last executing test programs: 1.555878402s ago: executing program 1 (id=1462): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='kfree\x00', r0}, 0x10) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0x20) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x7, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 1.549990633s ago: executing program 4 (id=1464): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x20280, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000080)=0x14) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000bc0)='kfree\x00', r2, 0x0, 0xfffffffffffffff4}, 0x18) unshare(0x62040200) close(r0) 1.472997259s ago: executing program 1 (id=1466): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000009c0)="3bf58d7d45d32cfe1da7c797b82f16713d1cb80b3fa1bda74e3977b40e7af46b4c60b70d7a79ed5d8c48f52a50185980", 0x30) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 1.355822319s ago: executing program 4 (id=1468): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = gettid() r2 = socket(0x40000000015, 0x5, 0x0) recvmmsg(r2, &(0x7f0000003c40)=[{{0x0, 0x0, 0x0}, 0x80000000}], 0x1, 0x60010002, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 706.540823ms ago: executing program 3 (id=1480): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}}, 0x0) 649.790117ms ago: executing program 3 (id=1482): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='mm_page_free\x00', r3}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 543.878806ms ago: executing program 4 (id=1485): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB='\f\x00', @ANYRES32], 0x50) r1 = syz_io_uring_setup(0xbc3, &(0x7f0000000480)={0x0, 0x1568, 0x11080, 0x0, 0x264}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x10000000000002a8, 0x8, 0x1, {0x2}}) io_uring_enter(r1, 0x47f8, 0x0, 0x0, 0x0, 0x0) 508.813319ms ago: executing program 4 (id=1487): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vxcan0\x00', 0x0}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000000)={0x1d, r1, 0x0, {}, 0xfe}, 0x18) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, r1, 0x0, {}, 0x2}, 0x18, &(0x7f0000000180)={&(0x7f00000003c0)="08030005c7373d5b04", 0x9}}, 0xee) close(r2) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@newtfilter={0x34, 0x11, 0x111, 0x70bd27, 0x100000, {0x0, 0x0, 0x74, r1, {0x6, 0x8}, {0x5, 0xffff}, {0xfff1, 0xfff1}}, [@TCA_RATE={0x6, 0x5, {0xca, 0x2}}, @TCA_RATE={0x6, 0x5, {0x5, 0x81}}]}, 0x34}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0xc4) 486.771181ms ago: executing program 3 (id=1488): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4005, &(0x7f0000000c00)=0xb, 0x6, 0x2) mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000c00)=0xc, 0x6, 0x2) 472.007522ms ago: executing program 1 (id=1489): openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0) 458.864743ms ago: executing program 0 (id=1490): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000b00)={0x24, r2, 0x62c21a4ade68aba1, 0x70bd23, 0xfffffffd, {{0x32}, {@val={0x8, 0x117, 0x59}, @val={0x8}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0) 441.224534ms ago: executing program 2 (id=1491): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0) r3 = openat$selinux_policy(0xffffff9c, &(0x7f0000000300), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0) write$selinux_load(r2, &(0x7f0000000000)=ANY=[], 0xffa8) 437.521215ms ago: executing program 3 (id=1492): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000efcf18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 394.689648ms ago: executing program 0 (id=1493): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2, 0x0, 0x6}, 0x18) ioctl$TIOCGPGRP(r0, 0x5437, 0x0) 351.950181ms ago: executing program 3 (id=1494): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0, 0x80000, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) socket$kcm(0x11, 0xa, 0x300) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688634c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 335.820953ms ago: executing program 4 (id=1495): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a500850000002d00000095"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r0}, 0x10) r1 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0) 333.442973ms ago: executing program 2 (id=1496): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) dup2(r2, r2) 333.072593ms ago: executing program 0 (id=1497): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=""/6, 0x6}, 0x1}], 0x1, 0x1832b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 303.412446ms ago: executing program 2 (id=1498): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000008800800000000005bffffff18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x68, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x2, 0x0, 0x2}}}}]}, 0x4c}}, 0x20000000) 238.932771ms ago: executing program 0 (id=1499): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000180), 0x10) close_range(r2, 0xffffffffffffffff, 0x0) 234.845961ms ago: executing program 4 (id=1500): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000009c0)="3bf58d7d45d32cfe1da7c797b82f16713d1cb80b3fa1bda74e3977b40e7af46b4c60b70d7a79ed5d8c48f52a50185980", 0x30) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 233.976651ms ago: executing program 2 (id=1510): bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x50) openat$zero(0xffffffffffffff9c, &(0x7f00000007c0), 0x200, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x94) unshare(0x28000600) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x5, 0x3, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0x1, 0x0, 0x0}, 0x10) 190.781835ms ago: executing program 0 (id=1501): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_tracing={0x1a, 0xf, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x15370, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xee8}, 0x94) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7737, 0x80, 0x2, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 148.079038ms ago: executing program 1 (id=1502): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x5) fchdir(r1) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8) getdents(r2, 0x0, 0x0) 116.633441ms ago: executing program 2 (id=1503): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x48010) getsockopt$sock_buf(r2, 0x1, 0x1f, 0x0, &(0x7f0000000480)) 116.100341ms ago: executing program 3 (id=1504): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x18) r1 = socket$pptp(0x18, 0x1, 0x2) r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x3605, 0x800, 0xfffffffc}) ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000c40)={0x0, 0xfe72}) close_range(r1, 0xffffffffffffffff, 0x0) 76.766514ms ago: executing program 1 (id=1505): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xff, 0x7ffc1ffd}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = memfd_secret(0x80000) fchownat(r2, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000) 76.357444ms ago: executing program 2 (id=1506): unshare(0x62040600) r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000240)={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x48, r1}) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4b, &(0x7f0000000080)=0x1ff, 0x4) sendmmsg$inet6(r2, &(0x7f0000000fc0)=[{{&(0x7f0000000240)={0xa, 0x4e20, 0x1, @empty, 0x9}, 0x1c, 0x0, 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="24000000000000002900000032000000ff050000000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="0000000018"], 0x40, 0x7ffffff7}}], 0x1, 0x4880) 38.261078ms ago: executing program 1 (id=1507): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7fff}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)=r1}, 0x20) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0) 0s ago: executing program 0 (id=1508): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}}, 0x20040084) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=@newqdisc={0x4c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0x3}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0xfffffff8, 0xa8, 0x7, 0xb1, 0x0, 0x2}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40098}, 0x0) kernel console output (not intermixed with test programs): tate [ 37.139077][ T3304] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.146251][ T3304] bridge_slave_0: entered allmulticast mode [ 37.152788][ T3304] bridge_slave_0: entered promiscuous mode [ 37.183353][ T3304] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.190599][ T3304] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.198775][ T3304] bridge_slave_1: entered allmulticast mode [ 37.205204][ T3304] bridge_slave_1: entered promiscuous mode [ 37.218370][ T3308] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.225579][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.232935][ T3308] bridge_slave_0: entered allmulticast mode [ 37.239451][ T3308] bridge_slave_0: entered promiscuous mode [ 37.246953][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.257453][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.271670][ T3312] chnl_net:caif_netlink_parms(): no params data found [ 37.280562][ T3311] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.287683][ T3311] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.294784][ T3311] bridge_slave_0: entered allmulticast mode [ 37.301239][ T3311] bridge_slave_0: entered promiscuous mode [ 37.307867][ T3311] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.314970][ T3311] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.322167][ T3311] bridge_slave_1: entered allmulticast mode [ 37.328601][ T3311] bridge_slave_1: entered promiscuous mode [ 37.334839][ T3308] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.341920][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.349093][ T3308] bridge_slave_1: entered allmulticast mode [ 37.355432][ T3308] bridge_slave_1: entered promiscuous mode [ 37.372602][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.385685][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.413438][ T3305] team0: Port device team_slave_0 added [ 37.439674][ T3305] team0: Port device team_slave_1 added [ 37.451945][ T3311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.462043][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.472291][ T3311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.490167][ T3304] team0: Port device team_slave_0 added [ 37.506913][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.524325][ T3311] team0: Port device team_slave_0 added [ 37.530870][ T3304] team0: Port device team_slave_1 added [ 37.537053][ T3311] team0: Port device team_slave_1 added [ 37.543063][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.550034][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.576042][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.603438][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.610439][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.636617][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.664776][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.671798][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.697751][ T3304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.714147][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.721192][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.747255][ T3311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.759864][ T3308] team0: Port device team_slave_0 added [ 37.770883][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.777874][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.803920][ T3304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.814871][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.821874][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.847983][ T3311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.860400][ T3308] team0: Port device team_slave_1 added [ 37.871094][ T3312] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.878186][ T3312] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.885323][ T3312] bridge_slave_0: entered allmulticast mode [ 37.892140][ T3312] bridge_slave_0: entered promiscuous mode [ 37.900898][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.908011][ T3312] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.915164][ T3312] bridge_slave_1: entered allmulticast mode [ 37.921512][ T3312] bridge_slave_1: entered promiscuous mode [ 37.942082][ T3305] hsr_slave_0: entered promiscuous mode [ 37.948189][ T3305] hsr_slave_1: entered promiscuous mode [ 37.979557][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.989872][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.996892][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.022859][ T3308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.039988][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 38.058818][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.065781][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.091759][ T3308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.109771][ T3304] hsr_slave_0: entered promiscuous mode [ 38.115848][ T3304] hsr_slave_1: entered promiscuous mode [ 38.121756][ T3304] debugfs: 'hsr0' already exists in 'hsr' [ 38.127511][ T3304] Cannot create hsr debugfs directory [ 38.143746][ T3312] team0: Port device team_slave_0 added [ 38.158732][ T3311] hsr_slave_0: entered promiscuous mode [ 38.164678][ T3311] hsr_slave_1: entered promiscuous mode [ 38.170702][ T3311] debugfs: 'hsr0' already exists in 'hsr' [ 38.176419][ T3311] Cannot create hsr debugfs directory [ 38.194851][ T3312] team0: Port device team_slave_1 added [ 38.228561][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.235545][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.261521][ T3312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.274933][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.281935][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.307880][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.347494][ T3308] hsr_slave_0: entered promiscuous mode [ 38.353594][ T3308] hsr_slave_1: entered promiscuous mode [ 38.359477][ T3308] debugfs: 'hsr0' already exists in 'hsr' [ 38.365197][ T3308] Cannot create hsr debugfs directory [ 38.426920][ T3312] hsr_slave_0: entered promiscuous mode [ 38.432894][ T3312] hsr_slave_1: entered promiscuous mode [ 38.438784][ T3312] debugfs: 'hsr0' already exists in 'hsr' [ 38.444510][ T3312] Cannot create hsr debugfs directory [ 38.562537][ T3304] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 38.575573][ T3304] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 38.584647][ T3304] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 38.599124][ T3304] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 38.618092][ T3305] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 38.629218][ T3305] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 38.638825][ T3305] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 38.650568][ T3305] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 38.676032][ T3311] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 38.686004][ T3311] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 38.695273][ T3311] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 38.705319][ T3311] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 38.751396][ T3308] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 38.764338][ T3308] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 38.781789][ T3308] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 38.790525][ T3308] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 38.824165][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.845195][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.860360][ T3305] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.867601][ T3312] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.876298][ T3312] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.893660][ T3304] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.902937][ T3312] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.912009][ T3312] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.925925][ T1001] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.933090][ T1001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.941914][ T1001] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.949105][ T1001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.969851][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.976946][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.985937][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.993186][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.019694][ T3311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.042311][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.058375][ T3311] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.070521][ T3308] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.090553][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.097647][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.107272][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.114373][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.143861][ T3304] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.160002][ T1001] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.167059][ T1001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.179379][ T1001] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.186494][ T1001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.223808][ T3311] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.269656][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.281716][ T3308] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 39.292219][ T3308] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.313868][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.338411][ T3304] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.366467][ T3312] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.387499][ T3311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.414509][ T555] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.421714][ T555] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.435285][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.446114][ T555] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.453318][ T555] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.531491][ T3304] veth0_vlan: entered promiscuous mode [ 39.539384][ T3312] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.563023][ T3304] veth1_vlan: entered promiscuous mode [ 39.600168][ T3305] veth0_vlan: entered promiscuous mode [ 39.613861][ T3304] veth0_macvtap: entered promiscuous mode [ 39.628940][ T3311] veth0_vlan: entered promiscuous mode [ 39.636042][ T3305] veth1_vlan: entered promiscuous mode [ 39.643730][ T3304] veth1_macvtap: entered promiscuous mode [ 39.660337][ T3311] veth1_vlan: entered promiscuous mode [ 39.674880][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.685580][ T3305] veth0_macvtap: entered promiscuous mode [ 39.698358][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.714827][ T3308] veth0_vlan: entered promiscuous mode [ 39.726137][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.733928][ T3308] veth1_vlan: entered promiscuous mode [ 39.747837][ T3305] veth1_macvtap: entered promiscuous mode [ 39.759777][ T3311] veth0_macvtap: entered promiscuous mode [ 39.767628][ T1001] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.780502][ T3311] veth1_macvtap: entered promiscuous mode [ 39.788124][ T1001] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.798756][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.809552][ T1001] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.818368][ T1001] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.833475][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.852678][ T3308] veth0_macvtap: entered promiscuous mode [ 39.863862][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.873930][ T3308] veth1_macvtap: entered promiscuous mode [ 39.888448][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 39.888464][ T29] audit: type=1400 audit(1756489949.267:81): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/root/syzkaller.37G6W0/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 39.906115][ T110] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.930007][ T110] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.948844][ T29] audit: type=1400 audit(1756489949.277:82): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 39.971127][ T29] audit: type=1400 audit(1756489949.277:83): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/root/syzkaller.37G6W0/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 39.996403][ T29] audit: type=1400 audit(1756489949.277:84): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 39.998263][ T3304] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 40.018285][ T29] audit: type=1400 audit(1756489949.287:85): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/root/syzkaller.37G6W0/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 40.059549][ T29] audit: type=1400 audit(1756489949.287:86): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/root/syzkaller.37G6W0/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3801 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 40.086965][ T29] audit: type=1400 audit(1756489949.287:87): avc: denied { unmount } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 40.106503][ T29] audit: type=1400 audit(1756489949.317:88): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 40.129435][ T29] audit: type=1400 audit(1756489949.317:89): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="gadgetfs" ino=3804 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 40.154135][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.165900][ T110] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.185164][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.198890][ T110] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.205908][ T29] audit: type=1400 audit(1756489949.567:90): avc: denied { read write } for pid=3304 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 40.238700][ T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.249926][ T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.266085][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.273537][ T51] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.285450][ T3475] bridge0: entered promiscuous mode [ 40.290792][ T3475] macsec1: entered promiscuous mode [ 40.296693][ T3475] bridge0: port 3(macsec1) entered blocking state [ 40.303367][ T3475] bridge0: port 3(macsec1) entered disabled state [ 40.310440][ T3475] macsec1: entered allmulticast mode [ 40.315760][ T3475] bridge0: entered allmulticast mode [ 40.321698][ T3475] macsec1: left allmulticast mode [ 40.326783][ T3475] bridge0: left allmulticast mode [ 40.332492][ T3475] bridge0: left promiscuous mode [ 40.342969][ T51] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.374307][ T51] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.383866][ T3312] veth0_vlan: entered promiscuous mode [ 40.397714][ T51] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.406596][ T51] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.424765][ T51] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.434528][ T3312] veth1_vlan: entered promiscuous mode [ 40.478640][ T3312] veth0_macvtap: entered promiscuous mode [ 40.494706][ T3487] syz.3.7 uses obsolete (PF_INET,SOCK_PACKET) [ 40.508922][ T3312] veth1_macvtap: entered promiscuous mode [ 40.543054][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.570835][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.609586][ T3443] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.641504][ T3497] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11'. [ 40.664412][ T3443] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.684201][ T3497] bridge_slave_1: left allmulticast mode [ 40.690102][ T3497] bridge_slave_1: left promiscuous mode [ 40.695836][ T3497] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.708466][ T3497] bridge_slave_0: left allmulticast mode [ 40.714285][ T3497] bridge_slave_0: left promiscuous mode [ 40.720206][ T3497] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.767288][ T3443] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.778723][ T51] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.834814][ T3514] mmap: syz.3.18 (3514) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 40.945803][ T3524] loop3: detected capacity change from 0 to 1024 [ 40.968692][ T3524] ======================================================= [ 40.968692][ T3524] WARNING: The mand mount option has been deprecated and [ 40.968692][ T3524] and is ignored by this kernel. Remove the mand [ 40.968692][ T3524] option from the mount to silence this warning. [ 40.968692][ T3524] ======================================================= [ 41.034156][ T3400] Process accounting resumed [ 41.050030][ T3524] EXT4-fs: Ignoring removed mblk_io_submit option [ 41.056536][ T3524] EXT4-fs: Ignoring removed bh option [ 41.085845][ T3536] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25'. [ 41.122828][ T3524] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.241427][ T3557] loop0: detected capacity change from 0 to 128 [ 41.278188][ T3557] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 41.293355][ T3557] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 41.372917][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.383956][ T3312] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 41.401956][ T3563] syz.1.35 (3563) used greatest stack depth: 10104 bytes left [ 41.443308][ T3571] netlink: 4 bytes leftover after parsing attributes in process `syz.1.40'. [ 41.453132][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 41.465916][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 41.514222][ T3573] Zero length message leads to an empty skb [ 41.656706][ T3590] netlink: 40 bytes leftover after parsing attributes in process `syz.3.49'. [ 41.706183][ T3594] loop3: detected capacity change from 0 to 1024 [ 41.736500][ T3594] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.764440][ T3594] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt. [ 41.859277][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.874860][ T3612] loop2: detected capacity change from 0 to 1024 [ 41.919813][ T3612] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.954712][ T3612] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.977776][ T3612] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 3: comm syz.2.57: lblock 3 mapped to illegal pblock 3 (length 13) [ 42.002706][ T3612] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 42.015325][ T3612] EXT4-fs (loop2): This should not happen!! Data will be lost [ 42.015325][ T3612] [ 42.086641][ T3612] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.57: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.115958][ T3630] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.57: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.130955][ T3612] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.57: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.145413][ T3634] openvswitch: netlink: Message has 6 unknown bytes. [ 42.167734][ T3612] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.57: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.181909][ T3630] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.57: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.205038][ T3630] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.57: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.227442][ T3612] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.57: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.260197][ T3630] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.57: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.298697][ T3642] loop0: detected capacity change from 