charge_memcg+0x50/0xc0 [ 84.280729][ T5163] mem_cgroup_swapin_charge_folio+0xd0/0x150 [ 84.280779][ T5163] __read_swap_cache_async+0x207/0x3b0 [ 84.280892][ T5163] swap_cluster_readahead+0x27f/0x400 [ 84.280932][ T5163] swapin_readahead+0xe6/0x6f0 [ 84.280969][ T5163] ? swap_cache_get_folio+0x77/0x210 [ 84.281011][ T5163] do_swap_page+0x31c/0x2510 [ 84.281043][ T5163] ? __blk_mq_free_request+0x226/0x240 [ 84.281066][ T5163] ? __rcu_read_lock+0x36/0x50 [ 84.281085][ T5163] ? __pfx_default_wake_function+0x10/0x10 [ 84.281113][ T5163] handle_mm_fault+0x8ed/0x2e80 [ 84.281138][ T5163] ? mas_walk+0x204/0x320 [ 84.281246][ T5163] ? __rcu_read_unlock+0x4e/0x70 [ 84.281277][ T5163] exc_page_fault+0x3b9/0x6a0 [ 84.281298][ T5163] asm_exc_page_fault+0x26/0x30 [ 84.281316][ T5163] RIP: 0033:0x7fabd36e7e7f [ 84.281332][ T5163] Code: 8b 04 24 48 8b 0b 31 f6 48 89 dd 4c 89 e7 4c 29 e5 48 89 03 48 89 ea 48 c1 fa 03 e8 fb f9 ff ff 48 83 fd 08 7f d5 48 83 c4 08 <5b> 5d 41 5c 41 5d c3 66 2e 0f 1f 84 00 00 00 00 00 48 39 f7 0f 84 [ 84.281353][ T5163] RSP: 002b:00007ffff329a008 EFLAGS: 00010202 [ 84.281439][ T5163] RAX: 0000000000000070 RBX: 00007fabd2f554d8 RCX: ffffffff818157f2 [ 84.281450][ T5163] RDX: 0000000000000016 RSI: 00007fabd2f55540 RDI: 00007fabd2f554d8 [ 84.281462][ T5163] RBP: 00007fabd2f55470 R08: 00007fabd2f554d0 R09: 00007fabd3a22000 [ 84.281475][ T5163] R10: 00007fabd2e7f008 R11: 0000000000000002 R12: 00007fabd2f55468 [ 84.281490][ T5163] R13: 0000000000000016 R14: ffffffffffffffff R15: 00007fabd2e7f008 [ 84.281508][ T5163] ? __vmalloc_node_range_noprof+0x712/0xe80 [ 84.281555][ T5163] [ 84.281562][ T5163] memory: usage 307200kB, limit 307200kB, failcnt 2267 [ 84.401780][ T5163] memory+swap: usage 307924kB, limit 9007199254740988kB, failcnt 0 [ 84.407221][ T5231] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1132: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 84.411027][ T5163] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 84.417955][ T5231] EXT4-fs (loop1): 1 truncate cleaned up [ 84.420563][ T5163] Memory cgroup stats for /syz4 [ 84.425390][ T5231] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.444633][ T5163] : [ 84.452973][ T29] kauditd_printk_skb: 268 callbacks suppressed [ 84.452993][ T29] audit: type=1400 audit(1745492127.670:1418): avc: denied { execmem } for pid=5241 comm="syz.3.593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 84.572419][ T5163] cache 0 [ 84.589603][ T5163] rss 0 [ 84.592407][ T5163] shmem 0 [ 84.595347][ T5163] mapped_file 0 [ 84.598806][ T5163] dirty 0 [ 84.601899][ T5163] writeback 0 [ 84.602721][ T29] audit: type=1326 audit(1745492127.920:1419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5236 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cb1f0e969 code=0x7ffc0000 [ 84.605179][ T5163] workingset_refault_anon 4 [ 84.605224][ T5163] workingset_refault_file 2 [ 84.605231][ T5163] swap 745472 [ 84.605237][ T5163] swapcached 0 [ 84.628537][ T29] audit: type=1326 audit(1745492127.920:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5236 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cb1f0e969 code=0x7ffc0000 [ 84.633081][ T5163] pgpgin 64532 [ 84.637575][ T29] audit: type=1326 audit(1745492127.920:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5236 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0cb1f0e969 code=0x7ffc0000 [ 84.640905][ T5163] pgpgout 64532 [ 84.644278][ T29] audit: type=1326 audit(1745492127.920:1422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5236 