last executing test programs: 1.801896545s ago: executing program 4 (id=1525): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x4, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") 1.63825161s ago: executing program 4 (id=1535): r0 = socket$inet_sctp(0x2, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000300)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f00000000c0)=0x8) listen(r0, 0x9) 1.626317601s ago: executing program 4 (id=1538): openat$random(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002) r1 = dup(r0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 1.286195202s ago: executing program 2 (id=1553): r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) preadv(r0, &(0x7f00000007c0)=[{&(0x7f0000000280)=""/6, 0x6}, {&(0x7f00000002c0)=""/89, 0x59}, {&(0x7f0000000340)=""/148, 0x94}, {&(0x7f0000000400)=""/24, 0x18}, {&(0x7f0000000440)=""/174, 0xae}, {&(0x7f0000000500)=""/107, 0x6b}, {&(0x7f0000000c00)=""/4096, 0x1000}], 0x7, 0x3, 0x2) 1.221983758s ago: executing program 3 (id=1557): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.221858758s ago: executing program 2 (id=1558): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000001100)=0x8, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000200)=0x7fffffff, 0x4) 1.221698948s ago: executing program 0 (id=1559): setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000000)=[@in], 0x10) r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x76, &(0x7f0000000140)=@assoc_value={r2}, 0x8) 1.211735099s ago: executing program 3 (id=1560): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0500000004000000e47f000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000000400000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000009c0)='kfree\x00', r1, 0x0, 0xc3}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a8, 0x1d8, 0x12, 0x60d, 0x0, 0x202, 0x2d8, 0x2e8, 0x2e8, 0x2d8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private1, @remote, [], [], 'veth0_to_team\x00', 'macsec0\x00'}, 0x0, 0x190, 0x1d8, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "000000165a2e2e0617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f672225d6147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac05a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x7, 0x2}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@hl={{0x28}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408) 1.20603923s ago: executing program 0 (id=1561): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00'}, 0x10) r0 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r0, &(0x7f0000000100)={0x2, 0x0, @remote}, 0x10) r1 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) 1.146352235s ago: executing program 0 (id=1562): mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 1.146096775s ago: executing program 3 (id=1563): r0 = syz_io_uring_setup(0x24fb, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x3694, &(0x7f0000000180), &(0x7f0000000000)=0x0, &(0x7f0000000700)) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000940)=@IORING_OP_RECVMSG={0xa, 0x0, 0x1, r3, 0x0, &(0x7f0000000900)={0x0, 0x0, 0x0}}) io_uring_enter(r0, 0x296f, 0x0, 0x0, 0x0, 0x0) 1.145938195s ago: executing program 3 (id=1564): mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f00000000c0)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x130) 1.145691505s ago: executing program 3 (id=1565): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00', @ANYRES16, @ANYBLOB="0100000009000000000014000000180001801400"], 0x3c}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000001"], 0x24}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001d00"], 0x114}], 0x1}, 0x0) 938.336664ms ago: executing program 3 (id=1568): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000741000/0x4000)=nil, 0x4000) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x0, &(0x7f0000000140), 0x0, 0x4) 717.461515ms ago: executing program 4 (id=1574): syz_mount_image$ext4(&(0x7f0000000c80)='ext4\x00', &(0x7f0000001100)='./file0\x00', 0x3000490, &(0x7f0000000340)={[{@nojournal_checksum}, {@usrjquota}, {@errors_remount}, {@discard}, {@auto_da_alloc}, {@mblk_io_submit}, {@nouid32}, {@barrier_val}, {@grpjquota}, {}]}, 0x45, 0x7d2, &(0x7f0000001940)="$eJzs3c9vG1kdAPDvOM7PFhIkJCinSAioVNUhJbQgIRHEASFRqRKcONBGjhuVOHEVO1UTRbQVQuKCBIgbXHqBA7C7l9Ve98dhL7v/x6pVdzettqs9rLwae5w4iZ112sTpj89Hmua9mTd+8533/OY1M7EDeGlNpv/kIk5FxF+TiPFsfRIRg41UPmK2We7x5kYxXZKo13/9UdIo82hzoxht+6ROZJlvRsTbf4o4k9tbb3VtfXGuXC6tZPmp2tL1qera+tlrS3MLpYXS8vnpmZlzF3544fzhxfrJ++sn7//tF997ZfazP37j1b+8k8RsnMy2tcdxWCZjMjsng+kp3OHnh13ZsXn9Dz0UausB+aM8GA4obZiBrFVOxXgM7Nc+o/08MgDgqNyKiHo3A123AADPtaR5/f9p5637TgGS7lMHAODZ1fo9wKPNjWJrOd7fSPTXg59FxEgz/tb9zeaWfHbPbqRxH3TsUbLjzkgSEROHUP9kRPzrjd/9L13iiO5DAnRy+05EXJmY3Dv+J3ueWTio73devdCemdy10fgH/fNmOv/5Uaf5X25r/hMd5j/DHd67T+LL3/+5e4dQTVfp/O8nbc+2PW6LPzMxkOW+0pjzDSZXr5VL6dj21Yg4HYPDaX56nzpOP/z84d6162Oxa/738d9//9+0/vTndrncvfzwzj3n52pzTx145sGdiG/lO8Wfjv/DjfZPusx/L/VYxy9//Od/dtuWxp/G21r2xn+06ncjvtux/ZOtMsm+zydONbrDVKtTdPDabIx1q38yv93+6ZLW3/q/QD+k7T+2f/wTSfvzmtWeX3rrabH37o6/1a1Qe//vHH/n/j+U/KaRHsrW3Zyr1VamI4aSX+1df2573yz/n8jKp/Gf/nbn939r/OvQ/3+bvv6VHk9E/v6H/3/y+I9WGv/8gdr/wIkYebw40K3+3tp/Zsc++45/Wa/r9QCf5twBAAAAAAAAAAAAAAAAAAAAAAAAQK9yEXEyklxhK53LFQrN7/D+eozlypVq7czVyuryfDS+K3siBnOtj7ocb/s81Ons8/Bb+XO78j+IiK9FxD+GRxv5QrFSnj/u4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgc6LL9/+nPhjeVXjgOI4QADgSIy7sAPCySfL54z4EAKDfRg5UevTIjgMA6J+DXf8BgBeB6z8AvHy6Xv+/8+96PWL3nwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAQV26eDFd6p9ubhTT/PyNtdXFyo2z86XqYmFptVgoVlauFxYqlYVyqVCsLHV9odvNH+VK5fpMLK/enKqVqrWp6tr65aXK6nLt8rWluYXS5dJg3yIDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgN5V19YX58rl0sr+iXrTrZ4KS/SeWHy32Q7PyvG8OIk7fTmrcbvZfs9EyIeaiKHtUWL0eAYnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOfAFwEAAP//+3Mm3w==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000200), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 362.131997ms ago: executing program 1 (id=1580): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002004007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000440)='asymmetric\x00', &(0x7f0000000100)=@chain) 361.832147ms ago: executing program 4 (id=1581): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, 0x0, 0xfffffcdd) r3 = dup3(r0, r2, 0x80000) setsockopt$packet_add_memb(r3, 0x107, 0x1, 0x0, 0x0) 361.664597ms ago: executing program 2 (id=1582): r0 = epoll_create1(0x0) iopl(0x3) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000600)={0x20000000}) 304.418332ms ago: executing program 1 (id=1583): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x54) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, r2}, 0x10) 304.260502ms ago: executing program 1 (id=1584): r0 = getpid() process_vm_readv(r0, &(0x7f0000008400), 0x0, &(0x7f0000008640), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000011c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_clone3(&(0x7f0000000400)={0x200000, &(0x7f0000000000), 0x0, &(0x7f00000000c0), {0x8}, 0x0, 0x0, &(0x7f0000000380)=""/113, &(0x7f00000001c0)=[r0, r0, 0x0, 0x0, r0, 0x0], 0x6}, 0x58) 237.259479ms ago: executing program 0 (id=1585): r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) setsockopt$sock_attach_bpf(r0, 0x107, 0x8, &(0x7f00000000c0), 0x2a) recvmsg$kcm(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) 232.774059ms ago: executing program 1 (id=1586): openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2}, 0x20) 165.200055ms ago: executing program 4 (id=1587): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000105f00"], 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r1, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) 165.046045ms ago: executing program 1 (id=1588): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000280)={[{@errors_remount}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x10000}}, {@block_validity}, {@quota}]}, 0x3, 0x44d, &(0x7f0000000a40)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IEDIJA4gITEpRxDklalboOaINGqgoBQOaJK3BFHJP4CTnBBwAmJK9xRpQrlQuFktPZu/IjtJsGJS/35SNvM7I498/Xs2LM73QAG1lj2TxKxNyJ+jYiRWra5wFjtz82VK7N/rVyZTaJSefOPpFruz5Urs0XR4nV78sx4GpF+ksThNvUuXrp8bqZcnr+Y5yeXzr87uXjp8tNnz8+cmT8zf2H65MkTx6eee3b6mZ7EeVfW1kMfLBw5+Opb116fPXXt7R+/Tor4W+LokbFuBx+rVHpcXX/ta0gnQ31sCBtSioisu4ar438kSlHvvJF45eO+Ng7YUpVch8PLFeAOlkS/WwD0R/FDn13/Ftv2zT7678aLtQugLO6b+VY7MhRp1C6Mhluub3tpLCJOLf/9RbbF1tyHAABo8m02/3mq3fwvjXsbyv0/XxsazddS9kfE3RFxICLuiaiWvS8i7t9g/a2LJGvnP+n1TQW2Ttn87/l8bat5/pcWRUZLeW5fNTOcnD5bnj+WfybjMbwzy091qeO7l3/5rNOxxvlftmX1F3PBvB3Xh3Y2v2ZuZmnm38Tc6MZHEYeG2sWfrK4EJBFxMCIObbKOs098daTTsdb4K0m3d3qhOduDdabKlxGP1/p/OVriLyTd1ycn/xfl+WOTxVmx1k8/X32jU/237v+tlfX/7rbn/2r8o0njeu3ixuu4+tunHa9pJjZ1/td37Mj/vj+ztHRxKmJH8lqt0Y37p+uvLfJF+Sz+8aPtx//+qH8ShyMiO4kfiIgHI+KhvO8ejohHIuJol/h/eOnRdzodux36f66l/0ebi7T0fz2xI1r3tE+Uzn3/TfM71pPr+/47UU2N53vW8/23nnZt7mwGAACA/540IvZGkk6sptN0YqL2f/gPxO60vLC49OTphfcuzNWeERiN4bS401W7H1y7HzqVX9YX+emW/PH8vvHnpV3V/MTsQnmu38HDgNvTYfxnfi/1u3XAlvO8Fgwu4x8Gl/EPg8v4h8HVZvzv6kc7gO3X7vf/w3qyMrKdjQG2Vcv4t+wHA8T1Pwwu4x8GV+P47/r8PXAnWdwVt35IXkJiTSLS26IZvUkkWzwK9vY7wI0n+v3NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bv/BAAA///oO+WP") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 155.671916ms ago: executing program 0 (id=1589): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x520, 0x340, 0x25, 0x148, 0x0, 0x60, 0x488, 0x2a8, 0x2a8, 0x488, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@set={{0x40}}, @common=@unspec=@statistic={{0x38}}]}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x580) 150.253366ms ago: executing program 2 (id=1590): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) set_tid_address(0x0) 70.335224ms ago: executing program 2 (id=1591): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4206, r0) rt_sigqueueinfo(r0, 0x14, &(0x7f0000000080)={0x19, 0x5d, 0x401}) ptrace(0x4207, r0) ptrace$ARCH_GET_FS(0x1e, r0, &(0x7f0000000000), 0x1003) 70.165434ms ago: executing program 0 (id=1592): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x183442, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f00000000c0)=0x4) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f00000002c0)) write$ppp(r0, &(0x7f00000003c0)='\x00!', 0x100000) 66.285184ms ago: executing program 2 (id=1593): r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x1, 0x201, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x800, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0xc, &(0x7f0000000880)=ANY=[@ANYRESHEX=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000000e80)=ANY=[@ANYBLOB="8500000061000000350000000000000085000000230000009500000000000000f4670880271e3542dfa8ba6287066c5197fabc5f7010e81a15202164afe0b737126ea6f7dc39cd340101000000000000e22ff5dde54704d25c79949c23e20100000000000000c09cc28de194f40800000000b0d3712c7e93366796c7224a0c2c0213af2ecdf3c075e3d800000104f4b1fc30dc914bc16543d4baa2bb755af3d576090c4867a7b6393e366c6386d5ec7209d031f40f3012e95752003b2f7846c744ae6af3c037102124d8eb0000000000000000000000006aac3abe6c4d7f47ef6d02bad9dddacecf7eaa4a9779f8555ed6aea768c1f28221c110ed050000000ee282ab76ef93d96bc46a7c04b8c5327592686ba3f12ac6cba00b1b2da951667d0276a0327b56c0ebfb19b3426887b6f1b6070e0ce1f844ce32a9988ca042dca52fbb8c1452b651ebf942f7297f7b66254c567b7983f60f2744419a2f238f173d0000003cf4fbd775d9c07d8d591a4dac60ff00a629b3b200000000000000000000000009001d004e41ff9b4d00e07ff771cea08bea1fb4c4c43f74936f333e3ae44f7ddd2fb35d4c46392ae855531b1eaf40aee8c94fd812e40f14c519a264ff3c572eecd5f6ca98b55e78f8d94f57ed7e6a3ab5dd9a4adedbdf0e58f58eb2e83500000000000000934c92002eace9a8d6f3dd008acf8a5c0fb433678060ac0e201e401fb1711d41f45d90a1e19795c995ff7d0020ecccf41d81c8c510cf773171407191872d0e3e62dd578d590e62ff74d667477ac69a806d4552084a87f74fdfc117d4975576c102976c1ef70ceac9ff714bab1f59f8ebd67f2aca41706c147e3e0d3e557de0349c5ca80f10361bedc4832ae62a2b745ef6587710a82c2e27bacc81877b996a708c3a9235bdbec2cde0cfca78205439b4fd312c7106000000000000000000000000df83e1a6c37e26d8f98d7e9419275bc3bba633b47d00"/720], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0x90, 0x0, &(0x7f0000000880)="61df712bc884fed5722780b686dd", 0x0, 0x8000, 0x0, 0xfffffffffffffeca, 0x0, &(0x7f0000000000), &(0x7f0000000800)="ffe200004e379b19393a41afde6b0b1235c1278ebf59a5d4d697bc199e060b675b46d4ff37c7f91ceaa6790cd8570f080b0d2375918cd7dfcf26aa90dc6a5617be488475b892958512c8e814c24d7efc26f9f2512dec8c759773c42a2fca2735984613809a78eb", 0x0, 0x2}, 0x28) 0s ago: executing program 1 (id=1594): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x12, r0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}}, 0x1c) kernel console output (not intermixed with test programs): dge0: port 1(bridge_slave_0) entered blocking state [ 30.926040][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.944879][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.951976][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.976028][ T3268] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.984907][ T3264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.009067][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.016255][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.032689][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.039807][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.053760][ T3270] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.065778][ T3264] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.077803][ T1600] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.084877][ T1600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.097009][ T3270] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.113073][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.120234][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.135683][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.142830][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.173761][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.180852][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.196844][ T3264] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 31.207311][ T3264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 31.246133][ T3270] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 31.256657][ T3270] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 31.288170][ T3269] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.298653][ T3265] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.331398][ T3268] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.361238][ T3264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.428206][ T3270] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.509856][ T3269] veth0_vlan: entered promiscuous mode [ 31.521297][ T3265] veth0_vlan: entered promiscuous mode [ 31.531657][ T3268] veth0_vlan: entered promiscuous mode [ 31.541630][ T3265] veth1_vlan: entered promiscuous mode [ 31.550410][ T3269] veth1_vlan: entered promiscuous mode [ 31.572599][ T3268] veth1_vlan: entered promiscuous mode [ 31.585148][ T3264] veth0_vlan: entered promiscuous mode [ 31.596112][ T3264] veth1_vlan: entered promiscuous mode [ 31.610354][ T3265] veth0_macvtap: entered promiscuous mode [ 31.621771][ T3265] veth1_macvtap: entered promiscuous mode [ 31.635859][ T3269] veth0_macvtap: entered promiscuous mode [ 31.651583][ T3269] veth1_macvtap: entered promiscuous mode [ 31.660845][ T3268] veth0_macvtap: entered promiscuous mode [ 31.668125][ T3264] veth0_macvtap: entered promiscuous mode [ 31.682089][ T3265] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.691256][ T3265] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.699064][ T3264] veth1_macvtap: entered promiscuous