last executing test programs: 1.096622064s ago: executing program 3 (id=4875): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0x2}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x2}]}]}}, &(0x7f0000001f40)=""/4089, 0x3e, 0xff9, 0xa, 0x2, 0x0, @void, @value}, 0x28) 1.096489554s ago: executing program 3 (id=4876): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0xa) 1.096347764s ago: executing program 2 (id=4877): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000001e00100000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000fcffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_pidfd_open(r0, 0x0) pidfd_send_signal(r2, 0x2, 0x0, 0x0) 1.085603484s ago: executing program 3 (id=4878): syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x2, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) 1.034735944s ago: executing program 3 (id=4880): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0, 0x0, 0x8}, 0x18) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x800100, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x40000000, 0x0) 988.574224ms ago: executing program 2 (id=4882): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) write$cgroup_int(r4, &(0x7f00000001c0), 0xfffffdef) 988.423873ms ago: executing program 3 (id=4883): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000100)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x20}}) 297.248091ms ago: executing program 1 (id=4915): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x10b}], {0x14}}, 0x88}}, 0x0) 252.455141ms ago: executing program 0 (id=4917): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'geneve1\x00', 0x0}) sendto$packet(r1, &(0x7f0000000240)="163c8f3f8a5d66571e583e7c88a8", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @broadcast}, 0x14) 252.341751ms ago: executing program 1 (id=4918): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./file1\x00', 0x0, 0x2041, 0x0) 245.132431ms ago: executing program 1 (id=4919): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000006000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb}}, @TCA_CT_MARK={0x8, 0x10}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x10000000) 240.892921ms ago: executing program 4 (id=4920): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x49920d862a92153b, 0x800, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1b400}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x2}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x4000000) 168.58048ms ago: executing program 1 (id=4921): r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x18) write$selinux_load(r0, &(0x7f0000000140)={0xf97cff8c, 0x8}, 0x10) 168.406431ms ago: executing program 0 (id=4922): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xf, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x100) ioctl$SNDRV_TIMER_IOCTL_GINFO(r2, 0xc0f85403, 0x0) 168.199181ms ago: executing program 4 (id=4923): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) pivot_root(&(0x7f0000000f80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 165.99248ms ago: executing program 2 (id=4924): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e64300000000000000000000000140001006970766c616e"], 0x4b0}}, 0x0) 164.35703ms ago: executing program 1 (id=4925): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) openat$pfkey(0xffffffffffffff9c, &(0x7f00000004c0), 0x4800, 0x0) 153.68071ms ago: executing program 0 (id=4926): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) flistxattr(r2, 0x0, 0x0) 92.57065ms ago: executing program 4 (id=4927): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_emit_ethernet(0x8a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaac4bc9cac968686dd600000000054060000000000000000000000ffff07000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50e2000090780000080a0000000000000000030a0000000000000000fe08f989e8e82b840502000b317275"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x300, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x000xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0xa0, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}, @TCA_STAB={0x68, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x40, 0x2, 0xb, 0x401, 0x0, 0xa27f}}, {0x4}}, {{0x1c, 0x1, {0x2c, 0x4, 0x6, 0x3, 0x0, 0x9, 0x2, 0x2}}, {0x8, 0x2, [0xb, 0x9]}}, {{0x1c, 0x1, {0x7, 0x10, 0xf, 0xfffffffc, 0x0, 0x7, 0x8001}}, {0x4}}]}]}, 0xa0}}, 0x0) kernel console output (not intermixed with test programs): 672] syz.1.4047[16672] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1033.086867][T16682] FAULT_INJECTION: forcing a failure. [ 1033.086867][T16682] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1033.111282][T16682] CPU: 0 PID: 16682 Comm: syz.4.4050 Not tainted 6.1.118-syzkaller-00077-g3f924195e222 #0 [ 1033.121024][T16682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1033.130918][T16682] Call Trace: [ 1033.134038][T16682] [ 1033.136816][T16682] dump_stack_lvl+0x151/0x1b7 [ 1033.141328][T16682] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 1033.146621][T16682] dump_stack+0x15/0x18 [ 1033.150616][T16682] should_fail_ex+0x3d0/0x520 [ 1033.155136][T16682] should_fail+0xb/0x10 [ 1033.159122][T16682] should_fail_usercopy+0x1a/0x20 [ 1033.163981][T16682] strncpy_from_user+0x24/0x2b0 [ 1033.168670][T16682] __se_sys_request_key+0x9f/0x3b0 [ 1033.173614][T16682] ? __x64_sys_request_key+0xb0/0xb0 [ 1033.178742][T16682] ? debug_smp_processor_id+0x17/0x20 [ 1033.183954][T16682] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1033.189849][T16682] __x64_sys_request_key+0x9b/0xb0 [ 1033.194914][T16682] x64_sys_call+0x687/0x9a0 [ 1033.199241][T16682] do_syscall_64+0x3b/0xb0 [ 1033.203491][T16682] ? clear_bhb_loop+0x55/0xb0 [ 1033.208004][T16682] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1033.213759][T16682] RIP: 0033:0x7f585f385d29 [ 1033.217984][T16682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1033.237432][T16682] RSP: 002b:00007f58600e2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 1033.245670][T16682] RAX: ffffffffffffffda RBX: 00007f585f575fa0 RCX: 00007f585f385d29 [ 1033.253480][T16682] RDX: 0000000000000000 RSI: 0000000020001ffb RDI: 0000000020000040 [ 1033.261297][T16682] RBP: 00007f58600e2090 R08: 0000000000000000 R09: 0000000000000000 [ 1033.269198][T16682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1033.277003][T16682] R13: 0000000000000001 R14: 00007f585f575fa0 R15: 00007ffdb3766698 [ 1033.284826][T16682] [ 1033.339582][ T28] audit: type=1400 audit(1735381423.123:327): avc: denied { create } for pid=16683 comm="syz.1.4051" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1033.361589][ T28] audit: type=1400 audit(1735381423.123:328): avc: denied { unlink } for pid=11817 comm="syz-executor" name="file0" dev="tmpfs" ino=1260 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1033.365699][T16688] loop4: detected capacity change from 0 to 128 [ 1033.406175][T16688] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1033.414598][T16688] ext4 filesystem being mounted at /205/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1033.607152][T16698] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4053'. [ 1033.616024][T16698] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4053'. [ 1033.655027][T16697] overlayfs: missing 'lowerdir' [ 1033.706724][T16701] device bridge28 entered promiscuous mode [ 1033.886138][T16706] FAULT_INJECTION: forcing a failure. [ 1033.886138][T16706] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1033.910103][T16706] CPU: 0 PID: 16706 Comm: syz.3.4059 Not tainted 6.1.118-syzkaller-00077-g3f924195e222 #0 [ 1033.919912][T16706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1033.929803][T16706] Call Trace: [ 1033.932931][T16706] [ 1033.935705][T16706] dump_stack_lvl+0x151/0x1b7 [ 1033.940225][T16706] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 1033.945513][T16706] ? kstrtouint+0xf6/0x180 [ 1033.949768][T16706] ? kasan_save_free_info+0x2b/0x40 [ 1033.954803][T16706] dump_stack+0x15/0x18 [ 1033.958791][T16706] should_fail_ex+0x3d0/0x520 [ 1033.963311][T16706] should_fail+0xb/0x10 [ 1033.967298][T16706] should_fail_usercopy+0x1a/0x20 [ 1033.972167][T16706] _copy_from_user+0x1e/0xc0 [ 1033.976588][T16706] iovec_from_user+0xc7/0x320 [ 1033.981119][T16706] __import_iovec+0x70/0x430 [ 1033.985529][T16706] import_iovec+0xe5/0x120 [ 1033.989781][T16706] vfs_writev+0x114/0x590 [ 1033.994036][T16706] ? do_writev+0x340/0x340 [ 1033.998292][T16706] ? __fdget_pos+0x204/0x390 [ 1034.002705][T16706] ? do_writev+0x7b/0x340 [ 1034.006879][T16706] do_writev+0x1aa/0x340 [ 1034.010951][T16706] ? __this_cpu_preempt_check+0x13/0x20 [ 1034.016332][T16706] ? do_readv+0x460/0x460 [ 1034.020509][T16706] ? debug_smp_processor_id+0x17/0x20 [ 1034.025709][T16706] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1034.031609][T16706] __x64_sys_writev+0x7d/0x90 [ 1034.036122][T16706] x64_sys_call+0xb4/0x9a0 [ 1034.040373][T16706] do_syscall_64+0x3b/0xb0 [ 1034.044625][T16706] ? clear_bhb_loop+0x55/0xb0 [ 1034.049159][T16706] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1034.054874][T16706] RIP: 0033:0x7fde99585d29 [ 1034.059122][T16706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1034.078565][T16706] RSP: 002b:00007fde9a369038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1034.086810][T16706] RAX: ffffffffffffffda RBX: 00007fde99775fa0 RCX: 00007fde99585d29 [ 1034.094630][T16706] RDX: 0000000000000001 RSI: 0000000020000300 RDI: 0000000000000003 [ 1034.102430][T16706] RBP: 00007fde9a369090 R08: 0000000000000000 R09: 0000000000000000 [ 1034.110241][T16706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1034.118051][T16706] R13: 0000000000000000 R14: 00007fde99775fa0 R15: 00007ffd95b8be48 [ 1034.125875][T16706] [ 1034.239230][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1034.306306][T16461] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1034.460438][T16723] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1034.469089][T16723] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1034.816938][T16461] usb 2-1: config 0 has an invalid interface number: 64 but max is 0 [ 1034.824856][T16461] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1034.844332][T16461] usb 2-1: config 0 has no interface number 0 [ 1034.851959][T16461] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 1034.875800][T16461] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1034.885521][T16461] usb 2-1: Product: syz [ 1034.889745][T16461] usb 2-1: Manufacturer: syz [ 1034.894233][T16461] usb 2-1: SerialNumber: syz [ 1034.902196][T16461] usb 2-1: config 0 descriptor?? [ 1034.953959][T16733] loop4: detected capacity change from 0 to 512 [ 1034.963211][T16733] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1034.969570][T16733] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 1034.977874][T16733] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.4064: invalid indirect mapped block 2683928664 (level 1) [ 1034.991920][T16733] EXT4-fs (loop4): Remounting filesystem read-only [ 1034.998330][T16733] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 1035.012773][T16733] EXT4-fs (loop4): Remounting filesystem read-only [ 1035.032312][T16733] EXT4-fs (loop4): 1 truncate cleaned up [ 1035.045623][T16733] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1035.073910][T16737] loop3: detected capacity change from 0 to 128 [ 1035.088560][T16731] FAULT_INJECTION: forcing a failure. [ 1035.088560][T16731] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1035.103668][T16737] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1035.105824][T16731] CPU: 1 PID: 16731 Comm: syz.4.4064 Not tainted 6.1.118-syzkaller-00077-g3f924195e222 #0 [ 1035.114966][T16737] ext4 filesystem being mounted at /180/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1035.121623][T16731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1035.121637][T16731] Call Trace: [ 1035.121643][T16731] [ 1035.121651][T16731] dump_stack_lvl+0x151/0x1b7 [ 1035.152270][T16731] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 1035.157579][T16731] dump_stack+0x15/0x18 [ 1035.161546][T16731] should_fail_ex+0x3d0/0x520 [ 1035.166066][T16731] should_fail+0xb/0x10 [ 1035.170052][T16731] should_fail_usercopy+0x1a/0x20 [ 1035.174956][T16731] _copy_from_user+0x1e/0xc0 [ 1035.179357][T16731] do_sys_poll+0x244/0x1220 [ 1035.183679][T16731] ? unwind_get_return_address+0x4d/0x90 [ 1035.189149][T16731] ? _parse_integer_limit+0x19b/0x1e0 [ 1035.194355][T16731] ? _parse_integer+0x2a/0x40 [ 1035.198886][T16731] ? poll_select_finish+0x7b0/0x7b0 [ 1035.203964][T16731] ? proc_fail_nth_read+0x210/0x210 [ 1035.208935][T16731] ? fsnotify_perm+0x6a/0x5b0 [ 1035.213455][T16731] ? nsecs_to_jiffies+0x30/0x30 [ 1035.218138][T16731] __se_sys_poll+0x1c1/0x400 [ 1035.222562][T16731] ? __this_cpu_preempt_check+0x13/0x20 [ 1035.227945][T16731] ? __x64_sys_poll+0x90/0x90 [ 1035.232459][T16731] ? debug_smp_processor_id+0x17/0x20 [ 1035.237671][T16731] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1035.243567][T16731] __x64_sys_poll+0x7b/0x90 [ 1035.247909][T16731] x64_sys_call+0x59/0x9a0 [ 1035.252162][T16731] do_syscall_64+0x3b/0xb0 [ 1035.256411][T16731] ? clear_bhb_loop+0x55/0xb0 [ 1035.260924][T16731] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1035.266653][T16731] RIP: 0033:0x7f585f385d29 [ 1035.270906][T16731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1035.290345][T16731] RSP: 002b:00007f58600e2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 1035.298592][T16731] RAX: ffffffffffffffda RBX: 00007f585f575fa0 RCX: 00007f585f385d29 [ 1035.306401][T16731] RDX: 000000000000000c RSI: 0000000000000001 RDI: 0000000020000080 [ 1035.314212][T16731] RBP: 00007f58600e2090 R08: 0000000000000000 R09: 0000000000000000 [ 1035.322033][T16731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1035.329837][T16731] R13: 0000000000000000 R14: 00007f585f575fa0 R15: 00007ffdb3766698 [ 1035.337659][T16731] [ 1035.386774][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1035.749829][T16747] can0: slcan on ptm0. [ 1035.749848][T16745] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4066'. [ 1035.762691][T16745] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4066'. [ 1035.806257][T16737] device bridge25 entered promiscuous mode [ 1035.815403][ T28] audit: type=1400 audit(1735381425.605:329): avc: denied { read } for pid=141 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 1035.877861][ T28] audit: type=1400 audit(1735381425.665:330): avc: denied { getattr } for pid=16759 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=429 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1035.957072][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1035.961071][T16758] loop4: detected capacity change from 0 to 2048 [ 1036.018614][ T28] audit: type=1400 audit(1735381425.805:331): avc: denied { read } for pid=16765 comm="sed" name="eth0.dhcp" dev="tmpfs" ino=429 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1036.040829][T16771] netlink: 'syz.2.4071': attribute type 30 has an invalid length. [ 1036.043835][T16758] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1036.061981][ T28] audit: type=1400 audit(1735381425.825:332): avc: denied { open } for pid=16765 comm="sed" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=429 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1036.160878][ T28] audit: type=1400 audit(1735381425.945:333): avc: denied { create } for pid=16757 comm="dhcpcd-run-hook" name="resolv.conf.can0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1036.201995][ T28] audit: type=1400 audit(1735381425.945:334): avc: denied { write } for pid=16757 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.can0.link" dev="tmpfs" ino=24430 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1036.258450][ T28] audit: type=1400 audit(1735381425.945:335): avc: denied { append } for pid=16757 