0 to 512 [ 42.314905][ T3612] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.57: lblock 3 mapped to illegal pblock 3 (length 1) [ 42.349715][ T3642] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.417371][ T3642] ext4 filesystem being mounted at /14/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 42.458137][ T3642] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.64: corrupted inode contents [ 42.487391][ T3642] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #2: comm syz.0.64: mark_inode_dirty error [ 42.500391][ T3642] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.64: corrupted inode contents [ 42.512496][ T3642] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.64: mark_inode_dirty error [ 42.525094][ T3658] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 42.535104][ T3658] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.64: corrupted inode contents [ 42.546986][ T3658] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #2: comm syz.0.64: mark_inode_dirty error [ 42.560116][ T3658] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.64: corrupted inode contents [ 42.597317][ T3642] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.64: corrupted inode contents [ 42.627063][ T3642] EXT4-fs error (device loop0): add_dirent_to_buf:2153: inode #2: comm syz.0.64: mark_inode_dirty error [ 42.714961][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.773572][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.980759][ C0] hrtimer: interrupt took 38272 ns [ 42.987546][ T3703] netlink: 'syz.3.86': attribute type 1 has an invalid length. [ 43.017941][ T3708] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 43.033902][ T3707] IPVS: stopping master sync thread 3708 ... [ 43.175564][ T3721] wireguard0: entered promiscuous mode [ 43.181184][ T3721] wireguard0: entered allmulticast mode [ 43.222488][ T3726] rdma_op ffff88810686f580 conn xmit_rdma 0000000000000000 [ 43.240654][ T3728] SELinux: policydb version -299076691 does not match my version range 15-35 [ 43.269190][ T3728] SELinux: failed to load policy [ 43.402564][ T3743] netlink: 'syz.3.105': attribute type 1 has an invalid length. [ 43.488569][ T3751] netlink: 8 bytes leftover after parsing attributes in process `syz.2.109'. [ 43.517570][ T3749] netlink: 68 bytes leftover after parsing attributes in process `syz.3.108'. [ 43.618637][ T3759] serio: Serial port ptm0 [ 43.653691][ T3760] loop2: detected capacity change from 0 to 8192 [ 43.667540][ T3760] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1) [ 43.675655][ T3760] FAT-fs (loop2): Filesystem has been set read-only [ 43.898182][ T3773] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 43.913471][ T3773] vhci_hcd: invalid port number 96 [ 43.918696][ T3773] vhci_hcd: default hub control req: 0000 veffc i0060 l0 [ 43.986830][ T3782] loop2: detected capacity change from 0 to 512 [ 44.017241][ T3782] EXT4-fs: Ignoring removed mblk_io_submit option [ 44.023773][ T3782] EXT4-fs: inline encryption not supported [ 44.056542][ T3782] EXT4-fs: test_dummy_encryption option not supported [ 44.069927][ T3792] netlink: 'syz.0.127': attribute type 22 has an invalid length. [ 44.077866][ T3792] netlink: 4 bytes leftover after parsing attributes in process `syz.0.127'. [ 44.120967][ T3792] netlink: 'syz.0.127': attribute type 22 has an invalid length. [ 44.128900][ T3792] netlink: 4 bytes leftover after parsing attributes in process `syz.0.127'. [ 44.137933][ T37] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 44.156056][ T37] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 44.192770][ T37] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 44.201744][ T37] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 44.322572][ T3819] netlink: 'syz.2.139': attribute type 10 has an invalid length. [ 44.330427][ T3819] netlink: 40 bytes leftover after parsing attributes in process `syz.2.139'. [ 44.358576][ T3819] dummy0: entered promiscuous mode [ 44.585984][ T3834] ------------[ cut here ]------------ [ 44.591561][ T3834] verifier bug: REG INVARIANTS VIOLATION (true_reg2): range bounds violation u64=[0x0, 0x7800000000] s64=[0x0, 0xffffffffffffffff] u32=[0x80000000, 0x0] s32=[0x0, 0xffffffff] var_off=(0x0, 0x7800000000)(1) [ 44.611892][ T3834] WARNING: CPU: 1 PID: 3834 at kernel/bpf/verifier.c:2728 reg_bounds_sanity_check+0x673/0x680 [ 44.622405][ T3834] Modules linked in: [ 44.626349][ T3834] CPU: 1 UID: 0 PID: 3834 Comm: syz.4.145 Not tainted syzkaller #0 PREEMPT(voluntary) [ 44.636312][ T3834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 44.646790][ T3834] RIP: 0010:reg_bounds_sanity_check+0x673/0x680 [ 44.653272][ T3834] Code: 7c 24 18 41 ff 74 24 20 55 41 56 4d 89 ee 53 48 8b 5c 24 30 ff 74 24 40 ff 74 24 50 ff 74 24 30 e8 92 80 ba ff 48 83 c4 38 90 <0f> 0b 90 90 e9 02 fb ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 [ 44.673035][ T3834] RSP: 0018:ffffc9000167f440 EFLAGS: 00010292 [ 44.679159][ T3834] RAX: 6327d0079ea2bf00 RBX: ffff888119731040 RCX: 0000000000080000 [ 44.687160][ T3834] RDX: ffffc90002d4d000 RSI: 000000000001bf3e RDI: 000000000001bf3f [ 44.695327][ T3834] RBP: 0000000000000000 R08: 0001c9000167f27f R09: 0000000000000000 [ 44.703421][ T3834] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff888119731000 [ 44.711761][ T3834] R13: ffff888119868000 R14: ffff888119868000 R15: ffff888119731038 [ 44.720069][ T3834] FS: 00007fa36fcff6c0(0000) GS:ffff8882aef43000(0000) knlGS:0000000000000000 [ 44.729086][ T3834] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.735709][ T3834] CR2: 00002000000054c0 CR3: 000000011a38e000 CR4: 00000000003506f0 [ 44.743956][ T3834] Call Trace: [ 44.747332][ T3834] [ 44.750297][ T3834] reg_set_min_max+0x1eb/0x260 [ 44.755130][ T3834] check_cond_jmp_op+0x1080/0x16e0 [ 44.760473][ T3834] do_check+0x332a/0x7a10 [ 44.764985][ T3834] do_check_common+0xc3a/0x12a0 [ 44.769933][ T3834] bpf_check+0x942b/0xd9e0 [ 44.774395][ T3834] ? __rcu_read_unlock+0x4f/0x70 [ 44.779401][ T3834] ? __alloc_frozen_pages_noprof+0x188/0x360 [ 44.785442][ T3834] ? alloc_pages_bulk_noprof+0x4b8/0x540 [ 44.791288][ T3834] ? __vmap_pages_range_noflush+0xbb3/0xbd0 [ 44.797314][ T3834] ? pcpu_block_update+0x232/0x3b0 [ 44.802535][ T3834] ? _find_next_zero_bit+0x64/0xa0 [ 44.807713][ T3834] ? pcpu_block_refresh_hint+0x157/0x170 [ 44.813460][ T3834] ? pcpu_block_update_hint_alloc+0x63d/0x660 [ 44.819664][ T3834] ? pcpu_block_update_hint_alloc+0x63d/0x660 [ 44.825775][ T3834] ? css_rstat_updated+0xb7/0x240 [ 44.830949][ T3834] ? __rcu_read_unlock+0x4f/0x70 [ 44.836054][ T3834] ? pcpu_memcg_post_alloc_hook+0xf1/0x150 [ 44.842027][ T3834] ? should_fail_ex+0x30/0x280 [ 44.846917][ T3834] ? selinux_bpf_prog_load+0x36/0xf0 [ 44.852298][ T3834] ? should_failslab+0x8c/0xb0 [ 44.857097][ T3834] ? __kmalloc_cache_noprof+0x189/0x320 [ 44.862811][ T3834] ? selinux_bpf_prog_load+0xbf/0xf0 [ 44.868563][ T3834] ? security_bpf_prog_load+0x2c/0xa0 [ 44.873976][ T3834] bpf_prog_load+0xedd/0x1070 [ 44.878994][ T3834] ? security_bpf+0x2b/0x90 [ 44.883594][ T3834] __sys_bpf+0x462/0x7b0 [ 44.887921][ T3834] __x64_sys_bpf+0x41/0x50 [ 44.892442][ T3834] x64_sys_call+0x2aea/0x2ff0 [ 44.897155][ T3834] do_syscall_64+0xd2/0x200 [ 44.901729][ T3834] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 44.907859][ T3834] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 44.913611][ T3834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 44.919569][ T3834] RIP: 0033:0x7fa37129ebe9 [ 44.924002][ T3834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 44.943682][ T3834] RSP: 002b:00007fa36fcff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 44.952380][ T3834] RAX: ffffffffffffffda RBX: 00007fa3714c5fa0 RCX: 00007fa37129ebe9 [ 44.960823][ T3834] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 44.968880][ T3834] RBP: 00007fa371321e19 R08: 0000000000000000 R09: 0000000000000000 [ 44.976866][ T3834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 44.985037][ T3834] R13: 00007fa3714c6038 R14: 00007fa3714c5fa0 R15: 00007fff894911b8 [ 44.993169][ T3834] [ 44.993180][ T3834] ---[ end trace 0000000000000000 ]--- [ 45.030418][ T29] kauditd_printk_skb: 241 callbacks suppressed [ 45.030506][ T29] audit: type=1400 audit(1756489954.417:332): avc: denied { read write } for pid=3852 comm="syz.2.153" name="rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 45.042549][ T3851] netlink: 'syz.0.152': attribute type 6 has an invalid length. [ 45.060813][ T29] audit: type=1400 audit(1756489954.417:333): avc: denied { open } for pid=3852 comm="syz.2.153" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 45.126972][ T29] audit: type=1400 audit(1756489954.417:334): avc: denied { create } for pid=3850 comm="syz.0.152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 45.146324][ T29] audit: type=1400 audit(1756489954.417:335): avc: denied { ioctl } for pid=3850 comm="syz.0.152" path="socket:[6421]" dev="sockfs" ino=6421 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 45.170869][ T29] audit: type=1400 audit(1756489954.417:336): avc: denied { create } for pid=3850 comm="syz.0.152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 45.191257][ T29] audit: type=1400 audit(1756489954.417:337): avc: denied { write } for pid=3850 comm="syz.0.152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 45.213622][ T29] audit: type=1400 audit(1756489954.507:338): avc: denied { create } for pid=3856 comm="syz.3.154" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 45.308832][ T29] audit: type=1326 audit(1756489954.657:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3862 comm="syz.4.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa37129ebe9 code=0x7ffc0000 [ 45.332520][ T29] audit: type=1326 audit(1756489954.677:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3862 comm="syz.4.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fa37129ebe9 code=0x7ffc0000 [ 45.355747][ T29] audit: type=1326 audit(1756489954.677:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3862 comm="syz.4.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa37129ebe9 code=0x7ffc0000 [ 45.366367][ T3857] tmpfs: Bad value for 'mpol' [ 45.424954][ T3871] loop0: detected capacity change from 0 to 1024 [ 45.432679][ T3871] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 45.471925][ T3871] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 45.490406][ T3871] EXT4-fs (loop0): orphan cleanup on readonly fs [ 45.497067][ T3871] EXT4-fs error (device loop0): ext4_free_blocks:6696: comm syz.0.162: Freeing blocks not in datazone - block = 0, count = 4096 [ 45.512883][ T3871] EXT4-fs (loop0): 1 orphan inode deleted [ 45.519334][ T3871] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 45.559439][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.732376][ T3903] netlink: 12 bytes leftover after parsing attributes in process `syz.2.177'. [ 45.793340][ T3916] loop0: detected capacity change from 0 to 128 [ 45.854068][ T3923] netlink: 12 bytes leftover after parsing attributes in process `syz.0.187'. [ 45.863140][ T3923] netlink: 28 bytes leftover after parsing attributes in process `syz.0.187'. [ 45.872269][ T3923] netlink: 12 bytes leftover after parsing attributes in process `syz.0.187'. [ 45.900841][ T3923] netlink: 28 bytes leftover after parsing attributes in process `syz.0.187'. [ 45.909879][ T3923] netlink: 'syz.0.187': attribute type 6 has an invalid length. [ 45.918843][ T3926] netlink: 24 bytes leftover after parsing attributes in process `syz.1.188'. [ 45.928856][ T3924] Illegal XDP return value 4294967294 on prog (id 130) dev N/A, expect packet loss! [ 46.053483][ T3939] netlink: 96 bytes leftover after parsing attributes in process `syz.0.194'. [ 46.325549][ T3963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.204'. [ 46.334532][ T3963] netlink: 'syz.0.204': attribute type 1 has an invalid length. [ 46.342230][ T3963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.204'. [ 46.352584][ T3963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.204'. [ 46.361499][ T3963] netlink: 'syz.0.204': attribute type 1 has an invalid length. [ 46.533823][ T3977] can0: slcan on ttyS3. [ 46.588034][ T3977] can0 (unregistered): slcan off ttyS3. [ 46.615563][ T3985] can0: slcan on ttyS3. [ 46.687917][ T3976] can0 (unregistered): slcan off ttyS3. [ 46.748454][ T4004] netlink: 'syz.3.214': attribute type 6 has an invalid length. [ 47.264370][ T4038] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 47.279981][ T4038] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 47.286859][ T4038] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 47.293624][ T4038] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 47.300368][ T4038] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 47.307261][ T4038] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 47.313985][ T4038] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 47.320742][ T4038] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 47.327501][ T4038] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 47.334231][ T4038] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 47.900724][ T4067] macvtap0: refused to change device tx_queue_len [ 48.064343][ T4083] loop0: detected capacity change from 0 to 128 [ 48.076188][ T4083] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 48.112453][ T4083] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 48.278878][ T4104] validate_nla: 2 callbacks suppressed [ 48.278896][ T4104] netlink: 'syz.3.261': attribute type 10 has an invalid length. [ 48.305728][ T4104] veth0_vlan: entered allmulticast mode [ 48.329467][ T4104] veth0_vlan: left promiscuous mode [ 48.356876][ T4104] veth0_vlan: entered promiscuous mode [ 48.378665][ T4104] team0: Device veth0_vlan failed to register rx_handler [ 48.558154][ T4125] hub 9-0:1.0: USB hub found [ 48.564127][ T4125] hub 9-0:1.0: 8 ports detected [ 48.594083][ T4130] can0: slcan on ttyS3. [ 48.638465][ T4136] netlink: 'syz.0.274': attribute type 2 has an invalid length. [ 48.657564][ T4130] can0 (unregistered): slcan