last executing test programs: 1.394660419s ago: executing program 0 (id=1368): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, 0x0, 0x0) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x28, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.306024079s ago: executing program 0 (id=1378): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="5800000010000d0400000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800c0001006d6163766c616e001400028008000900ca01add70800030000000000140035006d6163766c616e30"], 0x58}}, 0x0) 1.250991319s ago: executing program 0 (id=1382): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x35, 0x0, 0x8}]}, 0x8) 1.191531779s ago: executing program 0 (id=1386): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4) sendmmsg(r0, &(0x7f00000007c0)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000040)='`', 0x1}], 0x1}}], 0x1, 0x2c000011) sendto(r0, &(0x7f00000002c0)='q', 0x1, 0x8000, 0x0, 0x0) 851.31506ms ago: executing program 1 (id=1411): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a001000000002800000128c", 0x2e}], 0x1}, 0x0) 787.758959ms ago: executing program 1 (id=1417): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x403, 0x0, 0x4, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}]}, 0x34}, 0x1, 0x2000000000000000}, 0x0) 766.99594ms ago: executing program 1 (id=1421): socket(0x2, 0x80805, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) getpid() 679.431999ms ago: executing program 4 (id=1424): socket$nl_generic(0x10, 0x3, 0x10) socket$inet_dccp(0x2, 0x6, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000100500000500000007"], 0x50) socket$inet(0x2, 0x5, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x0, 0x7}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000005200010003000000000000000a0000000c00", @ANYRES32=r0], 0x20}}, 0x0) 678.913459ms ago: executing program 4 (id=1426): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r1, 0x80047437, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = openat$nvram(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0) sendmsg$nl_route(r3, 0x0, 0x80) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, 0x0) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xd, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'veth1\x00'}}, 0x1e) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x40a40, 0x0) ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000040)=0x2) ioctl$PPPIOCBRIDGECHAN(r4, 0x40047435, &(0x7f0000000200)=0x1) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r5, 0xffffffffffffffff, 0x0) 678.509589ms ago: executing program 4 (id=1427): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000180)={0x6}, 0x8) 619.997689ms ago: executing program 4 (id=1428): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0x3c, r3, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @deauth={{{}, {0x2}, @device_b}, 0x26, @void}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080) 547.505529ms ago: executing program 4 (id=1432): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x28, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 524.286999ms ago: executing program 1 (id=1435): getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xd5, &(0x7f0000000000), &(0x7f0000000240)=0x4) 523.68534ms ago: executing program 4 (id=1436): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_proto_private(r0, 0x89ee, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11}}) ioctl(r0, 0x8b19, &(0x7f0000000040)) 451.75277ms ago: executing program 1 (id=1438): r0 = socket$inet6(0xa, 0x200000000003, 0x87) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00'}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40840) 451.5767ms ago: executing program 1 (id=1439): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 365.17579ms ago: executing program 0 (id=1440): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)='\x00\x00\x00\x00', 0x4, 0x80c1, &(0x7f0000000080)={0x11, 0x8100, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 335.852179ms ago: executing program 0 (id=1441): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000580)={0x7}, 0xe) recvmmsg(r0, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/32, 0x20}}], 0x56, 0x2, 0x0) 232.71604ms ago: executing program 3 (id=1443): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 232.56679ms ago: executing program 3 (id=1444): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x600, 0x79000000}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 210.32189ms ago: executing program 3 (id=1446): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000040)="ee", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0x8000005}, 0x1c) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000080)=""/50, 0x32}], 0x1) 209.91957ms ago: executing program 2 (id=1447): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000140)=""/120, 0x78}, {&(0x7f0000000000)=""/102, 0x66}, {&(0x7f0000000240)=""/143, 0x8f}, {&(0x7f00000036c0)=""/4075, 0xfeb}], 0x4}, 0x2) sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000fc0)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 148.00098ms ago: executing program 3 (id=1448): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x79000000}, [@alu={0x7, 0x1, 0xdf3376554f8e7920}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 147.84151ms ago: executing program 3 (id=1449): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newlink={0x28, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x215}, [@IFLA_MASTER={0x8, 0xa, r2}]}, 0x28}, 0x1, 0xba01}, 0x0) 124.19408ms ago: executing program 3 (id=1450): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x3e, 0x51, 0xdb, 0x8, 0x664, 0x306, 0xeb63, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x2, 0x0, 0xd, [{{0x9, 0x4, 0xcf, 0x0, 0x0, 0xe6, 0xb8, 0x38}}]}}]}}, 0x0) syz_usb_disconnect(r0) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0xffffffff}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x8}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0xb}}}}}}}]}}, 0x0) ioctl$EVIOCRMFF(r0, 0x83c0550b, 0x0) 109.79416ms ago: executing program 2 (id=1451): socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e24, 0x9, @loopback, 0x5}, 0x1c) r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 73.39646ms ago: executing program 2 (id=1452): syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, 0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 72.11154ms ago: executing program 2 (id=1453): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)={0x38, r0, 0x1, 0x7, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x3df8}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0xa79}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0) 151.73µs ago: executing program 2 (id=1454): sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002940)={0x1c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) setsockopt(r1, 0x84, 0x80, &(0x7f0000000000)="f89fcfb587a4792b", 0x8) 0s ago: executing program 2 (id=1455): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) dup(0xffffffffffffffff) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) kernel console output (not intermixed with test programs): batadv_slave_0 [ 43.807010][ T3939] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 43.808351][ T3950] sd 0:0:1:0: device reset [ 43.840169][ T3953] FAULT_INJECTION: forcing a failure. [ 43.840169][ T3953] name failslab, interval 1, probability 0, space 0, times 0 [ 43.852934][ T3953] CPU: 1 UID: 0 PID: 3953 Comm: syz.1.168 Not tainted 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 43.852963][ T3953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 43.852977][ T3953] Call Trace: [ 43.852984][ T3953] [ 43.852992][ T3953] dump_stack_lvl+0xf2/0x150 [ 43.853083][ T3953] dump_stack+0x15/0x1a [ 43.853108][ T3953] should_fail_ex+0x24a/0x260 [ 43.853143][ T3953] should_failslab+0x8f/0xb0 [ 43.853248][ T3953] __kmalloc_node_track_caller_noprof+0xa8/0x410 [ 43.853277][ T3953] ? sidtab_sid2str_get+0xb8/0x140 [ 43.853315][ T3953] kmemdup_noprof+0x2b/0x70 [ 43.853345][ T3953] sidtab_sid2str_get+0xb8/0x140 [ 43.853430][ T3953] security_sid_to_context_core+0x1eb/0x2f0 [ 43.853468][ T3953] security_sid_to_context+0x27/0x30 [ 43.853555][ T3953] selinux_lsmprop_to_secctx+0x68/0xf0 [ 43.853592][ T3953] security_lsmprop_to_secctx+0x40/0x80 [ 43.853618][ T3953] audit_log_task_context+0x76/0x180 [ 43.853727][ T3953] audit_log_task+0xf9/0x250 [ 43.853763][ T3953] audit_seccomp+0x68/0x130 [ 43.853798][ T3953] __seccomp_filter+0x6fa/0x1180 [ 43.853873][ T3953] ? update_curr_dl_se+0x5f/0x230 [ 43.853910][ T3953] ? update_curr+0x18c/0x410 [ 43.853996][ T3953] ? pick_task_fair+0xca/0x120 [ 43.854033][ T3953] __secure_computing+0x9f/0x1c0 [ 43.854072][ T3953] syscall_trace_enter+0xd1/0x1f0 [ 43.854099][ T3953] ? fpregs_assert_state_consistent+0x83/0xa0 [ 43.854125][ T3953] do_syscall_64+0xaa/0x1c0 [ 43.854161][ T3953] ? clear_bhb_loop+0x55/0xb0 [ 43.854191][ T3953] ? clear_bhb_loop+0x55/0xb0 [ 43.854248][ T3953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 43.854279][ T3953] RIP: 0033:0x7fb282d9d169 [ 43.854295][ T3953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 43.854314][ T3953] RSP: 002b:00007fb281406e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 43.854335][ T3953] RAX: ffffffffffffffda RBX: 00000000000004de RCX: 00007fb282d9d169 [ 43.854348][ T3953] RDX: 00007fb281406ef0 RSI: 0000000000000000 RDI: 00007fb282e1ec3c [ 43.854433][ T3953] RBP: 0000400000000c40 R08: 00007fb281406bb7 R09: 00007fb281406e40 [ 43.854445][ T3953] R10: 000000000000000a R11: 0000000000000202 R12: 0000400000000080 [ 43.854458][ T3953] R13: 00007fb281406ef0 R14: 00007fb281406eb0 R15: 00004000000000c0 [ 43.854478][ T3953] [ 44.089761][ T3939] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.098853][ T3939] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.108479][ T3939] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.117498][ T3939] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.218074][ T3964] loop0: detected capacity change from 0 to 512 [ 44.231066][ T3964] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 44.247914][ T3966] loop4: detected capacity change from 0 to 1024 [ 44.256386][ T3964] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.269992][ T3964] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.284636][ T3964] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.171: corrupted xattr block 19: overlapping e_value [ 44.302327][ T3966] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.315844][ T3964] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 44.325331][ T3964] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.171: corrupted xattr block 19: overlapping e_value [ 44.340051][ T3964] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 44.349197][ T3964] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.171: corrupted xattr block 19: overlapping e_value [ 44.363102][ T3964] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 44.374122][ T3296] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.385430][ T3964] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.171: corrupted xattr block 19: overlapping e_value [ 44.401828][ T3964] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.171: corrupted xattr block 19: overlapping e_value [ 44.416782][ T3964] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 44.427825][ T3964] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 44.430626][ T3979] netlink: 4 bytes leftover after parsing attributes in process `syz.1.177'. [ 44.458106][ T3979] netlink: 12 bytes leftover after parsing attributes in process `syz.1.177'. [ 44.470653][ T3297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.519438][ T3986] FAULT_INJECTION: forcing a failure. [ 44.519438][ T3986] name failslab, interval 1, probability 0, space 0, times 0 [ 44.532240][ T3986] CPU: 0 UID: 0 PID: 3986 Comm: syz.2.181 Not tainted 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 44.532270][ T3986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 44.532296][ T3986] Call Trace: [ 44.532303][ T3986] [ 44.532312][ T3986] dump_stack_lvl+0xf2/0x150 [ 44.532346][ T3986] dump_stack+0x15/0x1a [ 44.532372][ T3986] should_fail_ex+0x24a/0x260 [ 44.532410][ T3986] should_failslab+0x8f/0xb0 [ 44.532449][ T3986] kmem_cache_alloc_node_noprof+0x59/0x320 [ 44.532513][ T3986] ? __alloc_skb+0x10b/0x310 [ 44.532540][ T3986] __alloc_skb+0x10b/0x310 [ 44.532579][ T3986] netlink_alloc_large_skb+0xad/0xe0 [ 44.532614][ T3986] netlink_sendmsg+0x3b4/0x6e0 [ 44.532729][ T3986] ? __pfx_netlink_sendmsg+0x10/0x10 [ 44.532761][ T3986] __sock_sendmsg+0x140/0x180 [ 44.532839][ T3986] ____sys_sendmsg+0x326/0x4b0 [ 44.532866][ T3986] __sys_sendmsg+0x19d/0x230 [ 44.532964][ T3986] __x64_sys_sendmsg+0x46/0x50 [ 44.532990][ T3986] x64_sys_call+0x2734/0x2dc0 [ 44.533020][ T3986] do_syscall_64+0xc9/0x1c0 [ 44.533053][ T3986] ? clear_bhb_loop+0x55/0xb0 [ 44.533144][ T3986] ? clear_bhb_loop+0x55/0xb0 [ 44.533178][ T3986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 44.533208][ T3986] RIP: 0033:0x7fef907cd169 [ 44.533225][ T3986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 44.533290][ T3986] RSP: 002b:00007fef8ee37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 44.533309][ T3986] RAX: ffffffffffffffda RBX: 00007fef909e5fa0 RCX: 00007fef907cd169 [ 44.533320][ T3986] RDX: 0000000000000000 RSI: 0000400000000500 RDI: 0000000000000005 [ 44.533331][ T3986] RBP: 00007fef8ee37090 R08: 0000000000000000 R09: 0000000000000000 [ 44.533342][ T3986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 44.533353][ T3986] R13: 0000000000000000 R14: 00007fef909e5fa0 R15: 00007fff963b7298 [ 44.533448][ T3986] [ 44.546258][ T3989] loop0: detected capacity change from 0 to 2048 [ 44.750891][ T3989] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.776121][ T4001] loop2: detected capacity change from 0 to 2048 [ 44.790588][ T4002] loop3: detected capacity change from 0 to 164 [ 44.798612][ T4002] iso9660: Unknown parameter 'blocK10x0000000000000200' [ 44.809461][ T4001] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.971627][ T4002] ./file0: Can't lookup blockdev [ 45.136951][ T4022] loop3: detected capacity change from 0 to 1024 [ 45.149384][ T4022] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.180079][ T3300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.313435][ T4030] ./file0: Can't lookup blockdev [ 