comm="dhcpcd-run-hook" name="resolv.conf.can0.link" dev="tmpfs" ino=24430 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1036.306764][ T750] IPv6: ADDRCONF(NETDEV_CHANGE): can0: link becomes ready [ 1036.319333][ T28] audit: type=1400 audit(1735381426.035:336): avc: denied { unlink } for pid=16780 comm="rm" name="resolv.conf.can0.link" dev="tmpfs" ino=24430 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1036.769964][T16790] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1036.778659][T16790] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1036.992422][T16792] fuse: Unknown parameter '0x0000000000000008' [ 1037.052450][T16461] usb 2-1: Found UVC 0.08 device syz (046d:0823) [ 1037.058688][T16461] usb 2-1: No valid video chain found. [ 1037.098284][T16461] usb 2-1: USB disconnect, device number 12 [ 1037.154709][T16741] can0 (unregistered): slcan off ptm0. [ 1037.203363][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1037.902836][T16851] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4083'. [ 1037.911782][T16851] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4083'. [ 1038.009427][T16852] device bridge27 entered promiscuous mode [ 1038.453324][ T28] audit: type=1400 audit(1735381428.227:337): avc: denied { read write } for pid=16871 comm="syz.0.4088" name="uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 1038.518777][T16876] FAULT_INJECTION: forcing a failure. [ 1038.518777][T16876] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1039.073127][T16878] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1039.081720][T16878] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1039.412028][T16879] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1039.420734][T16879] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1039.708786][T16876] CPU: 0 PID: 16876 Comm: syz.4.4090 Not tainted 6.1.118-syzkaller-00077-g3f924195e222 #0 [ 1039.710528][ T28] audit: type=1400 audit(1735381428.227:338): avc: denied { open } for pid=16871 comm="syz.0.4088" path="/dev/uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 1039.718643][T16876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1039.718658][T16876] Call Trace: [ 1039.718664][T16876] [ 1039.718673][T16876] dump_stack_lvl+0x151/0x1b7 [ 1039.718702][T16876] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 1039.718725][T16876] ? __kasan_check_write+0x14/0x20 [ 1039.718746][T16876] ? proc_fail_nth_write+0x20b/0x290 [ 1039.718773][T16876] dump_stack+0x15/0x18 [ 1039.781398][T16876] should_fail_ex+0x3d0/0x520 [ 1039.785911][T16876] should_fail+0xb/0x10 [ 1039.789900][T16876] should_fail_usercopy+0x1a/0x20 [ 1039.794760][T16876] _copy_from_user+0x1e/0xc0 [ 1039.799189][T16876] move_addr_to_kernel+0x87/0x150 [ 1039.804046][T16876] __sys_sendto+0x2b4/0x600 [ 1039.808394][T16876] ? __ia32_sys_getpeername+0x90/0x90 [ 1039.813598][T16876] ? bpf_trace_run1+0x240/0x240 [ 1039.818311][T16876] __x64_sys_sendto+0xe5/0x100 [ 1039.822886][T16876] x64_sys_call+0x15c/0x9a0 [ 1039.827228][T16876] do_syscall_64+0x3b/0xb0 [ 1039.831487][T16876] ? clear_bhb_loop+0x55/0xb0 [ 1039.835988][T16876] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1039.841724][T16876] RIP: 0033:0x7f585f385d29 [ 1039.845967][T16876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1039.865410][T16876] RSP: 002b:00007f58600e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1039.873754][T16876] RAX: ffffffffffffffda RBX: 00007f585f575fa0 RCX: 00007f585f385d29 [ 1039.881576][T16876] RDX: 0000000000000001 RSI: 0000000020000380 RDI: 0000000000000005 [ 1039.889381][T16876] RBP: 00007f58600e2090 R08: 0000000020000200 R09: 0000000000000014 [ 1039.897195][T16876] R10: 0000000020004040 R11: 0000000000000246 R12: 0000000000000001 [ 1039.905002][T16876] R13: 0000000000000000 R14: 00007f585f575fa0 R15: 00007ffdb3766698 [ 1039.912844][T16876] [ 1040.039233][T14868] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1040.302073][T16909] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4096'. [ 1040.651851][T16912] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4098'. [ 1040.983039][T14868] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1041.001201][T14868] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1041.018542][T14868] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 1041.027840][T14868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1041.040875][T14868] usb 1-1: config 0 descriptor?? [ 1041.265511][T16929] loop4: detected capacity change from 0 to 512 [ 1041.302253][T16929] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1041.328821][T16929] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 1041.338096][T16929] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.4101: invalid indirect mapped block 2683928664 (level 1) [ 1041.361684][T16929] EXT4-fs (loop4): Remounting filesystem read-only [ 1041.370766][T16929] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 1041.385393][T16929] EXT4-fs (loop4): Remounting filesystem read-only [ 1041.399395][T16929] EXT4-fs (loop4): 1 truncate cleaned up [ 1041.405520][T16929] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1041.449950][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1041.488129][T14868] logitech-hidpp-device 0003:046D:C086.0007: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.0-1/input0 [ 1041.574866][T16934] syz.2.4103[16934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1041.574934][T16934] syz.2.4103[16934] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1041.576538][T16942] loop4: detected capacity change from 0 to 512 [ 1041.604009][ T28] audit: type=1400 audit(1735381431.389:339): avc: denied { remount } for pid=16937 comm="syz.1.4105" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1041.628918][T16945] FAULT_INJECTION: forcing a failure. [ 1041.628918][T16945] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1041.631300][T16942] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.4104: casefold flag without casefold feature [ 1041.642203][T16945] CPU: 1 PID: 16945 Comm: syz.3.4107 Not tainted 6.1.118-syzkaller-00077-g3f924195e222 #0 [ 1041.654731][T16942] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.4104: couldn't read orphan inode 15 (err -117) [ 1041.663896][T16945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1041.663911][T16945] Call Trace: [ 1041.663917][T16945] [ 1041.663924][T16945] dump_stack_lvl+0x151/0x1b7 [ 1041.663951][T16945] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 1041.663974][T16945] ? kasan_check_range+0x66/0x2a0 [ 1041.664004][T16945] dump_stack+0x15/0x18 [ 1041.676996][T16942] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1041.685421][T16945] should_fail_ex+0x3d0/0x520 [ 1041.685459][T16945] should_fail+0xb/0x10 [ 1041.695577][T16461] usb 1-1: USB disconnect, device number 5 [ 1041.695836][T16945] should_fail_usercopy+0x1a/0x20 [ 1041.737696][T16945] _copy_to_user+0x1e/0x90 [ 1041.741928][T16945] simple_read_from_buffer+0xc7/0x150 [ 1041.747135][T16945] proc_fail_nth_read+0x1a3/0x210 [ 1041.751998][T16945] ? proc_fault_inject_write+0x390/0x390 [ 1041.757462][T16945] ? fsnotify_perm+0x269/0x5b0 [ 1041.762067][T16945] ? security_file_permission+0x86/0xb0 [ 1041.767451][T16945] ? proc_fault_inject_write+0x390/0x390 [ 1041.772910][T16945] vfs_read+0x26c/0xae0 [ 1041.776908][T16945] ? kernel_read+0x1f0/0x1f0 [ 1041.781329][T16945] ? mutex_lock+0xb1/0x1e0 [ 1041.785592][T16945] ? bit_wait_io_timeout+0x120/0x120 [ 1041.790705][T16945] ? __fdget_pos+0x2e2/0x390 [ 1041.795133][T16945] ? ksys_read+0x77/0x2c0 [ 1041.799299][T16945] ksys_read+0x199/0x2c0 [ 1041.803377][T16945] ? bpf_trace_run1+0x240/0x240 [ 1041.808069][T16945] ? vfs_write+0xed0/0xed0 [ 1041.812316][T16945] ? __bpf_trace_sys_enter+0x62/0x70 [ 1041.817438][T16945] __x64_sys_read+0x7b/0x90 [ 1041.821775][T16945] x64_sys_call+0x28/0x9a0 [ 1041.826030][T16945] do_syscall_64+0x3b/0xb0 [ 1041.830281][T16945] ? clear_bhb_loop+0x55/0xb0 [ 1041.834793][T16945] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1041.840524][T16945] RIP: 0033:0x7fde9958473c [ 1041.844773][T16945] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1041.864214][T16945] RSP: 002b:00007fde9a369030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1041.872457][T16945] RAX: ffffffffffffffda RBX: 00007fde99775fa0 RCX: 00007fde9958473c [ 1041.880268][T16945] RDX: 000000000000000f RSI: 00007fde9a3690a0 RDI: 0000000000000005 [ 1041.888081][T16945] RBP: 00007fde9a369090 R08: 0000000000000000 R09: 0000000000000000 [ 1041.895891][T16945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1041.903703][T16945] R13: 0000000000000000 R14: 00007fde99775fa0 R15: 00007ffd95b8be48 [ 1041.911525][T16945] [ 1042.417842][T16959] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4109'. [ 1042.428217][T16960] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4110'. [ 1042.634298][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1043.338652][T16992] FAULT_INJECTION: forcing a failure. [ 1043.338652][T16992] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1043.369931][T16992] CPU: 1 PID: 16992 Comm: syz.2.4118 Not tainted 6.1.118-syzkaller-00077-g3f924195e222 #0 [ 1043.379649][T16992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1043.389542][T16992] Call Trace: [ 1043.392664][T16992] [ 1043.395442][T16992] dump_stack_lvl+0x151/0x1b7 [ 1043.399975][T16992] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 1043.405256][T16992] dump_stack+0x15/0x18 [ 1043.409240][T16992] should_fail_ex+0x3d0/0x520 [ 1043.413757][T16992] should_fail+0xb/0x10 [ 1043.417747][T16992] should_fail_usercopy+0x1a/0x20 [ 1043.422606][T16992] copy_fpstate_to_sigframe+0x92a/0xba0 [ 1043.428092][T16992] ? kmem_cache_free+0x291/0x560 [ 1043.432883][T16992] ? copy_fpstate_to_sigframe+0x1b8/0xba0 [ 1043.438432][T16992] ? fpregs_set+0x7a0/0x7a0 [ 1043.442760][T16992] ? dequeue_signal+0x282/0x590 [ 1043.447451][T16992] ? unhandled_signal+0x1d0/0x1d0 [ 1043.452307][T16992] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 1043.457948][T16992] ? get_signal+0x1274/0x1820 [ 1043.462488][T16992] ? fpu__alloc_mathframe+0xc3/0x150 [ 1043.467589][T16992] get_sigframe+0x378/0x4b0 [ 1043.471940][T16992] ? restore_sigcontext+0x700/0x700 [ 1043.476957][T16992] ? ptrace_notify+0x350/0x350 [ 1043.481556][T16992] ? kill_orphaned_pgrp+0x4c0/0x4c0 [ 1043.486592][T16992] arch_do_signal_or_restart+0x2ac/0x16f0 [ 1043.492159][T16992] ? __se_sys_waitid+0x24d/0x360 [ 1043.496922][T16992] ? get_sigframe_size+0x10/0x10 [ 1043.501698][T16992] exit_to_user_mode_loop+0x74/0xa0 [ 1043.506729][T16992] exit_to_user_mode_prepare+0x5a/0xa0 [ 1043.512021][T16992] syscall_exit_to_user_mode+0x26/0x130 [ 1043.517404][T16992] do_syscall_64+0x47/0xb0 [ 1043.521656][T16992] ? clear_bhb_loop+0x55/0xb0 [ 1043.526169][T16992] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1043.531896][T16992] RIP: 0033:0x7fc3ca585d29 [ 1043.536150][T16992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1043.555590][T16992] RSP: 002b:00007fc3cb36d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f7 [ 1043.563864][T16992] RAX: 0000000000000000 RBX: 00007fc3ca775fa0 RCX: 00007fc3ca585d29 [ 1043.571647][T16992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1043.579457][T16992] RBP: 00007fc3cb36d090 R08: 0000000000000000 R09: 0000000000000000 [ 1043.587271][T16992] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 1043.595084][T16992] R13: 0000000000000000 R14: 00007fc3ca775fa0 R15: 00007fff5480e988 [ 1043.602897][T16992] [ 1043.819742][T17017] loop4: detected capacity change from 0 to 512 [ 1043.848752][T17019] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1043.857408][T17019] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1044.002510][T12590] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1044.111865][T17017] loop4: detected capacity change from 0 to 512 [ 1044.118147][T17017] EXT4-fs: Ignoring removed i_version option [ 1044.155218][T17017] EXT4-fs: Ignoring removed mblk_io_submit option [ 1044.168926][T17017] EXT4-fs: dax option not supported [ 1044.208095][T17029] loop3: detected capacity change from 0 to 512 [ 1044.232280][T17029] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.4125: casefold flag without casefold feature [ 1044.256797][T17029] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.4125: couldn't read orphan inode 15 (err -117) [ 1044.277244][T17029] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1044.536380][T17038] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4128'. [ 1044.658095][T17042] fuse: Unknown parameter '0x0000000000000008' [ 1044.706696][T17043] syz.2.4140[17043] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1044.706804][T17043] syz.2.4140[17043] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1044.989764][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1045.075559][T17049] loop3: detected capacity change from 0 to 512 [ 1045.083452][T17049] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1045.089832][T17049] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 1045.097945][T17049] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.4130: invalid indirect mapped block 2683928664 (level 1) [ 1045.112043][T17049] EXT4-fs (loop3): Remounting filesystem read-only [ 1045.118462][T17049] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 1045.132717][T17049] EXT4-fs (loop3): Remounting filesystem read-only [ 1045.139367][T17049] EXT4-fs (loop3): 1 truncate cleaned up [ 1045.144856][T17049] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1045.179935][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1045.232077][T17059] loop3: detected capacity change from 0 to 512 [ 1045.255976][T17059] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 1045.309204][T17059] EXT4-fs (loop3): 1 truncate cleaned up [ 1045.314809][T17059] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1045.394794][ T28] audit: type=1400 audit(1735381435.182:340): avc: denied { remount } for pid=17058 comm="syz.3.4135" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1045.414213][T17061] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4132'. [ 1045.414494][T17059] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 1045.624349][T17068] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4133'. [ 1045.633242][T17068] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4133'. [ 1045.727269][T17069] device bridge28 entered promiscuous mode [ 1046.260928][T17087] FAULT_INJECTION: forcing a failure. [ 1046.260928][T17087] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1046.278857][T17087] CPU: 1 PID: 17087 Comm: syz.4.4143 Not tainted 6.1.118-syzkaller-00077-g3f924195e222 #0 [ 1046.288572][T17087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1046.298470][T17087] Call Trace: [ 1046.301590][T17087] [ 1046.304370][T17087] dump_stack_lvl+0x151/0x1b7 [ 1046.308884][T17087] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 1046.314179][T17087] dump_stack+0x15/0x18 [ 1046.318177][T17087] should_fail_ex+0x3d0/0x520 [ 1046.322686][T17087] should_fail+0xb/0x10 [ 1046.326675][T17087] should_fail_usercopy+0x1a/0x20 [ 1046.331534][T17087] _copy_to_user+0x1e/0x90 [ 1046.335795][T17087] simple_read_from_buffer+0xc7/0x150 [ 1046.340998][T17087] proc_fail_nth_read+0x1a3/0x210 [ 1046.345856][T17087] ? proc_fault_inject_write+0x390/0x390 [ 1046.351347][T17087] ? fsnotify_perm+0x269/0x5b0 [ 1046.355926][T17087] ? security_file_permission+0x86/0xb0 [ 1046.361314][T17087] ? proc_fault_inject_write+0x390/0x390 [ 1046.366787][T17087] vfs_read+0x26c/0xae0 [ 1046.370764][T17087] ? kernel_read+0x1f0/0x1f0 [ 1046.375206][T17087] ? udpv6_setsockopt+0x8c/0xa0 [ 1046.379881][T17087] ? sock_common_setsockopt+0xa2/0xc0 [ 1046.385092][T17087] ? __kasan_check_read+0x11/0x20 [ 1046.389945][T17087] ? __fdget_pos+0x2e9/0x390 [ 1046.394371][T17087] ksys_read+0x199/0x2c0 [ 1046.398454][T17087] ? __ia32_sys_recv+0xb0/0xb0 [ 1046.403054][T17087] ? vfs_write+0xed0/0xed0 [ 1046.407309][T17087] ? debug_smp_processor_id+0x17/0x20 [ 1046.412511][T17087] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1046.418412][T17087] __x64_sys_read+0x7b/0x90 [ 1046.422751][T17087] x64_sys_call+0x28/0x9a0 [ 1046.427007][T17087] do_syscall_64+0x3b/0xb0 [ 1046.431255][T17087] ? clear_bhb_loop+0x55/0xb0 [ 1046.435773][T17087] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1046.441498][T17087] RIP: 0033:0x7f585f38473c [ 1046.445754][T17087] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1046.465196][T17087] RSP: 002b:00007f58600e2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1046.473441][T17087] RAX: ffffffffffffffda RBX: 00007f585f575fa0 RCX: 00007f585f38473c [ 1046.481252][T17087] RDX: 000000000000000f RSI: 00007f58600e20a0 RDI: 0000000000000004 [ 1046.489076][T17087] RBP: 00007f58600e2090 R08: 0000000000000000 R09: 0000000000000000 [ 1046.496889][T17087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1046.504690][T17087] R13: 0000000000000000 R14: 00007f585f575fa0 R15: 00007ffdb3766698 [ 1046.512506][T17087] [ 1046.619425][T17102] loop4: detected capacity change from 0 to 512 [ 1046.633501][T17102] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.4147: casefold flag without casefold feature [ 1046.653686][T17102] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.4147: couldn't read orphan inode 15 (err -117) [ 1046.665718][T17102] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1046.761876][T17059] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 4: comm syz.3.4135: path /195/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=131071, rec_len=65535, size=1024 fake=0 [ 1046.812152][T17059] EXT4-fs (loop3): Remounting filesystem read-only [ 1047.004819][T17106] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4148'. [ 1047.097514][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1047.265311][T17112] syz.3.4149[17112] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1047.265384][T17112] syz.3.4149[17112] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1047.407522][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1047.749201][T17127] FAULT_INJECTION: forcing a failure. [ 1047.749201][T17127] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1047.762418][T17127] CPU: 1 PID: 17127 Comm: syz.2.4156 Not tainted 6.1.118-syzkaller-00077-g3f924195e222 #0 [ 1047.772133][T17127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1047.782117][T17127] Call Trace: [ 1047.785257][T17127] [ 1047.788019][T17127] dump_stack_lvl+0x151/0x1b7 [ 1047.792542][T17127] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 1047.797827][T17127] ? vfs_write+0x952/0xed0 [ 1047.802104][T17127] ? __kasan_slab_free+0x11/0x20 [ 1047.806856][T17127] dump_stack+0x15/0x18 [ 1047.810845][T17127] should_fail_ex+0x3d0/0x520 [ 1047.815371][T17127] should_fail+0xb/0x10 [ 1047.819355][T17127] should_fail_usercopy+0x1a/0x20 [ 1047.824209][T17127] _copy_from_user+0x1e/0xc0 [ 1047.828669][T17127] __sys_bpf+0x23b/0x7f0 [ 1047.832721][T17127] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 1047.837931][T17127] ? __ia32_sys_read+0x90/0x90 [ 1047.842526][T17127] ? debug_smp_processor_id+0x17/0x20 [ 1047.847733][T17127] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1047.853639][T17127] __x64_sys_bpf+0x7c/0x90 [ 1047.857887][T17127] x64_sys_call+0x87f/0x9a0 [ 1047.862231][T17127] do_syscall_64+0x3b/0xb0 [ 1047.866494][T17127] ? clear_bhb_loop+0x55/0xb0 [ 1047.870994][T17127] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1047.876727][T17127] RIP: 0033:0x7fc3ca585d29 [ 1047.880980][T17127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1047.900422][T17127] RSP: 002b:00007fc3cb36d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1047.908678][T17127] RAX: ffffffffffffffda RBX: 00007fc3ca775fa0 RCX: 00007fc3ca585d29 [ 1047.916479][T17127] RDX: 0000000000000070 RSI: 0000000020000440 RDI: 0000000000000005 [ 1047.924296][T17127] RBP: 00007fc3cb36d090 R08: 0000000000000000 R09: 0000000000000000 [ 1047.932095][T17127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1047.939913][T17127] R13: 0000000000000000 R14: 00007fc3ca775fa0 R15: 00007fff5480e988 [ 1047.947723][T17127] [ 1048.162609][T17138] syz.3.4159[17138] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1048.162701][T17138] syz.3.4159[17138] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1048.977824][T17156] loop3: detected capacity change from 0 to 512 [ 1049.018541][T17156] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.4164: casefold flag without casefold feature [ 1049.034883][T17156] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.4164: couldn't read orphan inode 15 (err -117) [ 1049.047269][T17156] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1049.151792][T17163] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4163'. [ 1049.216584][T17164] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1049.225180][T17164] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1049.378932][T17163] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4163'. [ 1049.526248][T17163] device bridge19 entered promiscuous mode [ 1049.768109][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1049.778201][T17172] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4167'. [ 1049.964298][T17177] loop3: detected capacity change from 0 to 2048 [ 1050.006949][T17177] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1050.323255][T17183] syz.0.4170[17183] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1050.323307][T17183] syz.0.4170[17183] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1050.868952][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1050.886716][T17195] syz.2.4174[17195] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1050.886821][T17195] syz.2.4174[17195] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1050.933491][T17200] loop3: detected capacity change from 0 to 128 [ 1050.976256][T17200] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1050.994878][T17200] ext4 filesystem being mounted at /200/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1051.238110][T17207] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4175'. [ 1051.247009][T17207] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4175'. [ 1051.347879][T17209] device bridge26 entered promiscuous mode [ 1052.110830][T17222] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1052.119378][T17222] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1052.133202][T17223] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4182'. [ 1052.182366][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1052.242866][T17225] loop4: detected capacity change from 0 to 2048 [ 1052.295786][T17225] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1052.632761][T17239] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4184'. [ 1053.616372][T17248] syz.0.4188[17248] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1053.616423][T17248] syz.0.4188[17248] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1053.680795][T17252] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4190'. [ 1053.733414][T17254] fuse: Unknown parameter '0x0000000000000005' [ 1053.949913][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1053.985247][T17257] fuse: Unknown parameter '0x0000000000000005' [ 1053.998230][T17259] loop3: detected capacity change from 0 to 128 [ 1054.021254][T17259] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1054.029895][T17259] ext4 filesystem being mounted at /202/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1054.181412][T17266] syz.4.4192[17266] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1054.181479][T17266] syz.4.4192[17266] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1054.252680][T17269] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4193'. [ 1054.272718][T17269] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4193'. [ 1054.455838][T17268] device bridge27 entered promiscuous mode [ 1054.682549][T17277] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4195'. [ 1054.691495][T17277] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4195'. [ 1054.738456][T17283] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1054.747121][T17283] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1054.787747][T17284] device bridge20 entered promiscuous mode [ 1055.000848][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1055.010398][T17286] fuse: Unknown parameter '0x0000000000000005' [ 1055.032648][T17288] loop4: detected capacity change from 0 to 128 [ 1055.060989][T17288] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1055.069704][T17288] ext4 filesystem being mounted at /233/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1055.266060][T17293] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4200'. [ 1055.275010][T17293] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4200'. [ 1055.405271][T17294] device bridge29 entered promiscuous mode [ 1055.652750][T16461] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 1055.842657][T16461] usb 4-1: Using ep0 maxpacket: 16 [ 1055.848662][T16461] usb 4-1: config 8 has an invalid interface number: 88 but max is 1 [ 1055.913166][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1055.918769][T16461] usb 4-1: config 8 has an invalid interface number: 211 but max is 1 [ 1055.935068][T16461] usb 4-1: config 8 has no interface number 0 [ 1055.940960][T16461] usb 4-1: config 8 has no interface number 1 [ 1055.952612][T16461] usb 4-1: config 8 interface 88 altsetting 9 endpoint 0x1 has an invalid bInterval 176, changing to 11 [ 1055.964192][T16461] usb 4-1: config 8 interface 211 altsetting 8 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 1055.975131][T16461] usb 4-1: config 8 interface 211 altsetting 8 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 1055.986087][T16461] usb 4-1: config 8 interface 211 altsetting 8 has a duplicate endpoint with address 0xB, skipping [ 1055.996908][T16461] usb 4-1: config 8 interface 88 has no altsetting 0 [ 1056.003560][T16461] usb 4-1: config 8 interface 211 has no altsetting 0 [ 1056.013867][T17305] fuse: Unknown parameter '0x0000000000000005' [ 1056.023902][T16461] usb 4-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=81.87 [ 1056.049449][T16461] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1056.057513][T16461] usb 4-1: Product: syz [ 1056.061569][T16461] usb 4-1: Manufacturer: syz [ 1056.065962][T16461] usb 4-1: SerialNumber: syz [ 1056.083644][T17310] loop4: detected capacity change from 0 to 512 [ 1056.091338][T17308] syz.1.4206[17308] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1056.091427][T17308] syz.1.4206[17308] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1056.104432][T17310] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1056.124486][T17310] ext4 filesystem being mounted at /235/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1056.161865][T17310] EXT4-fs: Ignoring removed orlov option [ 1056.167497][T17310] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1056.175778][T17310] EXT4-fs (loop4): can't enable nombcache during remount [ 1056.183251][T17310] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #12: comm syz.4.4207: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 1056.332364][T16461] usb 4-1: USB disconnect, device number 11 [ 1056.347222][T12591] udevd[12591]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:8.211/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 1056.490561][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1056.620135][T17329] fuse: Unknown parameter '0x0000000000000005' [ 1057.252045][T17335] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1057.260599][T17335] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1057.517377][T17338] loop3: detected capacity change from 0 to 1024 [ 1057.596490][T17338] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1057.627621][ T28] audit: type=1400 audit(1735381447.418:341): avc: denied { create } for pid=17337 comm="syz.3.4214" name=".index" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 1057.701560][T17349] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4216'. [ 1057.710438][T17349] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4216'. [ 1057.794319][T17351] device bridge29 entered promiscuous mode [ 1057.815741][T17338] incfs: ino conflict with backing FS 2 [ 1058.552220][ T19] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 1058.762227][ T19] usb 4-1: config 0 has an invalid interface number: 64 but max is 0 [ 1058.772742][ T19] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1058.782775][ T19] usb 4-1: config 0 has no interface number 0 [ 1058.802952][ T19] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 1058.811853][ T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1058.819688][ T19] usb 4-1: Product: syz [ 1058.823685][ T19] usb 4-1: Manufacturer: syz [ 1058.828030][ T19] usb 4-1: SerialNumber: syz [ 1058.833324][ T19] usb 4-1: config 0 descriptor?? [ 1058.850682][T17374] syz.4.4223[17374] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1058.850762][T17374] syz.4.4223[17374] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1059.256626][T17352] can0: slcan on ptm0. [ 1059.566652][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): can0: link becomes ready [ 1060.038991][T17423] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4232'. [ 1060.603866][ T19] usb 4-1: Found UVC 0.08 device syz (046d:0823) [ 1060.610107][ T19] usb 4-1: No valid video chain found. [ 1060.636142][ T19] usb 4-1: USB disconnect, device number 12 [ 1060.650900][T17350] can0 (unregistered): slcan off ptm0. [ 1060.699458][T17434] fuse: Unknown parameter '0x0000000000000008' [ 1060.730510][ T28] audit: type=1400 audit(1735381450.530:342): avc: denied { remove_name } for pid=13124 comm="syz-executor" name=".index" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1060.761326][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1060.825662][ T28] audit: type=1400 audit(1735381450.560:343): avc: denied { rmdir } for pid=13124 comm="syz-executor" name=".index" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 1060.917580][T17452] loop3: detected capacity change from 0 to 2048 [ 1061.034845][T17452] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1061.582815][T17475] loop4: detected capacity change from 0 to 512 [ 1061.590665][T17477] syz.0.4239[17477] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1061.590744][T17477] syz.0.4239[17477] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1061.601342][T17475] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1061.622119][T17475] ext4 filesystem being mounted at /242/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1061.648449][T17475] EXT4-fs: Ignoring removed orlov option [ 1061.654599][T17475] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1061.663158][T17475] EXT4-fs (loop4): can't enable nombcache during remount [ 1061.707255][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1061.722141][T17484] loop4: detected capacity change from 0 to 128 [ 1061.730146][T17484] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1061.738589][T17484] ext4 filesystem being mounted at /243/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1061.927678][T17491] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4242'. [ 1061.936559][T17491] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4242'. [ 1062.047389][T17494] device bridge30 entered promiscuous mode [ 1062.193615][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1062.393357][T17504] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1062.402168][T17504] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1062.622272][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1062.753505][T17514] fuse: Unknown parameter '0x0000000000000008' [ 1062.764217][T17518] loop4: detected capacity