mode [ 31.710008][ T3268] veth1_macvtap: entered promiscuous mode [ 31.727652][ T3265] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.736507][ T3265] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.745319][ T3265] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.754075][ T3265] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.764813][ T3268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 31.775323][ T3268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.785969][ T3268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.800039][ T3264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 31.810543][ T3264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.820398][ T3264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 31.830920][ T3264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.841841][ T3264] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.851965][ T3264] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 31.862632][ T3264] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.873563][ T3264] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.881598][ T3270] veth0_vlan: entered promiscuous mode [ 31.888235][ T3268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 31.898835][ T3268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.908699][ T3268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 31.919201][ T3268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 31.929927][ T3268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.943873][ T3264] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.952699][ T3264] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.961575][ T3264] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.970369][ T3264] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.984104][ T3268] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.992875][ T3268] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.001733][ T3268] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.010543][ T3268] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.024607][ T3270] veth1_vlan: entered promiscuous mode [ 32.033057][ T3269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.043699][ T3269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.053665][ T3269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.064202][ T3269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.074128][ T3269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.084704][ T3269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.096072][ T3269] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.113323][ T3269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.123920][ T3269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.134047][ T3269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.144586][ T3269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.154623][ T3269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.165086][ T3269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.176988][ T3269] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.192531][ T3269] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.201557][ T3269] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.210318][ T3269] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.219045][ T3269] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.229071][ T3265] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 32.235315][ T3270] veth0_macvtap: entered promiscuous mode [ 32.281165][ T3270] veth1_macvtap: entered promiscuous mode [ 32.292779][ T29] kauditd_printk_skb: 30 callbacks suppressed [ 32.292797][ T29] audit: type=1400 audit(1727905986.000:122): avc: denied { write } for pid=3403 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 32.318238][ T29] audit: type=1400 audit(1727905986.000:123): avc: denied { connect } for pid=3403 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 32.337498][ T29] audit: type=1400 audit(1727905986.000:124): avc: denied { name_connect } for pid=3403 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 32.388467][ T3270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.390540][ T29] audit: type=1400 audit(1727905986.100:125): avc: denied { shutdown } for pid=3403 comm="syz.2.3" lport=52241 faddr=fc01:: scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 32.398937][ T3270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.398953][ T3270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.398971][ T3270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.451518][ T3270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.462008][ T3270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.471857][ T3270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.482548][ T3270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.495551][ T3270] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.502056][ T29] audit: type=1400 audit(1727905986.140:126): avc: denied { setopt } for pid=3408 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 32.522124][ T29] audit: type=1400 audit(1727905986.160:127): avc: denied { getopt } for pid=3403 comm="syz.2.3" lport=52241 faddr=fc01:: scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 32.543716][ T29] audit: type=1400 audit(1727905986.200:128): avc: denied { prog_load } for pid=3412 comm="syz.3.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 32.562560][ T29] audit: type=1400 audit(1727905986.200:129): avc: denied { bpf } for pid=3412 comm="syz.3.6" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 32.573022][ T3270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.582809][ T29] audit: type=1400 audit(1727905986.200:130): avc: denied { perfmon } for pid=3412 comm="syz.3.6" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 32.593221][ T3270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.624053][ T3270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.634567][ T3270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.644659][ T3270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.655232][ T3270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.655803][ T29] audit: type=1400 audit(1727905986.360:131): avc: denied { prog_run } for pid=3415 comm="syz.3.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 32.665093][ T3270] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.665112][ T3270] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.709737][ T3270] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.719370][ T3270] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.728131][ T3270] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.737412][ T3270] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.746212][ T3270] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.861628][ T3429] SELinux: failed to load policy [ 32.931256][ T3439] loop4: detected capacity change from 0 to 128 [ 33.033669][ T3449] mmap: syz.3.19 (3449) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 33.034950][ T3447] loop0: detected capacity change from 0 to 1024 [ 33.092300][ T2967] udevd[2967]: worker [3255] terminated by signal 33 (Unknown signal 33) [ 33.127264][ T3447] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.141046][ T3460] IPVS: stopping master sync thread 3467 ... [ 33.147233][ T3467] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 33.178183][ T3459] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 33.217620][ T3462] SELinux: security_context_str_to_sid (u) failed with errno=-22 [ 33.220914][ T3471] loop1: detected capacity change from 0 to 512 [ 33.232079][ T3473] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.253995][ T3477] loop4: detected capacity change from 0 to 1024 [ 33.262624][ T3471] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.28: corrupted in-inode xattr: invalid ea_ino [ 33.280843][ T3477] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=2042c11c, mo2=0002] [ 33.295721][ T3471] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.28: couldn't read orphan inode 15 (err -117) [ 33.325282][ T3477] System zones: 0-1, 3-12 [ 33.338146][ T3477] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.363083][ T3471] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.385113][ T3486] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.443009][ T3270] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.466662][ T3492] netlink: 176 bytes leftover after parsing attributes in process `syz.2.36'. [ 33.475899][ T3471] syz.1.28 (3471) used greatest stack depth: 10752 bytes left [ 33.504504][ T3264] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.506601][ T3494] loop4: detected capacity change from 0 to 512 [ 33.579932][ T3494] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 33.593195][ T3494] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 33.628621][ T3494] EXT4-fs (loop4): 1 truncate cleaned up [ 33.635802][ T3494] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.678191][ T3494] syz.4.35[3494] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.678260][ T3494] syz.4.35[3494] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.703348][ T3494] syz.4.35[3494] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.756700][ T3494] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.35: corrupted in-inode xattr: overlapping e_value [ 33.796210][ T3447] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 33.808473][ T3447] EXT4-fs (loop0): This should not happen!! Data will be lost [ 33.808473][ T3447] [ 33.818175][ T3447] EXT4-fs (loop0): Total free blocks count 0 [ 33.824535][ T3447] EXT4-fs (loop0): Free/Dirty block details [ 33.826955][ T3494] EXT4-fs warning (device loop4): ext4_xattr_set_entry:1772: inode #15: comm syz.4.35: unable to update i_inline_off [ 33.830476][ T3447] EXT4-fs (loop0): free_blocks=68451041280 [ 33.842849][ T3494] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2862: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 33.848738][ T3447] EXT4-fs (loop0): dirty_blocks=16400 [ 33.864262][ T3494] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.35: corrupted in-inode xattr: overlapping e_value [ 33.867247][ T3447] EXT4-fs (loop0): Block reservation details [ 33.887229][ T3447] EXT4-fs (loop0): i_reserved_data_blocks=1025 [ 33.964774][ T3270] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.989598][ T3387] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2048 with error 28 [ 34.299887][ T3578] syz.0.72[3578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.299957][ T3578] syz.0.72[3578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.314196][ T3578] syz.0.72[3578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.329784][ T3580] Driver unsupported XDP return value 0 on prog (id 48) dev N/A, expect packet loss! [ 34.354697][ T3582] netlink: 8 bytes leftover after parsing attributes in process `syz.2.74'. [ 34.433056][ T3594] loop3: detected capacity change from 0 to 1024 [ 34.442451][ T3594] journal_path: Lookup failure for './file1' [ 34.448627][ T3594] EXT4-fs: error: could not find journal device path [ 34.608384][ T3621] tmpfs: Bad value for 'mpol' [ 34.628396][ T3623] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 34.649925][ T3625] process 'syz.3.93' launched './file0' with NULL argv: empty string added [ 34.691525][ T3629] netlink: 36 bytes leftover after parsing attributes in process `syz.3.95'. [ 34.866023][ T3646] syz.3.101[3646] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.866099][ T3646] syz.3.101[3646] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.877644][ T3646] syz.3.101[3646] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.922976][ T3655] netlink: 'syz.4.102': attribute type 3 has an invalid length. [ 35.033276][ T3679] loop4: detected capacity change from 0 to 512 [ 35.055961][ T3679] EXT4-fs: Ignoring removed oldalloc option [ 35.085716][ T3679] EXT4-fs error (device loop4): ext4_xattr_inode_iget:436: comm syz.4.107: Parent and EA inode have the same ino 15 [ 35.107262][ T3679] EXT4-fs (loop4): Remounting filesystem read-only [ 35.113846][ T3679] EXT4-fs warning (device loop4): ext4_evict_inode:259: couldn't mark inode dirty (err -5) [ 35.131361][ T3679] EXT4-fs (loop4): 1 orphan inode deleted [ 35.144659][ T3679] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.163456][ T3679] SELinux: (dev loop4, type ext4) getxattr errno 5 [ 35.175564][ T3679] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.197549][ T3707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 35.218925][ T3707] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 35.330606][ T3728] syz.2.119 uses obsolete (PF_INET,SOCK_PACKET) [ 35.335199][ C0] hrtimer: interrupt took 37064 ns [ 35.445741][ T3746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 35.464817][ T3746] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 35.621013][ T3772] loop0: detected capacity change from 0 to 512 [ 35.656239][ T3777] syz.4.133 (3777) used greatest stack depth: 10688 bytes left [ 35.666676][ T3772] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.698221][ T3772] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.704035][ T3789] loop4: detected capacity change from 0 to 256 [ 35.715720][ T3789] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 35.742372][ T3789] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.770424][ T3269] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.152745][ T3862] tmpfs: Bad value for 'nr_blocks' [ 36.200357][ T3876] tipc: Started in network mode [ 36.205325][ T3876] tipc: Node identity -, cluster identity 4711 [ 36.211598][ T3876] tipc: Enabling of bearer rejected, failed to enable media [ 36.221021][ T3872] SELinux: Context system_u:object_r:var_t:s0 is not valid (left unmapped). [ 36.237307][ T3874] xt_connbytes: Forcing CT accounting to be enabled [ 36.244132][ T3874] Cannot find add_set index 0 as target [ 36.293203][ T3884] binfmt_misc: register: failed to install interpreter file ./file0/../file0 [ 36.448094][ T3909] loop0: detected capacity change from 0 to 1024 [ 36.459180][ T3909] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.493980][ T3269] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.504827][ T3913] syz.4.180[3913] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.536722][ T3921] loop3: detected capacity change from 0 to 128 [ 36.566762][ T3921] syz.3.185: attempt to access beyond end of device [ 36.566762][ T3921] loop3: rw=2049, sector=129, nr_sectors = 104 limit=128 [ 36.621095][ T3933] hub 9-0:1.0: USB hub found [ 36.625957][ T3933] hub 9-0:1.0: 8 ports detected [ 36.937481][ T3955] loop3: detected capacity change from 0 to 512 [ 36.944032][ T3955] ======================================================= [ 36.944032][ T3955] WARNING: The mand mount option has been deprecated and [ 36.944032][ T3955] and is ignored by this kernel. Remove the mand [ 36.944032][ T3955] option from the mount to silence this warning. [ 36.944032][ T3955] ======================================================= [ 36.998076][ T3955] EXT4-fs (loop3): orphan cleanup on readonly fs [ 37.008674][ T3955] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.199: bg 0: block 248: padding at end of block bitmap is not set [ 37.025665][ T3955] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.199: Failed to acquire dquot type 1 [ 37.037549][ T3955] EXT4-fs (loop3): 1 truncate cleaned up [ 37.058000][ T3955] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 37.072694][ T3955] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.124503][ T3955] syz.3.199 (3955) used greatest stack depth: 9376 bytes left [ 37.178076][ T3984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.213'. [ 37.187929][ T3984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.213'. [ 37.307928][ T29] kauditd_printk_skb: 375 callbacks suppressed [ 37.307945][ T29] audit: type=1400 audit(1727905991.025:505): avc: denied { mount } for pid=4005 comm="syz.4.223" name="/" dev="ramfs" ino=5582 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 37.308026][ T4009] netlink: 8280 bytes leftover after parsing attributes in process `syz.1.224'. [ 37.318416][ T29] audit: type=1400 audit(1727905991.035:506): avc: denied { read } for pid=2949 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 37.337678][ T4009] netlink: 8280 bytes leftover after parsing attributes in process `syz.1.224'. [ 37.345342][ T29] audit: type=1400 audit(1727905991.035:507): avc: denied { search } for pid=2949 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 37.389348][ T4011] netlink: 4 bytes leftover after parsing attributes in process `syz.2.225'. [ 37.398675][ T29] audit: type=1400 audit(1727905991.035:508): avc: denied { open } for pid=2949 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 37.429781][ T29] audit: type=1400 audit(1727905991.035:509): avc: denied { getattr } for pid=2949 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 37.452848][ T29] audit: type=1400 audit(1727905991.085:510): avc: denied { bind } for pid=4010 comm="syz.2.225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 37.512644][ T29] audit: type=1400 audit(1727905991.215:511): avc: denied { create } for pid=4016 comm="syz.1.