45.328850][ T4032] loop3: detected capacity change from 0 to 764 [ 45.337741][ T4030] pimreg: entered allmulticast mode [ 45.343364][ T4032] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 45.351552][ T4030] pimreg: left allmulticast mode [ 45.379471][ T4032] ./file0: Can't lookup blockdev [ 45.388813][ T4032] pimreg: entered allmulticast mode [ 45.394810][ T4032] pimreg: left allmulticast mode [ 45.428153][ T3297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.497086][ T4045] loop0: detected capacity change from 0 to 2048 [ 45.512766][ T4047] loop3: detected capacity change from 0 to 764 [ 45.527072][ T4045] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.545774][ T4047] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 45.559189][ T4047] ./file0: Can't lookup blockdev [ 45.568223][ T4047] pimreg: entered allmulticast mode [ 45.574112][ T4047] pimreg: left allmulticast mode [ 45.675246][ T4058] netlink: 32 bytes leftover after parsing attributes in process `syz.3.198'. [ 45.698898][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.743280][ T4063] loop2: detected capacity change from 0 to 512 [ 45.776229][ T4063] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 45.800082][ T4063] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.815792][ T4063] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.905779][ T4063] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.199: corrupted xattr block 19: overlapping e_value [ 45.953630][ T4063] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 46.013901][ T4063] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.199: corrupted xattr block 19: overlapping e_value [ 46.062210][ T4077] loop3: detected capacity change from 0 to 2048 [ 46.076755][ T4063] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 46.093187][ T4063] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.199: corrupted xattr block 19: overlapping e_value [ 46.122248][ T4077] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.140739][ T4063] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 46.162384][ T4063] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.199: corrupted xattr block 19: overlapping e_value [ 46.205901][ T4063] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.199: corrupted xattr block 19: overlapping e_value [ 46.259085][ T4063] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 46.279647][ T4063] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 46.369957][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.437564][ T4085] loop2: detected capacity change from 0 to 764 [ 46.446064][ T4085] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 46.479969][ T4085] ./file0: Can't lookup blockdev [ 46.489492][ T4085] pimreg: entered allmulticast mode [ 46.495417][ T4085] pimreg: left allmulticast mode [ 46.504930][ T3297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.599579][ T4096] loop2: detected capacity change from 0 to 764 [ 46.606982][ T4096] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 46.617759][ T4097] loop0: detected capacity change from 0 to 512 [ 46.628991][ T4096] ./file0: Can't lookup blockdev [ 46.638219][ T4096] pimreg: entered allmulticast mode [ 46.644085][ T4096] pimreg: left allmulticast mode [ 46.650529][ T4097] EXT4-fs: Ignoring removed oldalloc option [ 46.656955][ T4097] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 46.668163][ T4097] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2863: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 46.681465][ T4097] EXT4-fs (loop0): 1 truncate cleaned up [ 46.687722][ T4097] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.704275][ T29] kauditd_printk_skb: 394 callbacks suppressed [ 46.704287][ T29] audit: type=1400 audit(1741142890.732:1175): avc: denied { mounton } for pid=4090 comm="syz.0.207" path="/43/bus/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 46.735565][ T29] audit: type=1400 audit(1741142890.742:1176): avc: denied { append } for pid=4090 comm="syz.0.207" name="loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 46.785501][ T29] audit: type=1326 audit(1741142890.812:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4100 comm="syz.2.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef907cd169 code=0x7ffc0000 [ 46.808125][ T4097] support for the xor transformation has been removed. [ 46.809627][ T29] audit: type=1326 audit(1741142890.842:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4100 comm="syz.2.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef907cd169 code=0x7ffc0000 [ 46.839184][ T29] audit: type=1326 audit(1741142890.842:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4100 comm="syz.2.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef907cd169 code=0x7ffc0000 [ 46.862622][ T29] audit: type=1326 audit(1741142890.842:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4100 comm="syz.2.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef907cd169 code=0x7ffc0000 [ 46.890826][ T4102] loop2: detected capacity change from 0 to 512 [ 46.898057][ T29] audit: type=1326 audit(1741142890.922:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4100 comm="syz.2.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fef907cd169 code=0x7ffc0000 [ 46.921422][ T29] audit: type=1326 audit(1741142890.922:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4100 comm="syz.2.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fef907cd1a3 code=0x7ffc0000 [ 46.944788][ T29] audit: type=1326 audit(1741142890.922:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4100 comm="syz.2.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fef907cbc1f code=0x7ffc0000 [ 46.950775][ T4104] loop4: detected capacity change from 0 to 512 [ 46.967962][ T29] audit: type=1326 audit(1741142890.922:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4100 comm="syz.2.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fef907cd1f7 code=0x7ffc0000 [ 46.975249][ T4104] EXT4-fs: Ignoring removed oldalloc option [ 46.997428][ T4102] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 47.004477][ T4104] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 47.014514][ T3300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.033826][ T4102] EXT4-fs error (device loop2): __ext4_iget:4984: inode #11: block 2: comm syz.2.210: invalid block [ 47.035532][ T4104] EXT4-fs (loop4): 1 truncate cleaned up [ 47.045059][ T4102] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.210: couldn't read orphan inode 11 (err -117) [ 47.062561][ T4104] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.075436][ T4102] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.092493][ T4102] netlink: 'syz.2.210': attribute type 1 has an invalid length. [ 47.100227][ T4102] netlink: 16 bytes leftover after parsing attributes in process `syz.2.210'. [ 47.164850][ T4104] support for the xor transformation has been removed. [ 47.201193][ T3296] ------------[ cut here ]------------ [ 47.206782][ T3296] bad length passed for symlink [/tmp/syz-imagegen2884317625/] (got 39, expected 29) [ 47.207074][ T3296] WARNING: CPU: 1 PID: 3296 at ./include/linux/fs.h:803 inode_set_cached_link+0xc4/0xd0 [ 47.226602][ T3296] Modules linked in: [ 47.230516][ T3296] CPU: 1 UID: 0 PID: 3296 Comm: syz-executor Not tainted 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 47.241525][ T3296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 47.251648][ T3296] RIP: 0010:inode_set_cached_link+0xc4/0xd0 [ 47.257768][ T3296] Code: ff 48 c7 c7 1e f5 b2 86 e8 79 61 c4 ff c6 05 a0 71 0b 05 01 90 48 c7 c7 67 33 1b 86 4c 89 f6 89 ea 44 89 f9 e8 fd b5 8c ff 90 <0f> 0b 90 90 eb 84 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 [ 47.277518][ T3296] RSP: 0018:ffffc9000157bac8 EFLAGS: 00010246 [ 47.283595][ T3296] RAX: f28e0001fc729e00 RBX: ffff88811667b2a8 RCX: ffff8881030e4200 [ 47.291597][ T3296] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 47.299618][ T3296] RBP: 0000000000000027 R08: ffffffff81343af7 R09: 0000000000000000 [ 47.307644][ T3296] R10: 0001ffffffffffff R11: ffff8881030e4200 R12: ffff88811667b2a8 [ 47.315659][ T3296] R13: ffff88811667b2d0 R14: ffff88811667b180 R15: 000000000000001d [ 47.323631][ T3296] FS: 0000555560dcb500(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 [ 47.332602][ T3296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.339326][ T3296] CR2: 0000555560df6528 CR3: 0000000114f74000 CR4: 00000000003506f0 [ 47.347399][ T3296] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 47.355529][ T3296] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 47.363586][ T3296] Call Trace: [ 47.366965][ T3296] [ 47.369917][ T3296] ? __warn+0x141/0x350 [ 47.374098][ T3296] ? report_bug+0x315/0x420 [ 47.378663][ T3296] ? inode_set_cached_link+0xc4/0xd0 [ 47.384010][ T3296] ? handle_bug+0x60/0x90 [ 47.388052][ T4122] ./file0: Can't lookup blockdev [ 47.388433][ T3296] ? exc_invalid_op+0x1a/0x50 [ 47.398077][ T3296] ? asm_exc_invalid_op+0x1a/0x20 [ 47.402742][ T4122] pimreg: entered allmulticast mode [ 47.403117][ T3296] ? __warn_printk+0x167/0x1b0 [ 47.413250][ T3296] ? inode_set_cached_link+0xc4/0xd0 [ 47.418755][ T3296] ? inode_set_cached_link+0xc3/0xd0 [ 47.420304][ T4122] pimreg: left allmulticast mode [ 47.424121][ T3296] __ext4_iget+0x1bb5/0x1e20 [ 47.433704][ T3296] ext4_lookup+0x15b/0x390 [ 47.438794][ T3296] __lookup_slow+0x18a/0x250 [ 47.443416][ T3296] lookup_slow+0x3c/0x60 [ 47.447774][ T3296] walk_component+0x1f5/0x230 [ 47.452487][ T3296] ? path_lookupat+0xfd/0x2b0 [ 47.457318][ T3296] path_lookupat+0x10a/0x2b0 [ 47.461976][ T3296] filename_lookup+0x150/0x340 [ 47.466779][ T3296] user_path_at+0x3c/0x120 [ 47.471264][ T3296] __x64_sys_umount+0x85/0xe0 [ 47.475973][ T3296] x64_sys_call+0x20cd/0x2dc0 [ 47.480721][ T3296] do_syscall_64+0xc9/0x1c0 [ 47.485272][ T3296] ? clear_bhb_loop+0x55/0xb0 [ 47.490029][ T3296] ? clear_bhb_loop+0x55/0xb0 [ 47.494864][ T3296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.500854][ T3296] RIP: 0033:0x7f6f2a21e497 [ 47.505284][ T3296] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 47.524982][ T3296] RSP: 002b:00007ffe4880af68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 47.533513][ T3296] RAX: ffffffffffffffda RBX: 00007f6f2a29e08c RCX: 00007f6f2a21e497 [ 47.541855][ T3296] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe4880b020 [ 47.549851][ T3296] RBP: 00007ffe4880b020 R08: 0000000000000000 R09: 0000000000000000 [ 47.557836][ T3296] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe4880c110 [ 47.565825][ T3296] R13: 00007f6f2a29e08c R14: 000000000000b83f R15: 00007ffe4880e2d0 [ 47.573903][ T3296] [ 47.576961][ T3296] ---[ end trace 0000000000000000 ]--- [ 47.586162][ T3296] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 47.586468][ T3297] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 47.618183][ T3297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.627571][ T4125] loop3: detected capacity change from 0 to 764 [ 47.627910][ T3296] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.643893][ T4125] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 47.659314][ T4125] ./file0: Can't lookup blockdev [ 47.670654][ T4125] pimreg: entered allmulticast mode [ 47.676967][ T4125] pimreg: left allmulticast mode [ 47.710618][ T4127] loop0: detected capacity change from 0 to 1024 [ 47.722763][ T4131] loop4: detected capacity change from 0 to 1024 [ 47.740876][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.769599][ T4131] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.787509][ T4127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.857861][ T3297] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.898638][ T4147] loop0: detected capacity change from 0 to 164 [ 47.908465][ T4147] rock: directory entry would overflow storage [ 47.914658][ T4147] rock: sig=0x4f50, size=4, remaining=3 [ 47.920267][ T4147] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 47.932987][ T3296] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.944695][ T4149] loop2: detected capacity change from 0 to 512 [ 47.958341][ T4149] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 47.978521][ T4149] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.998338][ T4149] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.014792][ T4149] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.228: corrupted xattr block 19: overlapping e_value [ 48.081365][ T4149] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 48.093259][ T4149] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.228: corrupted xattr block 19: overlapping e_value [ 48.113440][ T4149] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 48.122811][ T4149] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.228: corrupted xattr block 19: overlapping e_value [ 48.137871][ T4149] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 48.151566][ T4149] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.228: corrupted xattr block 19: overlapping e_value [ 48.182191][ T4149] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.228: corrupted xattr block 19: overlapping e_value [ 48.217652][ T4149] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 48.245406][ T4149] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 48.297255][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.415743][ T4166] loop2: detected capacity change from 0 to 512 [ 48.442598][ T4166] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 48.498193][ T4166] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.516792][ T4176] netlink: 24 bytes leftover after parsing attributes in process `syz.4.237'. [ 48.525977][ T4166] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.539466][ T4176] loop4: detected capacity change from 0 to 164 [ 48.547318][ T4176] Unable to read rock-ridge attributes [ 48.562662][ T4166] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.234: corrupted xattr block 19: overlapping e_value [ 48.580776][ T4166] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 48.606115][ T4166] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.234: corrupted xattr block 19: overlapping e_value [ 48.627741][ T4166] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 48.655537][ T4166] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.234: corrupted xattr block 19: overlapping e_value [ 48.723464][ T4183] netlink: 32 bytes leftover after parsing attributes in process `syz.1.238'. [ 48.745759][ T4166] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 48.760473][ T4166] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.234: corrupted xattr block 19: overlapping e_value [ 48.786767][ T4166] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.234: corrupted xattr block 19: overlapping e_value [ 48.814963][ T4166] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 48.828194][ T4166] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 48.912139][ T4202] netlink: 32 bytes leftover after parsing attributes in process `syz.3.246'. [ 48.942044][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.976855][ T4210] netlink: 32 bytes leftover after parsing attributes in process `syz.1.251'. [ 49.082830][ T4222] ./file0: Can't lookup blockdev [ 49.092254][ T4222] pimreg: entered allmulticast mode [ 49.098501][ T4222] pimreg: left allmulticast mode [ 49.173340][ T4225] FAULT_INJECTION: forcing a failure. [ 49.173340][ T4225] name failslab, interval 1, probability 0, space 0, times 0 [ 49.186037][ T4225] CPU: 0 UID: 0 PID: 4225 Comm: syz.1.256 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 49.186071][ T4225] Tainted: [W]=WARN [ 49.186111][ T4225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 49.186124][ T4225] Call Trace: [ 49.186132][ T4225] [ 49.186141][ T4225] dump_stack_lvl+0xf2/0x150 [ 49.186181][ T4225] dump_stack+0x15/0x1a [ 49.186205][ T4225] should_fail_ex+0x24a/0x260 [ 49.186237][ T4225] ? audit_log_d_path+0x8e/0x150 [ 49.186288][ T4225] should_failslab+0x8f/0xb0 [ 49.186321][ T4225] __kmalloc_cache_noprof+0x4e/0x320 [ 49.186376][ T4225] audit_log_d_path+0x8e/0x150 [ 49.186412][ T4225] audit_log_d_path_exe+0x42/0x70 [ 49.186459][ T4225] audit_log_task+0x1ec/0x250 [ 49.186493][ T4225] audit_seccomp+0x68/0x130 [ 49.186524][ T4225] __seccomp_filter+0x6fa/0x1180 [ 49.186663][ T4225] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 49.186697][ T4225] ? vfs_write+0x644/0x920 [ 49.186731][ T4225] __secure_computing+0x9f/0x1c0 [ 49.186761][ T4225] syscall_trace_enter+0xd1/0x1f0 [ 49.186789][ T4225] do_syscall_64+0xaa/0x1c0 [ 49.186873][ T4225] ? clear_bhb_loop+0x55/0xb0 [ 49.186901][ T4225] ? clear_bhb_loop+0x55/0xb0 [ 49.186941][ T4225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 49.187017][ T4225] RIP: 0033:0x7fb282d9d169 [ 49.187032][ T4225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 49.187051][ T4225] RSP: 002b:00007fb281407038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fe [ 49.187070][ T4225] RAX: ffffffffffffffda RBX: 00007fb282fb5fa0 RCX: 00007fb282d9d169 [ 49.187082][ T4225] RDX: 0000000080000180 RSI: 0000400000000900 RDI: 0000000000000004 [ 49.187094][ T4225] RBP: 00007fb281407090 R08: 0000000000000000 R09: 0000000000000000 [ 49.187106][ T4225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 49.187132][ T4225] R13: 0000000000000000 R14: 00007fb282fb5fa0 R15: 00007ffc90901f48 [ 49.187175][ T4225] [ 49.444962][ T4227] geneve0: entered allmulticast mode [ 49.498520][ T4231] netlink: 32 bytes leftover after parsing attributes in process `syz.2.259'. [ 49.623239][ T4247] loop3: detected capacity change from 0 to 2048 [ 49.665637][ T4247] loop3: p1 < > p4 [ 49.670805][ T4247] loop3: p4 size 8388608 extends beyond EOD, truncated [ 49.713218][ T4255] netlink: 24 bytes leftover after parsing attributes in process `syz.1.270'. [ 49.732598][ T4255] netlink: 16 bytes leftover after parsing attributes in process `syz.1.270'. [ 49.781064][ T4259] netlink: 32 bytes leftover after parsing attributes in process `syz.2.273'. [ 49.828728][ T4265] loop2: detected capacity change from 0 to 512 [ 49.835954][ T4265] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 49.867554][ T4265] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.880436][ T4265] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.895153][ T4265] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.275: corrupted xattr block 19: overlapping e_value [ 49.905770][ T4272] loop3: detected capacity change from 0 to 1024 [ 49.909133][ T4265] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 49.915546][ T4272] EXT4-fs: Ignoring removed orlov option [ 49.924168][ T4265] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.275: corrupted xattr block 19: overlapping e_value [ 49.929815][ T4272] EXT4-fs: Ignoring removed nomblk_io_submit option [ 49.943900][ T4265] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 49.956560][ T4272] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.959344][ T4265] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.275: corrupted xattr block 19: overlapping e_value [ 49.985485][ T4265] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 49.995125][ T4265] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.275: corrupted xattr block 19: overlapping e_value [ 49.995554][ T4272] FAULT_INJECTION: forcing a failure. [ 49.995554][ T4272] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 50.009356][ T4265] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.275: corrupted xattr block 19: overlapping e_value [ 50.021786][ T4272] CPU: 0 UID: 0 PID: 4272 Comm: syz.3.277 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 50.021898][ T4272] Tainted: [W]=WARN [ 50.021908][ T4272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 50.021922][ T4272] Call Trace: [ 50.021929][ T4272] [ 50.021939][ T4272] dump_stack_lvl+0xf2/0x150 [ 50.022038][ T4272] dump_stack+0x15/0x1a [ 50.022064][ T4272] should_fail_ex+0x24a/0x260 [ 50.022117][ T4272] should_fail+0xb/0x10 [ 50.022149][ T4272] should_fail_usercopy+0x1a/0x20 [ 50.022232][ T4272] strncpy_from_user+0x25/0x210 [ 50.022261][ T4272] ? kmem_cache_alloc_noprof+0x18e/0x320 [ 50.022288][ T4272] ? getname_flags+0x81/0x3b0 [ 50.022383][ T4272] getname_flags+0xb0/0x3b0 [ 50.022480][ T4272] __x64_sys_mkdirat+0x41/0x60 [ 50.022513][ T4272] x64_sys_call+0x1b6f/0x2dc0 [ 50.022556][ T4272] do_syscall_64+0xc9/0x1c0 [ 50.022592][ T4272] ? clear_bhb_loop+0x55/0xb0 [ 50.022654][ T4272] ? clear_bhb_loop+0x55/0xb0 [ 50.022685][ T4272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.022715][ T4272] RIP: 0033:0x7f759931b9d7 [ 50.022732][ T4272] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.022789][ T4272] RSP: 002b:00007f7597986e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 50.022871][ T4272] RAX: ffffffffffffffda RBX: 00007f7597986ef0 RCX: 00007f759931b9d7 [ 50.022884][ T4272] RDX: 00000000000001ff RSI: 0000400000000100 RDI: 00000000ffffff9c [ 50.022898][ T4272] RBP: 0000400000000180 R08: 0000400000000000 R09: 0000000000000000 [ 50.022911][ T4272] R10: 0000400000000180 R11: 0000000000000246 R12: 0000400000000100 [ 50.022925][ T4272] R13: 00007f7597986eb0 R14: 0000000000000000 R15: 00004000000001c0 [ 50.022945][ T4272] [ 50.214680][ T4265] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 50.215109][ T4272] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 50.223924][ T4265] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 50.258957][ T3300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.280079][ T4276] geneve0: entered allmulticast mode [ 50.298569][ T4278] loop2: detected capacity change from 0 to 512 [ 50.305870][ T4278] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 50.319996][ T4278] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.342361][ T4282] loop3: detected capacity change from 0 to 1024 [ 50.344048][ T4278] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.279: corrupted xattr block 19: overlapping e_value [ 50.349253][ T4282] EXT4-fs: Ignoring removed orlov option [ 50.362939][ T4284] netlink: 32 bytes leftover after parsing attributes in process `syz.1.281'. [ 50.368197][ T4282] EXT4-fs: Ignoring removed nomblk_io_submit option [ 50.378318][ T4278] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 50.383964][ T4284] FAULT_INJECTION: forcing a failure. [ 50.383964][ T4284] name failslab, interval 1, probability 0, space 0, times 0 [ 50.393046][ T4278] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.279: corrupted xattr block 19: overlapping e_value [ 50.405199][ T4284] CPU: 1 UID: 0 PID: 4284 Comm: syz.1.281 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 50.405234][ T4284] Tainted: [W]=WARN [ 50.405275][ T4284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 50.405291][ T4284] Call Trace: [ 50.405300][ T4284] [ 50.405310][ T4284] dump_stack_lvl+0xf2/0x150 [ 50.405356][ T4284] dump_stack+0x15/0x1a [ 50.405454][ T4284] should_fail_ex+0x24a/0x260 [ 50.405492][ T4284] should_failslab+0x8f/0xb0 [ 50.405532][ T4284] kmem_cache_alloc_node_noprof+0x59/0x320 [ 50.405605][ T4284] ? __alloc_skb+0x10b/0x310 [ 50.405633][ T4284] __alloc_skb+0x10b/0x310 [ 50.405724][ T4284] netlink_ack+0xef/0x4f0 [ 50.405769][ T4284] netlink_rcv_skb+0x19c/0x230 [ 50.405808][ T4284] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 50.405886][ T4284] nfnetlink_rcv+0x16c/0x15d0 [ 50.405911][ T4284] ? kmem_cache_free+0xdc/0x2d0 [ 50.405940][ T4284] ? nlmon_xmit+0x51/0x60 [ 50.406009][ T4284] ? __kfree_skb+0x102/0x150 [ 50.406035][ T4284] ? consume_skb+0x49/0x160 [ 50.406062][ T4284] ? nlmon_xmit+0x51/0x60 [ 50.406101][ T4284] ? dev_hard_start_xmit+0x3c1/0x3f0 [ 50.406145][ T4284] ? __dev_queue_xmit+0xb6e/0x2090 [ 50.406197][ T4284] ? ref_tracker_free+0x3a5/0x410 [ 50.406239][ T4284] ? __netlink_deliver_tap+0x4c6/0x4f0 [ 50.406283][ T4284] netlink_unicast+0x599/0x670 [ 50.406335][ T4284] netlink_sendmsg+0x5cc/0x6e0 [ 50.406383][ T4284] ? __pfx_netlink_sendmsg+0x10/0x10 [ 50.406418][ T4284] __sock_sendmsg+0x140/0x180 [ 50.406495][ T4284] ____sys_sendmsg+0x326/0x4b0 [ 50.406527][ T4284] __sys_sendmsg+0x19d/0x230 [ 50.406572][ T4284] __x64_sys_sendmsg+0x46/0x50 [ 50.406729][ T4284] x64_sys_call+0x2734/0x2dc0 [ 50.406809][ T4284] do_syscall_64+0xc9/0x1c0 [ 50.406844][ T4284] ? clear_bhb_loop+0x55/0xb0 [ 50.406892][ T4284] ? clear_bhb_loop+0x55/0xb0 [ 50.406965][ T4284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.406998][ T4284] RIP: 0033:0x7fb282d9d169 [ 50.407018][ T4284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.407039][ T4284] RSP: 002b:00007fb281407038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 50.407061][ T4284] RAX: ffffffffffffffda RBX: 00007fb282fb5fa0 RCX: 00007fb282d9d169 [ 50.407076][ T4284] RDX: 0000000000000000 RSI: 00004000000001c0 RDI: 0000000000000003 [ 50.407119][ T4284] RBP: 00007fb281407090 R08: 0000000000000000 R09: 0000000000000000 [ 50.407133][ T4284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 50.407147][ T4284] R13: 0000000000000000 R14: 00007fb282fb5fa0 R15: 00007ffc90901f48 [ 50.407169][ T4284] [ 50.681572][ T4282] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 50.684817][ T4278] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 50.702888][ T4278] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.279: corrupted xattr block 19: overlapping e_value [ 50.722675][ T4278] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 50.733975][ T4278] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.279: corrupted xattr block 19: overlapping e_value [ 50.747925][ T4278] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.279: corrupted xattr block 19: overlapping e_value [ 50.762330][ T4278] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 50.771878][ T4278] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 50.924177][ T4305] FAULT_INJECTION: forcing a failure. [ 50.924177][ T4305] name failslab, interval 1, probability 0, space 0, times 0 [ 50.936846][ T4305] CPU: 0 UID: 0 PID: 4305 Comm: syz.1.283 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 50.936948][ T4305] Tainted: [W]=WARN [ 50.937012][ T4305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 50.937023][ T4305] Call Trace: [ 50.937029][ T4305] [ 50.937036][ T4305] dump_stack_lvl+0xf2/0x150 [ 50.937116][ T4305] dump_stack+0x15/0x1a [ 50.937142][ T4305] should_fail_ex+0x24a/0x260 [ 50.937254][ T4305] ? __se_sys_mount+0xf2/0x2d0 [ 50.937283][ T4305] should_failslab+0x8f/0xb0 [ 50.937313][ T4305] __kmalloc_cache_noprof+0x4e/0x320 [ 50.937338][ T4305] ? memdup_user+0x9f/0xc0 [ 50.937374][ T4305] __se_sys_mount+0xf2/0x2d0 [ 50.937411][ T4305] ? fput+0x1c4/0x200 [ 50.937490][ T4305] ? ksys_write+0x176/0x1b0 [ 50.937518][ T4305] __x64_sys_mount+0x67/0x80 [ 50.937634][ T4305] x64_sys_call+0x2c84/0x2dc0 [ 50.937684][ T4305] do_syscall_64+0xc9/0x1c0 [ 50.937760][ T4305] ? clear_bhb_loop+0x55/0xb0 [ 50.937872][ T4305] ? clear_bhb_loop+0x55/0xb0 [ 50.937906][ T4305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.937936][ T4305] RIP: 0033:0x7fb282d9d169 [ 50.937954][ T4305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.937974][ T4305] RSP: 002b:00007fb2813c5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 50.938047][ T4305] RAX: ffffffffffffffda RBX: 00007fb282fb6160 RCX: 00007fb282d9d169 [ 50.938061][ T4305] RDX: 00004000000002c0 RSI: 0000400000000280 RDI: 0000400000000200 [ 50.938081][ T4305] RBP: 00007fb2813c5090 R08: 0000400000000300 R09: 0000000000000000 [ 50.938096][ T4305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 50.938110][ T4305] R13: 0000000000000000 R14: 00007fb282fb6160 R15: 00007ffc90901f48 [ 50.938204][ T4305] [ 51.224012][ T4309] loop0: detected capacity change from 0 to 512 [ 51.243871][ T4311] netlink: 32 bytes leftover after parsing attributes in process `syz.3.292'. [ 51.268475][ T4309] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.291: bg 0: block 248: padding at end of block bitmap is not set [ 51.283766][ T4309] EXT4-fs error (device loop0): ext4_acquire_dquot:6927: comm syz.0.291: Failed to acquire dquot type 1 [ 51.296659][ T4309] EXT4-fs (loop0): 1 truncate cleaned up [ 51.303275][ T4309] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.335462][ T4309] syz.0.291 (4309) used greatest stack depth: 9280 bytes left [ 51.365723][ T4319] loop0: detected capacity change from 0 to 512 [ 51.379339][ T4319] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 51.385259][ T4321] capability: warning: `syz.3.296' uses 32-bit capabilities (legacy support in use) [ 51.410820][ T4319] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.426423][ T4319] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.295: corrupted xattr block 19: overlapping e_value [ 51.441090][ T4319] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 51.452480][ T4319] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.295: corrupted xattr block 19: overlapping e_value [ 51.467259][ T4319] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 