off ttyS3. [ 48.664209][ T4138] loop1: detected capacity change from 0 to 1024 [ 48.674426][ T4140] can0: slcan on ttyS3. [ 48.679555][ T4138] EXT4-fs: Ignoring removed bh option [ 48.718163][ T4138] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 48.730363][ T4145] program syz.0.275 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 48.772056][ T4138] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.808261][ T4129] can0 (unregistered): slcan off ttyS3. [ 48.861355][ T4138] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 48.965642][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.054855][ T4186] pim6reg: entered allmulticast mode [ 49.128715][ T4191] hub 9-0:1.0: USB hub found [ 49.142161][ T4191] hub 9-0:1.0: 8 ports detected [ 49.156614][ T4199] SELinux: security policydb version 17 (MLS) not backwards compatible [ 49.194014][ T4199] SELinux: failed to load policy [ 49.472872][ T4227] loop0: detected capacity change from 0 to 512 [ 49.521244][ T4227] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.591600][ T4227] ext4 filesystem being mounted at /91/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 49.630549][ T4227] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.303: corrupted inode contents [ 49.679235][ T4239] loop2: detected capacity change from 0 to 2048 [ 49.679709][ T4227] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #2: comm syz.0.303: mark_inode_dirty error [ 49.695117][ T4239] EXT4-fs: Ignoring removed mblk_io_submit option [ 49.740722][ T4227] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #2: comm syz.0.303: corrupted inode contents [ 49.754700][ T4239] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.769573][ T4227] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.303: mark_inode_dirty error [ 49.818269][ T4243] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #18: comm syz.0.303: directory missing '.' [ 49.849222][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.888827][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.071956][ T4262] process 'syz.1.317' launched './file1' with NULL argv: empty string added [ 50.101447][ T29] kauditd_printk_skb: 177 callbacks suppressed [ 50.101461][ T29] audit: type=1400 audit(1756489959.487:519): avc: denied { execute_no_trans } for pid=4261 comm="syz.1.317" path="/53/file1" dev="tmpfs" ino=289 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 50.187687][ T4264] loop3: detected capacity change from 0 to 8192 [ 50.248026][ T29] audit: type=1326 audit(1756489959.627:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.0.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 50.271526][ T29] audit: type=1326 audit(1756489959.627:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.0.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 50.297867][ T4276] SELinux: Context system_u:object_r:selinux_config_t:s0 is not valid (left unmapped). [ 50.323625][ T4277] 9pnet_fd: Insufficient options for proto=fd [ 50.372512][ T29] audit: type=1326 audit(1756489959.677:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.0.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 50.395964][ T29] audit: type=1326 audit(1756489959.677:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.0.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 50.419351][ T29] audit: type=1326 audit(1756489959.677:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.0.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 50.442666][ T29] audit: type=1326 audit(1756489959.677:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.0.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 50.466199][ T29] audit: type=1326 audit(1756489959.677:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.0.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 50.489582][ T29] audit: type=1326 audit(1756489959.677:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.0.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 50.513079][ T29] audit: type=1326 audit(1756489959.677:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4273 comm="syz.0.324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 50.521967][ T4287] loop1: detected capacity change from 0 to 2048 [ 50.568938][ T4144] loop1: p1 < > p4 [ 50.575062][ T4144] loop1: p4 size 8388608 extends beyond EOD, truncated [ 50.587795][ T4287] loop1: p1 < > p4 [ 50.598025][ T4287] loop1: p4 size 8388608 extends beyond EOD, truncated [ 50.772892][ T4311] serio: Serial port ptm0 [ 50.913185][ T4335] loop4: detected capacity change from 0 to 2048 [ 50.969803][ T4343] loop2: detected capacity change from 0 to 512 [ 50.977000][ T4144] loop4: p1 < > p4 [ 50.982857][ T4144] loop4: p4 size 8388608 extends beyond EOD, truncated [ 50.999236][ T4335] loop4: p1 < > p4 [ 51.007595][ T4335] loop4: p4 size 8388608 extends beyond EOD, truncated [ 51.023831][ T4343] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.042876][ T4343] ext4 filesystem being mounted at /75/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 51.062284][ T4343] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.356: corrupted inode contents [ 51.104053][ T4343] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #2: comm syz.2.356: mark_inode_dirty error [ 51.136223][ T4343] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.356: corrupted inode contents [ 51.148505][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 51.149528][ T4343] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.356: mark_inode_dirty error [ 51.174791][ T4144] udevd[4144]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 51.179507][ T4343] EXT4-fs warning (device loop2): ext4_empty_dir:3089: inode #18: comm syz.2.356: directory missing '.' [ 51.237330][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 51.254224][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.255315][ T4144] udevd[4144]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 51.297559][ T4367] netlink: 'syz.3.367': attribute type 2 has an invalid length. [ 51.399474][ T4376] SELinux: policydb version 0 does not match my version range 15-35 [ 51.416912][ T4376] SELinux: failed to load policy [ 51.422082][ T4374] loop3: detected capacity change from 0 to 2048 [ 51.487812][ T4144] loop3: p1 < > p4 [ 51.493953][ T4144] loop3: p4 size 8388608 extends beyond EOD, truncated [ 51.504647][ T4374] loop3: p1 < > p4 [ 51.509342][ T4374] loop3: p4 size 8388608 extends beyond EOD, truncated [ 51.542150][ T2994] loop3: p1 < > p4 [ 51.547170][ T2994] loop3: p4 size 8388608 extends beyond EOD, truncated [ 51.552932][ T4388] __nla_validate_parse: 14 callbacks suppressed [ 51.552951][ T4388] netlink: 16 bytes leftover after parsing attributes in process `syz.1.376'. [ 51.596746][ T4392] loop4: detected capacity change from 0 to 1024 [ 51.622212][ T4392] EXT4-fs: Ignoring removed nobh option [ 51.627911][ T4392] EXT4-fs: Ignoring removed bh option [ 51.663939][ T3295] udevd[3295]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 51.677974][ T4144] udevd[4144]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 51.702224][ T4392] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.765023][ T4392] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 51.896860][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.907584][ T4421] loop3: detected capacity change from 0 to 2048 [ 51.914363][ T4421] EXT4-fs: Ignoring removed mblk_io_submit option [ 51.923392][ T4422] loop2: detected capacity change from 0 to 2048 [ 51.955664][ T4421] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.978340][ T3297] loop2: p1 < > p4 [ 51.983393][ T4428] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in; [ 51.983393][ T4428] program syz.4.387 not setting count and/or reply_len properly [ 52.001626][ T3297] loop2: p4 size 8388608 extends beyond EOD, truncated [ 52.002628][ T4430] loop0: detected capacity change from 0 to 164 [ 52.024348][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.036100][ T4422] loop2: p1 < > p4 [ 52.040731][ T4422] loop2: p4 size 8388608 extends beyond EOD, truncated [ 52.071486][ T2994] loop2: p1 < > p4 [ 52.076387][ T2994] loop2: p4 size 8388608 extends beyond EOD, truncated [ 52.089397][ T4430] syz.0.392: attempt to access beyond end of device [ 52.089397][ T4430] loop0: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 52.175535][ T4430] syz.0.392: attempt to access beyond end of device [ 52.175535][ T4430] loop0: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 52.300964][ T4144] udevd[4144]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 52.302684][ T3502] udevd[3502]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 52.338290][ T3297] udevd[3297]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 52.340079][ T4144] udevd[4144]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 52.455104][ T4466] syz.4.407 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 52.517569][ T4474] loop4: detected capacity change from 0 to 1024 [ 52.525996][ T4474] EXT4-fs: Ignoring removed nobh option [ 52.531705][ T4474] EXT4-fs: Ignoring removed bh option [ 52.554997][ T4470] loop2: detected capacity change from 0 to 8192 [ 52.569427][ T4474] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.593496][ T4470] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 52.612896][ T4470] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 52.621527][ T4470] FAT-fs (loop2): Filesystem has been set read-only [ 52.638571][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.765650][ T4496] random: crng reseeded on system resumption [ 52.837996][ T4500] netlink: 16 bytes leftover after parsing attributes in process `syz.3.426'. [ 52.957723][ T4519] loop2: detected capacity change from 0 to 1024 [ 52.964574][ T4519] EXT4-fs: Ignoring removed nobh option [ 52.970247][ T4519] EXT4-fs: Ignoring removed bh option [ 53.015731][ T4523] netlink: 'syz.4.436': attribute type 5 has an invalid length. [ 53.079062][ T4519] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.134761][ T4519] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 53.160932][ T4533] SELinux: policydb version 1920 does not match my version range 15-35 [ 53.169749][ T4533] SELinux: failed to load policy [ 53.221757][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.411830][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 53.419372][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 53.426882][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 53.434394][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 53.441862][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 53.449357][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 53.456765][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 53.464217][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 53.471651][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 53.479085][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 53.490206][ T36] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 53.552500][ T4565] fido_id[4565]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 53.570830][ T4572] loop1: detected capacity change from 0 to 1024 [ 53.580050][ T4572] EXT4-fs: Ignoring removed nobh option [ 53.585708][ T4572] EXT4-fs: Ignoring removed bh option [ 53.634838][ T4572] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.648091][ T4577] netlink: 332 bytes leftover after parsing attributes in process `syz.3.458'. [ 53.735159][ T4572] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 53.824682][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.980185][ T4599] netlink: 16 bytes leftover after parsing attributes in process `syz.0.468'. [ 54.018308][ T4608] netlink: 332 bytes leftover after parsing attributes in process `syz.4.472'. [ 54.081174][ T4614] loop3: detected capacity change from 0 to 164 [ 54.101008][ T4614] syz.3.475: attempt to access beyond end of device [ 54.101008][ T4614] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 54.115003][ T4614] syz.3.475: attempt to access beyond end of device [ 54.115003][ T4614] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 54.175888][ T4616] loop4: detected capacity change from 0 to 2048 [ 54.235499][ T4616] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.250512][ T4616] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.399743][ T4646] netlink: 'syz.3.484': attribute type 5 has an invalid length. [ 54.504832][ T4664] netlink: 332 bytes leftover after parsing attributes in process `syz.0.487'. [ 54.569063][ T4669] loop3: detected capacity change from 0 to 1024 [ 54.586356][ T4669] EXT4-fs: Ignoring removed nobh option [ 54.592176][ T4669] EXT4-fs: Ignoring removed bh option [ 54.649930][ T4669] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.664364][ T4677] loop0: detected capacity change from 0 to 8192 [ 54.691166][ T4677] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 54.713306][ T4677] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 54.721978][ T4677] FAT-fs (loop0): Filesystem has been set read-only [ 54.756570][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.875412][ T4688] netlink: 'syz.0.498': attribute type 5 has an invalid length. [ 55.132033][ T29] kauditd_printk_skb: 209 callbacks suppressed [ 55.132047][ T29] audit: type=1326 audit(1756489964.517:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4709 comm="syz.3.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbde4b6ebe9 code=0x7ffc0000 [ 55.183675][ T29] audit: type=1326 audit(1756489964.547:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4709 comm="syz.3.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fbde4b6ebe9 code=0x7ffc0000 [ 55.207009][ T29] audit: type=1326 audit(1756489964.547:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4709 comm="syz.3.