change from 0 to 512 [ 1062.805959][T17518] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 1062.825997][T17518] EXT4-fs (loop4): 1 truncate cleaned up [ 1062.835234][T17518] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1062.852074][T17518] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 1063.079043][T14868] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1063.116575][T17532] fuse: Unknown parameter '0x0000000000000008' [ 1063.268969][T14868] usb 2-1: Using ep0 maxpacket: 16 [ 1063.275023][T14868] usb 2-1: config 8 has an invalid interface number: 88 but max is 1 [ 1063.294165][T14868] usb 2-1: config 8 has an invalid interface number: 211 but max is 1 [ 1063.312277][T14868] usb 2-1: config 8 has no interface number 0 [ 1063.328343][T14868] usb 2-1: config 8 has no interface number 1 [ 1063.338459][T14868] usb 2-1: config 8 interface 88 altsetting 9 endpoint 0x1 has an invalid bInterval 176, changing to 11 [ 1063.368905][T14868] usb 2-1: config 8 interface 211 altsetting 8 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 1063.379764][T14868] usb 2-1: config 8 interface 211 altsetting 8 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 1063.398861][T14868] usb 2-1: config 8 interface 211 altsetting 8 has a duplicate endpoint with address 0xB, skipping [ 1063.418948][T14868] usb 2-1: config 8 interface 88 has no altsetting 0 [ 1063.432939][T14868] usb 2-1: config 8 interface 211 has no altsetting 0 [ 1063.450247][T14868] usb 2-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=81.87 [ 1063.468893][T14868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1063.486967][T14868] usb 2-1: Product: syz [ 1063.490972][T14868] usb 2-1: Manufacturer: syz [ 1063.495380][T14868] usb 2-1: SerialNumber: syz [ 1063.739856][T12591] udevd[12591]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:8.211/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 1063.756439][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1063.756723][T14868] usb 2-1: USB disconnect, device number 13 [ 1064.314022][T17557] fuse: Unknown parameter '0x0000000000000008' [ 1064.748897][T17567] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4266'. [ 1065.038272][T17569] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4267'. [ 1065.790645][T17580] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1065.799409][T17580] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1066.202923][T17584] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4270'. [ 1066.241387][T17586] loop3: detected capacity change from 0 to 8192 [ 1066.275721][T17586] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1066.571751][T17604] fuse: Unknown parameter '0x0000000000000008' [ 1066.625126][T17607] loop3: detected capacity change from 0 to 128 [ 1066.666728][T17607] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1066.683852][T17607] ext4 filesystem being mounted at /215/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1066.975227][T17618] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4278'. [ 1066.984091][T17618] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4278'. [ 1067.035656][T17619] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4280'. [ 1067.270296][T17618] device bridge28 entered promiscuous mode [ 1067.394845][T17622] fuse: Unknown parameter '0x0000000000000008' [ 1067.526282][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1067.657033][T17628] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4283'. [ 1068.026029][T17645] fuse: Unknown parameter '0x0000000000000008' [ 1068.134967][T17647] loop4: detected capacity change from 0 to 512 [ 1068.281266][T17647] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1068.300369][T17647] ext4 filesystem being mounted at /252/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1068.405157][T17659] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4291'. [ 1068.414078][T17659] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4291'. [ 1068.514427][T17661] device bridge30 entered promiscuous mode [ 1068.719644][T17647] EXT4-fs: Ignoring removed orlov option [ 1068.733524][T17647] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1068.761236][T17647] EXT4-fs (loop4): can't enable nombcache during remount [ 1068.865282][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1068.902006][T17669] loop3: detected capacity change from 0 to 512 [ 1068.958963][T17669] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.4293: casefold flag without casefold feature [ 1068.971932][T17669] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.4293: couldn't read orphan inode 15 (err -117) [ 1068.990988][T17671] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4295'. [ 1069.036871][T17669] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1069.263760][T17689] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4297'. [ 1070.356460][T17698] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4301'. [ 1070.440305][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1070.462550][T17682] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4296'. [ 1070.529193][T17709] loop3: detected capacity change from 0 to 512 [ 1070.576529][T17709] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1070.605591][T17709] ext4 filesystem being mounted at /219/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1070.735810][T17709] EXT4-fs: Ignoring removed orlov option [ 1070.750045][T17709] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1070.778579][T17709] EXT4-fs (loop3): can't enable nombcache during remount [ 1070.873116][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1071.195513][T17721] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1071.204196][T17721] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1072.040938][T17749] __nla_validate_parse: 1 callbacks suppressed [ 1072.040981][T17749] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4310'. [ 1072.055794][T17749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4310'. [ 1072.161961][T17750] device bridge21 entered promiscuous mode [ 1072.379961][T17754] fuse: Unknown parameter '0x0000000000000008' [ 1072.549460][T17759] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4313'. [ 1073.164757][T17761] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4315'. [ 1073.173623][T17761] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4315'. [ 1074.033442][T17761] device bridge31 entered promiscuous mode [ 1074.264974][T17777] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4318'. [ 1074.277412][T17779] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4322'. [ 1074.604628][T17792] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4324'. [ 1074.613474][T17792] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4324'. [ 1074.726598][T17794] device bridge22 entered promiscuous mode [ 1075.171148][T17804] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1075.179928][T17804] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1075.574926][T17808] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4327'. [ 1075.666536][T17807] device bridge23 entered promiscuous mode [ 1075.694877][T17817] fuse: Unknown parameter '0x0000000000000008' [ 1076.284825][T17814] loop4: detected capacity change from 0 to 40427 [ 1076.300009][T17814] F2FS-fs (loop4): fault_type options not supported [ 1076.322234][T17814] F2FS-fs (loop4): Unrecognized mount option "checkpoint=disablenoextent_cache" or missing value [ 1076.465645][T17834] fuse: Unknown parameter '0x0000000000000008' [ 1076.558950][T17838] loop3: detected capacity change from 0 to 512 [ 1076.647733][T17838] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 1076.656263][T17838] EXT4-fs (loop3): 1 truncate cleaned up [ 1076.661763][T17838] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1076.692505][T17838] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 1076.999395][T17846] loop4: detected capacity change from 0 to 128 [ 1077.047702][T17846] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1077.063015][T17846] ext4 filesystem being mounted at /260/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1077.324585][T17852] __nla_validate_parse: 2 callbacks suppressed [ 1077.324617][T17852] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4339'. [ 1077.339459][T17852] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4339'. [ 1077.425109][T17854] device bridge31 entered promiscuous mode [ 1077.814853][T17838] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 4: comm syz.3.4338: path /227/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=131071, rec_len=65535, size=1024 fake=0 [ 1077.878179][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1077.891034][T17838] EXT4-fs (loop3): Remounting filesystem read-only [ 1077.945497][T17870] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4340'. [ 1078.151302][T17872] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1078.160000][T17872] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1078.607279][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1078.794317][T17888] loop4: detected capacity change from 0 to 128 [ 1078.832291][T17888] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1078.873076][T17888] ext4 filesystem being mounted at /262/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1078.892023][T17890] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4347'. [ 1079.722502][T17893] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4348'. [ 1079.731290][T17893] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4348'. [ 1079.903886][T17895] device bridge32 entered promiscuous mode [ 1080.177488][T17901] FAULT_INJECTION: forcing a failure. [ 1080.177488][T17901] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1080.205904][T17901] CPU: 1 PID: 17901 Comm: syz.3.4349 Not tainted 6.1.118-syzkaller-00077-g3f924195e222 #0 [ 1080.215626][T17901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1080.225523][T17901] Call Trace: [ 1080.228657][T17901] [ 1080.231417][T17901] dump_stack_lvl+0x151/0x1b7 [ 1080.235934][T17901] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 1080.241231][T17901] dump_stack+0x15/0x18 [ 1080.245221][T17901] should_fail_ex+0x3d0/0x520 [ 1080.249733][T17901] should_fail+0xb/0x10 [ 1080.253728][T17901] should_fail_usercopy+0x1a/0x20 [ 1080.258587][T17901] _copy_to_user+0x1e/0x90 [ 1080.262841][T17901] simple_read_from_buffer+0xc7/0x150 [ 1080.268055][T17901] proc_fail_nth_read+0x1a3/0x210 [ 1080.272908][T17901] ? proc_fault_inject_write+0x390/0x390 [ 1080.278375][T17901] ? fsnotify_perm+0x269/0x5b0 [ 1080.283075][T17901] ? security_file_permission+0x86/0xb0 [ 1080.288453][T17901] ? proc_fault_inject_write+0x390/0x390 [ 1080.293929][T17901] vfs_read+0x26c/0xae0 [ 1080.297906][T17901] ? kernel_read+0x1f0/0x1f0 [ 1080.302353][T17901] ? udpv6_setsockopt+0x8c/0xa0 [ 1080.307022][T17901] ? sock_common_setsockopt+0xa2/0xc0 [ 1080.312224][T17901] ? __kasan_check_read+0x11/0x20 [ 1080.317089][T17901] ? __fdget_pos+0x2e9/0x390 [ 1080.321511][T17901] ksys_read+0x199/0x2c0 [ 1080.325587][T17901] ? __ia32_sys_recv+0xb0/0xb0 [ 1080.330277][T17901] ? vfs_write+0xed0/0xed0 [ 1080.334566][T17901] ? debug_smp_processor_id+0x17/0x20 [ 1080.339733][T17901] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 1080.345639][T17901] __x64_sys_read+0x7b/0x90 [ 1080.349977][T17901] x64_sys_call+0x28/0x9a0 [ 1080.354228][T17901] do_syscall_64+0x3b/0xb0 [ 1080.358482][T17901] ? clear_bhb_loop+0x55/0xb0 [ 1080.362994][T17901] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1080.368722][T17901] RIP: 0033:0x7fde9958473c [ 1080.372977][T17901] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1080.392420][T17901] RSP: 002b:00007fde9a369030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1080.400755][T17901] RAX: ffffffffffffffda RBX: 00007fde99775fa0 RCX: 00007fde9958473c [ 1080.408562][T17901] RDX: 000000000000000f RSI: 00007fde9a3690a0 RDI: 0000000000000004 [ 1080.416371][T17901] RBP: 00007fde9a369090 R08: 0000000000000000 R09: 0000000000000000 [ 1080.424184][T17901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1080.432107][T17901] R13: 0000000000000000 R14: 00007fde99775fa0 R15: 00007ffd95b8be48 [ 1080.439926][T17901] [ 1080.443613][T17905] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4359'. [ 1080.453042][T17905] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4359'. [ 1080.469964][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1080.484318][T17904] overlayfs: unrecognized mount option "\/bus" or missing value [ 1080.516068][T17912] device bridge32 entered promiscuous mode [ 1080.549088][T17914] loop3: detected capacity change from 0 to 512 [ 1080.688091][T17914] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1080.698042][T17914] ext4 filesystem being mounted at /231/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1080.768374][T17923] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1080.777062][T17923] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1081.124814][T17914] EXT4-fs: Ignoring removed orlov option [ 1081.141761][T17914] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1081.151853][T17914] EXT4-fs (loop3): can't enable nombcache during remount [ 1081.167065][T17914] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #12: comm syz.3.4354: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 1081.242613][T17929] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4356'. [ 1081.251443][T17929] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4356'. [ 1081.339231][T17930] device bridge33 entered promiscuous mode [ 1081.813154][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1082.046032][T17947] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1082.054830][T17947] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1082.557673][T17956] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4363'. [ 1082.718461][T17962] device bridge33 entered promiscuous mode [ 1082.844945][T17967] loop4: detected capacity change from 0 to 512 [ 1082.872632][T17967] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.4367: casefold flag without casefold feature [ 1082.901175][T17967] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.4367: couldn't read orphan inode 15 (err -117) [ 1082.921160][T17967] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1083.117023][T17976] fuse: Unknown parameter '0x0000000000000008' [ 1083.185167][T17978] loop3: detected capacity change from 0 to 512 [ 1083.231952][T17978] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1083.240685][T17978] ext4 filesystem being mounted at /236/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1083.331641][T17978] EXT4-fs: Ignoring removed orlov option [ 1083.348082][T17978] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1083.369545][T17978] EXT4-fs (loop3): can't enable nombcache during remount [ 1083.391108][T17978] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #12: comm syz.3.4370: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 1083.636750][T17990] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4372'. [ 1083.645894][T17990] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4372'. [ 1084.000649][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1084.053080][T17990] device bridge18 entered promiscuous mode [ 1084.061804][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1084.089275][T17995] loop4: detected capacity change from 0 to 512 [ 1084.130508][T17995] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.4373: casefold flag without casefold feature [ 1084.164587][T17995] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.4373: couldn't read orphan inode 15 (err -117) [ 1084.196028][T17995] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1084.357786][T17994] loop3: detected capacity change from 0 to 40427 [ 1084.365215][T17994] F2FS-fs (loop3): fault_type options not supported [ 1084.372082][T17994] F2FS-fs (loop3): Unrecognized mount option "checkpoint=disablenoextent_cache" or missing value [ 1084.512233][T18008] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1084.538492][T18008] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1085.085572][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1085.251854][T18020] syz.4.4379[18020] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1085.251926][T18020] syz.4.4379[18020] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1085.512964][T18030] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4381'. [ 1085.532977][T18030] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4381'. [ 1085.650510][T18031] device bridge19 entered promiscuous mode [ 1086.197901][T18048] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4384'. [ 1086.936736][T18057] device bridge29 entered promiscuous mode [ 1087.050425][T18060] loop3: detected capacity change from 0 to 512 [ 1087.094000][T18060] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.4389: casefold flag without casefold feature [ 1087.138532][T18060] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.4389: couldn't read orphan inode 15 (err -117) [ 1087.183025][T18060] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1087.296967][T18070] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4390'. [ 1087.305810][T18070] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4390'. [ 1087.406999][T18071] device bridge24 entered promiscuous mode [ 1087.738601][T18079] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1087.761347][T18079] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1087.830357][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1087.972410][T18083] loop3: detected capacity change from 0 to 512 [ 1088.088929][T18083] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1088.109685][T18083] ext4 filesystem being mounted at /243/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1088.641785][T18081] EXT4-fs: Ignoring removed orlov option [ 1088.647314][T18081] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1088.691755][T18097] syz.4.4396[18097] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1088.691826][T18097] syz.4.4396[18097] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1088.699211][T18081] EXT4-fs (loop3): can't enable nombcache during remount [ 1088.733273][T18081] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #12: comm syz.3.4394: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 1088.785016][T18105] device bridge20 entered promiscuous mode [ 1089.133004][T18112] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4398'. [ 1089.809140][T18116] loop4: detected capacity change from 0 to 512 [ 1089.859497][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1089.865886][T18116] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 1089.878895][T18116] EXT4-fs (loop4): 1 truncate cleaned up [ 1089.884529][T18116] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1089.900567][T18109] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4399'. [ 1089.930339][T18122] loop3: detected capacity change from 0 to 128 [ 1089.968179][T18116] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 1089.975872][T18122] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1089.989023][T18122] ext4 filesystem being mounted at /244/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1090.386829][T18135] device bridge30 entered promiscuous mode [ 1090.801158][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1090.950725][T18116] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 4: comm syz.4.4402: path /272/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=131071, rec_len=65535, size=1024 fake=0 [ 1090.977285][T18116] EXT4-fs (loop4): Remounting filesystem read-only [ 1091.093098][T18147] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1091.116900][T18147] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1091.220924][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1091.752817][T18161] syz.0.4412[18161] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1091.752914][T18161] syz.0.4412[18161] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1091.917593][T18164] loop3: detected capacity change from 0 to 128 [ 1091.961369][T18164] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1092.049719][T18164] ext4 filesystem being mounted at /246/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1092.550574][T18169] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4413'. [ 1092.559365][T18169] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4413'. [ 1092.637145][T18170] device bridge31 entered promiscuous mode [ 1092.894266][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1093.113100][T18185] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4414'. [ 1093.122108][T18185] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4414'. [ 1093.144680][T18184] syz.4.4417[18184] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1093.145280][T18184] syz.4.4417[18184] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1093.366797][T18185] device bridge25 entered promiscuous mode [ 1093.717141][T18188] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4418'. [ 1093.753417][T18190] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4416'. [ 1094.093152][T18204] loop4: detected capacity change from 0 to 2048 [ 1094.163856][T18209] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4419'. [ 1094.395472][T18204] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1095.027395][T18216] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4425'. [ 1095.036303][T18216] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4425'. [ 1095.523997][T18216] device bridge21 entered promiscuous mode [ 1095.657958][T18225] syz.1.4424[18225] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1095.658047][T18225] syz.1.4424[18225] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1095.816055][T18231] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4427'. [ 1096.687851][T18243] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4440'. [ 1096.696795][T18243] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4440'. [ 1096.787554][T18244] device bridge26 entered promiscuous mode [ 1096.944911][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1097.009103][T18250] loop4: detected capacity change from 0 to 128 [ 1097.022603][T18250] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1097.035762][T18250] ext4 filesystem being mounted at /278/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1097.230061][T18259] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4433'. [ 1097.239036][T18259] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4433'. [ 1097.479625][T18260] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4434'. [ 1097.694984][T18268] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4435'. [ 1098.149358][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1098.813277][T18288] loop3: detected capacity change from 0 to 128 [ 1098.846860][T18288] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1098.866377][T18288] ext4 filesystem being mounted at /253/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1098.953992][T18295] loop4: detected capacity change from 0 to 2048 [ 1098.988406][T18295] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1099.143004][T18301] device bridge32 entered promiscuous mode [ 1099.759539][T18309] device bridge27 entered promiscuous mode [ 1100.012716][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1100.063886][T18311] loop3: detected capacity change from 0 to 128 [ 1100.101677][T18311] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1100.115958][T18311] ext4 filesystem being mounted at /254/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1100.635806][T18317] __nla_validate_parse: 2 callbacks suppressed [ 1100.635839][T18317] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4448'. [ 1100.650759][T18317] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4448'. [ 1100.955763][T18320] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4447'. [ 1100.964664][T18320] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4447'. [ 1101.516087][T18317] device bridge22 entered promiscuous mode [ 1101.563001][T18320] device bridge33 entered promiscuous mode [ 1101.715502][T18329] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4449'. [ 1101.724390][T18329] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4449'. [ 1101.911279][T18332] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1101.919943][T18332] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1102.386132][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1102.404391][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1102.633889][T18352] syz.4.4456[18352] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1102.633979][T18352] syz.4.4456[18352] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1102.707820][T18358] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4457'. [ 1102.774577][T18359] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4452'. [ 1103.815793][T18376] loop4: detected capacity change from 0 to 128 [ 1103.855359][T18376] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1103.866973][T18376] ext4 filesystem being mounted at /284/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1104.281663][T18389] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1104.290614][T18389] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1104.440763][T18391] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4463'. [ 1104.449603][T18391] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4463'. [ 1104.767124][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1104.883748][T18405] loop3: detected capacity change from 0 to 2048 [ 1105.039308][T18411] syz.0.4470[18411] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1105.039385][T18411] syz.0.4470[18411] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1105.061408][T18405] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1105.958080][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1106.114623][T18437] loop3: detected capacity change from 0 to 128 [ 1106.434369][T18439] __nla_validate_parse: 1 callbacks suppressed [ 1106.434388][T18439] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4474'. [ 1106.885912][T18440] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4475'. [ 1106.894932][T18440] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4475'. [ 1106.895573][T18441] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1106.912275][T18441] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1107.006425][T18444] device bridge34 entered promiscuous mode [ 1107.242690][T18437] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1107.251292][T18437] ext4 filesystem being mounted at /258/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1107.484059][T18461] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4476'. [ 1107.492985][T18461] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4476'. [ 1107.522424][T18461] device bridge34 entered promiscuous mode [ 1107.752995][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1107.807867][T18468] loop4: detected capacity change from 0 to 512 [ 1107.930270][T18468] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.4494: casefold flag without casefold feature [ 1107.943101][T18468] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.4494: couldn't read orphan inode 15 (err -117) [ 1107.955490][T18472] syz.3.4484[18472] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1107.955557][T18472] syz.3.4484[18472] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1107.973877][T18468] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1108.083574][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1108.215343][T18480] loop4: detected capacity change from 0 to 2048 [ 1108.280053][T18480] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1108.686155][T18491] loop3: detected capacity change from 0 to 128 [ 1108.725146][T18491] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1108.752570][T18491] ext4 filesystem being mounted at /260/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1108.970213][T18494] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4489'. [ 1108.979134][T18494] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4489'. [ 1109.006591][T18494] device bridge35 entered promiscuous mode [ 1109.256446][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1109.402086][T18505] loop4: detected capacity change from 0 to 2048 [ 1109.443065][T18505] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1109.549094][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1109.679839][T18511] loop3: detected capacity change from 0 to 512 [ 1109.694839][T18511] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1109.703733][T18511] ext4 filesystem being mounted at /262/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1109.737933][T18511] EXT4-fs: Ignoring removed orlov option [ 1109.743725][T18511] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1109.752067][T18511] EXT4-fs (loop3): can't enable nombcache during remount [ 1109.759764][T18511] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #12: comm syz.3.4496: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 1110.041327][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1110.163298][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1110.369844][T18543] loop4: detected capacity change from 0 to 128 [ 1110.407864][T18543] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1110.423528][T18543] ext4 filesystem being mounted at /299/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1110.665732][T18546] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4507'. [ 1110.674669][T18546] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4507'. [ 1110.759472][T18547] device bridge34 entered promiscuous mode [ 1111.232870][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1111.731064][T18559] loop4: detected capacity change from 0 to 512 [ 1111.793020][T18559] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.4512: casefold flag without casefold feature [ 1111.833294][T18559] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.4512: couldn't read orphan inode 15 (err -117) [ 1111.863141][T18559] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1111.980715][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1112.176368][T18580] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1112.185066][T18580] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1112.855306][T18597] loop3: detected capacity change from 0 to 128 [ 1112.909753][T18597] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1112.920586][T18597] ext4 filesystem being mounted at /269/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1113.210021][T18612] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4520'. [ 1113.218946][T18612] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4520'. [ 1113.315339][T18613] device bridge36 entered promiscuous mode [ 1113.754404][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1113.829410][T18618] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4524'. [ 1113.838375][T18618] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4524'. [ 1113.932911][T18619] device bridge28 entered promiscuous mode [ 1114.121314][T18623] loop4: detected capacity change from 0 to 128 [ 1114.168820][T18623] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1114.194971][T18623] ext4 filesystem being mounted at /306/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1114.428290][T18631] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4525'. [ 1114.437254][T18631] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4525'. [ 1114.736342][T18631] device bridge35 entered promiscuous mode [ 1114.768033][T18636] loop3: detected capacity change from 0 to 