last executing test programs: 2.08832585s ago: executing program 4 (id=1945): perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8a}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000c}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) io_uring_setup(0x1e2b, &(0x7f0000004bc0)={0x0, 0xb07b, 0x42, 0x2, 0x3b5}) 2.054576221s ago: executing program 4 (id=1938): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0xe4) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f00000004c0)=""/66, 0x42) getdents(r1, 0xfffffffffffffffd, 0xbb) 2.025090801s ago: executing program 4 (id=1940): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x7, 0x4, 0x8, 0xd9}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0x1}, 0x18) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e) mount$9p_tcp(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x801, &(0x7f0000000740)=ANY=[@ANYBLOB='trans=tcp']) 1.983515882s ago: executing program 4 (id=1952): r0 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r2}, 0x18) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000380)='asymmetric\x00', &(0x7f00000003c0)) add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, r0) 1.952854872s ago: executing program 4 (id=1944): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES16, @ANYBLOB="0000000000000000b705"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f68737200000000140001"], 0xfc}}, 0x0) 1.880173734s ago: executing program 4 (id=1948): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020641700000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_connect(0x2, 0x64, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x5, 0x2, 0x0, 0x70bd2d, 0x25dfdbfe}, 0x10}}, 0x4) 1.02769603s ago: executing program 3 (id=1988): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0700000004000000800000000e00000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x18) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000140)='./file2\x00') 702.406547ms ago: executing program 1 (id=2008): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0xfe, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2, 0x4}}}}}}, 0x0) 658.355307ms ago: executing program 1 (id=2000): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000a80)='kfree\x00', r3}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0xc4, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0xb0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x3, r2}}]}, {0x4, 0xa}, {0xc}, {0xffac, 0x8, {0x0, 0x2}}}}, @m_mpls={0x5c, 0x2, 0x0, 0x0, {{0x9}, {0x30}, {0x4}, {0xc}, {0xc}}}]}]}, 0xc4}}, 0x0) 552.399989ms ago: executing program 3 (id=2001): r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) fcntl$setlease(r0, 0x400, 0x1) fremovexattr(r0, &(0x7f0000000040)=@known='system.posix_acl_default\x00') 552.126499ms ago: executing program 1 (id=2002): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) sendmmsg$inet(r1, &(0x7f00000039c0)=[{{&(0x7f0000000800)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r1, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0) recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000cc0)=""/4096, 0x1000}], 0x1}, 0x40) 526.55686ms ago: executing program 1 (id=2005): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}, {@debug}, {@noload}, {@jqfmt_vfsv1}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@usrjquota}]}, 0xfe, 0x46c, &(0x7f0000000940)="$eJzs3M1vFOUfAPDvTF94+/FrRXwBQapoJL60tLzIwYtGEw6amOgB46m2hVQWamhNhBCtHvBoSLwb/wvjSS9GvWjiVe+GhBguoF7WzM4MLMtu2aXbLrCfTzLd55l5us/znZln95l5djeAvjWW/Uki/hcRv0fESJ69ucBY/nDtyvmZv6+cn0miWn3rr6RW7uqV8zNl0fL/tuSZarXIb2hS74V3I6YrlbkzRX5i6dQHE4tnz70wf2r6xNyJudNTR44cPLB7+PDUoa7EmcV1defHC7t2HH3n4hszxy6+91OSRh53NMTRLWP53m3q6W5X1mNb69LJYP2WPb/cSDc7E+ilgYjIDtdQrf+PxEBsur5tJF77rKeNA9ZUtVqtrvCqvFwF7mNJ9LoFQG+Ub/TZ9W+5rNPQ465w+eX8AiiL+1qx5FsGI80Te4Yarm+7aSwiji3/81W2xBrdhwAAqPddNv55vtn4L42H88Rw9uf/xRzKaEQ8EBHbIuLBiNgeEQ9F1Mo+EhGPdlh/4wzJreOf9NIdB9eGbPz3UjG3dfP4Ly2LjA4Uua21+IeS4/OVuf3FPtkXQxuOzydzkyvU8f2rv33Ralv9+C9bsvrLsWDRjkuDDTfoZqeXplcTc73Ln0bsHGwWfxLlNE4SETsiYucd1jH/7GDLbbePfwWtn7Zt1a8jnsmP/3I0xF9KWs5PTr54eOrQxMaozO2fKM+KW/3864U3W9W/qvi7IDv+m5ue/9fjH002RiyePXeyNl+72HkdF/74vOU1TYfn/9Gtxfk/nLxdWzFcbPhoemnpzGTEcPL6reunbjxbmS/LZ/Hv29u8/2+LG3visYjYFRG7I+Lx7KKwaPsTEfFkROxdIf4fX3nq/c7jX5+50iz+2dsd/6g//p0nBk7+8O3t498YEa2O/8Faal+xpp3Xv3YbuJp9BwAAAPeK/DPwSTp+PZ2m4+P5Z/i3x+a0srC49NzxhQ9Pz+aflR+NobS80zVSdz90srg3XOanGvIHivvGXw5squXHZxYqs70OHvrclhb9P/PnQK9bB6y5LsyjAfco/R/6l/4P/SnR/6Gv6f/Qv5r1/09alh7/Zk0bA6wr7//Qv9ro/8v5Q+tRAXBv8v4P/Uv/h77U8rvx6aq+8r/uiX+L3zO8W9pz/ycivSuacf8nBtv+MYsOEtWRvP9nazY0LdPrVyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDu+C8AAP//F0nluw==") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) close(0xffffffffffffffff) chdir(&(0x7f0000000040)='./file0\x00') mkdir(&(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x92) 