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 37.532822][ T29] audit: type=1400 audit(1727905991.215:512): avc: denied { setopt } for pid=4016 comm="syz.1.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 37.555966][ T29] audit: type=1400 audit(1727905991.225:513): avc: denied { create } for pid=4018 comm="syz.1.229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 37.575774][ T29] audit: type=1400 audit(1727905991.225:514): avc: denied { bind } for pid=4018 comm="syz.1.229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 37.735311][ T4038] loop4: detected capacity change from 0 to 512 [ 37.743259][ T4038] EXT4-fs: Ignoring removed bh option [ 37.749227][ T4038] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 37.760353][ T4038] EXT4-fs (loop4): 1 truncate cleaned up [ 37.766733][ T4038] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.829223][ T4038] loop4: detected capacity change from 512 to 64 [ 37.843632][ T4046] netlink: 332 bytes leftover after parsing attributes in process `syz.2.240'. [ 37.852856][ T4046] netlink: 'syz.2.240': attribute type 9 has an invalid length. [ 37.861284][ T4046] netlink: 108 bytes leftover after parsing attributes in process `syz.2.240'. [ 37.872785][ T3270] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.909122][ T4053] Invalid option length (3966) for dns_resolver key [ 38.028835][ T4078] loop2: detected capacity change from 0 to 512 [ 38.062062][ T4078] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.075991][ T4078] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.109058][ T4078] EXT4-fs error (device loop2): ext4_acquire_dquot:6879: comm syz.2.254: Failed to acquire dquot type 0 [ 38.131627][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.309804][ T4112] loop4: detected capacity change from 0 to 512 [ 38.320586][ T4112] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 38.483040][ T4131] loop1: detected capacity change from 0 to 2048 [ 38.491202][ T4131] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 38.717149][ T4154] netlink: 'syz.1.289': attribute type 29 has an invalid length. [ 38.737125][ T4156] sctp: [Deprecated]: syz.4.288 (pid 4156) Use of struct sctp_assoc_value in delayed_ack socket option. [ 38.737125][ T4156] Use struct sctp_sack_info instead [ 38.903277][ T4174] netlink: 'syz.1.298': attribute type 2 has an invalid length. [ 38.911253][ T4174] netlink: 'syz.1.298': attribute type 1 has an invalid length. [ 38.939035][ T4176] netlink: 'syz.4.299': attribute type 10 has an invalid length. [ 38.947230][ T4176] __nla_validate_parse: 3 callbacks suppressed [ 38.947242][ T4176] netlink: 40 bytes leftover after parsing attributes in process `syz.4.299'. [ 38.966409][ T4176] batman_adv: batadv0: Adding interface: veth1_vlan [ 38.973168][ T4176] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.000857][ T4176] batman_adv: batadv0: Interface activated: veth1_vlan [ 39.008585][ T4178] netlink: 8 bytes leftover after parsing attributes in process `syz.1.300'. [ 39.051122][ T4180] loop4: detected capacity change from 0 to 128 [ 39.182534][ T4194] loop2: detected capacity change from 0 to 128 [ 39.193494][ T4192] loop3: detected capacity change from 0 to 512 [ 39.201133][ T4192] EXT4-fs: Ignoring removed nomblk_io_submit option [ 39.247839][ T4192] EXT4-fs (loop3): orphan cleanup on readonly fs [ 39.254455][ T4204] geneve2: entered promiscuous mode [ 39.255038][ T4192] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 248: padding at end of block bitmap is not set [ 39.259790][ T4204] geneve2: entered allmulticast mode [ 39.275186][ T4192] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm +}[@: Failed to acquire dquot type 1 [ 39.307177][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.314992][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.322809][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.330597][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.338600][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.346627][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.354443][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.356721][ T4207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 39.362232][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.371420][ T4192] EXT4-fs (loop3): 1 truncate cleaned up [ 39.378380][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.378407][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.378428][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.378460][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.415469][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.423270][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.431056][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.438904][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.446845][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.446875][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.446948][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.446976][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447001][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447026][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447115][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447138][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447164][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447193][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447222][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447250][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447315][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447341][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447425][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.447453][ T9] hid-generic 0000:0000:FFFFFFFF.0001: unknown main item tag 0x0 [ 39.449242][ T4192] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 39.449962][ T9] hid-generic 0000:0000:FFFFFFFF.0001: hidraw0: HID v0.01 Device [syz0] on syz0 [ 39.466741][ T4207] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 39.476709][ T3268] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.676519][ T4223] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 6 [ 39.829310][ T4260] Cannot find set identified by id 0 to match [ 39.842060][ T4262] loop4: detected capacity change from 0 to 512 [ 39.850528][ T4262] EXT4-fs: Ignoring removed bh option [ 39.856012][ T4262] EXT4-fs: Ignoring removed mblk_io_submit option [ 39.867922][ T4262] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 39.879500][ T4262] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 39.889019][ T4262] EXT4-fs (loop4): orphan cleanup on readonly fs [ 39.895884][ T4262] EXT4-fs error (device loop4): ext4_acquire_dquot:6879: comm syz.4.334: Failed to acquire dquot type 1 [ 39.916239][ T4262] EXT4-fs (loop4): Remounting filesystem read-only [ 39.933203][ T4262] EXT4-fs (loop4): 1 orphan inode deleted [ 39.944929][ T4262] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 39.958372][ T4262] SELinux: (dev loop4, type ext4) getxattr errno 5 [ 39.965291][ T4262] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.049284][ T4289] bpf_get_probe_write_proto: 11 callbacks suppressed [ 40.049300][ T4289] syz.3.347[4289] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.060843][ T4289] syz.3.347[4289] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.073550][ T4289] syz.3.347[4289] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.110298][ T4291] 9pnet: Could not find request transport: f [ 40.206220][ T4316] loop4: detected capacity change from 0 to 512 [ 40.214894][ T4317] IPv6: Can't replace route, no match found [ 40.217053][ T4316] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.258372][ T3270] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.304981][ T4330] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=4330 comm=syz.1.366 [ 40.305627][ T4328] netlink: 28 bytes leftover after parsing attributes in process `syz.4.363'. [ 40.378049][ T4340] syz.2.371 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 40.390759][ T4344] team0: entered promiscuous mode [ 40.396379][ T4344] team_slave_0: entered promiscuous mode [ 40.402151][ T4344] team_slave_1: entered promiscuous mode [ 40.409835][ T4343] team0: left promiscuous mode [ 40.414717][ T4343] team_slave_0: left promiscuous mode [ 40.420293][ T4343] team_slave_1: left promiscuous mode [ 40.477820][ T4354] netlink: 176 bytes leftover after parsing attributes in process `syz.1.378'. [ 40.548953][ T4370] netlink: 'syz.4.386': attribute type 4 has an invalid length. [ 40.703177][ T4396] loop4: detected capacity change from 0 to 512 [ 40.704423][ T4395] loop3: detected capacity change from 0 to 764 [ 40.712573][ T4396] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 40.797547][ T4410] loop4: detected capacity change from 0 to 1024 [ 40.819596][ T4410] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.832115][ T4410] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.857940][ T3270] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.970045][ T4440] loop4: detected capacity change from 0 to 1024 [ 40.978098][ T4440] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 40.994113][ T4444] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 41.001703][ T4444] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 41.011497][ T4444] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 41.037962][ T4440] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.083145][ T3270] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.112020][ T4454] loop2: detected capacity change from 0 to 8192 [ 41.121722][ T4460] loop3: detected capacity change from 0 to 512 [ 41.137381][ T4460] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 41.169126][ T4471] netlink: 256 bytes leftover after parsing attributes in process `syz.1.434'. [ 41.177803][ T4460] EXT4-fs (loop3): 1 truncate cleaned up [ 41.184212][ T4460] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.293399][ T3268] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 41.310029][ T4490] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 41.335860][ T3268] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.454182][ T4506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 41.469236][ T4506] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 41.479508][ T4506] capability: warning: `syz.4.448' uses deprecated v2 capabilities in a way that may be insecure [ 42.089292][ T4518] loop2: detected capacity change from 0 to 2048 [ 42.110202][ T4518] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.135071][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.157506][ T4527] vhci_hcd: default hub control req: 2017 v0080 i0000 l0 [ 42.178427][ T4529] netlink: 'syz.2.457': attribute type 64 has an invalid length. [ 42.339993][ T4538] loop3: detected capacity change from 0 to 512 [ 42.346811][ T4540] IPv6: NLM_F_CREATE should be specified when creating new route [ 42.347719][ T4538] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 42.369336][ T4538] EXT4-fs (loop3): 1 orphan inode deleted [ 42.375246][ T4538] EXT4-fs (loop3): 1 truncate cleaned up [ 42.381585][ T4538] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.410183][ T29] kauditd_printk_skb: 310 callbacks suppressed [ 42.410203][ T29] audit: type=1326 audit(1727905996.115:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4542 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3fe2dff9 code=0x7ffc0000 [ 42.440135][ T29] audit: type=1326 audit(1727905996.115:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4542 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3fe2dff9 code=0x7ffc0000 [ 42.464633][ T29] audit: type=1326 audit(1727905996.115:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4542 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f1b3fe2dff9 code=0x7ffc0000 [ 42.488451][ T29] audit: type=1326 audit(1727905996.115:822): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4542 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3fe2dff9 code=0x7ffc0000 [ 42.513221][ T29] audit: type=1326 audit(1727905996.115:823): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4542 comm="syz.2.