512 [ 1114.777566][T18636] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.4530: casefold flag without casefold feature [ 1114.793233][T18636] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.4530: couldn't read orphan inode 15 (err -117) [ 1114.805233][T18636] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1114.862782][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1115.013870][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1115.075930][T18646] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1115.084737][T18646] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1115.718086][T18665] device bridge35 entered promiscuous mode [ 1115.920084][T18668] loop3: detected capacity change from 0 to 128 [ 1115.941960][T18668] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1115.955425][T18668] ext4 filesystem being mounted at /274/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1116.066457][T18672] loop4: detected capacity change from 0 to 512 [ 1116.083095][T18672] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 1116.091930][T18672] EXT4-fs (loop4): 1 truncate cleaned up [ 1116.106020][T18672] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1116.167945][T18674] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4539'. [ 1116.176890][T18674] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4539'. [ 1116.263491][T18675] device bridge37 entered promiscuous mode [ 1116.352908][T18672] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 1116.611630][T18684] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4541'. [ 1116.620709][T18684] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4541'. [ 1116.648988][T18684] device bridge36 entered promiscuous mode [ 1116.871255][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1116.994595][T18693] loop3: detected capacity change from 0 to 2048 [ 1117.059518][T18693] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1117.300899][T18672] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 4: comm syz.4.4540: path /310/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=131071, rec_len=65535, size=1024 fake=0 [ 1117.570721][T18672] EXT4-fs (loop4): Remounting filesystem read-only [ 1117.898740][T18705] syz.0.4548[18705] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1117.898827][T18705] syz.0.4548[18705] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1117.912342][T18702] device bridge37 entered promiscuous mode [ 1118.077820][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1118.580590][T18714] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1118.589653][T18714] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1119.305652][T18725] __nla_validate_parse: 3 callbacks suppressed [ 1119.305672][T18725] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4553'. [ 1119.358185][T18724] device bridge38 entered promiscuous mode [ 1119.686799][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1119.713058][T18735] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4556'. [ 1119.871445][T18739] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4554'. [ 1120.004608][T18748] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4565'. [ 1120.403121][T18750] kvm [18749]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xa00000000 [ 1120.532351][T18731] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1120.685292][T18731] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1120.752778][T18758] syz.1.4559[18758] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1120.752851][T18758] syz.1.4559[18758] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1121.086923][T18765] syz.0.4561[18765] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1121.098270][T18765] syz.0.4561[18765] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1121.185602][T18769] loop4: detected capacity change from 0 to 128 [ 1121.210821][T18769] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1121.219356][T18769] ext4 filesystem being mounted at /315/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1122.111828][T18779] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4563'. [ 1122.120627][T18779] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4563'. [ 1122.129621][T18780] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4566'. [ 1122.140434][T18774] device bridge36 entered promiscuous mode [ 1122.149055][T18784] device bridge23 entered promiscuous mode [ 1122.195108][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1122.521072][T18796] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4570'. [ 1123.030805][T18799] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4571'. [ 1123.365403][T18808] loop4: detected capacity change from 0 to 512 [ 1123.411402][T18808] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 1123.485756][T18808] EXT4-fs (loop4): 1 truncate cleaned up [ 1123.495388][T18808] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1123.525253][T18808] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 1123.760998][T18817] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4576'. [ 1123.831060][T18819] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1123.839899][T18819] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1123.958882][T18820] device bridge24 entered promiscuous mode [ 1124.704655][T18826] __nla_validate_parse: 1 callbacks suppressed [ 1124.704683][T18826] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4577'. [ 1124.719482][T18826] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4577'. [ 1124.816282][T18828] device bridge25 entered promiscuous mode [ 1125.002370][T18830] syz.3.4578[18830] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1125.002449][T18830] syz.3.4578[18830] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1125.243580][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1125.510966][T18842] syz.2.4580[18842] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1125.511041][T18842] syz.2.4580[18842] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1125.701811][T18846] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4581'. [ 1125.811324][T18847] device bridge29 entered promiscuous mode [ 1126.420285][T18855] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4583'. [ 1126.934681][T18868] loop4: detected capacity change from 0 to 512 [ 1126.996855][T18870] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4585'. [ 1127.162936][T18868] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.4587: casefold flag without casefold feature [ 1127.220099][T18868] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.4587: couldn't read orphan inode 15 (err -117) [ 1127.237021][T18875] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4588'. [ 1127.246041][T18868] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1127.288152][T18878] loop3: detected capacity change from 0 to 512 [ 1127.365078][T18878] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 1127.373736][T18878] EXT4-fs (loop3): 1 truncate cleaned up [ 1127.379253][T18878] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1127.402116][T18878] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 1127.472249][T18883] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4591'. [ 1127.481109][T18883] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4591'. [ 1127.593036][T18885] device bridge39 entered promiscuous mode [ 1127.731921][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1127.889540][T18890] syz.4.4593[18890] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1127.889613][T18890] syz.4.4593[18890] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1128.712167][T18903] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4595'. [ 1128.732210][T18903] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4595'. [ 1128.773706][T18903] device bridge26 entered promiscuous mode [ 1129.029485][T18907] loop4: detected capacity change from 0 to 128 [ 1129.036047][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1129.060165][T18907] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1129.073077][T18907] ext4 filesystem being mounted at /321/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1129.143666][T18908] kvm [18905]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xa00000000 [ 1129.502696][T18921] device bridge40 entered promiscuous mode [ 1129.573827][T18919] device bridge37 entered promiscuous mode [ 1130.078198][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1130.141462][T18932] loop4: detected capacity change from 0 to 128 [ 1130.183817][T18936] loop3: detected capacity change from 0 to 128 [ 1130.192228][T18932] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1130.217464][T18932] ext4 filesystem being mounted at /322/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1130.240483][T18936] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1130.260617][T18936] ext4 filesystem being mounted at /286/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1130.699466][T18943] __nla_validate_parse: 5 callbacks suppressed [ 1130.699508][T18943] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4602'. [ 1130.714293][T18943] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4602'. [ 1130.909320][T18942] device bridge38 entered promiscuous mode [ 1130.917158][T18945] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4604'. [ 1130.926034][T18945] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4604'. [ 1131.242000][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1131.315620][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1131.335070][T18948] loop4: detected capacity change from 0 to 128 [ 1131.421452][T18948] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1131.469789][T18948] ext4 filesystem being mounted at /323/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1131.583739][T18956] syz.3.4607[18956] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1131.584715][T18956] syz.3.4607[18956] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1131.900665][T18959] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4605'. [ 1131.920680][T18959] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4605'. [ 1132.131306][T18960] device bridge39 entered promiscuous mode [ 1132.366204][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1132.644471][T18976] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4609'. [ 1132.653417][T18976] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4609'. [ 1132.670855][T18976] device bridge27 entered promiscuous mode [ 1133.000080][T18978] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1133.008648][T18978] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1133.030252][T18975] loop3: detected capacity change from 0 to 128 [ 1133.083392][T18975] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1133.114815][T18975] ext4 filesystem being mounted at /290/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1133.778978][T18987] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4613'. [ 1133.787752][T18987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4613'. [ 1134.138403][T18986] device bridge38 entered promiscuous mode [ 1134.151506][T18990] device bridge28 entered promiscuous mode [ 1134.504310][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1134.542502][T18995] loop3: detected capacity change from 0 to 128 [ 1134.570699][T18984] kvm [18983]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xa00000000 [ 1134.619596][T18995] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1134.620253][T18998] loop4: detected capacity change from 0 to 2048 [ 1134.634159][T18995] ext4 filesystem being mounted at /291/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1134.783445][T18998] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1135.666898][T19005] device bridge30 entered promiscuous mode [ 1135.781273][T19014] device bridge39 entered promiscuous mode [ 1135.983545][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1136.128547][T19023] loop3: detected capacity change from 0 to 128 [ 1136.141255][T19020] syz.1.4621[19020] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1136.141334][T19020] syz.1.4621[19020] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1136.163599][T19023] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1136.213723][T19023] ext4 filesystem being mounted at /293/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1136.477509][T19029] __nla_validate_parse: 7 callbacks suppressed [ 1136.477541][T19029] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4624'. [ 1136.492362][T19029] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4624'. [ 1136.595141][T19030] device bridge40 entered promiscuous mode [ 1136.891541][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1137.029891][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1137.037891][T19038] loop4: detected capacity change from 0 to 512 [ 1137.057082][T19038] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.4627: casefold flag without casefold feature [ 1137.085646][T19041] loop3: detected capacity change from 0 to 128 [ 1137.095246][T19038] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.4627: couldn't read orphan inode 15 (err -117) [ 1137.107547][T19038] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1137.111300][T19041] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1137.126436][T19041] ext4 filesystem being mounted at /294/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1137.348319][T19048] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4628'. [ 1137.357142][T19048] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4628'. [ 1137.445974][T19049] device bridge41 entered promiscuous mode [ 1137.777605][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1137.881024][T19061] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4631'. [ 1138.131235][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1138.199219][T19060] loop4: detected capacity change from 0 to 2048 [ 1138.310049][T19060] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1138.414985][T19072] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4633'. [ 1138.423889][T19072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4633'. [ 1138.530891][T19073] device bridge41 entered promiscuous mode [ 1138.852961][T19066] loop3: detected capacity change from 0 to 40427 [ 1138.877867][T19066] F2FS-fs (loop3): fault_type options not supported [ 1138.885008][T19066] F2FS-fs (loop3): Unrecognized mount option "checkpoint=disablenoextent_cache" or missing value [ 1139.560543][T19085] syz.0.4639[19085] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1139.560623][T19085] syz.0.4639[19085] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1139.791803][T19097] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1139.811625][T19097] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1139.934825][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1140.040831][T19099] loop4: detected capacity change from 0 to 512 [ 1140.066635][T19099] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1140.075841][T19099] ext4 filesystem being mounted at /328/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1140.266850][T19104] EXT4-fs: Ignoring removed orlov option [ 1140.395155][T19104] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1140.405142][T19104] EXT4-fs (loop4): can't enable nombcache during remount [ 1140.648030][T19108] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4643'. [ 1141.038331][T19099] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #12: comm syz.4.4642: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 1141.270098][T19114] loop3: detected capacity change from 0 to 2048 [ 1141.386214][T19114] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1141.415049][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1141.489866][T19124] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4646'. [ 