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbde4b6ebe9 code=0x7ffc0000 [ 55.230526][ T29] audit: type=1326 audit(1756489964.567:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fdee8caec77 code=0x7ffc0000 [ 55.251383][ T4707] loop2: detected capacity change from 0 to 1024 [ 55.253845][ T29] audit: type=1326 audit(1756489964.567:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdee8cad550 code=0x7ffc0000 [ 55.269378][ T4707] EXT4-fs: Ignoring removed nobh option [ 55.283603][ T29] audit: type=1326 audit(1756489964.567:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdee8cae7eb code=0x7ffc0000 [ 55.289253][ T4707] EXT4-fs: Ignoring removed bh option [ 55.312579][ T29] audit: type=1326 audit(1756489964.657:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fdee8cad84a code=0x7ffc0000 [ 55.341020][ T29] audit: type=1326 audit(1756489964.657:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fdee8cad84a code=0x7ffc0000 [ 55.364351][ T29] audit: type=1326 audit(1756489964.657:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fdee8cad457 code=0x7ffc0000 [ 55.387600][ T29] audit: type=1326 audit(1756489964.657:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4706 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fdee8cb038a code=0x7ffc0000 [ 55.444706][ T4707] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.468082][ T4727] netlink: 'syz.1.511': attribute type 5 has an invalid length. [ 55.490573][ T4731] netlink: 4 bytes leftover after parsing attributes in process `syz.0.512'. [ 55.515098][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.636731][ T4741] loop0: detected capacity change from 0 to 8192 [ 55.677067][ T4741] syz.0.517: attempt to access beyond end of device [ 55.677067][ T4741] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 55.710610][ T4741] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1) [ 55.718758][ T4741] FAT-fs (loop0): Filesystem has been set read-only [ 55.727095][ T4741] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1) [ 55.735367][ T4741] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1) [ 55.777103][ T4755] netlink: 16 bytes leftover after parsing attributes in process `syz.2.528'. [ 55.787459][ T4751] Falling back ldisc for ttyS3. [ 55.895784][ T4768] netlink: 'syz.2.534': attribute type 5 has an invalid length. [ 56.991130][ T4808] loop4: detected capacity change from 0 to 512 [ 57.217998][ T4808] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.270732][ T4808] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.342443][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.408066][ T4824] netlink: 96 bytes leftover after parsing attributes in process `syz.4.556'. [ 57.648040][ T4835] netlink: 'syz.3.560': attribute type 21 has an invalid length. [ 57.656167][ T4835] netlink: 132 bytes leftover after parsing attributes in process `syz.3.560'. [ 57.665233][ T4835] netlink: 'syz.3.560': attribute type 1 has an invalid length. [ 57.676035][ T4837] loop4: detected capacity change from 0 to 512 [ 57.686141][ T4837] EXT4-fs: Ignoring removed i_version option [ 57.720284][ T4837] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e000c018, mo2=0002] [ 57.741699][ T4837] System zones: 0-2, 18-18, 34-35 [ 57.750005][ T4837] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.762986][ T4837] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.860587][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.920809][ T4853] loop9: detected capacity change from 0 to 7 [ 57.949489][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 57.965667][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 57.973683][ T4144] loop9: unable to read partition table [ 57.982591][ T4853] Buffer I/O error on dev loop9, logical block 0, async page read [ 57.992302][ T4853] Buffer I/O error on dev loop9, logical block 0, async page read [ 58.000244][ T4853] loop9: unable to read partition table [ 58.007498][ T4859] random: crng reseeded on system resumption [ 58.007608][ T4853] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 58.007608][ T4853] ) failed (rc=-5) [ 58.038069][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 58.056205][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 58.068995][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 58.087325][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 58.099635][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 58.299731][ T4881] loop1: detected capacity change from 0 to 128 [ 58.323843][ T4881] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 58.361653][ T4881] ext4 filesystem being mounted at /99/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 58.536506][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 58.548954][ T4894] netlink: 'syz.4.586': attribute type 21 has an invalid length. [ 58.568839][ T4894] netlink: 132 bytes leftover after parsing attributes in process `syz.4.586'. [ 58.577889][ T4894] netlink: 'syz.4.586': attribute type 1 has an invalid length. [ 58.637399][ T4892] Falling back ldisc for ttyS3. [ 58.770318][ T36] hid_parser_main: 16 callbacks suppressed [ 58.770337][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4 [ 58.783986][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2 [ 58.793611][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x3 [ 58.809883][ T4918] netlink: 'syz.4.594': attribute type 4 has an invalid length. [ 58.812124][ T36] hid-generic 0000:3000000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 58.854606][ T4918] netlink: 'syz.4.594': attribute type 4 has an invalid length. [ 58.901027][ T4923] netlink: 132 bytes leftover after parsing attributes in process `syz.1.599'. [ 59.182916][ T1036] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4 [ 59.190713][ T1036] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2 [ 59.205642][ T1036] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x3 [ 59.216852][ T1036] hid-generic 0000:3000000:0000.0003: hidraw0: HID v0.00 Device [sy] on syz0 [ 59.253029][ T4950] fido_id[4950]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 59.282654][ T4952] loop1: detected capacity change from 0 to 1024 [ 59.294526][ T4954] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4954 comm=syz.2.612 [ 59.307096][ T4954] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4954 comm=syz.2.612 [ 59.310538][ T4952] EXT4-fs: Ignoring removed orlov option [ 59.325408][ T4952] EXT4-fs: Ignoring removed nomblk_io_submit option [ 59.360811][ T4952] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.393784][ T4964] netlink: 28 bytes leftover after parsing attributes in process `syz.2.616'. [ 59.402908][ T4964] netlink: 108 bytes leftover after parsing attributes in process `syz.2.616'. [ 59.412109][ T4964] netlink: 28 bytes leftover after parsing attributes in process `syz.2.616'. [ 59.421256][ T4964] netlink: 108 bytes leftover after parsing attributes in process `syz.2.616'. [ 59.430283][ T4964] netlink: 84 bytes leftover after parsing attributes in process `syz.2.616'. [ 59.441257][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.480316][ T4968] loop0: detected capacity change from 0 to 128 [ 59.489342][ T4968] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 59.504896][ T4968] ext4 filesystem being mounted at /133/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 59.524669][ T4971] loop9: detected capacity change from 0 to 7 [ 59.536117][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 59.544202][ T4144] loop9: unable to read partition table [ 59.554959][ T4971] loop9: unable to read partition table [ 59.561303][ T4971] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 59.561303][ T4971] ) failed (rc=-5) [ 59.620036][ T4977] tipc: Started in network mode [ 59.625011][ T4977] tipc: Node identity ac14140f, cluster identity 4711 [ 59.641938][ T4977] tipc: New replicast peer: 255.255.255.83 [ 59.648004][ T4977] tipc: Enabled bearer , priority 10 [ 59.680021][ T4984] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4984 comm=syz.3.625 [ 59.692482][ T4984] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4984 comm=syz.3.625 [ 59.720398][ T4986] validate_nla: 2 callbacks suppressed [ 59.720413][ T4986] netlink: 'syz.2.626': attribute type 1 has an invalid length. [ 59.753372][ T3312] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 59.769448][ T4992] SELinux: Context is not valid (left unmapped). [ 59.785006][ T4994] vxcan1: tx drop: invalid sa for name 0x0000000000000003 [ 59.878306][ T5006] netlink: 'syz.2.636': attribute type 1 has an invalid length. [ 59.932001][ T5006] 8021q: adding VLAN 0 to HW filter on device bond1 [ 59.980450][ T5014] 8021q: adding VLAN 0 to HW filter on device bond1 [ 60.001067][ T5014] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 60.018315][ T5014] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 60.220406][ T5048] netlink: 28 bytes leftover after parsing attributes in process `syz.3.652'. [ 60.251304][ T5053] loop4: detected capacity change from 0 to 128 [ 60.284548][ T5053] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 60.298264][ T5053] ext4 filesystem being mounted at /113/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 60.326758][ T5057] loop1: detected capacity change from 0 to 1024 [ 60.335846][ T5057] EXT4-fs: Ignoring removed orlov option [ 60.349307][ T5057] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.398153][ T5060] tipc: Started in network mode [ 60.403074][ T5060] tipc: Node identity ac14140f, cluster identity 4711 [ 60.410524][ T5060] tipc: New replicast peer: 255.255.255.83 [ 60.416406][ T5060] tipc: Enabled bearer , priority 10 [ 60.465932][ T3308] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 60.564303][ T5072] syz.0.662 (5072) used greatest stack depth: 10016 bytes left [ 60.585082][ T29] kauditd_printk_skb: 123 callbacks suppressed [ 60.585117][ T29] audit: type=1326 audit(1756489969.967:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.0.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 60.622315][ T5084] SELinux: ebitmap start bit (402653440) is beyond the end of the bitmap (1472) [ 60.641650][ T29] audit: type=1326 audit(1756489970.007:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.0.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 60.664943][ T29] audit: type=1326 audit(1756489970.007:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.0.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 60.688229][ T29] audit: type=1326 audit(1756489970.007:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.0.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 60.711628][ T29] audit: type=1326 audit(1756489970.007:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.0.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 60.716988][ T5084] SELinux: failed to load policy [ 60.734904][ T29] audit: type=1326 audit(1756489970.007:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.0.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 60.763280][ T29] audit: type=1326 audit(1756489970.007:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.0.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 60.786602][ T29] audit: type=1326 audit(1756489970.007:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.0.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 60.809862][ T29] audit: type=1326 audit(1756489970.017:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.0.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 60.833130][ T29] audit: type=1326 audit(1756489970.017:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.0.666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f43a48cebe9 code=0x7ffc0000 [ 60.857161][ T3380] tipc: Node number set to 2886997007 [ 60.924395][ T5088] loop4: detected capacity change from 0 to 1024 [ 60.946582][ T5090] loop3: detected capacity change from 0 to 128 [ 60.976145][ T5088] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 60.999255][ T5090] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 61.012809][ T5090] System zones: 1-3, 19-19, 35-36 [ 61.019717][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.033770][ T5090] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 61.038827][ T5088] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.669: Allocating blocks 449-513 which overlap fs metadata [ 61.074416][ T5087] EXT4-fs (loop4): pa ffff888109801690: logic 48, phys. 177, len 21 [ 61.082503][ T5087] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 61.086648][ T5090] ext4 filesystem being mounted at /144/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 61.149081][ T3304] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 61.161418][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.295766][ T5110] net_ratelimit: 6650 callbacks suppressed [ 61.295784][ T5110] openvswitch: netlink: Message has 6 unknown bytes. [ 61.417230][ T36] tipc: Node number set to 2886997007 [ 61.504765][ T5126] SELinux: policydb version 3968 does not match my version range 15-35 [ 61.521925][ T5126] SELinux: failed to load policy [ 61.600374][ T5134] IPv6: NLM_F_CREATE should be specified when creating new route [ 61.621475][ T5136] loop4: detected capacity change from 0 to 512 [ 61.649960][ T5136] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 61.668740][ T5136] EXT4-fs (loop4): mount failed [ 62.053798][ T5166] loop3: detected capacity change from 0 to 1024 [ 62.062650][ T5166] EXT4-fs: Ignoring removed orlov option [ 62.073252][ T5166] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.122487][ T5177] loop1: detected capacity change from 0 to 128 [ 62.155223][ T5177] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 62.172363][ T5177] System zones: 1-3, 19-19, 35-36 [ 62.197388][ T5177] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 62.233693][ T5193] SELinux: Context system_u:object_r:systemd_logger_exec_t:s0 is not valid (left unmapped). [ 62.267386][ T5177] ext4 filesystem being mounted at /128/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 62.363080][ T5197] syz.0.718 (5197) used greatest stack depth: 9976 bytes left [ 62.386520][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 62.436126][ T5203] __nla_validate_parse: 10 callbacks suppressed [ 62.436145][ T5203] netlink: 8 bytes leftover after parsing attributes in process `syz.1.717'. [ 62.454046][ T5203] netlink: 8 bytes leftover after parsing attributes in process `syz.1.717'. [ 62.495732][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.529685][ T5212] loop2: detected capacity change from 0 to 512 [ 62.541047][ T5214] netlink: 8 bytes leftover after parsing attributes in process `syz.3.723'. [ 62.550854][ T5214] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 62.561828][ T5212] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 62.585194][ T5212] EXT4-fs (loop2): mount failed [ 62.626937][ T5218] SELinux: ebitmap: truncated map [ 62.654190][ T5218] SELinux: failed to load policy [ 62.755907][ T5234] loop2: detected capacity change from 0 to 1024 [ 62.763027][ T5234] EXT4-fs: Ignoring removed orlov option [ 62.769501][ T5236] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 62.778517][ T5234] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.932312][ T5244] netlink: 8 bytes leftover after parsing attributes in process `syz.4.735'. [ 62.941301][ T5244] netlink: 8 bytes leftover after parsing attributes in process `syz.4.735'. [ 62.973463][ T5247] SELinux: failed to load policy [ 63.110325][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.182705][ T5263] program syz.4.747 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 63.205139][ T5267] netlink: 96 bytes leftover after parsing attributes in process `syz.3.748'. [ 63.346488][ T5283] SELinux: failed to load policy [ 63.372058][ T5287] netlink: 'syz.0.759': attribute type 4 has an invalid length. [ 63.390906][ T5287] netlink: 'syz.0.759': attribute type 4 has an invalid length. [ 63.400666][ T5291] loop4: detected capacity change from 0 to 512 [ 63.420841][ T5291] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.447079][ T5300] netlink: 'syz.0.763': attribute type 21 has an invalid length. [ 63.454918][ T5300] netlink: 156 bytes leftover after parsing attributes in process `syz.0.763'. [ 63.456336][ T5291] ext4 filesystem being mounted at /137/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.527651][ T5302] syzkaller0: entered promiscuous mode [ 63.533192][ T5302] syzkaller0: entered allmulticast mode [ 63.589812][ T5304] SELinux: policydb version 0 does not match my version range 15-35 [ 63.598619][ T5304] SELinux: failed to load policy [ 63.623035][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.765978][ T5328] loop2: detected capacity change from 0 to 128 [ 63.786041][ T5331] netlink: 8 bytes leftover after parsing attributes in process `syz.4.779'. [ 63.795313][ T5331] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 63.817012][ T5333] loop2: detected capacity change from 0 to 512 [ 63.850471][ T5333] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.881856][ T5333] ext4 filesystem being mounted at /166/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.902265][ T5340] netlink: 332 bytes leftover after parsing attributes in process `syz.1.782'. [ 64.011429][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.052098][ T5344] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 64.475258][ T5366] loop0: detected capacity change from 0 to 128 [ 64.589073][ T5374] netlink: 96 bytes leftover after parsing attributes in process `syz.2.797'. [ 64.630541][ T5378] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 64.750279][ T5391] loop0: detected capacity change from 0 to 512 [ 64.761501][ T5393] loop3: detected capacity change from 0 to 128 [ 64.790595][ T5391] ext4 filesystem being mounted at /163/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.885568][ T5402] smc: net device bond0 applied user defined pnetid SYZ0 [ 64.922348][ T5402] smc: net device bond0 erased user defined pnetid SYZ0 [ 64.933063][ T5406] loop3: detected capacity change from 0 to 512 [ 64.959745][ T5406] ext4 filesystem being mounted at /180/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.324872][ T5457] netem: change failed [ 65.525258][ T5481] loop4: detected capacity change from 0 to 1024 [ 65.584119][ T5481] EXT4-fs: Ignoring removed orlov option [ 65.589969][ T29] kauditd_printk_skb: 170 callbacks suppressed [ 65.589984][ T29] audit: type=1400 audit(1756489974.967:1049): avc: denied { write } for pid=5490 comm="syz.2.841" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 65.629586][ T5489] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 65.676675][ T29] audit: type=1400 audit(1756489975.057:1050): avc: denied { read open } for pid=5480 comm="syz.4.835" path="/155/bus/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 65.699734][ T29] audit: type=1400 audit(1756489975.067:1051): avc: denied { write } for pid=5480 comm="syz.4.835" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 65.721507][ T29] audit: type=1400 audit(1756489975.077:1052): avc: denied { setopt } for pid=5497 comm="syz.2.846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 65.741214][ T29] audit: type=1400 audit(1756489975.077:1053): avc: denied { write } for pid=5497 comm="syz.2.846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 65.761046][ T29] audit: type=1400 audit(1756489975.147:1054): avc: denied { read } for pid=5497 comm="syz.2.846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 65.866114][ T5488] SELinux: policydb version 0 does not match my version range 15-35 [ 65.874834][ T29] audit: type=1400 audit(1756489975.247:1055): avc: denied { load_policy } for pid=5487 comm="syz.1.839" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 65.896261][ T5488] SELinux: failed to load policy [ 65.913671][ T29] audit: type=1400 audit(1756489975.297:1056): avc: denied { read } for pid=5504 comm="syz.0.848" name="qrtr-tun" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 65.954701][ T29] audit: type=1400 audit(1756489975.297:1057): avc: denied { open } for pid=5504 comm="syz.0.848" path="/dev/qrtr-tun" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 66.002921][ T29] audit: type=1326 audit(1756489975.377:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5506 comm="syz.1.850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391f56ebe9 code=0x7ffc0000 [ 66.037439][ T5509] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 66.253792][ T5537] loop1: detected capacity change from 0 to 512 [ 66.269928][ T5536] loop3: detected capacity change from 0 to 512 [ 66.280889][ T5537] ext4 filesystem being mounted at /153/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.477977][ T5556] syzkaller0: entered promiscuous mode [ 66.483541][ T5556] syzkaller0: entered allmulticast mode [ 66.928305][ T5607] smc: net device bond0 applied user defined pnetid SYZ0 [ 66.935701][ T5607] smc: net device bond0 erased user defined pnetid SYZ0 [ 67.462244][ T5630] loop0: detected capacity change from 0 to 1024 [ 67.470887][ T5630] EXT4-fs: Ignoring removed orlov option [ 67.481257][ T3414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 67.488769][ T3414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 67.496179][ T3414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 67.505235][ T3414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 67.512715][ T3414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 67.520239][ T3414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 67.527695][ T3414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 67.535189][ T3414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 67.542624][ T3414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 67.550060][ T3414] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 67.607791][ T5642] syzkaller1: entered promiscuous mode [ 67.613325][ T5642] syzkaller1: entered allmulticast mode [ 67.632075][ T3414] hid-generic 0000:0000:0000.0004: hidraw0: HID v8.00 Device [syz0] on syz0 [ 67.749601][ T5657] wireguard0: entered promiscuous mode [ 67.755164][ T5657] wireguard0: entered allmulticast mode [ 67.924051][ T5674] netlink: '+}[@': attribute type 298 has an invalid length. [ 68.043835][ T5690] netlink: 'syz.3.921': attribute type 13 has an invalid length. [ 68.051648][ T5690] __nla_validate_parse: 6 callbacks suppressed [ 68.051660][ T5690] netlink: 172 bytes leftover after parsing attributes in process `syz.3.921'. [ 68.074551][ T5690] erspan0: refused to change device tx_queue_len [ 68.145240][ T5698] wireguard0: entered promiscuous mode [ 68.150818][ T5698] wireguard0: entered allmulticast mode [ 68.272963][ T3665] hid-generic 0000:0000:0000.0005: hidraw0: HID v8.00 Device [syz0] on syz0 [ 68.352518][ T5717] fido_id[5717]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 68.357699][ T5723] netlink: 24 bytes leftover after parsing attributes in process `syz.1.937'. [ 68.485387][ T5741] netlink: 96 bytes leftover after parsing attributes in process `syz.0.944'. [ 68.514019][ T5742] wireguard0: entered promiscuous mode [ 68.519647][ T5742] wireguard0: entered allmulticast mode [ 68.541065][ T5749] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5749 comm=syz.2.948 [ 68.629628][ T5758] loop1: detected capacity change from 0 to 1024 [ 68.644627][ T5763] sd 0:0:1:0: device reset [ 68.651465][ T5758] ext4 filesystem being mounted at /172/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.704320][ T5758] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 68.730398][ T5771] loop0: detected capacity change from 0 to 512 [ 68.755529][ T5771] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 68.767455][ T5771] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 68.768415][ T5775] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 68.788074][ T5771] EXT4-fs (loop0): 1 truncate cleaned up [ 68.789572][ T5778] 9pnet_fd: Insufficient options for proto=fd [ 68.833379][ T5780] loop1: detected capacity change from 0 to 512 [ 68.842102][ T5780] EXT4-fs: Ignoring removed nobh option [ 68.882630][ T5780] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.962: iget: bad i_size value: 38620345925642 [ 68.932107][ T5780] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.962: couldn't read orphan inode 15 (err -117) [ 68.933159][ T5790] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5790 comm=syz.4.966 [ 68.961439][ T5780] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.962: bg 0: block 5: invalid block bitmap [ 68.974526][ T5780] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 16 with error 28 [ 68.986906][ T5780] EXT4-fs (loop1): This should not happen!! Data will be lost [ 68.986906][ T5780] [ 68.996589][ T5780] EXT4-fs (loop1): Total free blocks count 0 [ 69.002644][ T5780] EXT4-fs (loop1): Free/Dirty block details [ 69.008625][ T5780] EXT4-fs (loop1): free_blocks=0 [ 69.013661][ T5780] EXT4-fs (loop1): dirty_blocks=16 [ 69.018918][ T5780] EXT4-fs (loop1): Block reservation details [ 69.024917][ T5780] EXT4-fs (loop1): i_reserved_data_blocks=16 [ 69.155508][ T5780] syz.1.962 (5780) used greatest stack depth: 9832 bytes left [ 69.279116][ T5811] netlink: 24 bytes leftover after parsing attributes in process `syz.4.973'. [ 69.428515][ T5826] netlink: 48 bytes leftover after parsing attributes in process `syz.1.982'. [ 69.507488][ T5830] wireguard0: entered promiscuous mode [ 69.513084][ T5830] wireguard0: entered allmulticast mode [ 69.832329][ T5842] netlink: 24 bytes leftover after parsing attributes in process `syz.0.988'. [ 69.912022][ T5853] netlink: 4 bytes leftover after parsing attributes in process `syz.2.994'. [ 69.930506][ T5853] netlink: 32 bytes leftover after parsing attributes in process `syz.2.994'. [ 69.941411][ T5855] netlink: 4 bytes leftover after parsing attributes in process `syz.4.995'. [ 69.963316][ T5855] netlink: 4 bytes leftover after parsing attributes in process `syz.4.995'. [ 70.184598][ T5884] wireguard0: entered promiscuous mode [ 70.190263][ T5884] wireguard0: entered allmulticast mode [ 70.589501][ T5893] bond1: entered promiscuous mode [ 70.594961][ T5893] bond1: entered allmulticast mode [ 70.600616][ T5893] 8021q: adding VLAN 0 to HW filter on device bond1 [ 70.610804][ T5893] bond1 (unregistering): Released all slaves [ 70.715797][ T29] kauditd_printk_skb: 369 callbacks suppressed [ 70.715814][ T29] audit: type=1400 audit(1756489980.097:1428): avc: denied { read } for pid=5903 comm="syz.0.1017" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 70.745416][ T29] audit: type=1400 audit(1756489980.097:1429): avc: denied { open } for pid=5903 comm="syz.0.1017" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 70.787996][ T29] audit: type=1326 audit(1756489980.137:1430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 70.811603][ T29] audit: type=1326 audit(1756489980.137:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 70.835131][ T29] audit: type=1326 audit(1756489980.137:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 70.858628][ T29] audit: type=1326 audit(1756489980.137:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 70.882492][ T29] audit: type=1326 audit(1756489980.137:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 70.906314][ T29] audit: type=1326 audit(1756489980.137:1435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 70.929775][ T29] audit: type=1326 audit(1756489980.137:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 70.953431][ T29] audit: type=1326 audit(1756489980.137:1437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.2.