51.478108][ T4319] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.295: corrupted xattr block 19: overlapping e_value [ 51.492120][ T4319] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 51.501507][ T4319] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.295: corrupted xattr block 19: overlapping e_value [ 51.517677][ T4329] ipvlan2: entered promiscuous mode [ 51.522945][ T4329] ipvlan2: entered allmulticast mode [ 51.528359][ T4329] bridge0: entered allmulticast mode [ 51.533805][ T4328] loop2: detected capacity change from 0 to 512 [ 51.540244][ T4319] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.295: corrupted xattr block 19: overlapping e_value [ 51.540608][ T4329] bond_slave_1: entered promiscuous mode [ 51.559687][ T4319] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 51.560787][ T4329] bond_slave_1: left promiscuous mode [ 51.569137][ T4328] EXT4-fs (loop2): filesystem is read-only [ 51.581039][ T4319] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 51.630876][ T4334] loop2: detected capacity change from 0 to 512 [ 51.646184][ T4334] EXT4-fs (loop2): filesystem is read-only [ 51.681515][ T4341] loop2: detected capacity change from 0 to 164 [ 51.701527][ T4345] loop0: detected capacity change from 0 to 512 [ 51.713519][ T4347] loop3: detected capacity change from 0 to 512 [ 51.722563][ T4347] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 51.731542][ T4345] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 51.736939][ T4341] rock: directory entry would overflow storage [ 51.746250][ T4341] rock: sig=0x4f50, size=4, remaining=3 [ 51.751811][ T4341] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 51.772403][ T4347] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.785036][ T4345] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.788421][ T4347] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.304: corrupted xattr block 19: overlapping e_value [ 51.811873][ T4347] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 51.812020][ T4345] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.311: corrupted xattr block 19: overlapping e_value [ 51.821014][ T4347] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.304: corrupted xattr block 19: overlapping e_value [ 51.852088][ T4347] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 51.852118][ T4347] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.304: corrupted xattr block 19: overlapping e_value [ 51.852289][ T4347] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 51.852598][ T4347] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.304: corrupted xattr block 19: overlapping e_value [ 51.852701][ T4347] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.304: corrupted xattr block 19: overlapping e_value [ 51.852842][ T4347] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 51.853015][ T4347] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 51.866306][ T4345] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 51.866381][ T4345] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.311: corrupted xattr block 19: overlapping e_value [ 51.875618][ T4345] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 51.875656][ T4345] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.311: corrupted xattr block 19: overlapping e_value [ 51.888731][ T4345] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 52.000609][ T4362] loop3: detected capacity change from 0 to 764 [ 52.020846][ T4362] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 52.033869][ T4362] ./file0: Can't lookup blockdev [ 52.043774][ T4362] pimreg: entered allmulticast mode [ 52.050365][ T4362] pimreg: left allmulticast mode [ 52.056403][ T4345] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.311: corrupted xattr block 19: overlapping e_value [ 52.086202][ T4345] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.311: corrupted xattr block 19: overlapping e_value [ 52.121727][ T4345] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 52.156104][ T4345] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 52.196146][ T4368] loop3: detected capacity change from 0 to 512 [ 52.203786][ T4368] EXT4-fs (loop3): filesystem is read-only [ 52.246469][ T4370] loop0: detected capacity change from 0 to 2048 [ 52.265017][ T4373] loop3: detected capacity change from 0 to 512 [ 52.282857][ T4373] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 52.308438][ T4370] loop0: p1 < > p4 [ 52.313491][ T4373] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.324151][ T4370] loop0: p4 size 8388608 extends beyond EOD, truncated [ 52.359825][ T4373] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.313: corrupted xattr block 19: overlapping e_value [ 52.400540][ T4373] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 52.424680][ T4373] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.313: corrupted xattr block 19: overlapping e_value [ 52.440785][ T4373] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 52.450469][ T4373] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.313: corrupted xattr block 19: overlapping e_value [ 52.480460][ T4373] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 52.490287][ T4373] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.313: corrupted xattr block 19: overlapping e_value [ 52.504755][ T4373] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.313: corrupted xattr block 19: overlapping e_value [ 52.519485][ T4373] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 52.528942][ T4373] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 52.759025][ T4395] loop3: detected capacity change from 0 to 512 [ 52.800696][ T4395] ext4 filesystem being mounted at /88/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.833339][ T4395] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.320: corrupted xattr block 33: e_value out of bounds [ 52.849847][ T4395] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 52.900926][ T4395] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.320: corrupted xattr block 33: e_value out of bounds [ 52.923028][ T29] kauditd_printk_skb: 331 callbacks suppressed [ 52.923060][ T29] audit: type=1326 audit(1741142896.952:1514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4400 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f2a21d169 code=0x7ffc0000 [ 52.962906][ T4401] loop4: detected capacity change from 0 to 512 [ 52.970890][ T4401] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 52.982295][ T4395] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 52.993315][ T29] audit: type=1326 audit(1741142896.982:1515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4400 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f2a21d169 code=0x7ffc0000 [ 53.016733][ T29] audit: type=1326 audit(1741142896.992:1516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4400 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6f2a21d169 code=0x7ffc0000 [ 53.040035][ T29] audit: type=1326 audit(1741142896.992:1517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4400 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f2a21d169 code=0x7ffc0000 [ 53.063427][ T29] audit: type=1326 audit(1741142896.992:1518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4400 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f2a21d169 code=0x7ffc0000 [ 53.079497][ T4401] EXT4-fs error (device loop4): __ext4_iget:4984: inode #11: block 2: comm syz.4.323: invalid block [ 53.086734][ T29] audit: type=1326 audit(1741142896.992:1519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4400 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6f2a21d169 code=0x7ffc0000 [ 53.086766][ T29] audit: type=1326 audit(1741142896.992:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4400 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6f2a21d1a3 code=0x7ffc0000 [ 53.098584][ T4401] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.323: couldn't read orphan inode 11 (err -117) [ 53.120826][ T29] audit: type=1326 audit(1741142896.992:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4400 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f6f2a21bc1f code=0x7ffc0000 [ 53.120863][ T29] audit: type=1326 audit(1741142896.992:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4400 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f6f2a21d1f7 code=0x7ffc0000 [ 53.202174][ T29] audit: type=1326 audit(1741142896.992:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4400 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6f2a21bad0 code=0x7ffc0000 [ 53.237462][ T4395] netlink: 36 bytes leftover after parsing attributes in process `syz.3.320'. [ 53.249404][ T4401] netlink: 'syz.4.323': attribute type 1 has an invalid length. [ 53.257084][ T4401] netlink: 16 bytes leftover after parsing attributes in process `syz.4.323'. [ 53.422576][ T4414] netlink: 24 bytes leftover after parsing attributes in process `syz.0.328'. [ 53.461062][ T4417] netlink: 24 bytes leftover after parsing attributes in process `syz.1.330'. [ 53.488405][ T4418] loop0: detected capacity change from 0 to 512 [ 53.497496][ T4418] EXT4-fs: Ignoring removed oldalloc option [ 53.510305][ T4418] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 53.520676][ T4399] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.320: corrupted xattr block 33: e_value out of bounds [ 53.535435][ T4399] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 53.546575][ T4424] netlink: 'syz.1.333': attribute type 1 has an invalid length. [ 53.546769][ T4422] loop4: detected capacity change from 0 to 2048 [ 53.561705][ T4418] EXT4-fs (loop0): 1 truncate cleaned up [ 53.604798][ T4418] support for the xor transformation has been removed. [ 53.876161][ T4438] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.946524][ T4438] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.017199][ T4438] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.066716][ T4438] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.123603][ T4438] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.135861][ T4438] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.148138][ T4438] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.159962][ T4438] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.216621][ T4441] loop3: detected capacity change from 0 to 512 [ 54.224422][ T4441] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 54.237711][ T4441] EXT4-fs error (device loop3): __ext4_iget:4984: inode #11: block 2: comm syz.3.338: invalid block [ 54.249134][ T4441] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.338: couldn't read orphan inode 11 (err -117) [ 54.274034][ T4441] netlink: 'syz.3.338': attribute type 1 has an invalid length. [ 54.285879][ T3297] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 54.345303][ T4449] netlink: 'syz.1.342': attribute type 1 has an invalid length. [ 54.379464][ T4453] loop0: detected capacity change from 0 to 764 [ 54.395299][ T4453] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 54.457466][ T4453] ./file0: Can't lookup blockdev [ 54.477647][ T4453] pimreg: entered allmulticast mode [ 54.490277][ T4453] pimreg: left allmulticast mode [ 54.559887][ T4460] loop4: detected capacity change from 0 to 512 [ 54.576763][ T4460] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.619632][ T4457] hub 4-0:1.0: USB hub found [ 54.624399][ T4457] hub 4-0:1.0: 8 ports detected [ 54.727726][ T4474] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 54.788712][ T4481] atomic_op ffff888119c8d128 conn xmit_atomic 0000000000000000 [ 54.797505][ T4481] __nla_validate_parse: 4 callbacks suppressed [ 54.797522][ T4481] netlink: 8 bytes leftover after parsing attributes in process `syz.4.347'. [ 54.801395][ T4483] netlink: 24 bytes leftover after parsing attributes in process `syz.1.353'. [ 54.815630][ T4481] bond1: entered promiscuous mode [ 54.826495][ T4481] bond1: entered allmulticast mode [ 54.866685][ T4481] 8021q: adding VLAN 0 to HW filter on device bond1 [ 54.883797][ T4487] FAULT_INJECTION: forcing a failure. [ 54.883797][ T4487] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 54.896956][ T4487] CPU: 0 UID: 0 PID: 4487 Comm: syz.3.349 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 54.897000][ T4487] Tainted: [W]=WARN [ 54.897006][ T4487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 54.897018][ T4487] Call Trace: [ 54.897031][ T4487] [ 54.897039][ T4487] dump_stack_lvl+0xf2/0x150 [ 54.897068][ T4487] dump_stack+0x15/0x1a [ 54.897114][ T4487] should_fail_ex+0x24a/0x260 [ 54.897146][ T4487] should_fail+0xb/0x10 [ 54.897233][ T4487] should_fail_usercopy+0x1a/0x20 [ 54.897334][ T4487] _copy_to_user+0x20/0xa0 [ 54.897352][ T4487] simple_read_from_buffer+0xa0/0x110 [ 54.897422][ T4487] proc_fail_nth_read+0xf9/0x140 [ 54.897458][ T4487] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 54.897490][ T4487] vfs_read+0x19b/0x6f0 [ 54.897632][ T4487] ? __rcu_read_unlock+0x4e/0x70 [ 54.897658][ T4487] ? __fget_files+0x17c/0x1c0 [ 54.897798][ T4487] ksys_read+0xe8/0x1b0 [ 54.897829][ T4487] __x64_sys_read+0x42/0x50 [ 54.897856][ T4487] x64_sys_call+0x2874/0x2dc0 [ 54.897882][ T4487] do_syscall_64+0xc9/0x1c0 [ 54.897955][ T4487] ? clear_bhb_loop+0x55/0xb0 [ 54.898064][ T4487] ? clear_bhb_loop+0x55/0xb0 [ 54.898145][ T4487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.898174][ T4487] RIP: 0033:0x7f759931bb7c [ 54.898188][ T4487] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 54.898205][ T4487] RSP: 002b:00007f7597945030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 54.898296][ T4487] RAX: ffffffffffffffda RBX: 00007f7599536160 RCX: 00007f759931bb7c [ 54.898310][ T4487] RDX: 000000000000000f RSI: 00007f75979450a0 RDI: 0000000000000006 [ 54.898324][ T4487] RBP: 00007f7597945090 R08: 0000000000000000 R09: 0000000000000000 [ 54.898337][ T4487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 54.898350][ T4487] R13: 0000000000000001 R14: 00007f7599536160 R15: 00007ffe0ff51d48 [ 54.898371][ T4487] [ 55.102425][ T4489] FAULT_INJECTION: forcing a failure. [ 55.102425][ T4489] name failslab, interval 1, probability 0, space 0, times 0 [ 55.115196][ T4489] CPU: 0 UID: 0 PID: 4489 Comm: syz.2.355 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 55.115226][ T4489] Tainted: [W]=WARN [ 55.115232][ T4489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 55.115246][ T4489] Call Trace: [ 55.115255][ T4489] [ 55.115263][ T4489] dump_stack_lvl+0xf2/0x150 [ 55.115291][ T4489] dump_stack+0x15/0x1a [ 55.115312][ T4489] should_fail_ex+0x24a/0x260 [ 55.115348][ T4489] should_failslab+0x8f/0xb0 [ 55.115463][ T4489] __kmalloc_node_track_caller_noprof+0xa8/0x410 [ 55.115488][ T4489] ? cond_bools_copy+0x30/0x80 [ 55.115509][ T4489] kmemdup_noprof+0x2b/0x70 [ 55.115540][ T4489] cond_bools_copy+0x30/0x80 [ 55.115642][ T4489] hashtab_duplicate+0x12c/0x370 [ 55.115671][ T4489] ? __pfx_cond_bools_copy+0x10/0x10 [ 55.115695][ T4489] ? __pfx_cond_bools_destroy+0x10/0x10 [ 55.115721][ T4489] cond_policydb_dup+0xd9/0x4d0 [ 55.115749][ T4489] security_set_bools+0xa8/0x350 [ 55.115922][ T4489] ? sel_commit_bools_write+0x164/0x260 [ 55.115947][ T4489] sel_commit_bools_write+0x1de/0x260 [ 55.115968][ T4489] ? __pfx_sel_commit_bools_write+0x10/0x10 [ 55.115990][ T4489] vfs_write+0x27d/0x920 [ 55.116022][ T4489] ? __fget_files+0x17c/0x1c0 [ 55.116100][ T4489] __x64_sys_pwrite64+0xf6/0x150 [ 55.116134][ T4489] x64_sys_call+0xab0/0x2dc0 [ 55.116164][ T4489] do_syscall_64+0xc9/0x1c0 [ 55.116273][ T4489] ? clear_bhb_loop+0x55/0xb0 [ 55.116307][ T4489] ? clear_bhb_loop+0x55/0xb0 [ 55.116374][ T4489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.116402][ T4489] RIP: 0033:0x7fef907cd169 [ 55.116418][ T4489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.116439][ T4489] RSP: 002b:00007fef8ee37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 55.116474][ T4489] RAX: ffffffffffffffda RBX: 00007fef909e5fa0 RCX: 00007fef907cd169 [ 55.116485][ T4489] RDX: 0000000000000001 RSI: 0000400000000080 RDI: 0000000000000003 [ 55.116496][ T4489] RBP: 00007fef8ee37090 R08: 0000000000000000 R09: 0000000000000000 [ 55.116509][ T4489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.116522][ T4489] R13: 0000000000000000 R14: 00007fef909e5fa0 R15: 00007fff963b7298 [ 55.116544][ T4489] [ 55.390000][ T4493] loop4: detected capacity change from 0 to 512 [ 55.402590][ T4491] ./file0: Can't lookup blockdev [ 55.408931][ T4493] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 55.423683][ T4491] pimreg: entered allmulticast mode [ 55.431114][ T4491] pimreg: left allmulticast mode [ 55.447495][ T4493] EXT4-fs error (device loop4): __ext4_iget:4984: inode #11: block 2: comm syz.4.357: invalid block [ 55.459556][ T4493] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.357: couldn't read orphan inode 11 (err -117) [ 55.482923][ T4493] netlink: 'syz.4.357': attribute type 1 has an invalid length. [ 55.490759][ T4493] netlink: 16 bytes leftover after parsing attributes in process `syz.4.357'. [ 55.631981][ T4514] loop3: detected capacity change from 0 to 512 [ 55.638807][ T4514] EXT4-fs: Ignoring removed oldalloc option [ 55.649365][ T4514] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 55.661631][ T4514] EXT4-fs (loop3): orphan cleanup on readonly fs [ 55.670832][ T4514] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.360: Failed to acquire dquot type 1 [ 55.682514][ T4514] EXT4-fs (loop3): 1 truncate cleaned up [ 55.765494][ T4518] loop2: detected capacity change from 0 to 512 [ 55.776609][ T4518] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.790517][ T4518] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.366: corrupted xattr block 33: e_value out of bounds [ 55.819129][ T4518] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 55.833323][ T4522] netlink: 24 bytes leftover after parsing attributes in process `syz.0.367'. [ 55.842482][ T4518] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.366: corrupted xattr block 33: e_value out of bounds [ 55.858157][ T4518] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 55.888490][ T4518] netlink: 36 bytes leftover after parsing attributes in process `syz.2.366'. [ 55.910786][ T4523] loop0: detected capacity change from 0 to 512 [ 55.919074][ T4523] EXT4-fs: Ignoring removed oldalloc option [ 55.941033][ T4523] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 55.972950][ T4523] EXT4-fs (loop0): 1 truncate cleaned up [ 56.202403][ T4528] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.366: corrupted xattr block 33: e_value out of bounds [ 56.217575][ T4528] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 56.564799][ T4523] support for the xor transformation has been removed. [ 56.609570][ T4532] FAULT_INJECTION: forcing a failure. [ 56.609570][ T4532] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 56.622795][ T4532] CPU: 1 UID: 0 PID: 4532 Comm: syz.4.369 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 56.622829][ T4532] Tainted: [W]=WARN [ 56.622848][ T4532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 56.622862][ T4532] Call Trace: [ 56.622869][ T4532] [ 56.622877][ T4532] dump_stack_lvl+0xf2/0x150 [ 56.622912][ T4532] dump_stack+0x15/0x1a [ 56.622937][ T4532] should_fail_ex+0x24a/0x260 [ 56.622982][ T4532] should_fail+0xb/0x10 [ 56.623015][ T4532] should_fail_usercopy+0x1a/0x20 [ 56.623052][ T4532] _copy_from_user+0x1c/0xa0 [ 56.623070][ T4532] copy_msghdr_from_user+0x54/0x2a0 [ 56.623100][ T4532] ? __fget_files+0x17c/0x1c0 [ 56.623147][ T4532] __sys_sendmsg+0x13e/0x230 [ 56.623194][ T4532] __x64_sys_sendmsg+0x46/0x50 [ 56.623224][ T4532] x64_sys_call+0x2734/0x2dc0 [ 56.623271][ T4532] do_syscall_64+0xc9/0x1c0 [ 56.623302][ T4532] ? clear_bhb_loop+0x55/0xb0 [ 56.623335][ T4532] ? clear_bhb_loop+0x55/0xb0 [ 56.623384][ T4532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.623475][ T4532] RIP: 0033:0x7f6f2a21d169 [ 56.623518][ T4532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.623539][ T4532] RSP: 002b:00007f6f28881038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.623560][ T4532] RAX: ffffffffffffffda RBX: 00007f6f2a435fa0 RCX: 00007f6f2a21d169 [ 56.623575][ T4532] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000004 [ 56.623588][ T4532] RBP: 00007f6f28881090 R08: 0000000000000000 R09: 0000000000000000 [ 56.623645][ T4532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 56.623658][ T4532] R13: 0000000000000000 R14: 00007f6f2a435fa0 R15: 00007ffe4880deb8 [ 56.623687][ T4532] [ 56.932750][ T3297] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 57.113263][ T4539] loop0: detected capacity change from 0 to 2048 [ 57.180499][ T4534] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.228399][ T4552] loop2: detected capacity change from 0 to 764 [ 57.236585][ T4552] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 57.251237][ T4554] loop3: detected capacity change from 0 to 1024 [ 57.266672][ T4534] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.283559][ T4552] ./file0: Can't lookup blockdev [ 57.296452][ T4552] pimreg: entered allmulticast mode [ 57.304497][ T4552] pimreg: left allmulticast mode [ 57.334523][ T4534] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.374660][ T4559] loop3: detected capacity change from 0 to 512 [ 57.382618][ T4534] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.393896][ T4559] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 57.419316][ T4559] ext4 filesystem being mounted at /99/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.434147][ T4559] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.377: corrupted xattr block 19: overlapping e_value [ 57.448554][ T4559] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 57.457932][ T4559] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.377: corrupted xattr block 19: overlapping e_value [ 57.472214][ T4559] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 57.481608][ T4559] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.377: corrupted xattr block 19: overlapping e_value [ 57.495846][ T4559] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 57.507352][ T4559] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.377: corrupted xattr block 19: overlapping e_value [ 57.522133][ T4559] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.377: corrupted xattr block 19: overlapping e_value [ 57.554969][ T4559] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 57.575927][ T4559] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 57.674019][ T4572] loop3: detected capacity change from 0 to 1024 [ 57.702371][ T4572] tmpfs: Unknown parameter 'nr_ino' [ 57.958250][ T4575] loop4: detected capacity change from 0 to 512 [ 57.969759][ T4578] loop3: detected capacity change from 0 to 512 [ 57.985160][ T4578] ext4 filesystem being mounted at /101/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 57.987124][ T4575] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.006853][ T4578] capability: warning: `syz.3.386' uses deprecated v2 capabilities in a way that may be insecure [ 58.017198][ T4575] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.383: corrupted xattr block 33: e_value out of bounds [ 58.031482][ T4575] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 58.031491][ T4586] FAULT_INJECTION: forcing a failure. [ 58.031491][ T4586] name failslab, interval 1, probability 0, space 0, times 0 [ 58.031522][ T4586] CPU: 1 UID: 0 PID: 4586 Comm: syz.2.387 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 58.031557][ T4586] Tainted: [W]=WARN [ 58.031565][ T4586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 58.031582][ T4586] Call Trace: [ 58.031589][ T4586] [ 58.031619][ T4586] dump_stack_lvl+0xf2/0x150 [ 58.031674][ T4586] dump_stack+0x15/0x1a [ 58.031699][ T4586] should_fail_ex+0x24a/0x260 [ 58.031737][ T4586] should_failslab+0x8f/0xb0 [ 58.031774][ T4586] kmem_cache_alloc_node_noprof+0x59/0x320 [ 58.031803][ T4586] ? __alloc_skb+0x10b/0x310 [ 58.031831][ T4586] __alloc_skb+0x10b/0x310 [ 58.031867][ T4586] netlink_alloc_large_skb+0xad/0xe0 [ 58.031903][ T4586] netlink_sendmsg+0x3b4/0x6e0 [ 58.032029][ T4586] ? __pfx_netlink_sendmsg+0x10/0x10 [ 58.032068][ T4586] __sock_sendmsg+0x140/0x180 [ 58.032108][ T4586] ____sys_sendmsg+0x326/0x4b0 [ 58.032157][ T4586] __sys_sendmsg+0x19d/0x230 [ 58.032201][ T4586] __x64_sys_sendmsg+0x46/0x50 [ 58.032232][ T4586] x64_sys_call+0x2734/0x2dc0 [ 58.032265][ T4586] do_syscall_64+0xc9/0x1c0 [ 58.032346][ T4586] ? clear_bhb_loop+0x55/0xb0 [ 58.032379][ T4586] ? clear_bhb_loop+0x55/0xb0 [ 58.032412][ T4586] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.032576][ T4586] RIP: 0033:0x7fef907cd169 [ 58.032593][ T4586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.032614][ T4586] RSP: 002b:00007fef8ee37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 58.032638][ T4586] RAX: ffffffffffffffda RBX: 00007fef909e5fa0 RCX: 00007fef907cd169 [ 58.032653][ T4586] RDX: 0000000000000000 RSI: 0000400000000500 RDI: 0000000000000003 [ 58.032667][ T4586] RBP: 00007fef8ee37090 R08: 0000000000000000 R09: 0000000000000000 [ 58.032682][ T4586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 58.032696][ T4586] R13: 0000000000000000 R14: 00007fef909e5fa0 R15: 00007fff963b7298 [ 58.032741][ T4586] [ 58.124253][ T4588] netlink: 36 bytes leftover after parsing attributes in process `syz.4.383'. [ 58.128959][ T4575] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.383: corrupted xattr block 33: e_value out of bounds [ 58.276744][ T4575] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 58.304514][ T4593] loop2: detected capacity change from 0 to 764 [ 58.317915][ T4593] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 58.327107][ T29] kauditd_printk_skb: 461 callbacks suppressed [ 58.327122][ T29] audit: type=1400 audit(1741142902.362:1983): avc: denied { setopt } for pid=4594 comm="syz.3.390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 58.356224][ T4593] ./file0: Can't lookup blockdev [ 58.365211][ T4593] pimreg: entered allmulticast mode [ 58.380101][ T4593] pimreg: left allmulticast mode [ 58.510937][ T29] audit: type=1326 audit(1741142902.542:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4574 comm="syz.4.383" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6f2a21d169 code=0x0 [ 58.558942][ T4608] loop2: detected capacity change from 0 to 512 [ 58.566613][ T4608] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 58.592546][ T4608] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.605543][ T4608] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.395: corrupted xattr block 19: overlapping e_value [ 58.613172][ T4575] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.383: corrupted xattr block 33: e_value out of bounds [ 58.622416][ T4608] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 58.633448][ T29] audit: type=1326 audit(1741142902.652:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4611 comm="syz.0.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2751d169 code=0x7ffc0000 [ 58.642575][ T4608] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.395: corrupted xattr block 19: overlapping e_value [ 58.665215][ T29] audit: type=1326 audit(1741142902.652:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4611 comm="syz.0.