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3fe2dff9 code=0x7ffc0000 [ 42.537208][ T29] audit: type=1400 audit(1727905996.115:824): avc: denied { map } for pid=4537 comm="syz.3.461" path="/105/bus/cpu.stat" dev="loop3" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 42.560097][ T29] audit: type=1400 audit(1727905996.115:825): avc: denied { execute } for pid=4537 comm="syz.3.461" path="/105/bus/cpu.stat" dev="loop3" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 42.585277][ T3268] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.622225][ T29] audit: type=1400 audit(1727905996.335:826): avc: denied { write } for pid=4551 comm="syz.3.467" name="raw" dev="proc" ino=4026532550 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 42.664364][ T4556] loop3: detected capacity change from 0 to 512 [ 42.672404][ T29] audit: type=1400 audit(1727905996.385:827): avc: denied { getopt } for pid=4557 comm="syz.2.470" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 42.692693][ T4556] EXT4-fs error (device loop3): ext4_orphan_get:1388: inode #15: comm syz.3.469: casefold flag without casefold feature [ 42.706935][ T4556] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.469: couldn't read orphan inode 15 (err -117) [ 42.720240][ T4556] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.739643][ T29] audit: type=1400 audit(1727905996.445:828): avc: denied { setattr } for pid=4555 comm="syz.3.469" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 42.763814][ T3268] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.798013][ T4569] vlan2: entered allmulticast mode [ 42.803211][ T4569] macvlan0: entered allmulticast mode [ 42.808677][ T4569] veth1_vlan: entered allmulticast mode [ 42.817035][ T4569] macvlan0: left allmulticast mode [ 42.822214][ T4569] veth1_vlan: left allmulticast mode [ 42.879428][ T4577] SELinux: failed to load policy [ 42.903546][ T4579] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 42.933915][ T4589] pimreg: entered allmulticast mode [ 42.941576][ T4589] pimreg: left allmulticast mode [ 43.017751][ T4601] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 43.025982][ T4601] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 43.059649][ T4611] 9pnet_fd: Insufficient options for proto=fd [ 43.255050][ T4651] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 43.268361][ T4650] IPVS: stopping master sync thread 4651 ... [ 43.562153][ T4700] netlink: 8 bytes leftover after parsing attributes in process `syz.3.535'. [ 43.636066][ T4709] SELinux: Context system_u:object_r:dpkg_exec_t:s0 is not valid (left unmapped). [ 43.646581][ T4710] xt_CT: You must specify a L4 protocol and not use inversions on it [ 43.749220][ T4723] binfmt_misc: register: failed to install interpreter file ./file0 [ 43.836312][ T4732] loop1: detected capacity change from 0 to 512 [ 43.866013][ T4732] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.879312][ T4732] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.925589][ T3264] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.043348][ T4765] loop3: detected capacity change from 0 to 512 [ 44.054321][ T4765] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #2: comm syz.3.565: corrupted xattr block 255: invalid header [ 44.069258][ T4765] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 44.078390][ T4765] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.098192][ T4765] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #2: comm syz.3.565: corrupted xattr block 255: invalid header [ 44.123102][ T4765] SELinux: (dev loop3, type ext4) getxattr errno 117 [ 44.131656][ T4765] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.199147][ T4781] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4781 comm=syz.1.572 [ 44.260460][ T4790] netlink: 16 bytes leftover after parsing attributes in process `syz.3.577'. [ 44.321654][ T4793] loop3: detected capacity change from 0 to 8192 [ 44.416083][ T4807] syz.2.585[4807] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.416182][ T4807] syz.2.585[4807] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.433619][ T4807] syz.2.585[4807] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.574752][ T4824] loop2: detected capacity change from 0 to 128 [ 44.612871][ T4824] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 44.629136][ T4824] ext4 filesystem being mounted at /142/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 44.654794][ T4823] infiniband syz1: set active [ 44.659566][ T4823] infiniband syz1: added team_slave_0 [ 44.680713][ T4823] RDS/IB: syz1: added [ 44.689377][ T4823] smc: adding ib device syz1 with port count 1 [ 44.698581][ T3265] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 44.711800][ T4823] smc: ib device syz1 port 1 has pnetid [ 45.184399][ T4851] netlink: 'syz.2.606': attribute type 178 has an invalid length. [ 45.235146][ T4849] netlink: 20 bytes leftover after parsing attributes in process `syz.4.604'. [ 45.289488][ T4862] loop4: detected capacity change from 0 to 256 [ 45.319665][ T4862] FAT-fs (loop4): Directory bread(block 64) failed [ 45.326248][ T4862] FAT-fs (loop4): Directory bread(block 65) failed [ 45.333256][ T4862] FAT-fs (loop4): Directory bread(block 66) failed [ 45.339468][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 45.341542][ T4862] FAT-fs (loop4): Directory bread(block 67) failed [ 45.352702][ T4862] FAT-fs (loop4): Directory bread(block 68) failed [ 45.359378][ T4862] FAT-fs (loop4): Directory bread(block 69) failed [ 45.365937][ T4862] FAT-fs (loop4): Directory bread(block 70) failed [ 45.372681][ T4862] FAT-fs (loop4): Directory bread(block 71) failed [ 45.373881][ T4868] netlink: 132 bytes leftover after parsing attributes in process `syz.3.613'. [ 45.379322][ T4862] FAT-fs (loop4): Directory bread(block 72) failed [ 45.394888][ T4862] FAT-fs (loop4): Directory bread(block 73) failed [ 45.465648][ T4886] netlink: 8 bytes leftover after parsing attributes in process `syz.4.620'. [ 45.539046][ T4900] netlink: 165 bytes leftover after parsing attributes in process `syz.2.627'. [ 45.593159][ T4906] loop1: detected capacity change from 0 to 1024 [ 45.601155][ T4906] journal_path: Lookup failure for './file1' [ 45.607251][ T4906] EXT4-fs: error: could not find journal device path [ 45.711690][ T4932] dccp_invalid_packet: P.Data Offset(10) too large [ 45.755208][ T4936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.645'. [ 45.842980][ T4942] syz.4.650[4942] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.843040][ T4942] syz.4.650[4942] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.854693][ T4942] syz.4.650[4942] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.968334][ T4959] Cannot find del_set index 0 as target [ 46.033070][ T4969] loop4: detected capacity change from 0 to 1024 [ 46.061969][ T4969] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.138545][ T4985] hub 9-0:1.0: USB hub found [ 46.146639][ T4985] hub 9-0:1.0: 8 ports detected [ 46.229778][ T3340] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4 [ 46.237617][ T3340] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2 [ 46.245547][ T3340] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x3 [ 46.254830][ T3340] hid-generic 0000:3000000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 46.349627][ T5002] netlink: 'syz.1.676': attribute type 1 has an invalid length. [ 46.371019][ T4998] loop2: detected capacity change from 0 to 8192 [ 46.445419][ T4969] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 46.467479][ T4969] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 46.480367][ T4969] EXT4-fs (loop4): This should not happen!! Data will be lost [ 46.480367][ T4969] [ 46.490170][ T4969] EXT4-fs (loop4): Total free blocks count 0 [ 46.496238][ T4969] EXT4-fs (loop4): Free/Dirty block details [ 46.502341][ T4969] EXT4-fs (loop4): free_blocks=68451041280 [ 46.508196][ T4969] EXT4-fs (loop4): dirty_blocks=16400 [ 46.513598][ T4969] EXT4-fs (loop4): Block reservation details [ 46.519684][ T4969] EXT4-fs (loop4): i_reserved_data_blocks=1025 [ 46.574744][ T57] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2048 with error 28 [ 46.811373][ T50] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.870146][ T5020] netlink: 4 bytes leftover after parsing attributes in process `syz.4.682'. [ 46.886377][ T50] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.990257][ T50] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.063791][ T50] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.095930][ T5037] netlink: 8 bytes leftover after parsing attributes in process `syz.4.689'. [ 47.141209][ T5007] chnl_net:caif_netlink_parms(): no params data found [ 47.194663][ T50] bridge_slave_1: left allmulticast mode [ 47.200538][ T50] bridge_slave_1: left promiscuous mode [ 47.206171][ T50] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.221467][ T50] bridge_slave_0: left allmulticast mode [ 47.227255][ T50] bridge_slave_0: left promiscuous mode [ 47.233128][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.350453][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 47.363933][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 47.375764][ T5065] loop3: detected capacity change from 0 to 2048 [ 47.384780][ T50] bond0 (unregistering): Released all slaves [ 47.407440][ T5065] loop3: p1 < > p2 p3 < p5 > p4 [ 47.412592][ T5065] loop3: partition table partially beyond EOD, truncated [ 47.420491][ T5065] loop3: p1 start 4278190080 is beyond EOD, truncated [ 47.427336][ T5065] loop3: p2 start 16908800 is beyond EOD, truncated [ 47.434783][ T5065] loop3: p4 start 11326 is beyond EOD, truncated [ 47.441249][ T5065] loop3: p5 start 16908800 is beyond EOD, truncated [ 47.484722][ T5007] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.491991][ T5007] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.499746][ T5007] bridge_slave_0: entered allmulticast mode [ 47.500707][ T5074] loop3: detected capacity change from 0 to 128 [ 47.506405][ T5007] bridge_slave_0: entered promiscuous mode [ 47.520664][ T5074] FAT-fs (loop3): Directory bread(block 32) failed [ 47.526842][ T5007] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.534540][ T5007] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.536989][ T5074] FAT-fs (loop3): Directory bread(block 33) failed [ 47.543394][ T5007] bridge_slave_1: entered allmulticast mode [ 47.554678][ T5007] bridge_slave_1: entered promiscuous mode [ 47.561061][ T5074] FAT-fs (loop3): Directory bread(block 34) failed [ 47.568471][ T5074] FAT-fs (loop3): Directory bread(block 35) failed [ 47.576441][ T50] hsr_slave_0: left promiscuous mode [ 47.576457][ T5074] FAT-fs (loop3): Directory bread(block 36) failed [ 47.576482][ T5074] FAT-fs (loop3): Directory bread(block 37) failed [ 47.576562][ T5074] FAT-fs (loop3): Directory bread(block 38) failed [ 47.576579][ T5074] FAT-fs (loop3): Directory bread(block 39) failed [ 47.608693][ T50] hsr_slave_1: left promiscuous mode [ 47.610108][ T5074] FAT-fs (loop3): Directory bread(block 40) failed [ 47.620732][ T5074] FAT-fs (loop3): Directory bread(block 41) failed [ 47.620746][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 47.620788][ T50] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 47.654898][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 47.656555][ T5079] loop2: detected capacity change from 0 to 1764 [ 47.662478][ T50] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 47.678563][ T50] veth1_macvtap: left promiscuous mode [ 47.679811][ T29] kauditd_printk_skb: 194 callbacks suppressed [ 47.679886][ T29] audit: type=1400 audit(1727906001.395:1023): avc: denied { mounton } for pid=5078 comm="syz.2.707" path="/169/file1/file0" dev="loop2" ino=1984 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=dir permissive=1 [ 47.684091][ T50] veth0_macvtap: left promiscuous mode [ 47.719033][ T50] veth1_vlan: left promiscuous mode [ 47.724305][ T50] veth0_vlan: left promiscuous mode [ 47.864832][ T50] team0 (unregistering): Port device team_slave_1 removed [ 47.887186][ T50] team0 (unregistering): Port device team_slave_0 removed [ 47.929062][ T29] audit: type=1400 audit(1727906001.645:1024): avc: denied { compute_member } for pid=5091 comm="syz.1.714" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 47.980921][ T5007] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.001814][ T5007] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.016678][ T29] audit: type=1400 audit(1727906001.725:1025): avc: denied { bind } for pid=5104 comm="syz.3.720" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 48.051035][ T29] audit: type=1400 audit(1727906001.725:1026): avc: denied { read } for pid=5108 comm="syz.2.722" name="event0" dev="devtmpfs" ino=218 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 48.074368][ T29] audit: type=1400 audit(1727906001.725:1027): avc: denied { setopt } for pid=5104 comm="syz.3.720" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 48.098492][ C1] ------------[ cut here ]------------ [ 48.104002][ C1] refcount_t: underflow; use-after-free. [ 48.109899][ C1] WARNING: CPU: 1 PID: 5109 at lib/refcount.c:28 refcount_warn_saturate+0x1c6/0x230 [ 48.119375][ C1] Modules linked in: [ 48.123332][ C1] CPU: 1 UID: 0 PID: 5109 Comm: syz.2.722 Not tainted 6.12.0-rc1-syzkaller-00042-gf23aa4c0761a #0 [ 48.133965][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 48.144273][ C1] RIP: 0010:refcount_warn_saturate+0x1c6/0x230 [ 48.150462][ C1] Code: 72 ff ff ff e8 7b 87 71 ff 48 c7 c7 3e d7 b2 86 e8 0f 6d 8a ff c6 05 a6 2d f4 04 01 90 48 c7 c7 bd a4 1b 86 e8 4b 4c 53 ff 90 <0f> 0b 90 90 e9 43 ff ff ff e8 4c 87 71 ff 48 c7 c7 3b d7 b2 86 e8 [ 48.170125][ C1] RSP: 0018:ffffc900000e4b60 EFLAGS: 00010246 [ 48.176192][ C1] RAX: ffd81d9e00166b00 RBX: ffff88811ac907e4 RCX: ffff88810215b180 [ 48.184194][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 48.192180][ C1] RBP: 0000000000000003 R08: ffffffff8111f757 R09: 0000000000000000 [ 48.200188][ C1] R10: 0001ffffffffffff R11: ffff88810215b180 R12: 0000000000000001 [ 48.208272][ C1] R13: ffff8881152c3a00 R14: ffff88811ac907e4 R15: 0000000000000000 [ 48.216292][ C1] FS: 00007f1b3eaa76c0(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000 [ 48.225423][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.232039][ C1] CR2: 0000000000000000 CR3: 000000011ad28000 CR4: 00000000003506f0 [ 48.240056][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.248061][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.256048][ C1] Call Trace: [ 48.259436][ C1] [ 48.262318][ C1] ? __warn+0x141/0x350 [ 48.266528][ C1] ? report_bug+0x315/0x420 [ 48.271079][ C1] ? refcount_warn_saturate+0x1c6/0x230 [ 48.276645][ C1] ? handle_bug+0x60/0x90 [ 48.281189][ C1] ? exc_invalid_op+0x1a/0x50 [ 48.285892][ C1] ? asm_exc_invalid_op+0x1a/0x20 [ 48.290996][ C1] ? __warn_printk+0x167/0x1b0 [ 48.295843][ C1] ? refcount_warn_saturate+0x1c6/0x230 [ 48.301442][ C1] sk_skb_reason_drop+0xe9/0x290 [ 48.306452][ C1] j1939_xtp_rx_cts+0x3c4/0x6c0 [ 48.311544][ C1] j1939_tp_recv+0x699/0xa80 [ 48.316209][ C1] j1939_can_recv+0x45f/0x550 [ 48.320952][ C1] ? __pfx_j1939_can_recv+0x10/0x10 [ 48.326168][ C1] can_rcv_filter+0x225/0x4c0 [ 48.330886][ C1] can_receive+0x182/0x1f0 [ 48.335342][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 48.339887][ C1] can_rcv+0xe7/0x180 [ 48.343889][ C1] ? __pfx_can_rcv+0x10/0x10 [ 48.348719][ C1] __netif_receive_skb+0x123/0x280 [ 48.353887][ C1] process_backlog+0x22e/0x440 [ 48.358695][ C1] __napi_poll+0x63/0x3c0 [ 48.363222][ C1] ? net_rx_action+0x376/0x7f0 [ 48.368049][ C1] net_rx_action+0x3a1/0x7f0 [ 48.372678][ C1] handle_softirqs+0xbf/0x280 [ 48.377375][ C1] do_softirq+0x5e/0x90 [ 48.381682][ C1] [ 48.384703][ C1] [ 48.387671][ C1] __local_bh_enable_ip+0x6e/0x70 [ 48.392708][ C1] copy_fpstate_to_sigframe+0x2c7/0x770 [ 48.398649][ C1] ? copy_fpstate_to_sigframe+0xe3/0x770 [ 48.404397][ C1] ? common_hrtimer_rearm+0xa6/0xc0 [ 48.410553][ C1] ? _raw_spin_unlock_irqrestore+0x2b/0x60 [ 48.416393][ C1] ? posixtimer_rearm+0x16d/0x1a0 [ 48.421451][ C1] ? fpu__alloc_mathframe+0x95/0xd0 [ 48.426805][ C1] get_sigframe+0x2f3/0x430 [ 48.431365][ C1] x64_setup_rt_frame+0xa7/0x570 [ 48.436435][ C1] arch_do_signal_or_restart+0x287/0x4b0 [ 48.442233][ C1] syscall_exit_to_user_mode+0x59/0x130 [ 48.447967][ C1] do_syscall_64+0xd6/0x1c0 [ 48.452505][ C1] ? clear_bhb_loop+0x55/0xb0 [ 48.457209][ C1] ? clear_bhb_loop+0x55/0xb0 [ 48.461897][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.467833][ C1] RIP: 0033:0x7f1b3fe2dff7 [ 48.472343][ C1] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 48.492154][ C1] RSP: 002b:00007f1b3eaa70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 48.500589][ C1] RAX: 00000000000000ca RBX: 00007f1b3ffe5f88 RCX: 00007f1b3fe2dff9 [ 48.508592][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1b3ffe5f88 [ 48.516561][ C1] RBP: 00007f1b3ffe5f80 R08: 0000000000000000 R09: 0000000000000000 [ 48.524544][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1b3ffe5f8c [ 48.532575][ C1] R13: 0000000000000000 R14: 00007ffedcd7f030 R15: 00007ffedcd7f118 [ 48.540668][ C1] [ 48.543726][ C1] ---[ end trace 0000000000000000 ]--- [ 48.580662][ T5007] team0: Port device team_slave_0 added [ 48.588961][ T5007] team0: Port device team_slave_1 added [ 48.631072][ T5007] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.638206][ T5007] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.664312][ T5007] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.803528][ T5007] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.810618][ T5007] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.837121][ T5007] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.878424][ T5007] hsr_slave_0: entered promiscuous mode [ 48.887100][ T5135] loop2: detected capacity change from 0 to 512 [ 48.893810][ T5135] EXT4-fs: Ignoring removed mblk_io_submit option [ 48.899477][ T29] audit: type=1400 audit(1727906002.615:1028): avc: denied { setopt } for pid=5136 comm="syz.1.736" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 48.920870][ T5135] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 48.931479][ T5007] hsr_slave_1: entered promiscuous mode [ 48.940446][ T5007] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 48.950577][ T5007] Cannot create hsr debugfs directory [ 48.967526][ T5135] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.735: corrupted in-inode xattr: e_value out of bounds [ 49.004776][ T5135] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.735: couldn't read orphan inode 15 (err -117) [ 49.017931][ T5135] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.054332][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.184002][ T29] audit: type=1400 audit(1727906002.895:1029): avc: denied { map } for pid=5171 comm="syz.4.752" path="socket:[8771]" dev="sockfs" ino=8771 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 49.217422][ T29] audit: type=1400 audit(1727906002.895:1030): avc: denied { read } for pid=5171 comm="syz.4.752" path="socket:[8771]" dev="sockfs" ino=8771 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 49.260077][ T5177] loop2: detected capacity change from 0 to 164 [ 49.269516][ T5177] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 49.279707][ T5177] rock: corrupted directory entry. extent=28, offset=0, size=16777216 [ 49.289500][ T5177] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 49.293108][ T29] audit: type=1400 audit(1727906003.005:1031): avc: denied { read } for pid=5178 comm="syz.4.755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 49.347064][ T5007] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 49.350679][ T5183] loop4: detected capacity change from 0 to 128 [ 49.360828][ T5185] loop2: detected capacity change from 0 to 1024 [ 49.369471][ T5007] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 49.378546][ T5007] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 49.385980][ T5185] EXT4-fs: Ignoring removed bh option [ 49.386043][ T5183] syz.4.757: attempt to access beyond end of device [ 49.386043][ T5183] loop4: rw=0, sector=121, nr_sectors = 120 limit=128 [ 49.407167][ T11] kworker/u8:0: attempt to access beyond end of device [ 49.407167][ T11] loop4: rw=1, sector=241, nr_sectors = 800 limit=128 [ 49.407208][ T5007] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 49.454461][ T5185] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 49.458323][ T5007] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.481909][ T5007] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.491773][ T29] audit: type=1400 audit(1727906003.195:1032): avc: denied { rename } for pid=5184 comm="syz.2.758" name="file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 49.493838][ T1600] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.515058][ T3321] kernel read not supported for file /newroot/197/file0 (pid: 3321 comm: kworker/1:2) [ 49.521661][ T1600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.543096][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.550198][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.550215][ T3265] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 49.583589][ C1] vcan0: j1939_tp_rxtimer: 0xffff8881152c3a00: rx timeout, send abort [ 49.591872][ C1] vcan0: j1939_tp_rxtimer: 0xffff8881152c3800: rx timeout, send abort [ 49.600183][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8881152c3a00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 49.614503][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8881152c3800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 49.665284][ T5200] bridge0: port 3(hsr0) entered blocking state [ 49.671634][ T5200] bridge0: port 3(hsr0) entered disabled state [ 49.678636][ T5200] hsr0: entered allmulticast mode [ 49.683785][ T5200] hsr_slave_0: entered allmulticast mode [ 49.689498][ T5200] hsr_slave_1: entered allmulticast mode [ 49.696160][ T5200] hsr0: entered promiscuous mode [ 49.702181][ T5200] bridge0: port 3(hsr0) entered blocking state [ 49.708415][ T5200] bridge0: port 3(hsr0) entered forwarding state [ 49.760645][ T5210] dccp_invalid_packet: P.CsCov 4 exceeds packet length 28 [ 49.817705][ T5007] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.822137][ T5217] sctp: [Deprecated]: syz.2.770 (pid 5217) Use of int in max_burst socket option. [ 49.822137][ T5217] Use struct sctp_assoc_value instead [ 49.922968][ T5007] veth0_vlan: entered promiscuous mode [ 49.938880][ T5231] program syz.2.774 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 49.940134][ T5007] veth1_vlan: entered promiscuous mode [ 49.984044][ T5234] loop3: detected capacity change from 0 to 2048 [ 49.987326][ T5007] veth0_macvtap: entered promiscuous mode [ 49.997915][ T5234] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 49.999554][ T5238] netlink: 16 bytes leftover after parsing attributes in process `syz.4.777'. [ 50.017490][ T5007] veth1_macvtap: entered promiscuous mode [ 50.028858][ T5007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 50.039348][ T5007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.049287][ T5007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 50.059809][ T5007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.069651][ T5007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 50.080177][ T5007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.105230][ T5007] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.117621][ T5007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.128143][ T5007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.138421][ T5007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.148914][ T5007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.158806][ T5007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.169267][ T5007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.179168][ T5007] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 50.189620][ T5007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 50.203627][ T5007] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.204375][ T5251] loop3: detected capacity change from 0 to 256 [ 50.219399][ T5250] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 50.219873][ T5251] msdos: Unknown parameter 'fowner>00000000000000000000' [ 50.235192][ T5007] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.243986][ T5007] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.252775][ T5007] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.261612][ T5007] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.353900][ T5268] program +}[@ is using a deprecated SCSI ioctl, please convert it to SG_IO [ 50.358337][ T5266] loop0: detected capacity change from 0 to 1024 [ 50.374255][ T5266] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 50.384124][ T5266] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 50.405758][ T5266] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 50.417411][ T5266] EXT4-fs error (device loop0): ext4_get_journal_inode:5762: inode #5: comm syz.0.789: unexpected bad inode w/o EXT4_IGET_BAD [ 50.431162][ T5266] EXT4-fs (loop0): no journal found [ 50.436475][ T5266] EXT4-fs (loop0): can't get journal size [ 50.452731][ T5266] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 50.468834][ T5266] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.789: bg 0: block 32: padding at end of block bitmap is not set [ 50.527820][ T5007] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.537769][ T5290] loop3: detected capacity change from 0 to 512 [ 50.544528][ T5290] EXT4-fs: Ignoring removed mblk_io_submit option [ 50.556095][ T5290] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 50.570111][ T5290] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.801: corrupted in-inode xattr: e_value out of bounds [ 50.584678][ T5290] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.801: couldn't read orphan inode 15 (err -117) [ 50.598141][ T5290] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.611396][ T5297] rdma_op ffff88811563f180 conn xmit_rdma 0000000000000000 [ 50.639926][ T3268] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.654291][ T5299] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 50.692193][ T5308] syz.0.808[5308] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.692328][ T5308] syz.0.808[5308] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.704141][ T5308] syz.0.808[5308] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.770051][ T5320] Invalid ELF header magic: != ELF [ 50.828899][ T5329] syzkaller1: entered promiscuous mode [ 50.834425][ T5329] syzkaller1: entered allmulticast mode [ 50.931767][ T5350] syz.0.828[5350] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.931871][ T5350] syz.0.828[5350] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.943321][ T5350] syz.0.828[5350] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.960986][ T5352] netlink: 28 bytes leftover after parsing attributes in process `syz.2.839'. [ 50.980771][ T5356] loop1: detected capacity change from 0 to 1024 [ 50.981547][ T5352] netlink: 28 bytes leftover after parsing attributes in process `syz.2.839'. [ 50.990073][ T5358] syz.0.832[5358] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 50.998432][ T5358] syz.0.832[5358] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.000750][ T5352] bond_slave_0: entered promiscuous mode [ 51.010044][ T5358] syz.0.832[5358] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.022921][ T5352] bond_slave_0: left promiscuous mode [ 51.051421][ T5356] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.079156][ T3264] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.090398][ T5365] netlink: 199796 bytes leftover after parsing attributes in process `syz.0.845'. [ 51.173920][ T5379] netlink: 332 bytes leftover after parsing attributes in process `syz.0.841'. [ 51.183310][ T5379] netlink: 'syz.0.841': attribute type 9 has an invalid length. [ 51.191252][ T5379] netlink: 108 bytes leftover after parsing attributes in process `syz.0.841'. [ 51.200615][ T5379] netlink: 32 bytes leftover after parsing attributes in process `syz.0.841'. [ 51.245339][ T5386] Invalid option length (3966) for dns_resolver key [ 51.309163][ T5399] netlink: 'syz.2.861': attribute type 10 has an invalid length. [ 51.317477][ T5399] netlink: 40 bytes leftover after parsing attributes in process `syz.2.861'. [ 51.325858][ T5401] loop4: detected capacity change from 0 to 128 [ 51.328218][ T5399] batman_adv: batadv0: Adding interface: veth1_vlan [ 51.339356][ T5399] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 51.367386][ T5399] batman_adv: batadv0: Interface activated: veth1_vlan [ 51.427141][ T5414] loop0: detected capacity change from 0 to 128 [ 51.450910][ T5418] netlink: 8 bytes leftover after parsing attributes in process `syz.2.860'. [ 51.473593][ T5421] netlink: 'syz.4.862': attribute type 2 has an invalid length. [ 51.481362][ T5421] netlink: 'syz.4.862': attribute type 1 has an invalid length. [ 51.599881][ T5444] loop2: detected capacity change from 0 to 512 [ 51.620631][ T5444] EXT4-fs: Ignoring removed bh option [ 51.626139][ T5444] EXT4-fs: Ignoring removed mblk_io_submit option [ 51.643152][ T5444] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 51.655573][ T5456] IPv6: Can't replace route, no match found [ 51.661526][ T5444] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 51.661729][ T5444] EXT4-fs (loop2): orphan cleanup on readonly fs [ 51.676459][ T5444] EXT4-fs error (device loop2): ext4_acquire_dquot:6879: comm syz.2.873: Failed to acquire dquot type 1 [ 51.688206][ T5444] EXT4-fs (loop2): Remounting filesystem read-only [ 51.696512][ T5444] EXT4-fs (loop2): 1 orphan inode deleted [ 51.702934][ T5444] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 51.721468][ T5444] SELinux: (dev loop2, type ext4) getxattr errno 5 [ 51.728786][ T5444] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.853014][ T5474] 9pnet: Could not find request transport: f [ 51.870155][ T5488] netlink: 'syz.3.893': attribute type 29 has an invalid length. [ 51.985389][ T5512] netlink: 176 bytes leftover after parsing attributes in process `syz.4.906'. [ 52.067485][ T5535] syz.3.917[5535] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.067562][ T5535] syz.3.917[5535] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.068194][ T5534] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=5534 comm=syz.0.916 [ 52.102897][ T5535] syz.3.917[5535] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.418095][ T5584] loop1: detected capacity change from 0 to 256 [ 52.436785][ T5584] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 52.450574][ T5584] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 52.522883][ T5597] loop0: detected capacity change from 0 to 512 [ 52.529891][ T5597] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 52.656680][ T5605] netlink: 'syz.3.952': attribute type 4 has an invalid length. [ 52.695276][ T5621] loop3: detected capacity change from 0 to 512 [ 52.704798][ T5621] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 52.710850][ T5625] loop1: detected capacity change from 0 to 512 [ 52.723110][ T5625] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.960: bg 0: block 5: invalid block bitmap [ 52.736341][ T5625] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 52.739265][ T5621] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.745882][ T5625] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.960: invalid indirect mapped block 3 (level 2) [ 52.758507][ T5621] ext4 filesystem being mounted at /217/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 52.773632][ T29] kauditd_printk_skb: 217 callbacks suppressed [ 52.773650][ T29] audit: type=1400 audit(1727906006.475:1248): avc: denied { mount } for pid=5620 comm="syz.3.959" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 52.825235][ T29] audit: type=1400 audit(1727906006.535:1249): avc: denied { unmount } for pid=3268 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 52.836238][ T5625] EXT4-fs (loop1): 1 orphan inode deleted [ 52.851068][ T5625] EXT4-fs (loop1): 1 truncate cleaned up [ 52.857468][ T5625] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.872268][ T3268] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.892340][ T5632] loop2: detected capacity change from 0 to 128 [ 52.915130][ T29] audit: type=1400 audit(1727906006.625:1250): avc: denied { create } for pid=5629 comm="syz.0.963" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 52.936850][ T29] audit: type=1400 audit(1727906006.625:1251): avc: denied { read } for pid=5629 comm="syz.0.963" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 52.965636][ T3264] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.975092][ T29] audit: type=1400 audit(1727906006.685:1252): avc: denied { write } for pid=5629 comm="syz.0.963" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 53.012404][ T29] audit: type=1400 