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 71.009063][ T5912] loop2: detected capacity change from 0 to 128 [ 71.020010][ T5912] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 71.033055][ T5912] System zones: 1-3, 19-19, 35-36 [ 71.046727][ T5912] ext4 filesystem being mounted at /218/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 71.149344][ T5924] bond1: entered promiscuous mode [ 71.154437][ T5924] bond1: entered allmulticast mode [ 71.162861][ T5924] 8021q: adding VLAN 0 to HW filter on device bond1 [ 71.173164][ T5924] bond1 (unregistering): Released all slaves [ 71.536780][ T5954] loop4: detected capacity change from 0 to 128 [ 71.583481][ T5954] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 71.593001][ T5954] System zones: 1-3, 19-19, 35-36 [ 71.633224][ T5954] EXT4-fs mount: 18 callbacks suppressed [ 71.633303][ T5954] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 71.728392][ T5954] ext4 filesystem being mounted at /201/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 71.814861][ T5978] SELinux: failed to load policy [ 71.863694][ T3308] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 71.910931][ T5986] netlink: 'syz.2.1054': attribute type 6 has an invalid length. [ 71.985080][ T5997] loop3: detected capacity change from 0 to 2048 [ 72.011964][ T6003] loop9: detected capacity change from 0 to 7 [ 72.032630][ T5997] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.045165][ T6003] buffer_io_error: 8 callbacks suppressed [ 72.045180][ T6003] Buffer I/O error on dev loop9, logical block 0, async page read [ 72.045214][ T6003] Buffer I/O error on dev loop9, logical block 0, async page read [ 72.066715][ T6003] loop9: unable to read partition table [ 72.072601][ T6003] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 72.072601][ T6003] ) failed (rc=-5) [ 72.079185][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read [ 72.188444][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read [ 72.225671][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read [ 72.234855][ T10] hid-generic 0000:0000:0000.0006: hidraw0: HID v8.00 Device [syz0] on syz1 [ 72.268925][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read [ 72.288854][ T3297] Buffer I/O error on dev loop9, logical block 0, async page read [ 72.333507][ T6028] capability: warning: `syz.2.1072' uses deprecated v2 capabilities in a way that may be insecure [ 72.342315][ T6025] fido_id[6025]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 72.587153][ T6052] loop4: detected capacity change from 0 to 128 [ 72.845634][ T5997] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1060: bg 0: block 234: padding at end of block bitmap is not set [ 72.881431][ T5997] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 72.894081][ T5997] EXT4-fs (loop3): This should not happen!! Data will be lost [ 72.894081][ T5997] [ 72.903783][ T5997] EXT4-fs (loop3): Total free blocks count 0 [ 72.909858][ T5997] EXT4-fs (loop3): Free/Dirty block details [ 72.915854][ T5997] EXT4-fs (loop3): free_blocks=0 [ 72.920923][ T5997] EXT4-fs (loop3): dirty_blocks=5216 [ 72.926260][ T5997] EXT4-fs (loop3): Block reservation details [ 72.932304][ T5997] EXT4-fs (loop3): i_reserved_data_blocks=326 [ 72.944283][ T6078] loop1: detected capacity change from 0 to 512 [ 72.978851][ T6078] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 73.010541][ T6078] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002] [ 73.042694][ T110] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 73.061017][ T6078] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #15: comm syz.1.1096: corrupted in-inode xattr: e_value size too large [ 73.120343][ T6078] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1096: couldn't read orphan inode 15 (err -117) [ 73.142995][ T6078] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.229194][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.260189][ T6100] netlink: 'syz.1.1106': attribute type 6 has an invalid length. [ 73.297503][ T6098] __nla_validate_parse: 3 callbacks suppressed [ 73.297519][ T6098] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1105'. [ 73.353259][ T6111] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1111'. [ 73.374157][ T6112] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 73.557023][ T10] hid_parser_main: 76 callbacks suppressed [ 73.557041][ T10] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x4 [ 73.570936][ T10] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x2 [ 73.604991][ T10] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x3 [ 73.626313][ T10] hid-generic 0000:3000000:0000.0007: hidraw0: HID v0.00 Device [sy] on syz0 [ 73.680025][ T6143] fido_id[6143]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 73.738045][ T6147] lo speed is unknown, defaulting to 1000 [ 73.743845][ T6147] lo speed is unknown, defaulting to 1000 [ 73.782493][ T6147] lo speed is unknown, defaulting to 1000 [ 73.794098][ T6147] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 73.816513][ T6147] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 73.857089][ T6147] lo speed is unknown, defaulting to 1000 [ 73.897784][ T6147] lo speed is unknown, defaulting to 1000 [ 73.904202][ T6147] lo speed is unknown, defaulting to 1000 [ 73.925801][ T6147] lo speed is unknown, defaulting to 1000 [ 73.935280][ T6147] lo speed is unknown, defaulting to 1000 [ 74.034660][ T6176] SELinux: Context system_u:object_r:scanner_device_t:s0 is not valid (left unmapped). [ 74.383238][ T6219] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 74.396484][ T6218] IPVS: stopping master sync thread 6219 ... [ 74.542046][ T6232] SELinux: failed to load policy [ 74.551257][ T6235] loop1: detected capacity change from 0 to 128 [ 74.560613][ T6236] loop3: detected capacity change from 0 to 128 [ 74.562866][ T6235] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 74.596937][ T6235] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 74.614552][ T6241] loop0: detected capacity change from 0 to 8192 [ 74.623230][ T6236] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 74.636844][ T6236] ext4 filesystem being mounted at /245/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 74.663282][ T6243] loop1: detected capacity change from 0 to 512 [ 74.671655][ T6243] EXT4-fs (loop1): bad s_min_extra_isize: 65528 [ 74.692083][ T6243] SELinux: Context system_u:object is not valid (left unmapped). [ 74.733877][ T3304] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 74.749666][ T6246] netlink: 348 bytes leftover after parsing attributes in process `syz.0.1172'. [ 74.987666][ T6276] loop3: detected capacity change from 0 to 1024 [ 74.994510][ T6276] EXT4-fs: Ignoring removed oldalloc option [ 75.021007][ T6276] EXT4-fs: Ignoring removed orlov option [ 75.028495][ T6276] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 75.050252][ T6276] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.073919][ T6284] loop1: detected capacity change from 0 to 1024 [ 75.080985][ T6284] EXT4-fs: inline encryption not supported [ 75.094945][ T6284] EXT4-fs: Ignoring removed bh option [ 75.129953][ T6276] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 43765716768309: comm syz.3.1186: lblock 4 mapped to illegal pblock 43765716768309 (length 1) [ 75.164923][ T6284] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.182311][ T6294] loop2: detected capacity change from 0 to 512 [ 75.194974][ T6294] EXT4-fs: Ignoring removed mblk_io_submit option [ 75.202848][ T6295] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1192'. [ 75.211814][ T6295] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1192'. [ 75.223019][ T51] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 43765716768306: comm kworker/u8:3: lblock 1 mapped to illegal pblock 43765716768306 (length 3) [ 75.242039][ T51] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 117 [ 75.254532][ T51] EXT4-fs (loop3): This should not happen!! Data will be lost [ 75.254532][ T51] [ 75.255424][ T6294] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 75.277471][ T6294] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 75.288445][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.294253][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.308106][ T6294] EXT4-fs (loop2): 1 truncate cleaned up [ 75.314389][ T6294] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.362262][ T6302] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 75.369594][ T6302] IPv6: NLM_F_CREATE should be set when creating new route [ 75.429841][ T6302] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 75.661638][ T6320] loop1: detected capacity change from 0 to 2048 [ 75.751244][ T6320] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.783265][ T29] kauditd_printk_skb: 272 callbacks suppressed [ 75.783283][ T29] audit: type=1400 audit(1756489985.167:1710): avc: denied { link } for pid=6319 comm="syz.1.1203" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 75.843995][ T29] audit: type=1400 audit(1756489985.217:1711): avc: denied { ioctl } for pid=6314 comm="syz.0.1201" path="/dev/loop-control" dev="devtmpfs" ino=99 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 75.902684][ T6335] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1209'. [ 75.914686][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.195948][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.206507][ T6349] netlink: 348 bytes leftover after parsing attributes in process `syz.3.1216'. [ 76.265743][ T6353] I/O error, dev loop1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 76.288121][ T6355] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1219'. [ 76.293327][ T6353] isofs_fill_super: bread failed, dev=loop1, iso_blknum=16, block=32 [ 76.302274][ T6355] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1219'. [ 76.314210][ T110] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.323296][ T110] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.342354][ T110] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.367237][ T110] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 76.413570][ T6360] loop4: detected capacity change from 0 to 128 [ 76.434429][ T6360] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 76.471585][ T6360] ext4 filesystem being mounted at /235/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 76.631469][ T3308] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 76.691018][ T6386] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 76.743938][ T6392] loop4: detected capacity change from 0 to 8192 [ 76.762108][ T29] audit: type=1326 audit(1756489986.147:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.2.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 76.785700][ T29] audit: type=1326 audit(1756489986.147:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.2.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 76.809198][ T29] audit: type=1326 audit(1756489986.147:1714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.2.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 76.833710][ T29] audit: type=1326 audit(1756489986.147:1715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6395 comm="syz.2.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdee8ce14a5 code=0x7ffc0000 [ 76.857244][ T29] audit: type=1326 audit(1756489986.147:1716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.2.1235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdee8caebe9 code=0x7ffc0000 [ 76.880746][ T29] audit: type=1326 audit(1756489986.147:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6396 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbde4b6ebe9 code=0x7ffc0000 [ 76.904196][ T29] audit: type=1326 audit(1756489986.147:1718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6396 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbde4b6ebe9 code=0x7ffc0000 [ 76.927716][ T29] audit: type=1326 audit(1756489986.177:1719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6396 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbde4b6ebe9 code=0x7ffc0000 [ 77.027922][ T6405] loop2: detected capacity change from 0 to 128 [ 77.082103][ T6405] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 77.101428][ T6405] ext4 filesystem being mounted at /253/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 77.125036][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1242'. [ 77.147064][ T6401] bond1: entered promiscuous mode [ 77.152210][ T6401] bond1: entered allmulticast mode [ 77.157645][ T6401] 8021q: adding VLAN 0 to HW filter on device bond1 [ 77.265600][ T3311] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 77.275210][ T6401] bond1 (unregistering): Released all slaves [ 77.324399][ T6380] Set syz1 is full, maxelem 65536 reached [ 77.373590][ T6418] loop0: detected capacity change from 0 to 1024 [ 77.417777][ T6418] EXT4-fs: inline encryption not supported [ 77.435141][ T6418] EXT4-fs: Ignoring removed bh option [ 77.467361][ T6425] __vm_enough_memory: pid: 6425, comm: syz.1.1249, bytes: 21200291807232 not enough memory for the allocation [ 77.487894][ T6427] loop9: detected capacity change from 0 to 7 [ 77.494367][ T6427] Buffer I/O error on dev loop9, logical block 0, async page read [ 77.495453][ T6418] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.507269][ T6427] Buffer I/O error on dev loop9, logical block 0, async page read [ 77.522805][ T6427] loop9: unable to read partition table [ 77.538107][ T6427] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 77.538107][ T6427] ) failed (rc=-5) [ 77.552507][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 77.560669][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 77.568652][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 77.576596][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 77.584796][ T4144] Buffer I/O error on dev loop9, logical block 0, async page read [ 77.620688][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.678485][ T6441] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in; [ 77.678485][ T6441] program syz.3.1254 not setting count and/or reply_len properly [ 77.777568][ T6452] pim6reg1: entered promiscuous mode [ 77.782972][ T6452] pim6reg1: entered allmulticast mode [ 78.224597][ T6475] loop1: detected capacity change from 0 to 512 [ 78.259127][ T6475] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.337135][ T6475] ext4 filesystem being mounted at /249/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 78.403797][ T6488] program syz.0.1272 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 78.455865][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.610810][ T6512] __nla_validate_parse: 1 callbacks suppressed [ 78.610897][ T6512] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1285'. [ 78.637720][ T6518] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 