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0cb1f0e9a3 code=0x7ffc0000 [ 84.667589][ T5163] pgfault 39116 [ 84.670997][ T29] audit: type=1326 audit(1745492127.920:1423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5236 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0cb1f0d41f code=0x7ffc0000 [ 84.694321][ T5163] pgmajfault 7 [ 84.697783][ T29] audit: type=1326 audit(1745492127.920:1424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5236 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f0cb1f0e9f7 code=0x7ffc0000 [ 84.720912][ T5163] inactive_anon 0 [ 84.724423][ T29] audit: type=1326 audit(1745492127.920:1425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5236 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0cb1f0d2d0 code=0x7ffc0000 [ 84.747557][ T5163] active_anon 0 [ 84.750904][ T29] audit: type=1326 audit(1745492127.920:1426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5236 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f0cb1f0d5ca code=0x7ffc0000 [ 84.774092][ T5163] inactive_file 0 [ 84.774101][ T5163] active_file 0 [ 84.774107][ T5163] unevictable 0 [ 84.774115][ T5163] hierarchical_memory_limit 314572800 [ 84.777731][ T29] audit: type=1326 audit(1745492127.920:1427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5236 comm="syz.2.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cb1f0e969 code=0x7ffc0000 [ 84.801082][ T5163] hierarchical_memsw_limit 9223372036854771712 [ 84.801095][ T5163] total_cache 0 [ 84.801103][ T5163] total_rss 0 [ 84.880422][ T5163] total_shmem 0 [ 84.880432][ T5163] total_mapped_file 0 [ 84.880441][ T5163] total_dirty 0 [ 84.891407][ T5163] total_writeback 0 [ 84.895289][ T5163] total_workingset_refault_anon 4 [ 84.900331][ T5163] total_workingset_refault_file 2 [ 84.905422][ T5163] total_swap 745472 [ 84.909238][ T5163] total_swapcached 0 [ 84.913157][ T5163] total_pgpgin 64532 [ 84.917083][ T5163] total_pgpgout 64532 [ 84.921102][ T5163] total_pgfault 39116 [ 84.924170][ T5247] hub 2-0:1.0: USB hub found [ 84.925096][ T5163] total_pgmajfault 7 [ 84.929904][ T5247] hub 2-0:1.0: 8 ports detected [ 84.933576][ T5163] total_inactive_anon 0 [ 84.933586][ T5163] total_active_anon 0 [ 84.933594][ T5163] total_inactive_file 0 [ 84.933603][ T5163] total_active_file 0 [ 84.933611][ T5163] total_unevictable 0 [ 84.933620][ T5163] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.549,pid=5163,uid=0 [ 84.973322][ T5163] Memory cgroup out of memory: Killed process 5163 (syz.4.549) total-vm:95928kB, anon-rss:936kB, file-rss:22188kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 85.034358][ T3307] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.114004][ T5256] __nla_validate_parse: 2 callbacks suppressed [ 85.114023][ T5256] netlink: 12 bytes leftover after parsing attributes in process `syz.0.599'. [ 85.129219][ T5256] netlink: 12 bytes leftover after parsing attributes in process `syz.0.599'. [ 85.136410][ T5264] netlink: 16 bytes leftover after parsing attributes in process `syz.1.601'. [ 85.212002][ T5264] syzkaller0: entered allmulticast mode [ 85.218320][ T5261] syzkaller0: left allmulticast mode [ 85.615687][ T5305] hub 2-0:1.0: USB hub found [ 85.620478][ T5305] hub 2-0:1.0: 8 ports detected [ 85.964719][ T5314] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 86.380653][ T5332] syzkaller0: entered allmulticast mode [ 86.392125][ T5330] syzkaller0: left allmulticast mode [ 86.523245][ T5340] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 86.744488][ T5356] loop4: detected capacity change