477.880531ms ago: executing program 3 (id=2007): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000100018010000696c6c2500000000002020207b1af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x27, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6ff}, 0x94) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 475.142201ms ago: executing program 1 (id=2009): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) fsopen(0x0, 0x0) mount_setattr(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x8800, &(0x7f0000000080)={0x5}, 0x20) 421.956342ms ago: executing program 2 (id=2010): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0700000004000000800000000400000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000700000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kmem_cache_free\x00', r1}, 0x18) openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) mremap(&(0x7f000008f000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000486000/0x1000)=nil) 380.491163ms ago: executing program 2 (id=2020): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) ioprio_set$pid(0x3, 0x0, 0x0) r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 379.955903ms ago: executing program 1 (id=2012): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xe, 0xb}}}, 0x24}}, 0x800) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000400)={r2, @in6={{0xa, 0x4e20, 0xffffffff, @private2, 0xffffffff}}}, 0x90) 379.876663ms ago: executing program 3 (id=2013): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) preadv(0xffffffffffffffff, &(0x7f00000013c0)=[{&(0x7f0000000000)=""/152, 0x98}], 0x1, 0x8cbf, 0x60) r1 = socket$netlink(0x10, 0x3, 0x2) preadv(r0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/122, 0x6}], 0x3e8, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 299.152494ms ago: executing program 3 (id=2016): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x6, 0x8, 0x8, 0x40}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f0000000500), 0xce, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x48) 263.905265ms ago: executing program 2 (id=2018): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r1}, 0x10) socketpair(0xb, 0x6, 0x0, &(0x7f00000002c0)) 210.952396ms ago: executing program 3 (id=2021): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000009c0)="3bf58d7d45d32cfe1da7", 0xa) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 192.019016ms ago: executing program 2 (id=2024): socket$packet(0x11, 0x2, 0x300) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 126.781228ms ago: executing program 0 (id=2026): prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='+}[@\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='kmem_cache_free\x00', r0, 0x0, 0x7}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) utimensat(r1, 0x0, 0x0, 0x0) 126.677868ms ago: executing program 2 (id=2027): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x20280, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000080)=0x14) unshare(0x62040200) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80081}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x2}, 0x18) close(r0) 126.300667ms ago: executing program 0 (id=2028): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) openat(r2, &(0x7f00000000c0)='./file0\x00', 0x6a1c2, 0x50) faccessat(r2, &(0x7f0000000000)='./file0\x00', 0x5) 88.421338ms ago: executing program 0 (id=2029): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) preadv(0xffffffffffffffff, &(0x7f00000013c0)=[{&(0x7f0000000000)=""/152, 0x98}], 0x1, 0x8cbf, 0x60) r1 = socket$netlink(0x10, 0x3, 0x2) preadv(r0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/122, 0x6}], 0x3e8, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 50.636939ms ago: executing program 0 (id=2030): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) sendmmsg$inet(r1, &(0x7f00000039c0)=[{{&(0x7f0000000800)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r1, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0) recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000cc0)=""/4096, 0x1000}], 0x1}, 0x40) 28.369289ms ago: executing program 0 (id=2031): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}, {@debug}, {@noload}, {@jqfmt_vfsv1}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@usrjquota}]}, 0xfe, 