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f2e2751d169 code=0x7ffc0000 [ 58.689067][ T4575] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 58.717691][ T4534] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.738323][ T4608] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 58.747451][ T4608] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.395: corrupted xattr block 19: overlapping e_value [ 58.759862][ T4534] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.770076][ T4608] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 58.773794][ T4534] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.791543][ T4608] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.395: corrupted xattr block 19: overlapping e_value [ 58.792506][ T4534] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.845224][ T4608] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.395: corrupted xattr block 19: overlapping e_value [ 58.884761][ T4608] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 58.912696][ T4608] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 58.944467][ T4624] loop0: detected capacity change from 0 to 512 [ 58.951777][ T4624] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 58.978677][ T29] audit: type=1326 audit(1741142903.012:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4625 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f2a21d169 code=0x7ffc0000 [ 59.027975][ T4624] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.042836][ T4624] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.400: corrupted xattr block 19: overlapping e_value [ 59.056637][ T29] audit: type=1326 audit(1741142903.042:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4625 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6f2a21d169 code=0x7ffc0000 [ 59.066242][ T4624] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 59.079989][ T29] audit: type=1326 audit(1741142903.042:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4625 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f2a21d169 code=0x7ffc0000 [ 59.112437][ T29] audit: type=1326 audit(1741142903.042:1990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4625 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6f2a21f087 code=0x7ffc0000 [ 59.132928][ T4635] loop4: detected capacity change from 0 to 1024 [ 59.135688][ T29] audit: type=1326 audit(1741142903.042:1991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4625 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f2a21d169 code=0x7ffc0000 [ 59.152649][ T4624] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.400: corrupted xattr block 19: overlapping e_value [ 59.165341][ T29] audit: type=1326 audit(1741142903.042:1992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4625 comm="syz.4.399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6f2a21d169 code=0x7ffc0000 [ 59.196113][ T4624] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 59.229678][ T4635] tmpfs: Bad value for 'nr_inodes' [ 59.268236][ T4624] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.400: corrupted xattr block 19: overlapping e_value [ 59.301013][ T4624] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 59.311105][ T4624] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.400: corrupted xattr block 19: overlapping e_value [ 59.325143][ T4624] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #15: comm syz.0.400: corrupted xattr block 19: overlapping e_value [ 59.395005][ T4624] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 59.414456][ T4624] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 59.452792][ T4648] loop4: detected capacity change from 0 to 512 [ 59.539928][ T4648] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 59.565195][ T4654] loop3: detected capacity change from 0 to 2048 [ 59.594858][ T4648] EXT4-fs error (device loop4): __ext4_iget:4984: inode #11: block 2: comm syz.4.409: invalid block [ 59.636480][ T4646] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.656306][ T4648] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.409: couldn't read orphan inode 11 (err -117) [ 59.699585][ T4648] netlink: 'syz.4.409': attribute type 1 has an invalid length. [ 59.707438][ T4648] netlink: 16 bytes leftover after parsing attributes in process `syz.4.409'. [ 59.720424][ T4663] loop3: detected capacity change from 0 to 512 [ 59.742999][ T4663] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.413: attempt to clear invalid blocks 2 len 1 [ 59.771000][ T4663] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters [ 59.787276][ T4646] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.816700][ T4663] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.413: invalid indirect mapped block 1819239214 (level 0) [ 59.837688][ T4663] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.413: invalid indirect mapped block 1819239214 (level 1) [ 59.852651][ T4646] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.872205][ T4663] EXT4-fs (loop3): 1 truncate cleaned up [ 59.878772][ T4663] EXT4-fs warning (device loop3): dx_probe:833: inode #2: comm syz.3.413: Unrecognised inode hash code 20 [ 59.890153][ T4663] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.413: Corrupt directory, running e2fsck is recommended [ 59.892640][ T4669] loop0: detected capacity change from 0 to 1024 [ 59.929813][ T4646] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.056574][ T4646] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.069735][ T4681] netlink: 24 bytes leftover after parsing attributes in process `syz.0.418'. [ 60.072594][ T4646] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.090417][ T4646] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.100629][ T4678] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.105441][ T4684] netlink: 36 bytes leftover after parsing attributes in process `syz.4.420'. [ 60.121870][ T4646] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.156964][ T4678] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.197046][ T4678] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.198399][ T4692] FAULT_INJECTION: forcing a failure. [ 60.198399][ T4692] name failslab, interval 1, probability 0, space 0, times 0 [ 60.219715][ T4692] CPU: 0 UID: 0 PID: 4692 Comm: syz.4.424 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 60.219814][ T4692] Tainted: [W]=WARN [ 60.219823][ T4692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 60.219837][ T4692] Call Trace: [ 60.219843][ T4692] [ 60.219851][ T4692] dump_stack_lvl+0xf2/0x150 [ 60.219954][ T4692] dump_stack+0x15/0x1a [ 60.219978][ T4692] should_fail_ex+0x24a/0x260 [ 60.220009][ T4692] should_failslab+0x8f/0xb0 [ 60.220041][ T4692] __kmalloc_node_noprof+0xad/0x410 [ 60.220124][ T4692] ? __kvmalloc_node_noprof+0x72/0x170 [ 60.220156][ T4692] __kvmalloc_node_noprof+0x72/0x170 [ 60.220187][ T4692] traverse+0x9f/0x3c0 [ 60.220212][ T4692] seq_read_iter+0x854/0x930 [ 60.220254][ T4692] ? _parse_integer+0x27/0x30 [ 60.220279][ T4692] seq_read+0x1ed/0x230 [ 60.220302][ T4692] ? __pfx_seq_read+0x10/0x10 [ 60.220347][ T4692] proc_reg_read+0x13f/0x1d0 [ 60.220385][ T4692] vfs_readv+0x3e2/0x660 [ 60.220452][ T4692] ? __pfx_proc_reg_read+0x10/0x10 [ 60.220525][ T4692] __x64_sys_preadv+0xf4/0x1c0 [ 60.220558][ T4692] x64_sys_call+0x2680/0x2dc0 [ 60.220637][ T4692] do_syscall_64+0xc9/0x1c0 [ 60.220678][ T4692] ? clear_bhb_loop+0x55/0xb0 [ 60.220764][ T4692] ? clear_bhb_loop+0x55/0xb0 [ 60.220792][ T4692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.220913][ T4692] RIP: 0033:0x7f6f2a21d169 [ 60.220926][ T4692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.220942][ T4692] RSP: 002b:00007f6f28881038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 60.221009][ T4692] RAX: ffffffffffffffda RBX: 00007f6f2a435fa0 RCX: 00007f6f2a21d169 [ 60.221022][ T4692] RDX: 0000000000000001 RSI: 00004000000015c0 RDI: 0000000000000003 [ 60.221034][ T4692] RBP: 00007f6f28881090 R08: 0000000000000003 R09: 0000000000000000 [ 60.221116][ T4692] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000001 [ 60.221130][ T4692] R13: 0000000000000000 R14: 00007f6f2a435fa0 R15: 00007ffe4880deb8 [ 60.221149][ T4692] [ 60.458365][ T4678] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.477086][ T4698] loop4: detected capacity change from 0 to 512 [ 60.484175][ T4698] EXT4-fs (loop4): filesystem is read-only [ 60.620648][ T4704] FAULT_INJECTION: forcing a failure. [ 60.620648][ T4704] name failslab, interval 1, probability 0, space 0, times 0 [ 60.633470][ T4704] CPU: 0 UID: 0 PID: 4704 Comm: syz.2.429 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 60.633629][ T4704] Tainted: [W]=WARN [ 60.633637][ T4704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 60.633648][ T4704] Call Trace: [ 60.633655][ T4704] [ 60.633662][ T4704] dump_stack_lvl+0xf2/0x150 [ 60.633691][ T4704] dump_stack+0x15/0x1a [ 60.633714][ T4704] should_fail_ex+0x24a/0x260 [ 60.633750][ T4704] should_failslab+0x8f/0xb0 [ 60.633810][ T4704] __kmalloc_node_track_caller_noprof+0xa8/0x410 [ 60.633833][ T4704] ? v9fs_session_init+0x4c/0xda0 [ 60.633912][ T4704] kstrdup+0x3d/0xd0 [ 60.633934][ T4704] v9fs_session_init+0x4c/0xda0 [ 60.634072][ T4704] ? should_fail_ex+0xd7/0x260 [ 60.634096][ T4704] ? v9fs_mount+0x53/0x570 [ 60.634112][ T4704] ? should_failslab+0x8f/0xb0 [ 60.634136][ T4704] ? __kmalloc_cache_noprof+0x186/0x320 [ 60.634209][ T4704] v9fs_mount+0x69/0x570 [ 60.634230][ T4704] ? __pfx_v9fs_mount+0x10/0x10 [ 60.634303][ T4704] legacy_get_tree+0x77/0xd0 [ 60.634378][ T4704] vfs_get_tree+0x56/0x1e0 [ 60.634403][ T4704] do_new_mount+0x227/0x690 [ 60.634449][ T4704] path_mount+0x49b/0xb30 [ 60.634512][ T4704] __se_sys_mount+0x27f/0x2d0 [ 60.634613][ T4704] ? fput+0x1c4/0x200 [ 60.634632][ T4704] __x64_sys_mount+0x67/0x80 [ 60.634657][ T4704] x64_sys_call+0x2c84/0x2dc0 [ 60.634742][ T4704] do_syscall_64+0xc9/0x1c0 [ 60.634780][ T4704] ? clear_bhb_loop+0x55/0xb0 [ 60.634804][ T4704] ? clear_bhb_loop+0x55/0xb0 [ 60.634911][ T4704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.634938][ T4704] RIP: 0033:0x7fef907cd169 [ 60.634951][ T4704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.634967][ T4704] RSP: 002b:00007fef8ee37038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 60.635002][ T4704] RAX: ffffffffffffffda RBX: 00007fef909e5fa0 RCX: 00007fef907cd169 [ 60.635013][ T4704] RDX: 0000400000000180 RSI: 0000400000000000 RDI: 0000000000000000 [ 60.635023][ T4704] RBP: 00007fef8ee37090 R08: 0000400000000680 R09: 0000000000000000 [ 60.635033][ T4704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 60.635043][ T4704] R13: 0000000000000000 R14: 00007fef909e5fa0 R15: 00007fff963b7298 [ 60.635059][ T4704] [ 60.896204][ T4707] loop2: detected capacity change from 0 to 512 [ 60.925718][ T4707] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 60.940639][ T4707] EXT4-fs error (device loop2): __ext4_iget:4984: inode #11: block 2: comm syz.2.430: invalid block [ 60.959007][ T4707] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.430: couldn't read orphan inode 11 (err -117) [ 60.982091][ T4707] netlink: 'syz.2.430': attribute type 1 has an invalid length. [ 60.989834][ T4707] netlink: 16 bytes leftover after parsing attributes in process `syz.2.430'. [ 61.018057][ T4709] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.431'. [ 61.045474][ T4716] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.431'. [ 61.105800][ T4723] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.161452][ T4726] loop4: detected capacity change from 0 to 512 [ 61.168691][ T4726] EXT4-fs (loop4): filesystem is read-only [ 61.188115][ T4728] netlink: 32 bytes leftover after parsing attributes in process `syz.0.436'. [ 61.206698][ T4723] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.266519][ T4723] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.317361][ T4723] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.451992][ T4723] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.464122][ T4723] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.477244][ T4723] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.489813][ T4723] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.699771][ T4753] IPv6: NLM_F_CREATE should be specified when creating new route [ 61.791585][ T4754] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.835037][ T4756] FAULT_INJECTION: forcing a failure. [ 61.835037][ T4756] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 61.848213][ T4756] CPU: 0 UID: 0 PID: 4756 Comm: syz.3.446 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 61.848246][ T4756] Tainted: [W]=WARN [ 61.848254][ T4756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 61.848269][ T4756] Call Trace: [ 61.848276][ T4756] [ 61.848285][ T4756] dump_stack_lvl+0xf2/0x150 [ 61.848341][ T4756] dump_stack+0x15/0x1a [ 61.848363][ T4756] should_fail_ex+0x24a/0x260 [ 61.848418][ T4756] should_fail+0xb/0x10 [ 61.848445][ T4756] should_fail_usercopy+0x1a/0x20 [ 61.848479][ T4756] _copy_from_user+0x1c/0xa0 [ 61.848497][ T4756] copy_msghdr_from_user+0x54/0x2a0 [ 61.848536][ T4756] ? __fget_files+0x17c/0x1c0 [ 61.848576][ T4756] __sys_sendmsg+0x13e/0x230 [ 61.848648][ T4756] __x64_sys_sendmsg+0x46/0x50 [ 61.848672][ T4756] x64_sys_call+0x2734/0x2dc0 [ 61.848697][ T4756] do_syscall_64+0xc9/0x1c0 [ 61.848729][ T4756] ? clear_bhb_loop+0x55/0xb0 [ 61.848790][ T4756] ? clear_bhb_loop+0x55/0xb0 [ 61.848817][ T4756] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.848849][ T4756] RIP: 0033:0x7f759931d169 [ 61.848867][ T4756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 61.848920][ T4756] RSP: 002b:00007f7597987038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.848938][ T4756] RAX: ffffffffffffffda RBX: 00007f7599535fa0 RCX: 00007f759931d169 [ 61.848949][ T4756] RDX: 0000000000000000 RSI: 0000400000000200 RDI: 0000000000000003 [ 61.848960][ T4756] RBP: 00007f7597987090 R08: 0000000000000000 R09: 0000000000000000 [ 61.848971][ T4756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 61.849062][ T4756] R13: 0000000000000000 R14: 00007f7599535fa0 R15: 00007ffe0ff51d48 [ 61.849127][ T4756] [ 62.155826][ T4754] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.185441][ T4765] netlink: 32 bytes leftover after parsing attributes in process `syz.3.450'. [ 62.196240][ T4754] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.213008][ T4768] loop3: detected capacity change from 0 to 512 [ 62.220114][ T4768] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 62.231817][ T4766] ./file0: Can't lookup blockdev [ 62.241830][ T4766] pimreg: entered allmulticast mode [ 62.249125][ T4754] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.291950][ T4768] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.303423][ T4766] pimreg: left allmulticast mode [ 62.311295][ T4768] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.452: corrupted xattr block 19: overlapping e_value [ 62.330681][ T4768] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 62.358412][ T4768] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.452: corrupted xattr block 19: overlapping e_value [ 62.402386][ T4768] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 62.414391][ T4779] netlink: 24 bytes leftover after parsing attributes in process `syz.4.457'. [ 62.427952][ T4768] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.452: corrupted xattr block 19: overlapping e_value [ 62.446230][ T4779] loop4: detected capacity change from 0 to 512 [ 62.452972][ T4779] EXT4-fs: Ignoring removed oldalloc option [ 62.461873][ T4768] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 62.471620][ T4781] sctp: [Deprecated]: syz.0.458 (pid 4781) Use of int in maxseg socket option. [ 62.471620][ T4781] Use struct sctp_assoc_value instead [ 62.487121][ T4779] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 62.497619][ T4768] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.452: corrupted xattr block 19: overlapping e_value [ 62.512374][ T4779] EXT4-fs (loop4): 1 truncate cleaned up [ 62.525369][ T4768] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.452: corrupted xattr block 19: overlapping e_value [ 62.547646][ T4768] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 62.556836][ T4779] support for the xor transformation has been removed. [ 62.577000][ T4768] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 62.594375][ T3296] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 62.629662][ T4791] loop4: detected capacity change from 0 to 2048 [ 63.505621][ T4815] loop3: detected capacity change from 0 to 256 [ 63.513428][ T29] kauditd_printk_skb: 272 callbacks suppressed [ 63.513441][ T29] audit: type=1400 audit(1741142907.542:2265): avc: denied { mount } for pid=4814 comm="syz.3.468" name="/" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 63.541894][ T29] audit: type=1400 audit(1741142907.552:2266): avc: denied { setopt } for pid=4814 comm="syz.3.468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 63.584493][ T29] audit: type=1326 audit(1741142907.612:2267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f759931d169 code=0x7ffc0000 [ 63.607894][ T29] audit: type=1326 audit(1741142907.612:2268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f759931d169 code=0x7ffc0000 [ 63.632127][ T29] audit: type=1326 audit(1741142907.612:2269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f759931d169 code=0x7ffc0000 [ 63.656092][ T29] audit: type=1326 audit(1741142907.622:2270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f759931d169 code=0x7ffc0000 [ 63.679829][ T29] audit: type=1326 audit(1741142907.622:2271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f759931d169 code=0x7ffc0000 [ 63.703260][ T29] audit: type=1326 audit(1741142907.622:2272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f759931d169 code=0x7ffc0000 [ 63.726831][ T29] audit: type=1326 audit(1741142907.622:2273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f759931d169 code=0x7ffc0000 [ 63.750080][ T29] audit: type=1326 audit(1741142907.622:2274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4814 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f759931d169 code=0x7ffc0000 [ 63.808888][ T4822] netlink: 24 bytes leftover after parsing attributes in process `syz.4.471'. [ 63.821245][ T4822] loop4: detected capacity change from 0 to 512 [ 63.827966][ T4822] EXT4-fs: Ignoring removed oldalloc option [ 63.834175][ T4822] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 63.845448][ T4822] EXT4-fs (loop4): 1 truncate cleaned up [ 63.894775][ T4822] support for the xor transformation has been removed. [ 63.916917][ T3296] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 63.941678][ T4827] loop4: detected capacity change from 0 to 512 [ 63.948976][ T4827] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 63.977084][ T4827] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.989789][ T4827] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.473: corrupted xattr block 19: overlapping e_value [ 63.993456][ T4678] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.004381][ T4827] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 64.021381][ T4827] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.473: corrupted xattr block 19: overlapping e_value [ 64.036056][ T4827] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 64.045125][ T4827] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.473: corrupted xattr block 19: overlapping e_value [ 64.049854][ T4678] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.060201][ T4827] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 64.080527][ T4827] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.473: corrupted xattr block 19: overlapping e_value [ 64.080764][ T4678] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.109120][ T4678] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.123303][ T4827] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.473: corrupted xattr block 19: overlapping e_value [ 64.140055][ T4827] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 64.150609][ T4827] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 64.183982][ T4839] loop3: detected capacity change from 0 to 2048 [ 64.283086][ T4853] netlink: 'syz.1.481': attribute type 1 has an invalid length. [ 64.290895][ T4853] netlink: 16 bytes leftover after parsing attributes in process `syz.1.481'. [ 64.481113][ T4754] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.494474][ T4754] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.506343][ T4754] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.517550][ T4754] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.708620][ T4867] loop4: detected capacity change from 0 to 256 [ 64.734658][ T4865] ./file0: Can't lookup blockdev [ 64.744830][ T4865] pimreg: entered allmulticast mode [ 64.751504][ T4865] pimreg: left allmulticast mode [ 64.808784][ T4873] loop4: detected capacity change from 0 to 512 [ 64.832025][ T4873] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 64.866383][ T4873] ext4 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.895062][ T4873] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.489: corrupted xattr block 19: overlapping e_value [ 64.909130][ T4873] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 64.918954][ T4873] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.489: corrupted xattr block 19: overlapping e_value [ 64.932889][ T4873] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 64.943205][ T4873] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.489: corrupted xattr block 19: overlapping e_value [ 64.957946][ T4873] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 64.978802][ T4873] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.489: corrupted xattr block 19: overlapping e_value [ 65.018633][ T4873] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.489: corrupted xattr block 19: overlapping e_value [ 65.032928][ T4873] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 65.050500][ T4886] netlink: 'syz.1.494': attribute type 1 has an invalid length. [ 65.059719][ T4873] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 65.135488][ T4892] __nla_validate_parse: 2 callbacks suppressed [ 65.135508][ T4892] netlink: 24 bytes leftover after parsing attributes in process `syz.0.490'. [ 65.277811][ T4891] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.297011][ T3355] kernel write not supported for file /235/attr/exec (pid: 3355 comm: kworker/1:2) [ 65.344695][ T4891] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.418951][ T4891] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.489564][ T4891] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.987868][ T4934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.996579][ T4934] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 66.090173][ T4941] netlink: 60 bytes leftover after parsing attributes in process `syz.2.516'. [ 66.099945][ T4940] netlink: 60 bytes leftover after parsing attributes in process `syz.2.516'. [ 66.111426][ T4943] loop2: detected capacity change from 0 to 7 [ 66.157192][ T4891] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.169238][ T4891] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.183960][ T4891] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.192301][ T4951] syz.4.521 uses obsolete (PF_INET,SOCK_PACKET) [ 66.204789][ T4891] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.510236][ T4985] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 66.520006][ T4985] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 66.717322][ T4993] bond_slave_1: entered promiscuous mode [ 66.723456][ T4993] netlink: 4 bytes leftover after parsing attributes in process `syz.0.540'. [ 66.733719][ T4993] bond0: (slave bond_slave_1): Releasing backup interface [ 66.741622][ T4993] bond_slave_1 (unregistering): left promiscuous mode [ 66.937151][ T5005] mmap: syz.0.546 (5005) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 67.023495][ T5013] netlink: 'syz.0.550': attribute type 1 has an invalid length. [ 67.102268][ T5019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.132694][ T5019] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.199799][ T5027] dummy0: entered promiscuous mode [ 67.217277][ T5026] dummy0: left promiscuous mode [ 67.247412][ T5032] netlink: 220 bytes leftover after parsing attributes in process `syz.3.559'. [ 67.306250][ T5042] loop4: detected capacity change from 0 to 764 [ 67.322868][ T5042] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 67.340192][ T5042] ./file0: Can't lookup blockdev [ 67.349874][ T5042] pimreg: entered allmulticast mode [ 67.356843][ T5042] pimreg: left allmulticast mode [ 67.461812][ T5056] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.471274][ T5056] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.480417][ T5056] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.489696][ T5056] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.972720][ T5067] netlink: 36 bytes leftover after parsing attributes in process `syz.0.574'. [ 67.981649][ T5067] netlink: 16 bytes leftover after parsing attributes in process `syz.0.574'. [ 67.990623][ T5067] netlink: 36 bytes leftover after parsing attributes in process `syz.0.574'. [ 67.999550][ T5067] netlink: 36 bytes leftover after parsing attributes in process `syz.0.574'. [ 68.152949][ T5072] netlink: 12 bytes leftover after parsing attributes in process `syz.4.576'. [ 68.182172][ T5075] netlink: 'syz.2.577': attribute type 1 has an invalid length. [ 68.337498][ T5108] netlink: 'syz.4.592': attribute type 27 has an invalid length. [ 68.458385][ T5134] loop3: detected capacity change from 0 to 764 [ 68.466089][ T5134] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 68.482277][ T5134] ./file0: Can't lookup blockdev [ 68.491512][ T5134] pimreg: entered allmulticast mode [ 68.499063][ T5134] pimreg: left allmulticast mode [ 68.531976][ T5145] netlink: 'syz.1.610': attribute type 1 has an invalid length. [ 68.584880][ T29] kauditd_printk_skb: 298 callbacks suppressed [ 68.584899][ T29] audit: type=1400 audit(1741142912.612:2573): avc: denied { shutdown } for pid=5151 comm="syz.3.613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.610812][ T29] audit: type=1400 audit(1741142912.612:2574): avc: denied { read } for pid=5151 comm="syz.3.613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.754977][ T29] audit: type=1400 audit(1741142912.792:2575): avc: denied { mount } for pid=5181 comm="syz.4.621" name="/" dev="ramfs" ino=11666 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 68.799117][ T29] audit: type=1400 audit(1741142912.832:2576): avc: denied { bind } for pid=5185 comm="syz.1.623" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 68.864012][ T29] audit: type=1326 audit(1741142912.892:2577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5193 comm="syz.0.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2751d169 code=0x7ffc0000 [ 68.887451][ T29] audit: type=1326 audit(1741142912.892:2578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5193 comm="syz.0.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2751d169 code=0x7ffc0000 [ 68.910833][ T29] audit: type=1326 audit(1741142912.892:2579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5193 comm="syz.0.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2e2751d169 code=0x7ffc0000 [ 68.934167][ T29] audit: type=1326 audit(1741142912.892:2580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5193 comm="syz.0.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2751d169 code=0x7ffc0000 [ 68.957618][ T29] audit: type=1326 audit(1741142912.892:2581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5193 comm="syz.0.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2751d169 code=0x7ffc0000 [ 68.981989][ T5188] loop8: detected capacity change from 0 to 7 [ 69.008289][ T29] audit: type=1326 audit(1741142913.022:2582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5193 comm="syz.0.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2e2751d169 code=0x7ffc0000 [ 69.082575][ T5206] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.096618][ T5206] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.143836][ T5218] sd 0:0:1:0: device reset [ 69.176880][ T5226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.186231][ T5226] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.776549][ T5281] loop2: detected capacity change from 0 to 7 [ 69.851771][ T3373] IPVS: starting estimator thread 0... [ 69.873703][ T5294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.883278][ T5294] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.954820][ T5290] IPVS: using max 2016 ests per chain, 100800 per kthread [ 70.166273][ T5309] program syz.1.675 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 70.207717][ T5313] netlink: 'syz.3.677': attribute type 9 has an invalid length. [ 70.215468][ T5313] netlink: 'syz.3.677': attribute type 6 has an invalid length. [ 70.857158][ T5358] netlink: 'syz.2.697': attribute type 3 has an invalid length. [ 70.916274][ T5366] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.924592][ T5366] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.932887][ T5366] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 70.941271][ T5366] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 71.000971][ T5376] loop4: detected capacity change from 0 to 2048 [ 71.013553][ T5379] __nla_validate_parse: 1 callbacks suppressed [ 71.013569][ T5379] netlink: 24 bytes leftover after parsing attributes in process `syz.2.707'. [ 71.031181][ T5379] loop2: detected capacity change from 0 to 164 [ 71.038540][ T5379] Unable to read rock-ridge attributes [ 71.047795][ T5376] loop4: p1 < > p4 [ 71.052905][ T5376] loop4: p4 size 8388608 extends beyond EOD, truncated [ 71.259226][ T5406] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 71.265387][ T5406] syzkaller0: linktype set to 776 [ 71.555597][ T5439] raw_sendmsg: syz.1.732 forgot to set AF_INET. Fix it! [ 71.654168][ T5460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.744'. [ 71.672191][ T5460] bond0: (slave bond_slave_1): Releasing backup interface [ 71.725645][ T5475] netlink: 8 bytes leftover after parsing attributes in process `syz.3.751'. [ 71.766142][ T5482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.778166][ T5482] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.883812][ T5508] netlink: 8 bytes leftover after parsing attributes