from 0 to 128 [ 86.807185][ T5360] syzkaller0: entered allmulticast mode [ 86.820639][ T5359] syzkaller0: left allmulticast mode [ 86.862743][ T5362] netlink: 16 bytes leftover after parsing attributes in process `syz.2.644'. [ 86.982227][ C0] vcan0: j1939_tp_rxtimer: 0xffff8881392b2e00: rx timeout, send abort [ 86.992127][ C0] vcan0: j1939_tp_rxtimer: 0xffff8881392b2600: rx timeout, send abort [ 87.069512][ T5356] FAT-fs (loop4): Directory bread(block 32) failed [ 87.099958][ T5356] FAT-fs (loop4): Directory bread(block 33) failed [ 87.124754][ T5356] FAT-fs (loop4): Directory bread(block 34) failed [ 87.140082][ T5356] FAT-fs (loop4): Directory bread(block 35) failed [ 87.146903][ T5356] FAT-fs (loop4): Directory bread(block 36) failed [ 87.180646][ T5356] FAT-fs (loop4): Directory bread(block 37) failed [ 87.187516][ T5356] FAT-fs (loop4): Directory bread(block 38) failed [ 87.206903][ T5356] FAT-fs (loop4): Directory bread(block 39) failed [ 87.226549][ T5356] FAT-fs (loop4): Directory bread(block 40) failed [ 87.243814][ T5356] FAT-fs (loop4): Directory bread(block 41) failed [ 87.332440][ T5356] syz.4.641: attempt to access beyond end of device [ 87.332440][ T5356] loop4: rw=0, sector=4108, nr_sectors = 4 limit=128 [ 87.348093][ T5356] FAT-fs (loop4): Filesystem has been set read-only [ 87.355030][ T5356] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 87.364929][ T5356] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 87.491189][ C0] vcan0: j1939_tp_rxtimer: 0xffff8881392b2e00: abort rx timeout. Force session deactivation [ 87.509164][ C0] vcan0: j1939_tp_rxtimer: 0xffff8881392b2600: abort rx timeout. Force session deactivation [ 87.651933][ T5386] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 87.700731][ T5388] netlink: 24 bytes leftover after parsing attributes in process `syz.4.656'. [ 87.736578][ T5390] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.845424][ T5390] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.907229][ T5400] syzkaller0: entered allmulticast mode [ 87.922714][ T5390] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.985342][ T5390] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.163716][ T5390] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.237564][ T5399] syzkaller0: left allmulticast mode [ 88.263976][ T5390] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.338872][ T5390] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.364078][ T5390] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.436651][ T5408] loop3: detected capacity change from 0 to 512 [ 88.464559][ T5408] EXT4-fs: Ignoring removed nobh option [ 88.511339][ T5411] loop4: detected capacity change from 0 to 512 [ 88.518475][ T5411] EXT4-fs: Ignoring removed nobh option [ 88.519500][ T5408] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #16: comm syz.3.665: corrupted inode contents [ 88.548495][ T5408] EXT4-fs (loop3): Remounting filesystem read-only [ 88.556369][ T5408] EXT4-fs (loop3): 1 truncate cleaned up [ 88.562790][ T5408] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.570346][ T5416] rdma_rxe: rxe_newlink: failed to add ipvlan0 [ 88.575844][ T5408] ext4 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.592967][ T296] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 88.603804][ T296] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 88.620446][ T5408] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.699923][ T296] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 88.760006][ T5411] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #16: comm syz.4.666: corrupted inode contents [ 88.772586][ T5411] EXT4-fs (loop4): Remounting filesystem read-only [ 88.779333][ T5411] EXT4-fs (loop4): 1 truncate cleaned up [ 88.787798][ T5411] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.800410][ T296] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 88.800517][ T5411] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.811060][ T296] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 88.837422][ T5427] loop3: detected capacity change from 0 to 512 [ 88.877880][ T296] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 88.888175][ T5427] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 88.911909][ T5411] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.961890][ T5427] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.984396][ T5427] ext4 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.041755][ T5427] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.115652][ T5434] loop4: detected capacity change from 0 to 512 [ 89.141461][ T5434] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 89.214990][ T5434] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.260092][ T5434] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.278461][ T5434] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.290099][ T3380] ================================================================== [ 89.298213][ T3380] BUG: KCSAN: data-race in kick_pool / wq_worker_running [ 89.305343][ T3380] [ 89.307661][ T3380] read-write to 0xffff888237c299a4 of 4 bytes by task 9 on cpu 0: [ 89.315458][ T3380] wq_worker_running+0x98/0x130 [ 89.320317][ T3380] schedule_timeout+0xbc/0x170 [ 89.325097][ T3380] msleep+0x4f/0x90 [ 89.328921][ T3380] nsim_fib_event_work+0x13dd/0x2290 [ 89.334200][ T3380] process_scheduled_works+0x4de/0xa20 [ 89.339671][ T3380] worker_thread+0x52c/0x710 [ 89.344265][ T3380] kthread+0x4b7/0x540 [ 89.348339][ T3380] ret_from_fork+0x4b/0x60 [ 89.352773][ T3380] ret_from_fork_asm+0x1a/0x30 [ 89.357544][ T3380] [ 89.359879][ T3380] read to 0xffff888237c299a4 of 4 bytes by task 3380 on cpu 1: [ 89.367516][ T3380] kick_pool+0x4d/0x2c0 [ 89.371907][ T3380] __queue_work+0x8f8/0xbb0 [ 89.376440][ T3380] queue_work_on+0xdf/0x190 [ 89.380964][ T3380] wg_queue_enqueue_per_peer_tx+0x124/0x270 [ 89.386864][ T3380] wg_packet_encrypt_worker+0x9ee/0xb90 [ 89.392416][ T3380] process_scheduled_works+0x4de/0xa20 [ 89.397910][ T3380] worker_thread+0x52c/0x710 [ 89.402509][ T3380] kthread+0x4b7/0x540 [ 89.406632][ T3380] ret_from_fork+0x4b/0x60 [ 89.411049][ T3380] ret_from_fork_asm+0x1a/0x30 [ 89.415841][ T3380] [ 89.418160][ T3380] value changed: 0x00000000 -> 0x00000001 [ 89.423900][ T3380] [ 89.426226][ T3380] Reported by Kernel Concurrency Sanitizer on: [ 89.432475][ T3380] CPU: 1 UID: 0 PID: 3380 Comm: kworker/1:4 Not tainted 6.15.0-rc3-syzkaller-00032-ga79be02bba5c #0 PREEMPT(voluntary) [ 89.444968][ T3380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 89.455046][ T3380] Workqueue: wg-crypt-wg1 wg_packet_encrypt_worker [ 89.461681][ T3380] ================================================================== [ 89.470364][ C0] vcan0: j1939_tp_rxtimer: 0xffff888139a6da00: rx timeout, send abort [ 89.478638][ C0] vcan0: j1939_tp_rxtimer: 0xffff888139a6de00: rx timeout, send abort [ 89.978682][ C0] vcan0: j1939_tp_rxtimer: 0xffff888139a6da00: abort rx timeout. Force session deactivation [ 89.989007][ C0] vcan0: j1939_tp_rxtimer: 0xffff888139a6de00: abort rx timeout. Force session deactivation