1141.721412][T19127] loop4: detected capacity change from 0 to 128 [ 1141.746893][T19127] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1141.808013][T19125] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4648'. [ 1141.816784][T19125] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4648'. [ 1141.858292][T19127] ext4 filesystem being mounted at /329/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1141.880530][T19132] device bridge42 entered promiscuous mode [ 1141.896298][T19130] fuse: Unknown parameter '0x0000000000000008' [ 1141.978030][T19130] fuse: Bad value for 'user_id' [ 1142.327792][T19136] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4647'. [ 1142.721344][T19138] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4650'. [ 1142.730535][T19138] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4650'. [ 1142.771519][T19137] device bridge29 entered promiscuous mode [ 1142.829844][T19136] device bridge40 entered promiscuous mode [ 1143.040446][T19145] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4661'. [ 1143.244967][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1143.412042][T19151] syz.4.4653[19151] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1143.412113][T19151] syz.4.4653[19151] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1143.948764][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1144.026689][T19161] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4655'. [ 1144.035951][T19161] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4655'. [ 1144.142845][T19165] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1144.152338][T19165] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1144.186598][T19167] loop4: detected capacity change from 0 to 128 [ 1144.208071][T19167] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1144.216852][T19167] ext4 filesystem being mounted at /331/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1144.250179][T19158] device bridge31 entered promiscuous mode [ 1144.309456][T19164] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4656'. [ 1144.591231][T19175] device bridge41 entered promiscuous mode [ 1144.921816][T19184] loop3: detected capacity change from 0 to 128 [ 1144.948822][T19184] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1144.962434][T19184] ext4 filesystem being mounted at /300/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1145.262913][T19189] device bridge42 entered promiscuous mode [ 1145.358674][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1145.500689][T19193] fuse: Unknown parameter '0x0000000000000008' [ 1145.514618][T19193] fuse: Bad value for 'user_id' [ 1145.796440][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1147.373930][T19229] __nla_validate_parse: 6 callbacks suppressed [ 1147.373962][T19229] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4672'. [ 1148.249282][T19235] loop4: detected capacity change from 0 to 512 [ 1148.299273][T19242] fuse: Unknown parameter '0x0000000000000008' [ 1148.305523][T19242] fuse: Bad value for 'user_id' [ 1148.342521][T19227] kvm [19226]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x5500000800 [ 1148.353192][T19227] kvm [19226]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x7100000800 [ 1148.365630][T19227] kvm [19226]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0xa600000000 [ 1148.377282][T19227] kvm [19226]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0xb200000000 [ 1148.388782][T19235] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1148.417054][T19235] ext4 filesystem being mounted at /336/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1148.480791][T19252] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4676'. [ 1148.489632][T19252] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4676'. [ 1148.576837][T19253] device bridge30 entered promiscuous mode [ 1148.795085][T19247] loop3: detected capacity change from 0 to 40427 [ 1148.805631][T19247] F2FS-fs (loop3): fault_type options not supported [ 1148.812496][T19247] F2FS-fs (loop3): Unrecognized mount option "checkpoint=disablenoextent_cache" or missing value [ 1148.814263][T19235] EXT4-fs: Ignoring removed orlov option [ 1148.829209][T19235] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1148.837886][T19235] EXT4-fs (loop4): can't enable nombcache during remount [ 1148.926962][T19235] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #12: comm syz.4.4674: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 1149.501993][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1149.543343][T19271] loop4: detected capacity change from 0 to 128 [ 1149.699550][T19272] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4682'. [ 1149.750782][T19273] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4681'. [ 1149.828149][T19271] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1149.842073][T19271] ext4 filesystem being mounted at /337/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1150.453030][T19283] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4683'. [ 1150.461934][T19283] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4683'. [ 1150.584179][T19281] device bridge42 entered promiscuous mode [ 1150.768604][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1150.848268][T19296] fuse: Unknown parameter '0x0000000000000007' [ 1150.864700][T19296] fuse: Bad value for 'user_id' [ 1150.924351][T19298] loop4: detected capacity change from 0 to 128 [ 1150.971704][T19298] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1151.002541][T19298] ext4 filesystem being mounted at /340/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1151.236682][T19302] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4689'. [ 1151.245529][T19302] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4689'. [ 1151.329995][T19304] device bridge43 entered promiscuous mode [ 1151.642162][T19311] loop3: detected capacity change from 0 to 128 [ 1151.660646][T19311] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1151.678484][T19311] ext4 filesystem being mounted at /308/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1151.728197][T19306] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4690'. [ 1152.755119][T19321] __nla_validate_parse: 2 callbacks suppressed [ 1152.755139][T19321] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4692'. [ 1152.769907][T19321] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4692'. [ 1152.786449][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1152.848572][T19321] device bridge43 entered promiscuous mode [ 1152.878702][T19317] device bridge32 entered promiscuous mode [ 1153.070571][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1154.256070][T19334] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4696'. [ 1154.350819][T19345] fuse: Unknown parameter '0x0000000000000007' [ 1154.364917][T19345] fuse: Bad value for 'user_id' [ 1154.573196][T19352] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4697'. [ 1154.916116][T19358] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4701'. [ 1154.925159][T19358] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4701'. [ 1155.276175][T19361] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4702'. [ 1155.285125][T19361] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4702'. [ 1155.584346][T19358] device bridge43 entered promiscuous mode [ 1155.603537][T19363] device bridge31 entered promiscuous mode [ 1155.906243][T19350] loop4: detected capacity change from 0 to 40427 [ 1155.948528][T19350] F2FS-fs (loop4): fault_type options not supported [ 1155.965133][T19350] F2FS-fs (loop4): Unrecognized mount option "checkpoint=disablenoextent_cache" or missing value [ 1156.188441][T19372] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4705'. [ 1156.197359][T19372] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4705'. [ 1156.630930][T19369] device bridge32 entered promiscuous mode [ 1156.712956][T19376] device bridge33 entered promiscuous mode [ 1158.239062][T19400] fuse: Unknown parameter '0x0000000000000007' [ 1158.275459][T19404] loop4: detected capacity change from 0 to 128 [ 1158.291006][T19383] kvm [19382]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0xa00000000 [ 1158.325151][T19400] fuse: Bad value for 'user_id' [ 1158.354947][T19404] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1158.373537][T19404] ext4 filesystem being mounted at /343/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1158.685847][T19412] __nla_validate_parse: 3 callbacks suppressed [ 1158.685867][T19412] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4713'. [ 1159.306662][T19416] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4716'. [ 1159.315435][T19416] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4716'. [ 1159.324440][T19417] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4714'. [ 1159.333200][T19417] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4714'. [ 1159.597828][T19418] device bridge44 entered promiscuous mode [ 1159.697793][T19416] device bridge34 entered promiscuous mode [ 1159.896228][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1160.098651][T19435] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4719'. [ 1160.107500][T19435] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4719'. [ 1160.196364][T19436] device bridge33 entered promiscuous mode [ 1160.865694][T19439] device bridge35 entered promiscuous mode [ 1161.033589][T19453] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4724'. [ 1161.577712][ T28] audit: type=1326 audit(1735381551.405:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19455 comm="syz.0.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c66585d29 code=0x7ffc0000 [ 1161.607410][ T28] audit: type=1326 audit(1735381551.425:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19455 comm="syz.0.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f5c66585d29 code=0x7ffc0000 [ 1161.631156][ T28] audit: type=1326 audit(1735381551.425:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19455 comm="syz.0.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5c66585d63 code=0x7ffc0000 [ 1161.715860][ T28] audit: type=1326 audit(1735381551.425:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19455 comm="syz.0.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f5c665847df code=0x7ffc0000 [ 1161.747234][T19465] loop3: detected capacity change from 0 to 128 [ 1161.765453][T19465] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 1161.765789][ T28] audit: type=1326 audit(1735381551.435:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19455 comm="syz.0.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f5c66585db7 code=0x7ffc0000 [ 1161.799513][ T28] audit: type=1326 audit(1735381551.435:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19455 comm="syz.0.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5c66584690 code=0x7ffc0000 [ 1161.826521][ T28] audit: type=1326 audit(1735381551.435:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19455 comm="syz.0.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f5c6658498a code=0x7ffc0000 [ 1161.849873][ T28] audit: type=1326 audit(1735381551.435:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19455 comm="syz.0.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c66585d29 code=0x7ffc0000 [ 1161.873874][ T28] audit: type=1326 audit(1735381551.435:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19455 comm="syz.0.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7f5c66585d29 code=0x7ffc0000 [ 1161.881894][T19465] syz.3.4731: attempt to access beyond end of device [ 1161.881894][T19465] loop3: rw=0, sector=216, nr_sectors = 1 limit=128 [ 1161.897364][ T28] audit: type=1326 audit(1735381551.435:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19455 comm="syz.0.4727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c66585d29 code=0x7ffc0000 [ 1161.981982][ T421] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 1162.064825][T19503] loop4: detected capacity change from 0 to 128 [ 1162.081973][T19503] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 1162.126608][T19503] syz.4.4748: attempt to access beyond end of device [ 1162.126608][T19503] loop4: rw=2049, sector=209, nr_sectors = 832 limit=128 [ 1162.139656][T19511] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1162.159698][T19511] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1162.204600][T19511] device bridge1 left promiscuous mode [ 1162.220495][T19511] device bridge2 left promiscuous mode [ 1162.229811][ T421] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 1162.234257][T19511] device bridge3 left promiscuous mode [ 1162.245007][T19511] device bridge4 left promiscuous mode [ 1162.256961][T19511] device bridge5 left promiscuous mode [ 1162.284918][T19511] device bridge6 left promiscuous mode [ 1162.290766][T19533] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1162.297755][T19511] device bridge7 left promiscuous mode [ 1162.314562][T19511] device bridge8 left promiscuous mode [ 1162.325003][T19537] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1162.334189][T19511] device bridge9 left promiscuous mode [ 1162.344303][T19511] device bridge10 left promiscuous mode [ 1162.360846][T19511] device bridge11 left promiscuous mode [ 1162.362031][T19539] loop4: detected capacity change from 0 to 256 [ 1162.367643][T19511] device bridge12 left promiscuous mode [ 1162.379469][T19511] device bridge13 left promiscuous mode [ 1162.402437][T19511] device bridge14 left promiscuous mode [ 1162.424639][T19511] device bridge15 left promiscuous mode [ 1162.430831][T19511] device bridge16 left promiscuous mode [ 1162.454972][T19549] syz.2.4771[19549] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1162.455044][T19549] syz.2.4771[19549] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1162.462258][T19511] device bridge17 left promiscuous mode [ 1162.483573][T19511] device bridge18 left promiscuous mode [ 1162.491051][T19511] device bridge19 left promiscuous mode [ 1162.497790][T19511] device bridge20 left promiscuous mode [ 1162.503614][T19511] device bridge21 left promiscuous mode [ 1162.518485][T19511] device bridge23 left promiscuous mode [ 1162.531025][T19511] device bridge25 left promiscuous mode [ 1162.537744][T19511] device bridge26 left promiscuous mode [ 1162.543471][T19511] device bridge27 left promiscuous mode [ 1162.560842][T19511] device bridge28 left promiscuous mode [ 1162.566913][T19511] device bridge29 left promiscuous mode [ 1162.572622][T19511] device bridge30 left promiscuous mode [ 1162.578514][T19511] device bridge31 left promiscuous mode [ 1162.584461][T19511] device bridge32 left promiscuous mode [ 1162.590912][T19511] device bridge33 left promiscuous mode [ 1162.597484][T19511] device bridge34 left promiscuous mode [ 1162.603875][T19511] device bridge35 left promiscuous mode [ 1162.610032][T19511] device bridge36 left promiscuous mode [ 1162.617061][T19511] device bridge37 left promiscuous mode [ 1162.622923][T19511] device bridge38 left promiscuous mode [ 1162.629160][T19511] device bridge39 left promiscuous mode [ 1162.635091][T19511] device bridge40 left promiscuous mode [ 1162.727607][T19511] device bridge41 left promiscuous mode [ 1162.733756][T19511] device bridge42 left promiscuous mode [ 1162.740069][T19511] device bridge43 left promiscuous mode [ 1162.755471][T19414] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 1162.764143][T19414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1162.773503][T19414] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 1162.795805][T19414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1162.807121][T19414] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1162.817173][T19414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1162.828794][T19414] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1162.837364][T19414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1162.845938][T19557] device