audit(1727906006.725:1253): avc: denied { read } for pid=5635 comm="syz.2.965" name="ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 53.035158][ T29] audit: type=1400 audit(1727906006.725:1254): avc: denied { open } for pid=5635 comm="syz.2.965" path="/dev/ppp" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 53.058291][ T29] audit: type=1400 audit(1727906006.725:1255): avc: denied { ioctl } for pid=5635 comm="syz.2.965" path="/dev/ppp" dev="devtmpfs" ino=116 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 53.089453][ T29] audit: type=1400 audit(1727906006.805:1256): avc: denied { module_request } for pid=5641 comm="syz.1.966" kmod="net-pf-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 53.128997][ T29] audit: type=1326 audit(1727906006.845:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.1.969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5452addff9 code=0x7ffc0000 [ 53.192073][ T5652] loop4: detected capacity change from 0 to 512 [ 53.200030][ T5652] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 53.219167][ T5652] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.233010][ T5652] ext4 filesystem being mounted at /228/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.277254][ T3270] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.295741][ T5674] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5674 comm=syz.2.981 [ 53.392261][ T5688] tmpfs: Bad value for 'nr_blocks' [ 53.458959][ T5707] loop4: detected capacity change from 0 to 512 [ 53.489759][ T5707] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.505741][ T5707] ext4 filesystem being mounted at /233/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.553020][ T3270] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.784986][ T5742] pimreg: entered allmulticast mode [ 53.798124][ T5742] pimreg: left allmulticast mode [ 53.813420][ T5746] SELinux: failed to load policy [ 53.851960][ T5751] loop0: detected capacity change from 0 to 512 [ 53.865971][ T5752] loop3: detected capacity change from 0 to 2048 [ 53.870429][ T5751] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 53.888835][ T5751] EXT4-fs (loop0): 1 truncate cleaned up [ 53.895184][ T5751] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.926558][ T5752] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.944743][ T5007] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 53.971800][ T3268] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.991197][ T5007] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.228672][ T5788] loop0: detected capacity change from 0 to 2048 [ 54.248306][ T5788] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 54.279234][ T5794] loop0: detected capacity change from 0 to 512 [ 54.286279][ T5794] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities [ 54.479233][ T5804] hub 9-0:1.0: USB hub found [ 54.484019][ T5804] hub 9-0:1.0: 8 ports detected [ 54.570984][ T5819] loop0: detected capacity change from 0 to 512 [ 54.579184][ T5819] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.1048: bg 0: block 5: invalid block bitmap [ 54.591900][ T5819] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 54.601498][ T5819] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.1048: invalid indirect mapped block 3 (level 2) [ 54.615170][ T5819] EXT4-fs (loop0): 1 orphan inode deleted [ 54.620967][ T5819] EXT4-fs (loop0): 1 truncate cleaned up [ 54.627802][ T5819] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.641035][ T5826] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 0, id = 0 [ 54.664863][ T5007] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.675459][ T5830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 54.700612][ T5830] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 54.737131][ T5840] netlink: 'syz.2.1057': attribute type 4 has an invalid length. [ 54.804774][ T5848] Cannot find set identified by id 0 to match [ 54.818076][ T5851] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 0, id = 0 [ 54.832955][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.840859][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.844248][ T5853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 54.848742][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.864895][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.872820][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.880677][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.888568][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.892209][ T5855] loop4: detected capacity change from 0 to 512 [ 54.896386][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.910430][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.912092][ T5855] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.1064: bg 0: block 5: invalid block bitmap [ 54.918397][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.918465][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.918486][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.933626][ T5855] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 54.939312][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.948902][ T5855] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1064: invalid indirect mapped block 3 (level 2) [ 54.955148][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.964171][ T5855] EXT4-fs (loop4): 1 orphan inode deleted [ 54.971566][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.984701][ T5855] EXT4-fs (loop4): 1 truncate cleaned up [ 54.985168][ T5855] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.992478][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.992509][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.992535][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 54.992561][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.031415][ T5855] __nla_validate_parse: 5 callbacks suppressed [ 55.031443][ T5855] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1064'. [ 55.031896][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.079016][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.086871][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.087036][ T5853] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 55.094719][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.094744][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.094765][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.125866][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.133716][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.137675][ T5862] loop3: detected capacity change from 0 to 512 [ 55.141567][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.155639][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.163526][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.169039][ T5862] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.171421][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.185283][ T5862] ext4 filesystem being mounted at /240/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.191565][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: unknown main item tag 0x0 [ 55.211206][ T3270] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.211984][ T3341] hid-generic 0000:0000:FFFFFFFF.0003: hidraw0: HID v0.01 Device [syz0] on syz0 [ 55.232944][ T5862] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.1068: Failed to acquire dquot type 0 [ 55.248951][ T5866] loop4: detected capacity change from 0 to 512 [ 55.255946][ T5866] EXT4-fs: Ignoring removed nomblk_io_submit option [ 55.265191][ T3268] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.275652][ T5866] EXT4-fs (loop4): orphan cleanup on readonly fs [ 55.290388][ T5866] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 248: padding at end of block bitmap is not set [ 55.304896][ T5866] EXT4-fs error (device loop4): ext4_acquire_dquot:6879: comm +}[@: Failed to acquire dquot type 1 [ 55.305731][ T5871] netlink: 'syz.3.1070': attribute type 4 has an invalid length. [ 55.317856][ T5866] EXT4-fs (loop4): 1 truncate cleaned up [ 55.343041][ T5866] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 55.377577][ T3270] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.443141][ T5879] netlink: 'syz.2.1074': attribute type 4 has an invalid length. [ 55.488448][ T5889] loop3: detected capacity change from 0 to 512 [ 55.497289][ T5889] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.1077: bg 0: block 5: invalid block bitmap [ 55.535365][ T5889] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 55.549063][ T5889] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.1077: invalid indirect mapped block 3 (level 2) [ 55.562723][ T5889] EXT4-fs (loop3): 1 orphan inode deleted [ 55.568539][ T5889] EXT4-fs (loop3): 1 truncate cleaned up [ 55.598983][ T5889] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1077'. [ 55.604036][ T5899] loop1: detected capacity change from 0 to 128 [ 55.737319][ T5909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 55.756010][ T5909] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 55.766212][ T5911] loop1: detected capacity change from 0 to 512 [ 55.782657][ T5911] EXT4-fs: Ignoring removed oldalloc option [ 55.807277][ T5911] EXT4-fs error (device loop1): ext4_xattr_inode_iget:436: comm syz.1.1084: Parent and EA inode have the same ino 15 [ 55.838112][ T5911] EXT4-fs (loop1): Remounting filesystem read-only [ 55.844675][ T5911] EXT4-fs warning (device loop1): ext4_evict_inode:259: couldn't mark inode dirty (err -5) [ 55.876495][ T5911] EXT4-fs (loop1): 1 orphan inode deleted [ 55.888393][ T5911] SELinux: (dev loop1, type ext4) getxattr errno 5 [ 55.979747][ T5925] loop0: detected capacity change from 0 to 512 [ 55.986524][ T5925] EXT4-fs: Ignoring removed bh option [ 56.002629][ T5925] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 56.027972][ T5925] EXT4-fs (loop0): 1 truncate cleaned up [ 56.139867][ T5933] loop1: detected capacity change from 0 to 2048 [ 56.158366][ T5931] loop2: detected capacity change from 0 to 2048 [ 56.177335][ T5933] loop1: p3 < > p4 < > [ 56.181568][ T5933] loop1: partition table partially beyond EOD, truncated [ 56.189889][ T5933] loop1: p3 start 4284289 is beyond EOD, truncated [ 56.222952][ T5931] Alternate GPT is invalid, using primary GPT. [ 56.229341][ T5931] loop2: p2 p3 p7 [ 56.353651][ T5937] loop1: detected capacity change from 0 to 8192 [ 56.531516][ T5956] loop3: detected capacity change from 0 to 512 [ 56.564372][ T5956] EXT4-fs: Ignoring removed oldalloc option [ 56.582436][ T5956] EXT4-fs error (device loop3): ext4_xattr_inode_iget:436: comm syz.3.1105: Parent and EA inode have the same ino 15 [ 56.596478][ T5956] EXT4-fs (loop3): Remounting filesystem read-only [ 56.603059][ T5956] EXT4-fs warning (device loop3): ext4_evict_inode:259: couldn't mark inode dirty (err -5) [ 56.615778][ T5956] EXT4-fs (loop3): 1 orphan inode deleted [ 56.623770][ T5956] SELinux: (dev loop3, type ext4) getxattr errno 5 [ 56.633307][ T5963] loop1: detected capacity change from 0 to 2048 [ 56.678862][ T5963] loop1: p1 < > p2 p3 < p5 > p4 [ 56.683879][ T5963] loop1: partition table partially beyond EOD, truncated [ 56.759133][ T5963] loop1: p1 start 4278190080 is beyond EOD, truncated [ 56.762168][ T5973] loop2: detected capacity change from 0 to 512 [ 56.765976][ T5963] loop1: p2 start 16908800 is beyond EOD, truncated [ 56.790975][ T5963] loop1: p4 start 11326 is beyond EOD, truncated [ 56.797532][ T5963] loop1: p5 start 16908800 is beyond EOD, truncated [ 56.837189][ T5973] EXT4-fs: Ignoring removed mblk_io_submit option [ 56.871358][ T5973] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 56.916936][ T5977] program +}[@ is using a deprecated SCSI ioctl, please convert it to SG_IO [ 56.926520][ T5973] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.1111: corrupted in-inode xattr: e_value out of bounds [ 57.000632][ T5973] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.1111: couldn't read orphan inode 15 (err -117) [ 57.153274][ T5982] loop1: detected capacity change from 0 to 256 [ 57.177511][ T5982] msdos: Unknown parameter 'fowner>00000000000000000000' [ 57.433434][ T5992] sctp: [Deprecated]: syz.3.1123 (pid 5992) Use of int in max_burst socket option. [ 57.433434][ T5992] Use struct sctp_assoc_value instead [ 57.539731][ T5999] loop1: detected capacity change from 0 to 512 [ 57.579504][ T5999] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 57.591564][ T6006] program +}[@ is using a deprecated SCSI ioctl, please convert it to SG_IO [ 57.628150][ T5999] ext4 filesystem being mounted at /244/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.662270][ T6002] loop3: detected capacity change from 0 to 8192 [ 57.720765][ T6015] loop2: detected capacity change from 0 to 512 [ 57.763124][ T6015] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1131: bg 0: block 5: invalid block bitmap [ 57.799337][ T6015] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 57.854089][ T6015] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1131: invalid indirect mapped block 3 (level 2) [ 57.870110][ T29] kauditd_printk_skb: 229 callbacks suppressed [ 57.870123][ T29] audit: type=1400 audit(1727906011.585:1483): avc: denied { create } for pid=6023 comm="syz.1.1133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 57.935468][ T6015] EXT4-fs (loop2): 1 orphan inode deleted [ 57.941288][ T6015] EXT4-fs (loop2): 1 truncate cleaned up [ 57.951514][ T6015] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1131'. [ 57.983284][ T6027] sctp: [Deprecated]: syz.1.1138 (pid 6027) Use of int in max_burst socket option. [ 57.983284][ T6027] Use struct sctp_assoc_value instead [ 57.989276][ T29] audit: type=1400 audit(1727906011.615:1484): avc: denied { write } for pid=6023 comm="syz.1.1133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 58.074910][ T6036] program +}[@ is using a deprecated SCSI ioctl, please convert it to SG_IO [ 58.081387][ T6038] loop0: detected capacity change from 0 to 512 [ 58.098838][ T6038] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 58.106324][ T24] IPVS: starting estimator thread 0... [ 58.115809][ T6042] tipc: Started in network mode [ 58.120901][ T6042] tipc: Node identity ac1414aa, cluster identity 4711 [ 58.128774][ T6042] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 58.135680][ T6042] tipc: Enabled bearer , priority 10 [ 58.139337][ T6038] EXT4-fs (loop0): 1 orphan inode deleted [ 58.141849][ T6040] program syz.3.1143 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 58.147411][ T6038] EXT4-fs (loop0): 1 truncate cleaned up [ 58.195315][ T29] audit: type=1400 audit(1727906011.905:1485): avc: denied { map } for pid=6037 comm="syz.0.1144" path="/90/bus/cpu.stat" dev="loop0" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 58.218169][ T29] audit: type=1400 audit(1727906011.905:1486): avc: denied { execute } for pid=6037 comm="syz.0.1144" path="/90/bus/cpu.stat" dev="loop0" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 58.232579][ T6043] IPVS: using max 2448 ests per chain, 122400 per kthread [ 58.268406][ T29] audit: type=1326 audit(1727906011.985:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6047 comm="syz.2.1148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3fe2dff9 code=0x7ffc0000 [ 58.276984][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 58.302050][ T29] audit: type=1326 audit(1727906011.985:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6047 comm="syz.2.1148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3fe2dff9 code=0x7ffc0000 [ 58.330467][ T6050] syz.3.1149[6050] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.330530][ T6050] syz.3.1149[6050] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.347787][ T6050] syz.3.1149[6050] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.359070][ T6048] loop2: detected capacity change from 0 to 512 [ 58.368464][ T29] audit: type=1326 audit(1727906012.015:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6047 comm="syz.2.1148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1b3fe2dff9 code=0x7ffc0000 [ 58.400481][ T29] audit: type=1326 audit(1727906012.015:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6047 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3fe2dff9 code=0x7ffc0000 [ 58.423808][ T29] audit: type=1326 audit(1727906012.015:1491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6047 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b3fe2dff9 code=0x7ffc0000 [ 58.425652][ T6048] EXT4-fs: Ignoring removed nomblk_io_submit option [ 58.446760][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 58.446794][ T29] audit: type=1326 audit(1727906012.045:1492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6047 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1b3fe2dff9 code=0x7ffc0000 [ 58.508065][ T6048] EXT4-fs (loop2): orphan cleanup on readonly fs [ 58.514955][ T6048] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 248: padding at end of block bitmap is not set [ 58.530609][ T6048] EXT4-fs error (device loop2): ext4_acquire_dquot:6879: comm +}[@: Failed to acquire dquot type 1 [ 58.548626][ T6048] EXT4-fs (loop2): 1 truncate cleaned up [ 58.576935][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 58.692866][ T6077] pimreg: entered allmulticast mode [ 58.715723][ T6077] pimreg: left allmulticast mode [ 58.726959][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 58.767807][ T6092] program syz.4.1160 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 58.866955][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 58.891708][ T6117] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 58.905108][ T6116] IPVS: stopping master sync thread 6117 ... [ 58.953793][ T6129] program syz.0.1175 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 59.007024][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 59.010058][ T6139] syz.4.1182[6139] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.014135][ T6139] syz.4.1182[6139] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.025772][ T6139] syz.4.1182[6139] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.102488][ T6153] bridge0: port 3(hsr0) entered blocking state [ 59.120421][ T6153] bridge0: port 3(hsr0) entered disabled state [ 59.126924][ T6153] hsr0: entered allmulticast mode [ 59.131976][ T6153] hsr_slave_0: entered allmulticast mode [ 59.137683][ T6153] hsr_slave_1: entered allmulticast mode [ 59.144143][ T6153] hsr0: entered promiscuous mode [ 59.149432][ T6153] bridge0: port 3(hsr0) entered blocking state [ 59.155650][ T6153] bridge0: port 3(hsr0) entered forwarding state [ 59.164140][ T24] tipc: Node number set to 2886997162 [ 59.173059][ T6151] loop2: detected capacity change from 0 to 512 [ 59.198055][ T6159] loop1: detected capacity change from 0 to 128 [ 59.217434][ T6151] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #2: comm syz.2.1187: corrupted xattr block 255: invalid header [ 59.231350][ T6151] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 59.231979][ T6159] ext4 filesystem being mounted at /256/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 59.240097][ T6151] EXT4-fs error (device loop2): ext4_xattr_block_get:596: inode #2: comm syz.2.1187: corrupted xattr block 255: invalid header [ 59.277305][ T3321] kernel read not supported for file /newroot/99/file0 (pid: 3321 comm: kworker/1:2) [ 59.286939][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 59.308094][ T6151] SELinux: (dev loop2, type ext4) getxattr errno 117 [ 59.355889][ T6175] pimreg: entered allmulticast mode [ 59.371420][ T6175] pimreg: left allmulticast mode [ 59.389812][ T6178] loop3: detected capacity change from 0 to 512 [ 59.397829][ T6178] journal_path: Lookup failure for './file0' [ 59.403851][ T6178] EXT4-fs: error: could not find journal device path [ 59.417830][ T6182] loop1: detected capacity change from 0 to 512 [ 59.462423][ T6182] EXT4-fs (loop1): too many log groups per flexible block group [ 59.470229][ T6182] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 59.477838][ T6182] EXT4-fs (loop1): mount failed [ 59.487456][ T6189] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1204'. [ 59.557021][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 59.581735][ T6207] tmpfs: Bad value for 'huge' [ 59.621681][ T6215] loop0: detected capacity change from 0 to 128 [ 59.630165][ T6215] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 59.642268][ T6219] rdma_op ffff888115351580 conn xmit_rdma 0000000000000000 [ 59.669189][ T6215] syz.0.1215: attempt to access beyond end of device [ 59.669189][ T6215] loop0: rw=2049, sector=401, nr_sectors = 1 limit=128 [ 59.693430][ T50] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 59.703918][ T6223] loop3: detected capacity change from 0 to 128 [ 59.720500][ T6223] ext4 filesystem being mounted at /276/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 59.856679][ T6242] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1226'. [ 59.898095][ T6244] vlan2: entered allmulticast mode [ 59.903273][ T6244] macvlan0: entered allmulticast mode [ 59.908853][ T6244] veth1_vlan: entered allmulticast mode [ 59.920893][ T6244] macvlan0: left allmulticast mode [ 59.926062][ T6244] veth1_vlan: left allmulticast mode [ 60.022846][ T6253] netlink: 'syz.1.1235': attribute type 4 has an invalid length. [ 60.053885][ T6259] netlink: 'syz.1.1237': attribute type 1 has an invalid length. [ 60.087082][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 60.108954][ T6263] netlink: 'syz.1.1239': attribute type 178 has an invalid length. [ 60.213789][ T6270] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1241'. [ 60.278173][ T6282] rdma_op ffff888114c5e980 conn xmit_rdma 0000000000000000 [ 60.324201][ T6286] loop3: detected capacity change from 0 to 764 [ 60.350277][ T6296] SELinux: failed to load policy [ 60.373212][ T6301] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1257'. [ 60.398370][ T6303] vlan0: entered allmulticast mode [ 60.403624][ T6303] macvlan0: entered allmulticast mode [ 60.409446][ T6303] veth1_vlan: entered allmulticast mode [ 60.417264][ T6303] macvlan0: left allmulticast mode [ 60.422595][ T6303] veth1_vlan: left allmulticast mode [ 60.494300][ T6319] pimreg: entered allmulticast mode [ 60.508547][ T6319] pimreg: left allmulticast mode [ 60.637412][ T6341] netlink: 140 bytes leftover after parsing attributes in process `syz.1.1276'. [ 60.691046][ T6355] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1283'. [ 60.700276][ T6355] unsupported nla_type 65024 [ 60.700863][ T6357] xt_recent: hitcount (4294967295) is larger than allowed maximum (65535) [ 60.755383][ T6359] loop0: detected capacity change from 0 to 764 [ 60.930109][ T6389] SELinux: failed to load policy [ 61.014330][ T6402] loop0: detected capacity change from 0 to 512 [ 61.097977][ T6415] netlink: 268 bytes leftover after parsing attributes in process `syz.0.1312'. [ 61.129238][ T6421] geneve2: entered promiscuous mode [ 61.134910][ T6421] geneve2: entered allmulticast mode [ 61.229925][ T6438] loop0: detected capacity change from 0 to 128 [ 61.246605][ T6440] loop2: detected capacity change from 0 to 2048 [ 61.253945][ T6440] EXT4-fs: Ignoring removed mblk_io_submit option [ 61.266693][ T6438] ext4 filesystem being mounted at /128/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 61.272645][ T6445] syzkaller1: entered promiscuous mode [ 61.304328][ T6445] syzkaller1: entered allmulticast mode [ 61.327543][ T6440] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.1323: bg 0: block 234: padding at end of block bitmap is not set [ 61.343378][ T6440] EXT4-fs (loop2): Remounting filesystem read-only [ 61.351318][ T6440] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 61.360376][ T6440] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 61.371013][ T6440] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 61.380737][ T6440] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 61.551455][ T6479] loop1: detected capacity change from 0 to 2048 [ 61.572861][ T6479] EXT4-fs: Ignoring removed mblk_io_submit option [ 61.584750][ T6487] syzkaller1: entered promiscuous mode [ 61.590309][ T6487] syzkaller1: entered allmulticast mode [ 61.623168][ T6479] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1342: bg 0: block 234: padding at end of block bitmap is not set [ 61.638007][ T6479] EXT4-fs (loop1): Remounting filesystem read-only [ 61.645936][ T6479] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 61.654931][ T6479] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 61.665030][ T6479] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 61.674958][ T6479] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 61.736809][ T6503] loop1: detected capacity change from 0 to 512 [ 61.757354][ T6503] EXT4-fs: Ignoring removed orlov option [ 61.769452][ T6503] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 61.807679][ T6503] EXT4-fs (loop1): 1 orphan inode deleted [ 61.813489][ T6503] EXT4-fs (loop1): 1 truncate cleaned up [ 61.839477][ T6503] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 61.866786][ T6515] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1366'. [ 61.921046][ T6529] netlink: 61211 bytes leftover after parsing attributes in process `syz.2.1361'. [ 61.966300][ T6532] loop3: detected capacity change from 0 to 2048 [ 61.973382][ T6532] EXT4-fs: Ignoring removed mblk_io_submit option [ 61.980594][ T6534] geneve2: entered promiscuous mode [ 61.985834][ T6534] geneve2: entered allmulticast mode [ 62.006908][ T6532] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1364: bg 0: block 234: padding at end of block bitmap is not set [ 62.025793][ T6543] loop0: detected capacity change from 0 to 512 [ 62.033291][ T6532] EXT4-fs (loop3): Remounting filesystem read-only [ 62.040757][ T6543] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 62.050447][ T6532] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 62.066789][ T6543] EXT4-fs (loop0): invalid journal inode [ 62.075245][ T6543] EXT4-fs (loop0): can't get journal size [ 62.084360][ T6532] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 62.093840][ T6543] EXT4-fs (loop0): 1 truncate cleaned up [ 62.100228][ T6532] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 62.111482][ T6532] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 62.159507][ T6554] loop4: detected capacity change from 0 to 2048 [ 62.168346][ T6558] netlink: 61211 bytes leftover after parsing attributes in process `syz.3.1378'. [ 62.297620][ T6588] loop3: detected capacity change from 0 to 1024 [ 62.304369][ T6588] EXT4-fs: Ignoring removed nomblk_io_submit option [ 62.313406][ T6588] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e854e01c, mo2=0003] [ 62.333616][ T6588] System zones: 0-1, 3-36 [ 62.385749][ T6601] loop1: detected capacity change from 0 to 512 [ 62.440279][ T6617] loop2: detected capacity change from 0 to 1024 [ 62.456052][ T6601] EXT4-fs error (device loop1): ext4_acquire_dquot:6879: comm syz.1.1398: Failed to acquire dquot type 1 [ 62.468707][ T6617] ext4 filesystem being mounted at /326/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.478773][ T6601] EXT4-fs (loop1): 1 truncate cleaned up [ 62.480641][ T6624] hsr_slave_0: left promiscuous mode [ 62.491379][ T6601] ext4 filesystem being mounted at /311/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.502064][ T6624] hsr_slave_1: left promiscuous mode [ 62.575273][ T6637] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1412'. [ 62.612602][ T6640] loop2: detected capacity change from 0 to 512 [ 62.621452][ T6640] EXT4-fs: Ignoring removed orlov option [ 62.630475][ T6640] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 62.645034][ T6644] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6644 comm=syz.3.1416 [ 62.652326][ T6640] EXT4-fs (loop2): 1 orphan inode deleted [ 62.663629][ T6640] EXT4-fs (loop2): 1 truncate cleaned up [ 62.691540][ T6640] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 62.758517][ T6654] syz.4.1420[6654] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 62.758609][ T6654] syz.4.1420[6654] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 62.772563][ T6654] syz.4.1420[6654] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 62.807261][ T6662] geneve2: entered promiscuous mode [ 62.824244][ T6662] geneve2: entered allmulticast mode [ 62.846827][ T6664] netlink: 'syz.2.1425': attribute type 3 has an invalid length. [ 62.883754][ T6670] loop2: detected capacity change from 0 to 2048 [ 62.952054][ T6683] netlink: 'syz.4.1433': attribute type 1 has an invalid length. [ 62.959933][ T6683] netlink: 71 bytes leftover after parsing attributes in process `syz.4.1433'. [ 62.980617][ T29] kauditd_printk_skb: 199 callbacks suppressed [ 62.980636][ T29] audit: type=1326 audit(1727910111.624:1688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6685 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fa22dff9 code=0x7ffc0000 [ 63.011426][ T29] audit: type=1326 audit(1727910111.654:1689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6685 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8fa22dff9 code=0x7ffc0000 [ 63.034953][ T29] audit: type=1326 audit(1727910111.654:1690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6685 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fa22dff9 code=0x7ffc0000 [ 63.058371][ T29] audit: type=1326 audit(1727910111.654:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6685 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fa22dff9 code=0x7ffc0000 [ 63.085723][ T29] audit: type=1326 audit(1727910111.724:1692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6685 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8fa22dff9 code=0x7ffc0000 [ 63.109274][ T29] audit: type=1326 audit(1727910111.724:1693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6685 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fa22dff9 code=0x7ffc0000 [ 63.132800][ T29] audit: type=1326 audit(1727910111.724:1694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6685 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fa22dff9 code=0x7ffc0000 [ 63.156464][ T29] audit: type=1326 audit(1727910111.724:1695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6685 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7ff8fa22dff9 code=0x7ffc0000 [ 63.159973][ T6695] loop4: detected capacity change from 0 to 2048 [ 63.180062][ T29] audit: type=1326 audit(1727910111.724:1696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6685 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fa22dff9 code=0x7ffc0000 [ 63.201281][ T6695] EXT4-fs: Ignoring removed mblk_io_submit option [ 63.210224][ T29] audit: type=1326 audit(1727910111.724:1697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6685 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7ff8fa22dff9 code=0x7ffc0000 [ 63.246107][ T6699] loop2: detected capacity change from 0 to 512 [ 63.253356][ T6699] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 63.262577][ T6699] EXT4-fs (loop2): invalid journal inode [ 63.271434][ T6701] loop1: detected capacity change from 0 to 2048 [ 63.280439][ T6699] EXT4-fs (loop2): can't get journal size [ 63.304629][ C1] net_ratelimit: 5 callbacks suppressed [ 63.304650][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 63.307530][ T6699] EXT4-fs (loop2): 1 truncate cleaned up [ 63.314108][ T6712] geneve2: entered promiscuous mode [ 63.328432][ T6712] geneve2: entered allmulticast mode [ 63.351702][ T6695] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1439: bg 0: block 234: padding at end of block bitmap is not set [ 63.374422][ T6695] EXT4-fs (loop4): Remounting filesystem read-only [ 63.388604][ T6695] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 63.404685][ T6695] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 63.413557][ T6695] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 63.415619][ T6720] hub 9-0:1.0: USB hub found [ 63.423600][ T6695] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 63.429843][ T6720] hub 9-0:1.0: 8 ports detected [ 63.440975][ T6718] atomic_op ffff888115761528 conn xmit_atomic 0000000000000000 [ 63.485842][ T6728] syz.1.1454[6728] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.486145][ T6728] syz.1.1454[6728] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.501146][ T6728] syz.1.1454[6728] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 63.523963][ T6732] loop4: detected capacity change from 0 to 1024 [ 63.530945][ T6731] loop2: detected capacity change from 0 to 164 [ 63.536390][ T6732] EXT4-fs: Ignoring removed nomblk_io_submit option [ 63.548545][ T6731] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 63.580428][ T6732] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e854e01c, mo2=0003] [ 63.591720][ T6732] System zones: 0-1, 3-36 [ 63.597149][ T6731] rock: corrupted directory entry. extent=41, offset=65536, size=8 [ 63.612685][ T6743] af_packet: tpacket_rcv: packet too big, clamped from 57 to 4294967272. macoff=96 [ 63.718794][ T6753] loop0: detected capacity change from 0 to 2048 [ 63.725702][ T6753] EXT4-fs: Ignoring removed mblk_io_submit option [ 63.747468][ T6756] hub 2-0:1.0: USB hub found [ 63.752142][ T6756] hub 2-0:1.0: 8 ports detected [ 63.784228][ T6753] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1463: bg 0: block 234: padding at end of block bitmap is not set [ 63.802572][ T6753] EXT4-fs (loop0): Remounting filesystem read-only [ 63.811918][ T6753] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 63.820896][ T6753] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 63.830472][ T6753] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 63.841841][ T6753] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 63.891537][ T6786] Zero length message leads to an empty skb [ 63.932610][ T6788] bond1: entered promiscuous mode [ 63.937712][ T6788] bond1: entered allmulticast mode [ 63.943301][ T6788] 8021q: adding VLAN 0 to HW filter on device bond1 [ 63.963304][ T6788] bond1 (unregistering): Released all slaves [ 63.999112][ T6801] loop3: detected capacity change from 0 to 1024 [ 64.060568][ T6813] loop2: detected capacity change from 0 to 512 [ 64.074428][ T6810] loop1: detected capacity change from 0 to 1024 [ 64.092619][ T6813] EXT4-fs error (device loop2): ext4_ext_check_inode:524: inode #3: comm syz.2.1490: pblk 20 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0) [ 64.112352][ T6813] EXT4-fs error (device loop2): ext4_quota_enable:7056: comm syz.2.1490: Bad quota inode: 3, type: 0 [ 64.124150][ T6824] tmpfs: Unknown parameter 'nr_' [ 64.130746][ T6813] EXT4-fs warning (device loop2): ext4_enable_quotas:7097: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 64.133125][ T6828] loop4: detected capacity change from 0 to 512 [ 64.145760][ T6813] EXT4-fs (loop2): mount failed [ 64.168426][ T6826] atomic_op ffff8881020a9928 conn xmit_atomic 0000000000000000 [ 64.187871][ T6828] ext4 filesystem being mounted at /287/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.291157][ T6846] vhci_hcd: USB_PORT_FEAT_LINK_STATE req not supported for USB 2.0 roothub [ 64.340643][ T6864] loop3: detected capacity change from 0 to 1024 [ 64.351844][ T6864] EXT4-fs: Ignoring removed oldalloc option [ 64.354903][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 64.357838][ T6864] EXT4-fs: Ignoring removed nobh option [ 64.375336][ T6861] @: renamed from bond0 (while UP) [ 64.434743][ T6881] loop0: detected capacity change from 0 to 512 [ 64.441363][ T6881] EXT4-fs: Ignoring removed mblk_io_submit option [ 64.466932][ T6886] loop1: detected capacity change from 0 to 128 [ 64.473466][ T6886] EXT4-fs: Ignoring removed nobh option [ 64.480886][ T6881] EXT4-fs (loop0): blocks per group (255) and clusters per group (8192) inconsistent [ 64.503774][ T6886] ext4 filesystem being mounted at /339/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 64.516746][ T6889] loop4: detected capacity change from 0 to 128 [ 64.569020][ T6889] ext4 filesystem being mounted at /291/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 64.674283][ T6916] loop0: detected capacity change from 0 to 128 [ 64.690846][ T6916] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 64.715809][ T6916] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 64.726162][ T6922] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 64.732924][ T6922] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 64.740700][ T6922] vhci_hcd vhci_hcd.0: Device attached [ 64.751262][ T6923] vhci_hcd: connection closed [ 64.751449][ T1600] vhci_hcd: stop threads [ 64.760553][ T1600] vhci_hcd: release socket [ 64.765157][ T1600] vhci_hcd: disconnect device [ 64.897796][ T6937] IPVS: Error joining to the multicast group [ 65.095287][ T6965] Cannot find add_set index 0 as target [ 65.316279][ T6978] IPv6: Can't replace route, no match found [ 65.384612][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 65.397450][ T6985] syzkaller1: entered promiscuous mode [ 65.402985][ T6985] syzkaller1: entered allmulticast mode [ 65.479335][ T6994] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 65.487652][ T6994] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 65.560276][ T6997] loop1: detected capacity change from 0 to 512 [ 65.592849][ T6997] EXT4-fs (loop1): Invalid default hash set in the superblock [ 65.609799][ T6999] loop4: detected capacity change from 0 to 2048 [ 65.639114][ T6999] EXT4-fs: Ignoring removed mblk_io_submit option [ 65.671613][ T7005] bridge0: port 4(hsr_slave_1) entered blocking state [ 65.678570][ T7005] bridge0: port 4(hsr_slave_1) entered disabled state [ 65.689209][ T6982] chnl_net:caif_netlink_parms(): no params data found [ 65.765085][ T6982] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.772283][ T6982] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.779509][ T6982] bridge_slave_0: entered allmulticast mode [ 65.786034][ T6982] bridge_slave_0: entered promiscuous mode [ 65.793067][ T6982] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.800169][ T6982] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.807359][ T6982] bridge_slave_1: entered allmulticast mode [ 65.813797][ T6982] bridge_slave_1: entered promiscuous mode [ 65.828664][ T6999] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1574: bg 0: block 234: padding at end of block bitmap is not set [ 65.849165][ T6999] EXT4-fs (loop4): Remounting filesystem read-only [ 65.858430][ T6982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.871476][ T6982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.985975][ T6982] team0: Port device team_slave_0 added [ 65.992924][ T6982] team0: Port device team_slave_1 added [ 66.012722][ T6982] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.019828][ T6982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.046239][ T6982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.087073][ T6982] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.094082][ T6982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.120273][ T6982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.154179][ T7037] Cannot find set identified by id 0 to match [ 66.175723][ T6982] hsr_slave_0: entered promiscuous mode [ 66.182471][ T6982] hsr_slave_1: entered promiscuous mode [ 66.189904][ T7040] loop1: detected capacity change from 0 to 512 [ 66.200075][ T7040] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 66.210169][ T6982] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 66.217774][ T6982] Cannot create hsr debugfs directory [ 66.248277][ T7040] EXT4-fs (loop1): 1 orphan inode deleted [ 66.254078][ T7040] EXT4-fs (loop1): 1 truncate cleaned up [ 66.271555][ T7040] EXT4-fs (loop1): shut down requested (2) [ 66.297994][ T3264] ================================================================== [ 66.306206][ T3264] BUG: KCSAN: data-race in __lru_add_drain_all / folios_put_refs [ 66.313988][ T3264] [ 66.316317][ T3264] write to 0xffff888237c2ac68 of 1 bytes by task 7050 on cpu 0: [ 66.324044][ T3264] folios_put_refs+0x26d/0x2b0 [ 66.328843][ T3264] folio_batch_move_lru+0x202/0x230 [ 66.334061][ T3264] lru_add_drain_cpu+0x7c/0x260 [ 66.338930][ T3264] lru_add_drain+0x26/0x80 [ 66.343488][ T3264] vms_clear_ptes+0xd0/0x300 [ 66.348119][ T3264] vms_complete_munmap_vmas+0x170/0x480 [ 66.353686][ T3264] mmap_region+0x8b8/0x16e0 [ 66.358200][ T3264] do_mmap+0x718/0xb60 [ 66.362276][ T3264] vm_mmap_pgoff+0x133/0x290 [ 66.367046][ T3264] ksys_mmap_pgoff+0xd0/0x330 [ 66.371731][ T3264] x64_sys_call+0x1884/0x2d60 [ 66.376616][ T3264] do_syscall_64+0xc9/0x1c0 [ 66.381215][ T3264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.387130][ T3264] [ 66.389455][ T3264] read to 0xffff888237c2ac68 of 1 bytes by task 3264 on cpu 1: [ 66.397012][ T3264] __lru_add_drain_all+0x136/0x3f0 [ 66.402154][ T3264] lru_add_drain_all+0x10/0x20 [ 66.407057][ T3264] invalidate_bdev+0x47/0x70 [ 66.411751][ T3264] ext4_put_super+0x571/0x840 [ 66.416443][ T3264] generic_shutdown_super+0xe5/0x220 [ 66.421742][ T3264] kill_block_super+0x2a/0x70 [ 66.426462][ T3264] ext4_kill_sb+0x44/0x80 [ 66.430810][ T3264] deactivate_locked_super+0x7d/0x1c0 [ 66.436215][ T3264] deactivate_super+0x9f/0xb0 [ 66.440998][ T3264] cleanup_mnt+0x268/0x2e0 [ 66.445420][ T3264] __cleanup_mnt+0x19/0x20 [ 66.450016][ T3264] task_work_run+0x13a/0x1a0 [ 66.454638][ T3264] syscall_exit_to_user_mode+0xbe/0x130 [ 66.460217][ T3264] do_syscall_64+0xd6/0x1c0 [ 66.464738][ T3264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.470732][ T3264] [ 66.473054][ T3264] value changed: 0x01 -> 0x00 [ 66.477734][ T3264] [ 66.480161][ T3264] Reported by Kernel Concurrency Sanitizer on: [ 66.486313][ T3264] CPU: 1 UID: 0 PID: 3264 Comm: syz-executor Tainted: G W 6.12.0-rc1-syzkaller-00042-gf23aa4c0761a #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 66.498660][ T3264] Tainted: [W]=WARN [ 66.502461][ T3264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 66.512702][ T3264] ================================================================== [ 66.520942][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 66.718429][ T50] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.807912][ T50] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.878493][ T50] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.960335][ T50] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.047757][ T50] bridge_slave_1: left allmulticast mode [ 67.053543][ T50] bridge_slave_1: left promiscuous mode [ 67.059521][ T50] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.067557][ T50] bridge_slave_0: left allmulticast mode [ 67.073204][ T50] bridge_slave_0: left promiscuous mode [ 67.079027][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.158102][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 67.168509][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 67.179255][ T50] bond0 (unregistering): Released all slaves [ 67.253125][ T50] hsr_slave_0: left promiscuous mode [ 67.259009][ T50] hsr_slave_1: left promiscuous mode [ 67.266167][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.273638][ T50] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 67.281565][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 67.289191][ T50] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.298406][ T50] veth1_macvtap: left promiscuous mode [ 67.303947][ T50] veth0_macvtap: left promiscuous mode [ 67.309532][ T50] veth1_vlan: left promiscuous mode [ 67.314805][ T50] veth0_vlan: left promiscuous mode [ 67.394091][ T50] team0 (unregistering): Port device team_slave_1 removed [ 67.406798][ T50] team0 (unregistering): Port device team_slave_0 removed [ 67.544798][ C1] IPVS: fo: UDP 224.0.0.2:0 - no destination available [ 67.828536][ T50] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.867650][ T50] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.948430][ T50] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.997550][ T50] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 68.047575][ T50] hsr0: left allmulticast mode [ 68.052495][ T50] hsr_slave_0: left allmulticast mode [ 68.057902][ T50] hsr_slave_1: left allmulticast mode [ 68.063375][ T50] hsr0: left promiscuous mode [ 68.068197][ T50] bridge0: port 3(hsr0) entered disabled state [ 68.075149][ T50] bridge_slave_1: left allmulticast mode [ 68.080855][ T50] bridge_slave_1: left promiscuous mode [ 68.086601][ T50] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.094293][ T50] bridge_slave_0: left allmulticast mode [ 68.100003][ T50] bridge_slave_0: left promiscuous mode [ 68.105739][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.114068][ T50] bridge_slave_1: left allmulticast mode [ 68.119787][ T50] bridge_slave_1: left promiscuous mode [ 68.125629][ T50] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.133861][ T50] bridge_slave_0: left allmulticast mode [ 68.139714][ T50] bridge_slave_0: left promiscuous mode [ 68.145575][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.276984][ T50] @ (unregistering): (slave bond_slave_0): Releasing backup interface [ 68.286971][ T50] @ (unregistering): (slave bond_slave_1): Releasing backup interface [ 68.296765][ T50] @ (unregistering): Released all slaves [ 68.305062][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 68.315012][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 68.324787][ T50] bond0 (unregistering): Released all slaves [ 68.366288][ T50] tipc: Disabling bearer [ 68.371283][ T50] tipc: Left network mode [ 68.377200][ T50] IPVS: stopping master sync thread 5826 ... [ 68.414843][ T50] hsr_slave_0: left promiscuous mode [ 68.420565][ T50] hsr_slave_1: left promiscuous mode [ 68.427826][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 68.435379][ T50] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 68.442926][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 68.450347][ T50] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 68.457980][ T50] hsr_slave_0: left promiscuous mode [ 68.463774][ T50] hsr_slave_1: left promiscuous mode [ 68.469482][ T50] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 68.477135][ T50] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 68.486666][ T50] veth1_macvtap: left promiscuous mode [ 68.492178][ T50] veth0_macvtap: left promiscuous mode [ 68.497694][ T50] veth1_vlan: left promiscuous mode [ 68.503019][ T50] veth0_vlan: left promiscuous mode [ 68.586806][ T50] team0 (unregistering): Port device team_slave_1 removed [ 68.596958][ T50] team0 (unregistering): Port device team_slave_0 removed [ 68.649048][ T50] team0 (unregistering): Port device team_slave_1 removed [ 68.659310][ T50] team0 (unregistering): Port device team_slave_0 removed [ 69.140065][ T50] IPVS: stop unused estimator thread 0...