78.644680][ T6512] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1285'. [ 78.829220][ T6544] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in; [ 78.829220][ T6544] program syz.2.1301 not setting count and/or reply_len properly [ 79.059199][ T6568] loop3: detected capacity change from 0 to 512 [ 79.066314][ T6568] EXT4-fs: Ignoring removed mblk_io_submit option [ 79.100904][ T6564] SELinux: failed to load policy [ 79.116805][ T6568] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 79.130511][ T6568] EXT4-fs (loop3): 1 truncate cleaned up [ 79.136795][ T6568] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.325418][ T6586] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 79.811571][ T6607] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1329'. [ 79.924617][ T6613] loop1: detected capacity change from 0 to 1024 [ 79.948624][ T6613] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.040381][ T6613] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 80.082290][ T6613] EXT4-fs (loop1): Remounting filesystem read-only [ 80.113470][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.125280][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.148379][ T6624] netlink: 'syz.3.1337': attribute type 36 has an invalid length. [ 80.232086][ T6633] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 80.238679][ T6633] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 80.246232][ T6633] vhci_hcd vhci_hcd.0: Device attached [ 80.269395][ T6638] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1341'. [ 80.278688][ T6638] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1341'. [ 80.299352][ T6634] vhci_hcd: cannot find the pending unlink 2869 [ 80.315784][ T6634] vhci_hcd: connection closed [ 80.315973][ T1001] vhci_hcd: stop threads [ 80.325096][ T1001] vhci_hcd: release socket [ 80.329604][ T1001] vhci_hcd: disconnect device [ 80.491325][ T6659] loop0: detected capacity change from 0 to 1024 [ 80.498119][ T6659] EXT4-fs: Ignoring removed orlov option [ 80.506270][ T6659] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.714545][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.745404][ C1] vcan0: j1939_tp_rxtimer: 0xffff88811a25fe00: rx timeout, send abort [ 80.753757][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811a25fe00: 0x10000: (3) A timeout occurred and this is the connection abort to close the session. [ 80.768123][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811a25ea00: 0x10000: (3) A timeout occurred and this is the connection abort to close the session. [ 81.220323][ T6667] loop0: detected capacity change from 0 to 2048 [ 81.278491][ T6667] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.382835][ T29] kauditd_printk_skb: 133 callbacks suppressed [ 81.382853][ T29] audit: type=1326 audit(1756489990.767:1853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="syz.1.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391f56ebe9 code=0x7ffc0000 [ 81.420749][ T6684] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1357'. [ 81.427319][ T29] audit: type=1326 audit(1756489990.767:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="syz.1.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391f56ebe9 code=0x7ffc0000 [ 81.453309][ T29] audit: type=1326 audit(1756489990.767:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="syz.1.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f391f56ebe9 code=0x7ffc0000 [ 81.476784][ T29] audit: type=1326 audit(1756489990.767:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="syz.1.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391f56ebe9 code=0x7ffc0000 [ 81.500331][ T29] audit: type=1326 audit(1756489990.767:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="syz.1.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f391f56ebe9 code=0x7ffc0000 [ 81.501062][ T6684] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1357'. [ 81.523859][ T29] audit: type=1326 audit(1756489990.767:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="syz.1.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391f56ebe9 code=0x7ffc0000 [ 81.556298][ T29] audit: type=1326 audit(1756489990.777:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="syz.1.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f391f56ebe9 code=0x7ffc0000 [ 81.579999][ T29] audit: type=1326 audit(1756489990.777:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="syz.1.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391f56ebe9 code=0x7ffc0000 [ 81.603541][ T29] audit: type=1326 audit(1756489990.807:1861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="syz.1.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f391f56ebe9 code=0x7ffc0000 [ 81.627099][ T29] audit: type=1326 audit(1756489990.807:1862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6679 comm="syz.1.1369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391f56ebe9 code=0x7ffc0000 [ 82.175330][ T6667] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1353: bg 0: block 234: padding at end of block bitmap is not set [ 82.191659][ T6667] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 82.204182][ T6667] EXT4-fs (loop0): This should not happen!! Data will be lost [ 82.204182][ T6667] [ 82.213933][ T6667] EXT4-fs (loop0): Total free blocks count 0 [ 82.220036][ T6667] EXT4-fs (loop0): Free/Dirty block details [ 82.226043][ T6667] EXT4-fs (loop0): free_blocks=0 [ 82.231056][ T6667] EXT4-fs (loop0): dirty_blocks=5152 [ 82.236349][ T6667] EXT4-fs (loop0): Block reservation details [ 82.242484][ T6667] EXT4-fs (loop0): i_reserved_data_blocks=322 [ 82.293866][ T6710] loop4: detected capacity change from 0 to 256 [ 82.312351][ T37] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 82.448143][ T6725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1378'. [ 82.544373][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 82.550898][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 82.557368][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 82.565221][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 82.573272][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 82.581117][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 82.589025][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 82.596862][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 82.604733][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 82.612578][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 82.620449][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 82.628301][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 82.636151][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 82.644018][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 82.651889][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 82.659727][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 82.667585][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 82.675404][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 82.723120][ T6731] loop3: detected capacity change from 0 to 1764 [ 82.730186][ T6731] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 82.805063][ T6737] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1384'. [ 82.817335][ T6737] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1384'. [ 83.289342][ T6799] loop0: detected capacity change from 0 to 512 [ 83.322363][ T6799] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 83.340030][ T6799] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002] [ 83.343156][ T6805] loop4: detected capacity change from 0 to 512 [ 83.392268][ T6799] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.1411: corrupted in-inode xattr: e_value size too large [ 83.415419][ T6799] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1411: couldn't read orphan inode 15 (err -117) [ 83.433917][ T6805] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 83.459033][ T6799] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.487048][ T6805] EXT4-fs (loop4): mount failed [ 83.529067][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.571257][ T6826] loop4: detected capacity change from 0 to 2048 [ 83.615665][ T6826] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.643071][ T6839] loop1: detected capacity change from 0 to 4096 [ 83.650515][ T6839] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 83.675893][ T6839] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.731525][ T6846] __nla_validate_parse: 4 callbacks suppressed [ 83.731540][ T6846] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1424'. [ 83.789017][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.877432][ T6809] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 83.939705][ T3443] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 83.952261][ T3443] EXT4-fs (loop4): This should not happen!! Data will be lost [ 83.952261][ T3443] [ 83.961988][ T3443] EXT4-fs (loop4): Total free blocks count 0 [ 83.968028][ T3443] EXT4-fs (loop4): Free/Dirty block details [ 83.973963][ T3443] EXT4-fs (loop4): free_blocks=0 [ 83.978978][ T3443] EXT4-fs (loop4): dirty_blocks=3552 [ 83.984479][ T3443] EXT4-fs (loop4): Block reservation details [ 83.990602][ T3443] EXT4-fs (loop4): i_reserved_data_blocks=222 [ 84.022468][ T3443] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 1502 with error 28 [ 84.249147][ T6888] capability: warning: `syz.0.1450' uses 32-bit capabilities (legacy support in use) [ 84.570010][ T6912] loop2: detected capacity change from 0 to 2048 [ 84.611627][ T6886] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1449'. [ 84.637360][ T6912] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.695741][ T6926] lo speed is unknown, defaulting to 1000 [ 84.749421][ T6931] loop1: detected capacity change from 0 to 512 [ 84.781544][ T6931] EXT4-fs: Ignoring removed mblk_io_submit option [ 84.810614][ T6931] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 84.824732][ T6931] EXT4-fs (loop1): 1 truncate cleaned up [ 84.831298][ T6931] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.129051][ T6945] netlink: 'syz.0.1471': attribute type 1 has an invalid length. [ 85.159663][ T6912] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1459: bg 0: block 234: padding at end of block bitmap is not set [ 85.174475][ T6912] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 85.187055][ T6912] EXT4-fs (loop2): This should not happen!! Data will be lost [ 85.187055][ T6912] [ 85.196755][ T6912] EXT4-fs (loop2): Total free blocks count 0 [ 85.202786][ T6912] EXT4-fs (loop2): Free/Dirty block details [ 85.208801][ T6912] EXT4-fs (loop2): free_blocks=0 [ 85.213832][ T6912] EXT4-fs (loop2): dirty_blocks=8192 [ 85.219261][ T6912] EXT4-fs (loop2): Block reservation details [ 85.225267][ T6912] EXT4-fs (loop2): i_reserved_data_blocks=512 [ 85.331864][ T6952] netlink: 'syz.0.1473': attribute type 10 has an invalid length. [ 85.383493][ T3443] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 85.684481][ T6974] IPv4: Oversized IP packet from 127.202.26.0 [ 85.711116][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.748735][ T6988] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1487'. [ 85.789049][ T6985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1489'. [ 85.809646][ T6987] SELinux: failed to load policy [ 85.970040][ T7007] loop4: detected capacity change from 0 to 512 [ 85.984627][ T7007] EXT4-fs: Ignoring removed mblk_io_submit option [ 86.005763][ T7007] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 86.042560][ T7007] EXT4-fs (loop4): 1 truncate cleaned up [ 86.049213][ T7007] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.146498][ T7021] lo speed is unknown, defaulting to 1000 [ 86.188437][ T7007] ================================================================== [ 86.196614][ T7007] BUG: KCSAN: data-race in atime_needs_update / inode_update_timestamps [ 86.204970][ T7007] [ 86.207297][ T7007] write to 0xffff888109a292e4 of 4 bytes by task 7022 on cpu 0: [ 86.214927][ T7007] inode_update_timestamps+0x147/0x270 [ 86.220403][ T7007] file_modified_flags+0x2aa/0x350 [ 86.225553][ T7007] file_modified+0x17/0x20 [ 86.230071][ T7007] ext4_file_write_iter+0x9b1/0xf00 [ 86.235289][ T7007] iter_file_splice_write+0x663/0xa60 [ 86.240667][ T7007] direct_splice_actor+0x153/0x2a0 [ 86.245782][ T7007] splice_direct_to_actor+0x30f/0x680 [ 86.251158][ T7007] do_splice_direct+0xda/0x150 [ 86.255932][ T7007] do_sendfile+0x380/0x650 [ 86.260365][ T7007] __x64_sys_sendfile64+0x105/0x150 [ 86.265577][ T7007] x64_sys_call+0x2bb0/0x2ff0 [ 86.270265][ T7007] do_syscall_64+0xd2/0x200 [ 86.274785][ T7007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.280686][ T7007] [ 86.283014][ T7007] read to 0xffff888109a292e4 of 4 bytes by task 7007 on cpu 1: [ 86.290647][ T7007] atime_needs_update+0x2a8/0x3e0 [ 86.295688][ T7007] touch_atime+0x4a/0x340 [ 86.300033][ T7007] filemap_splice_read+0x6ba/0x740 [ 86.305151][ T7007] ext4_file_splice_read+0x8f/0xb0 [ 86.310330][ T7007] splice_direct_to_actor+0x26f/0x680 [ 86.315804][ T7007] do_splice_direct+0xda/0x150 [ 86.320575][ T7007] do_sendfile+0x380/0x650 [ 86.325027][ T7007] __x64_sys_sendfile64+0x105/0x150 [ 86.330328][ T7007] x64_sys_call+0x2bb0/0x2ff0 [ 86.335018][ T7007] do_syscall_64+0xd2/0x200 [ 86.339538][ T7007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.345440][ T7007] [ 86.347763][ T7007] value changed: 0x21d08d90 -> 0x22692410 [ 86.353477][ T7007] [ 86.355800][ T7007] Reported by Kernel Concurrency Sanitizer on: [ 86.361976][ T7007] CPU: 1 UID: 0 PID: 7007 Comm: syz.4.1500 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 86.373272][ T7007] Tainted: [W]=WARN [ 86.377073][ T7007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 86.387134][ T7007] ================================================================== [ 86.433674][ T7027] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1508'. [ 86.855723][ T7022] syz.4.1500 (7022) used greatest stack depth: 9776 bytes left [ 86.875194][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.