bridge0 entered promiscuous mode [ 1162.851779][T19571] loop4: detected capacity change from 0 to 512 [ 1162.858667][T19563] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4775'. [ 1162.870951][T19563] device bridge_slave_1 left promiscuous mode [ 1162.881799][T19563] bridge0: port 2(bridge_slave_1) entered disabled state [ 1162.889809][T19563] device bridge_slave_0 left promiscuous mode [ 1162.892717][T19571] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.4782: bg 0: block 248: padding at end of block bitmap is not set [ 1162.905158][T19563] bridge0: port 1(bridge_slave_0) entered disabled state [ 1162.920799][T19563] device bridge0 left promiscuous mode [ 1162.926407][T19571] EXT4-fs error (device loop4): ext4_acquire_dquot:6788: comm syz.4.4782: Failed to acquire dquot type 1 [ 1162.940606][T19585] syz.3.4785[19585] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1162.940619][T19571] EXT4-fs (loop4): 1 truncate cleaned up [ 1162.940678][T19585] syz.3.4785[19585] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1162.952655][T19571] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1162.978175][T19571] ext4 filesystem being mounted at /354/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1163.018572][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1163.060157][T19589] Invalid ELF header magic: != ELF [ 1163.077275][T19595] loop3: detected capacity change from 0 to 512 [ 1163.146358][T19609] netlink: 'syz.2.4796': attribute type 4 has an invalid length. [ 1163.154081][T19609] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.4796'. [ 1163.167125][T19595] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #15: comm syz.3.4789: casefold flag without casefold feature [ 1163.180422][T19595] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.4789: couldn't read orphan inode 15 (err -117) [ 1163.194432][T19595] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1163.325795][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1163.337654][T19621] loop4: detected capacity change from 0 to 512 [ 1163.399467][T19621] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1163.416555][T19621] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 1163.481341][T19621] EXT4-fs (loop4): 1 truncate cleaned up [ 1163.487197][T19621] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1163.647963][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1163.849393][T19642] loop3: detected capacity change from 0 to 1024 [ 1163.898589][T19642] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 1163.915394][T19642] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869) [ 1163.954006][T19642] EXT4-fs error (device loop3): ext4_get_journal_inode:5721: inode #32: comm 4s: iget: special inode unallocated [ 1163.979167][T19642] EXT4-fs (loop3): no journal found [ 1163.995315][T19642] EXT4-fs (loop3): can't get journal size [ 1164.035420][T19642] EXT4-fs error (device loop3): ext4_protect_reserved_inode:160: inode #32: comm 4s: iget: special inode unallocated [ 1164.056504][T19642] EXT4-fs (loop3): failed to initialize system zone (-117) [ 1164.064048][T19642] EXT4-fs (loop3): mount failed [ 1164.129302][T19653] serio: Serial port pts0 [ 1164.129802][T19654] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 1164.198717][T19665] syz.3.4818[19665] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1164.198787][T19665] syz.3.4818[19665] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1164.307233][T19673] loop3: detected capacity change from 0 to 1024 [ 1164.324933][T19673] EXT4-fs: Ignoring removed nobh option [ 1164.330591][T19673] EXT4-fs: Ignoring removed bh option [ 1164.336481][T19673] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1164.357696][T19673] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1164.383700][T19687] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 1164.394763][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1164.622927][T19715] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 1164.631200][T19717] loop3: detected capacity change from 0 to 512 [ 1164.644669][T19717] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1164.656903][T19717] EXT4-fs (loop3): 1 truncate cleaned up [ 1164.662510][T19717] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1164.666117][T19720] loop4: detected capacity change from 0 to 512 [ 1164.693430][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1164.699908][T19720] EXT4-fs (loop4): too many log groups per flexible block group [ 1164.707628][T19720] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 1164.714340][T19720] EXT4-fs (loop4): mount failed [ 1164.795620][T19729] loop4: detected capacity change from 0 to 512 [ 1164.798133][T19730] loop3: detected capacity change from 0 to 512 [ 1164.810983][T19730] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1164.822560][T19729] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1164.822773][T19730] EXT4-fs (loop3): 1 truncate cleaned up [ 1164.831693][T19729] ext4 filesystem being mounted at /370/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1164.836905][T19730] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1164.863393][T19729] 9pnet: Could not find request transport: {QmuB3wlLgNf{t:{ Ժw"b$"FD>۞J7KzWҒD~/I$ٶֹly>vr`ݽrk[޵jisnn3=kG7n~+Ӵ&}Kͦ5.ZF#b$H֞.?{ [ 1164.892275][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1164.903737][T13124] EXT4-fs (loop3): unmounting filesystem. [ 1164.936458][T19737] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4846'. [ 1164.971153][T19748] loop4: detected capacity change from 0 to 256 [ 1165.036569][T19755] 9pnet: Could not find request transport: rdma [ 1165.054955][T19759] loop4: detected capacity change from 0 to 512 [ 1165.074411][T19759] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 1165.334464][T19796] loop4: detected capacity change from 0 to 512 [ 1165.345356][T19796] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1165.378886][T19796] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1165.458909][T19796] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.4879: invalid indirect mapped block 4294967295 (level 1) [ 1165.475426][T19796] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.4879: invalid indirect mapped block 4294967295 (level 1) [ 1165.491383][T19796] EXT4-fs (loop4): 2 truncates cleaned up [ 1165.500069][T19796] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1165.538519][T19796] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz.4.4879: bg 0: block 5: invalid block bitmap [ 1165.582063][T12587] EXT4-fs (loop4): unmounting filesystem. [ 1165.838281][T19842] 9pnet: Could not find request transport: rdma [ 1165.917242][T19852] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4902'. [ 1166.014820][T19867] hub 9-0:1.0: USB hub found [ 1166.019521][T19867] hub 9-0:1.0: 1 port detected [ 1166.213242][T19893] SELinux: failed to load policy [ 1166.296403][T19907] syz.2.4929[19907] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1166.296471][T19907] syz.2.4929[19907] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1166.310589][T19905] loop3: detected capacity change from 0 to 512 [ 1166.360655][T19905] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1166.404191][T19905] EXT4-fs (loop3): 1 truncate cleaned up [ 1166.410081][T19905] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1166.425796][T19905] ================================================================== [ 1166.433687][T19905] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x909/0x1fa0 [ 1166.441223][T19905] Read of size 18446744073709551572 at addr ffff88812ffbf850 by task syz.3.4928/19905 [ 1166.450595][T19905] [ 1166.452765][T19905] CPU: 0 PID: 19905 Comm: syz.3.4928 Not tainted 6.1.118-syzkaller-00077-g3f924195e222 #0 [ 1166.462491][T19905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1166.472589][T19905] Call Trace: [ 1166.475714][T19905] [ 1166.478495][T19905] dump_stack_lvl+0x151/0x1b7 [ 1166.483004][T19905] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 1166.488294][T19905] ? _printk+0xd1/0x111 [ 1166.492290][T19905] ? __virt_addr_valid+0x242/0x2f0 [ 1166.497249][T19905] print_report+0x158/0x4e0 [ 1166.501586][T19905] ? __virt_addr_valid+0x242/0x2f0 [ 1166.506544][T19905] ? kasan_complete_mode_report_info+0x57/0x1b0 [ 1166.512598][T19905] ? ext4_xattr_set_entry+0x909/0x1fa0 [ 1166.517895][T19905] kasan_report+0x13c/0x170 [ 1166.522233][T19905] ? ext4_xattr_set_entry+0x909/0x1fa0 [ 1166.527543][T19905] kasan_check_range+0x294/0x2a0 [ 1166.532299][T19905] ? ext4_xattr_set_entry+0x909/0x1fa0 [ 1166.537596][T19905] memmove+0x2d/0x70 [ 1166.541330][T19905] ext4_xattr_set_entry+0x909/0x1fa0 [ 1166.546453][T19905] ? ext4_xattr_inode_lookup_create+0x1a60/0x1a60 [ 1166.552704][T19905] ? memcpy+0x56/0x70 [ 1166.556541][T19905] ext4_xattr_block_set+0x99c/0x37f0 [ 1166.561641][T19905] ? ext4_drop_inode+0x90/0x1a0 [ 1166.566327][T19905] ? __getblk_gfp+0x3d/0x7d0 [ 1166.570753][T19905] ? ext4_xattr_block_find+0x320/0x320 [ 1166.576044][T19905] ? xattr_find_entry+0x23c/0x300 [ 1166.580906][T19905] ? ext4_xattr_block_find+0x2ac/0x320 [ 1166.586209][T19905] ext4_expand_extra_isize_ea+0x10eb/0x1c40 [ 1166.592132][T19905] ? ext4_xattr_set+0x3d0/0x3d0 [ 1166.596803][T19905] ? rwsem_write_trylock+0x153/0x340 [ 1166.601926][T19905] ? dquot_initialize_needed+0x13d/0x370 [ 1166.607394][T19905] __ext4_expand_extra_isize+0x31a/0x420 [ 1166.612860][T19905] __ext4_mark_inode_dirty+0x4bb/0x7d0 [ 1166.618157][T19905] ? sb_end_intwrite+0x130/0x130 [ 1166.622928][T19905] ? current_time+0x1ba/0x300 [ 1166.627445][T19905] ? atime_needs_update+0x810/0x810 [ 1166.632474][T19905] ? __kasan_check_write+0x14/0x20 [ 1166.637423][T19905] ? drop_nlink+0xa9/0x110 [ 1166.641674][T19905] __ext4_unlink+0x6ed/0xba0 [ 1166.646102][T19905] ? __ext4_read_dirblock+0x8e0/0x8e0 [ 1166.651321][T19905] ? rwsem_mark_wake+0x770/0x770 [ 1166.656213][T19905] ext4_unlink+0x142/0x3f0 [ 1166.660464][T19905] vfs_unlink+0x38c/0x630 [ 1166.664634][T19905] do_unlinkat+0x483/0x920 [ 1166.668885][T19905] ? fsnotify_link_count+0x100/0x100 [ 1166.674002][T19905] ? strncpy_from_user+0x169/0x2b0 [ 1166.678954][T19905] ? getname_flags+0x1fd/0x520 [ 1166.683559][T19905] __x64_sys_unlink+0x49/0x50 [ 1166.688065][T19905] x64_sys_call+0x289/0x9a0 [ 1166.692401][T19905] do_syscall_64+0x3b/0xb0 [ 1166.696674][T19905] ? clear_bhb_loop+0x55/0xb0 [ 1166.701168][T19905] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1166.706899][T19905] RIP: 0033:0x7fde99585d29 [ 1166.711151][T19905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1166.730590][T19905] RSP: 002b:00007fde9a369038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 1166.738836][T19905] RAX: ffffffffffffffda RBX: 00007fde99775fa0 RCX: 00007fde99585d29 [ 1166.746649][T19905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 1166.754474][T19905] RBP: 00007fde99601b08 R08: 0000000000000000 R09: 0000000000000000 [ 1166.762278][T19905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1166.770081][T19905] R13: 0000000000000000 R14: 00007fde99775fa0 R15: 00007ffd95b8be48 [ 1166.777899][T19905] [ 1166.780757][T19905] [ 1166.782925][T19905] Allocated by task 19905: [ 1166.787179][T19905] kasan_set_track+0x4b/0x70 [ 1166.791606][T19905] kasan_save_alloc_info+0x1f/0x30 [ 1166.796565][T19905] __kasan_kmalloc+0x9c/0xb0 [ 1166.800989][T19905] __kmalloc_node_track_caller+0xb3/0x1e0 [ 1166.806534][T19905] kmemdup+0x29/0x60 [ 1166.810264][T19905] ext4_xattr_block_set+0x80f/0x37f0 [ 1166.815402][T19905] ext4_expand_extra_isize_ea+0x10eb/0x1c40 [ 1166.821115][T19905] __ext4_expand_extra_isize+0x31a/0x420 [ 1166.826595][T19905] __ext4_mark_inode_dirty+0x4bb/0x7d0 [ 1166.831875][T19905] __ext4_unlink+0x6ed/0xba0 [ 1166.836317][T19905] ext4_unlink+0x142/0x3f0 [ 1166.840586][T19905] vfs_unlink+0x38c/0x630 [ 1166.844723][T19905] do_unlinkat+0x483/0x920 [ 1166.848978][T19905] __x64_sys_unlink+0x49/0x50 [ 1166.853486][T19905] x64_sys_call+0x289/0x9a0 [ 1166.857833][T19905] do_syscall_64+0x3b/0xb0 [ 1166.862081][T19905] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1166.867810][T19905] [ 1166.869997][T19905] Last potentially related work creation: [ 1166.875536][T19905] kasan_save_stack+0x3b/0x60 [ 1166.880044][T19905] __kasan_record_aux_stack+0xb4/0xc0 [ 1166.885253][T19905] kasan_record_aux_stack_noalloc+0xb/0x10 [ 1166.890896][T19905] kvfree_call_rcu+0x9f/0x800 [ 1166.895409][T19905] drop_sysctl_table+0x311/0x450 [ 1166.900185][T19905] unregister_sysctl_table+0x76/0x120 [ 1166.905389][T19905] unregister_net_sysctl_table+0x15/0x20 [ 1166.910858][T19905] neigh_sysctl_unregister+0x78/0x90 [ 1166.915977][T19905] inetdev_event+0x848/0x1110 [ 1166.920494][T19905] raw_notifier_call_chain+0x8c/0xf0 [ 1166.925636][T19905] unregister_netdevice_many+0xe25/0x1730 [ 1166.931167][T19905] default_device_exit_batch+0x975/0xa00 [ 1166.936638][T19905] cleanup_net+0x6c9/0xbf0 [ 1166.940889][T19905] process_one_work+0x73d/0xcb0 [ 1166.945573][T19905] worker_thread+0xa60/0x1260 [ 1166.950095][T19905] kthread+0x26d/0x300 [ 1166.953992][T19905] ret_from_fork+0x1f/0x30 [ 1166.958244][T19905] [ 1166.960434][T19905] The buggy address belongs to the object at ffff88812ffbf800 [ 1166.960434][T19905] which belongs to the cache kmalloc-1k of size 1024 [ 1166.974305][T19905] The buggy address is located 80 bytes inside of [ 1166.974305][T19905] 1024-byte region [ffff88812ffbf800, ffff88812ffbfc00) [ 1166.987422][T19905] [ 1166.989580][T19905] The buggy address belongs to the physical page: [ 1166.995829][T19905] page:ffffea0004bfee00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12ffb8 [ 1167.005896][T19905] head:ffffea0004bfee00 order:3 compound_mapcount:0 compound_pincount:0 [ 1167.014083][T19905] flags: 0x4000000000010200(slab|head|zone=1) [ 1167.019963][T19905] raw: 4000000000010200 ffffea00043bac00 dead000000000002 ffff888100043080 [ 1167.028382][T19905] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 1167.036798][T19905] page dumped because: kasan: bad access detected [ 1167.043049][T19905] page_owner tracks the page as allocated [ 1167.048607][T19905] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 292, tgid 292 (syz-executor), ts 21214559137, free_ts 0 [ 1167.068736][T19905] post_alloc_hook+0x213/0x220 [ 1167.073333][T19905] prep_new_page+0x1b/0x110 [ 1167.077682][T19905] get_page_from_freelist+0x2f41/0x2fc0 [ 1167.083075][T19905] __alloc_pages+0x234/0x610 [ 1167.087485][T19905] alloc_slab_page+0x6c/0xf0 [ 1167.091908][T19905] new_slab+0x90/0x3e0 [ 1167.095811][T19905] ___slab_alloc+0x6f9/0xb80 [ 1167.100238][T19905] __slab_alloc+0x5d/0xa0 [ 1167.104407][T19905] __kmem_cache_alloc_node+0x207/0x2a0 [ 1167.109700][T19905] __kmalloc_node_track_caller+0xa2/0x1e0 [ 1167.115255][T19905] __alloc_skb+0x125/0x2d0 [ 1167.119510][T19905] ethnl_default_notify+0x21e/0x610 [ 1167.124543][T19905] ethtool_notify+0xc1/0x1a0 [ 1167.128966][T19905] ethnl_netdev_event+0x58/0x70 [ 1167.133653][T19905] raw_notifier_call_chain+0x8c/0xf0 [ 1167.138775][T19905] netdev_update_features+0x159/0x1c0 [ 1167.143982][T19905] page_owner free stack trace missing [ 1167.149227][T19905] [ 1167.151368][T19905] Memory state around the buggy address: [ 1167.156835][T19905] ffff88812ffbf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1167.164728][T19905] ffff88812ffbf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1167.172629][T19905] >ffff88812ffbf800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1167.180523][T19905] ^ [ 1167.187035][T19905] ffff88812ffbf880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1167.194933][T19905] ffff88812ffbf900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1167.202828][T19905] ================================================================== [ 1167.212433][T19905] Disabling lock debugging due to kernel taint [ 1167.266169][T13124] EXT4-fs (loop3): unmounting filesystem.