in process `syz.3.767'. [ 72.031548][ T5537] netlink: 8 bytes leftover after parsing attributes in process `syz.4.781'. [ 72.107186][ T5551] netlink: 4 bytes leftover after parsing attributes in process `syz.4.788'. [ 72.424486][ T5608] netlink: 4 bytes leftover after parsing attributes in process `syz.0.817'. [ 73.043132][ T5695] netlink: 72 bytes leftover after parsing attributes in process `syz.3.851'. [ 73.460909][ T5749] loop3: detected capacity change from 0 to 2048 [ 73.475328][ T5752] loop2: detected capacity change from 0 to 512 [ 73.482366][ T5752] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.506503][ T5752] EXT4-fs mount: 77 callbacks suppressed [ 73.506535][ T5752] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.525774][ T5752] ext4 filesystem being mounted at /216/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 73.536614][ T5749] loop3: p1 < > p4 [ 73.539287][ T5752] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.881: corrupted xattr block 19: overlapping e_value [ 73.554917][ T5749] loop3: p4 size 8388608 extends beyond EOD, truncated [ 73.555191][ T5752] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 73.564332][ T5758] ./file0: Can't lookup blockdev [ 73.571931][ T5752] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.881: corrupted xattr block 19: overlapping e_value [ 73.581637][ T5758] pimreg: entered allmulticast mode [ 73.595131][ T5752] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 73.596599][ T5758] pimreg: left allmulticast mode [ 73.604353][ T5752] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.881: corrupted xattr block 19: overlapping e_value [ 73.623963][ T5752] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 73.633504][ T5752] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.881: corrupted xattr block 19: overlapping e_value [ 73.648108][ T5752] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #15: comm syz.2.881: corrupted xattr block 19: overlapping e_value [ 73.663002][ T5752] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 73.667039][ T5761] loop3: detected capacity change from 0 to 512 [ 73.673025][ T5752] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 73.693448][ T5761] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.717239][ T3303] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.727944][ T5761] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.741324][ T5761] ext4 filesystem being mounted at /192/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 73.757381][ T5761] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.883: corrupted xattr block 19: overlapping e_value [ 73.775073][ T5761] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 73.787483][ T5761] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.883: corrupted xattr block 19: overlapping e_value [ 73.813568][ T5761] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 73.842789][ T5761] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.883: corrupted xattr block 19: overlapping e_value [ 73.866090][ T5761] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 73.883888][ T5761] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.883: corrupted xattr block 19: overlapping e_value [ 73.925505][ T5761] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.883: corrupted xattr block 19: overlapping e_value [ 73.929780][ T5782] bond1: entered promiscuous mode [ 73.944822][ T5782] 8021q: adding VLAN 0 to HW filter on device bond1 [ 73.945535][ T5761] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 73.960829][ T5785] netlink: 4 bytes leftover after parsing attributes in process `syz.2.893'. [ 73.987478][ T5761] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 74.025625][ T3300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.072269][ T5801] netlink: 56 bytes leftover after parsing attributes in process `syz.1.901'. [ 74.116472][ T5806] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 74.135172][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.142171][ T5810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.142444][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.160922][ T5810] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.192674][ T29] kauditd_printk_skb: 79 callbacks suppressed [ 74.192691][ T29] audit: type=1400 audit(1741142918.222:2662): avc: denied { write } for pid=5815 comm="syz.0.908" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 74.192756][ T5816] random: crng reseeded on system resumption [ 74.204941][ T29] audit: type=1400 audit(1741142918.222:2663): avc: denied { open } for pid=5815 comm="syz.0.908" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 74.295916][ T29] audit: type=1400 audit(1741142918.332:2664): avc: denied { ioctl } for pid=5815 comm="syz.0.908" path="/dev/snapshot" dev="devtmpfs" ino=90 ioctlcmd=0x330d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 74.436817][ T5849] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8984 sclass=netlink_route_socket pid=5849 comm=syz.3.924 [ 74.929691][ T5929] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.944068][ T5929] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 75.173890][ T29] audit: type=1400 audit(1741142919.202:2665): avc: denied { getopt } for pid=5979 comm="syz.2.985" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 75.252911][ T29] audit: type=1400 audit(1741142919.282:2666): avc: denied { setopt } for pid=5991 comm="syz.4.992" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 75.382180][ T29] audit: type=1400 audit(1741142919.412:2667): avc: denied { setopt } for pid=6006 comm="syz.4.998" lport=43824 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 75.451662][ T29] audit: type=1400 audit(1741142919.452:2668): avc: denied { write } for pid=6006 comm="syz.4.998" lport=43824 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 75.659202][ T6046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 75.678902][ T29] audit: type=1326 audit(1741142919.702:2669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6044 comm="syz.0.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2751d169 code=0x7ffc0000 [ 75.702471][ T29] audit: type=1326 audit(1741142919.702:2670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6044 comm="syz.0.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f2e2751d169 code=0x7ffc0000 [ 75.703728][ T6046] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 75.725918][ T29] audit: type=1326 audit(1741142919.702:2671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6044 comm="syz.0.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e2751d169 code=0x7ffc0000 [ 75.868047][ T6068] sock: sock_timestamping_bind_phc: sock not bind to device [ 75.929723][ T6082] netlink: 'syz.3.1033': attribute type 1 has an invalid length. [ 75.944417][ T6084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 75.953002][ T6084] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.015145][ T6093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.023800][ T6093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.315726][ T6097] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.324266][ T6097] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.471702][ T6102] __nla_validate_parse: 11 callbacks suppressed [ 76.471722][ T6102] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1042'. [ 76.489377][ T6104] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1043'. [ 76.594583][ T6125] random: crng reseeded on system resumption [ 76.827679][ T6160] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 76.873245][ T6166] netlink: 'syz.4.1072': attribute type 46 has an invalid length. [ 76.899085][ T6172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1074'. [ 76.911031][ T6173] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1071'. [ 76.923928][ T6164] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1071'. [ 77.034478][ T6200] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1080'. [ 77.057136][ T6187] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1080'. [ 77.069049][ T6204] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.083273][ T6204] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.233113][ T6222] qrtr: Invalid version 0 [ 77.296330][ T6230] netlink: 'syz.3.1101': attribute type 46 has an invalid length. [ 77.389413][ T6242] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.434813][ T6242] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.469903][ T6250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1111'. [ 77.818576][ T6300] tipc: Started in network mode [ 77.823671][ T6300] tipc: Node identity 624ad50c79c2, cluster identity 4711 [ 77.831028][ T6300] tipc: Enabled bearer , priority 10 [ 77.892155][ T6302] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1136'. [ 77.902273][ T6302] tipc: Started in network mode [ 77.907200][ T6302] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711 [ 77.914442][ T6302] tipc: Enabled bearer , priority 0 [ 78.061028][ T6309] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1139'. [ 78.140593][ T6321] bond0: (slave bond_slave_1): Releasing backup interface [ 78.457819][ T6356] netlink: 'syz.0.1159': attribute type 46 has an invalid length. [ 78.471863][ T6357] netlink: 'syz.3.1160': attribute type 10 has an invalid length. [ 78.486679][ T6357] netlink: 'syz.3.1160': attribute type 10 has an invalid length. [ 78.711901][ T6394] netlink: 'syz.3.1176': attribute type 46 has an invalid length. [ 78.868312][ T6418] netlink: 'syz.1.1187': attribute type 10 has an invalid length. [ 78.888901][ T6418] netlink: 'syz.1.1187': attribute type 10 has an invalid length. [ 78.904843][ T1037] tipc: Node number set to 8432298 [ 78.944786][ T35] tipc: Node number set to 461952268 [ 79.033376][ T6442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 79.044090][ T6442] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 79.199557][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 79.199576][ T29] audit: type=1400 audit(1741142923.232:2692): avc: denied { bind } for pid=6453 comm="syz.3.1204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 79.240067][ T6458] netlink: 'syz.2.1205': attribute type 12 has an invalid length. [ 80.047248][ T6604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 80.074246][ T29] audit: type=1400 audit(1741142924.092:2693): avc: denied { nlmsg_write } for pid=6605 comm="syz.2.1271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 80.105387][ T6604] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 80.422439][ T29] audit: type=1400 audit(1741142924.452:2694): avc: denied { getopt } for pid=6640 comm="syz.4.1287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 80.455638][ T6652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 80.464284][ T6652] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 81.204961][ T6771] geneve0: left allmulticast mode [ 81.543918][ T6833] __nla_validate_parse: 23 callbacks suppressed [ 81.543938][ T6833] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1378'. [ 81.717065][ T6865] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1393'. [ 81.911621][ T6893] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1406'. [ 81.967878][ T6903] netlink: 'syz.1.1411': attribute type 10 has an invalid length. [ 81.986282][ T6903] team0: Device hsr_slave_0 failed to register rx_handler [ 82.062025][ T6920] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1420'. [ 82.196645][ T6941] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1425'. [ 82.205928][ T6932] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1425'. [ 82.331634][ T6958] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 82.364947][ T6958] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 82.664182][ T6989] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.671430][ T6989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.679023][ T6989] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.686161][ T6989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.696137][ T6990] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1447'. [ 82.706149][ T6985] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1447'. [ 82.718346][ T6992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 82.726932][ T6992] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 82.865829][ T7005] ================================================================== [ 82.874049][ T7005] BUG: KCSAN: data-race in snd_seq_poll / snd_seq_pool_init [ 82.881387][ T7005] [ 82.883720][ T7005] write to 0xffff888114535610 of 4 bytes by task 7006 on cpu 1: [ 82.891346][ T7005] snd_seq_pool_init+0x1c1/0x200 [ 82.896298][ T7005] snd_seq_write+0x17f/0x500 [ 82.900929][ T7005] vfs_write+0x27d/0x920 [ 82.905193][ T7005] ksys_write+0xe8/0x1b0 [ 82.909476][ T7005] __x64_sys_write+0x42/0x50 [ 82.914094][ T7005] x64_sys_call+0x287e/0x2dc0 [ 82.918805][ T7005] do_syscall_64+0xc9/0x1c0 [ 82.923334][ T7005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.929244][ T7005] [ 82.931568][ T7005] read to 0xffff888114535610 of 4 bytes by task 7005 on cpu 0: [ 82.939114][ T7005] snd_seq_poll+0x103/0x170 [ 82.943637][ T7005] __io_arm_poll_handler+0x1e5/0xd50 [ 82.948932][ T7005] io_arm_poll_handler+0x464/0x5b0 [ 82.954055][ T7005] io_queue_async+0x89/0x320 [ 82.958652][ T7005] io_req_task_submit+0xb9/0xc0 [ 82.963520][ T7005] io_handle_tw_list+0x1b9/0x200 [ 82.968472][ T7005] tctx_task_work_run+0x6e/0x1c0 [ 82.973513][ T7005] tctx_task_work+0x40/0x80 [ 82.978037][ T7005] task_work_run+0x13a/0x1a0 [ 82.982657][ T7005] get_signal+0xe78/0x1000 [ 82.987078][ T7005] arch_do_signal_or_restart+0x95/0x4b0 [ 82.992644][ T7005] syscall_exit_to_user_mode+0x62/0x120 [ 82.998210][ T7005] do_syscall_64+0xd6/0x1c0 [ 83.002736][ T7005] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.008641][ T7005] [ 83.010966][ T7005] value changed: 0x00000000 -> 0x000001f4 [ 83.016683][ T7005] [ 83.019009][ T7005] Reported by Kernel Concurrency Sanitizer on: [ 83.025166][ T7005] CPU: 0 UID: 0 PID: 7005 Comm: syz.2.1455 Tainted: G W 6.14.0-rc5-syzkaller-00016-g48a5eed9ad58 #0 [ 83.037336][ T7005] Tainted: [W]=WARN [ 83.041146][ T7005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 83.051212][ T7005] ================================================================== [ 83.059787][ T6992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.068605][ T6992] misc raw-gadget: fail, usb_gadget_register_driver returned -16