0x46c, &(0x7f0000000940)="$eJzs3M1vFOUfAPDvTF94+/FrRXwBQapoJL60tLzIwYtGEw6amOgB46m2hVQWamhNhBCtHvBoSLwb/wvjSS9GvWjiVe+GhBguoF7WzM4MLMtu2aXbLrCfTzLd55l5us/znZln95l5djeAvjWW/Uki/hcRv0fESJ69ucBY/nDtyvmZv6+cn0miWn3rr6RW7uqV8zNl0fL/tuSZarXIb2hS74V3I6YrlbkzRX5i6dQHE4tnz70wf2r6xNyJudNTR44cPLB7+PDUoa7EmcV1defHC7t2HH3n4hszxy6+91OSRh53NMTRLWP53m3q6W5X1mNb69LJYP2WPb/cSDc7E+ilgYjIDtdQrf+PxEBsur5tJF77rKeNA9ZUtVqtrvCqvFwF7mNJ9LoFQG+Ub/TZ9W+5rNPQ465w+eX8AiiL+1qx5FsGI80Te4Yarm+7aSwiji3/81W2xBrdhwAAqPddNv55vtn4L42H88Rw9uf/xRzKaEQ8EBHbIuLBiNgeEQ9F1Mo+EhGPdlh/4wzJreOf9NIdB9eGbPz3UjG3dfP4Ly2LjA4Uua21+IeS4/OVuf3FPtkXQxuOzydzkyvU8f2rv33Ralv9+C9bsvrLsWDRjkuDDTfoZqeXplcTc73Ln0bsHGwWfxLlNE4SETsiYucd1jH/7GDLbbePfwWtn7Zt1a8jnsmP/3I0xF9KWs5PTr54eOrQxMaozO2fKM+KW/3864U3W9W/qvi7IDv+m5ue/9fjH002RiyePXeyNl+72HkdF/74vOU1TYfn/9Gtxfk/nLxdWzFcbPhoemnpzGTEcPL6reunbjxbmS/LZ/Hv29u8/2+LG3visYjYFRG7I+Lx7KKwaPsTEfFkROxdIf4fX3nq/c7jX5+50iz+2dsd/6g//p0nBk7+8O3t498YEa2O/8Faal+xpp3Xv3YbuJp9BwAAAPeK/DPwSTp+PZ2m4+P5Z/i3x+a0srC49NzxhQ9Pz+aflR+NobS80zVSdz90srg3XOanGvIHivvGXw5squXHZxYqs70OHvrclhb9P/PnQK9bB6y5LsyjAfco/R/6l/4P/SnR/6Gv6f/Qv5r1/09alh7/Zk0bA6wr7//Qv9ro/8v5Q+tRAXBv8v4P/Uv/h77U8rvx6aq+8r/uiX+L3zO8W9pz/ycivSuacf8nBtv+MYsOEtWRvP9nazY0LdPrVyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDu+C8AAP//F0nluw==") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) close(0xffffffffffffffff) chdir(&(0x7f0000000040)='./file0\x00') mkdir(&(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x92) 435.8µs ago: executing program 0 (id=2032): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r1}, 0x10) socketpair(0xb, 0x6, 0x0, &(0x7f00000002c0)) 0s ago: executing program 2 (id=2042): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='signal_generate\x00', r0}, 0x10) timer_create(0x2, 0x0, &(0x7f0000000540)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f138d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade5b175c0a9b2ce9", 0x55}], 0x1}, 0x4000000) kernel console output (not intermixed with test programs): sc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 33.858239][ T29] audit: type=1400 audit(1757149670.108:70): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 33.875264][ T3295] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 33.881537][ T29] audit: type=1400 audit(1757149670.188:71): avc: denied { relabelto } for pid=3297 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 35.378030][ T3307] chnl_net:caif_netlink_parms(): no params data found [ 35.392163][ T3305] chnl_net:caif_netlink_parms(): no params data found [ 35.436252][ T3314] chnl_net:caif_netlink_parms(): no params data found [ 35.476528][ T3304] chnl_net:caif_netlink_parms(): no params data found [ 35.487565][ T3313] chnl_net:caif_netlink_parms(): no params data found [ 35.517003][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.524136][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.531317][ T3305] bridge_slave_0: entered allmulticast mode [ 35.537935][ T3305] bridge_slave_0: entered promiscuous mode [ 35.547067][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.554142][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.561290][ T3305] bridge_slave_1: entered allmulticast mode [ 35.567689][ T3305] bridge_slave_1: entered promiscuous mode [ 35.603252][ T3307] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.610458][ T3307] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.618093][ T3307] bridge_slave_0: entered allmulticast mode [ 35.624549][ T3307] bridge_slave_0: entered promiscuous mode [ 35.643038][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.655655][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.664838][ T3307] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.671912][ T3307] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.679031][ T3307] bridge_slave_1: entered allmulticast mode [ 35.685505][ T3307] bridge_slave_1: entered promiscuous mode [ 35.730091][ T3305] team0: Port device team_slave_0 added [ 35.736593][ T3305] team0: Port device team_slave_1 added [ 35.743632][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.752805][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.759872][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.767161][ T3314] bridge_slave_0: entered allmulticast mode [ 35.773446][ T3314] bridge_slave_0: entered promiscuous mode [ 35.780224][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.787397][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.794604][ T3314] bridge_slave_1: entered allmulticast mode [ 35.801154][ T3314] bridge_slave_1: entered promiscuous mode [ 35.833702][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.853240][ T3304] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.860368][ T3304] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.867655][ T3304] bridge_slave_0: entered allmulticast mode [ 35.874120][ T3304] bridge_slave_0: entered promiscuous mode [ 35.880534][ T3313] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.887659][ T3313] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.895001][ T3313] bridge_slave_0: entered allmulticast mode [ 35.901523][ T3313] bridge_slave_0: entered promiscuous mode [ 35.917721][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.924708][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.950690][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.962206][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.969186][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.995138][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.010693][ T3304] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.017797][ T3304] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.026117][ T3304] bridge_slave_1: entered allmulticast mode [ 36.032595][ T3304] bridge_slave_1: entered promiscuous mode [ 36.039169][ T3313] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.046272][ T3313] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.053488][ T3313] bridge_slave_1: entered allmulticast mode [ 36.059922][ T3313] bridge_slave_1: entered promiscuous mode [ 36.066934][ T3307] team0: Port device team_slave_0 added [ 36.073764][ T3307] team0: Port device team_slave_1 added [ 36.083771][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.115496][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.138921][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.145975][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.171931][ T3307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.187948][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.203465][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.217630][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.224651][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.250583][ T3307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.262440][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.272333][ T3314] team0: Port device team_slave_0 added [ 36.279055][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.288815][ T3314] team0: Port device team_slave_1 added [ 36.296887][ T3305] hsr_slave_0: entered promiscuous mode [ 36.302844][ T3305] hsr_slave_1: entered promiscuous mode [ 36.342404][ T3304] team0: Port device team_slave_0 added [ 36.354531][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.361714][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.387797][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.399356][ T3313] team0: Port device team_slave_0 added [ 36.405884][ T3304] team0: Port device team_slave_1 added [ 36.424458][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.431515][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.457468][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.476740][ T3313] team0: Port device team_slave_1 added [ 36.495002][ T3307] hsr_slave_0: entered promiscuous mode [ 36.500950][ T3307] hsr_slave_1: entered promiscuous mode [ 36.506821][ T3307] debugfs: 'hsr0' already exists in 'hsr' [ 36.512638][ T3307] Cannot create hsr debugfs directory [ 36.550128][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.557228][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.583204][ T3313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.594171][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.601110][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.627083][ T3304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.640590][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.647655][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.673591][ T3304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.691477][ T3314] hsr_slave_0: entered promiscuous mode [ 36.697552][ T3314] hsr_slave_1: entered promiscuous mode [ 36.703531][ T3314] debugfs: 'hsr0' already exists in 'hsr' [ 36.709257][ T3314] Cannot create hsr debugfs directory [ 36.715016][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.722025][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.747925][ T3313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.808087][ T3304] hsr_slave_0: entered promiscuous mode [ 36.814160][ T3304] hsr_slave_1: entered promiscuous mode [ 36.819930][ T3304] debugfs: 'hsr0' already exists in 'hsr' [ 36.825713][ T3304] Cannot create hsr debugfs directory [ 36.860451][ T3313] hsr_slave_0: entered promiscuous mode [ 36.866548][ T3313] hsr_slave_1: entered promiscuous mode [ 36.872574][ T3313] debugfs: 'hsr0' already exists in 'hsr' [ 36.878305][ T3313] Cannot create hsr debugfs directory [ 36.997215][ T3305] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 37.006335][ T3305] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 37.020503][ T3305] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 37.042624][ T3305] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 37.075388][ T3307] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.085331][ T3307] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.103268][ T3307] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 37.112063][ T3307] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.130702][ T3314] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 37.145283][ T3314] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 37.155373][ T3314] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 37.176159][ T3314] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 37.200763][ T3304] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 37.218460][ T3304] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 37.227558][ T3304] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 37.236855][ T3304] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 37.266125][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.290494][ T3313] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 37.300204][ T3313] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 37.309611][ T3313] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 37.320635][ T3313] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 37.335985][ T3305] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.360240][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.369604][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.376765][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.394621][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.401709][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.427854][ T3307] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.455787][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.462890][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.477263][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.494541][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.501655][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.525378][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.550530][ T3307] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.567669][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.575816][ T3314] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.586479][ T2659] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.593586][ T2659] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.605270][ T3304] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.616848][ T2659] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.623933][ T2659] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.641277][ T3313] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.652281][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.659353][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.676595][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.683716][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.698567][ T2659] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.705679][ T2659] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.717855][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.724961][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.735679][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.764226][ T3307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.784435][ T3304] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 37.794898][ T3304] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.825340][ T3313] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.930172][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.958272][ T3305] veth0_vlan: entered promiscuous mode [ 37.966311][ T3305] veth1_vlan: entered promiscuous mode [ 37.989514][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.998101][ T3304] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.033077][ T3307] veth0_vlan: entered promiscuous mode [ 38.047950][ T3305] veth0_macvtap: entered promiscuous mode [ 38.061554][ T3305] veth1_macvtap: entered promiscuous mode [ 38.079160][ T3307] veth1_vlan: entered promiscuous mode [ 38.110684][ T3307] veth0_macvtap: entered promiscuous mode [ 38.119783][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.134556][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.144479][ T3307] veth1_macvtap: entered promiscuous mode [ 38.171860][ T2659] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.184183][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.197915][ T2659] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.208454][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.224290][ T2659] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.236791][ T3314] veth0_vlan: entered promiscuous mode [ 38.247552][ T3313] veth0_vlan: entered promiscuous mode [ 38.265164][ T2659] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.279800][ T3304] veth0_vlan: entered promiscuous mode [ 38.287947][ T3313] veth1_vlan: entered promiscuous mode [ 38.288131][ T3305] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 38.295554][ T3314] veth1_vlan: entered promiscuous mode [ 38.314292][ T2659] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.326464][ T2659] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.355210][ T2659] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.374006][ T2659] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.394850][ T3304] veth1_vlan: entered promiscuous mode [ 38.414278][ T3313] veth0_macvtap: entered promiscuous mode [ 38.421401][ T3313] veth1_macvtap: entered promiscuous mode [ 38.436829][ T3314] veth0_macvtap: entered promiscuous mode [ 38.455631][ T3304] veth0_macvtap: entered promiscuous mode [ 38.468315][ T3314] veth1_macvtap: entered promiscuous mode [ 38.486926][ T3304] veth1_macvtap: entered promiscuous mode [ 38.502574][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.519942][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.530265][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.543297][ T29] kauditd_printk_skb: 32 callbacks suppressed [ 38.543337][ T29] audit: type=1400 audit(1757149674.888:104): avc: denied { create } for pid=3480 comm="syz.2.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 38.545708][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.549478][ T29] audit: type=1400 audit(1757149674.898:105): avc: denied { write } for pid=3480 comm="syz.2.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 38.571620][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.622051][ T293] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.634389][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.645662][ T293] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.665990][ T29] audit: type=1400 audit(1757149675.018:106): avc: denied { create } for pid=3482 comm="syz.2.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 38.699370][ T293] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.710394][ T3484] netlink: 'syz.2.10': attribute type 6 has an invalid length. [ 38.718472][ T29] audit: type=1400 audit(1757149675.048:107): avc: denied { ioctl } for pid=3482 comm="syz.2.10" path="socket:[4795]" dev="sockfs" ino=4795 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 38.742870][ T29] audit: type=1400 audit(1757149675.058:108): avc: denied { create } for pid=3482 comm="syz.2.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 38.762943][ T29] audit: type=1400 audit(1757149675.058:109): avc: denied { write } for pid=3482 comm="syz.2.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 38.788794][ T293] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.803040][ T2659] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.815684][ T29] audit: type=1400 audit(1757149675.068:110): avc: denied { watch watch_reads } for pid=3483 comm="syz.0.9" path="/1" dev="tmpfs" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 38.847743][ T2659] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.867206][ T2659] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.906497][ T2659] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.911994][ T29] audit: type=1400 audit(1757149675.208:111): avc: denied { kexec_image_load } for pid=3489 comm="syz.0.11" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 38.958973][ T2659] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.979728][ T2659] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.993798][ T2659] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.004620][ T2659] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.014453][ T3500] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 39.149466][ T3507] usb usb1: usbfs: process 3507 (syz.3.16) did not claim interface 4 before use [ 39.173559][ T29] audit: type=1326 audit(1757149675.268:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3493 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aec30ebe9 code=0x7ffc0000 [ 39.196944][ T29] audit: type=1326 audit(1757149675.268:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3493 comm="syz.2.12" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aec30ebe9 code=0x7ffc0000 [ 39.244048][ T3509] loop1: detected capacity change from 0 to 4096 [ 39.257871][ T3509] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 39.352055][ T3509] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.381169][ T3515] sctp: [Deprecated]: syz.2.18 (pid 3515) Use of struct sctp_assoc_value in delayed_ack socket option. [ 39.381169][ T3515] Use struct sctp_sack_info instead [ 39.413231][ T3509] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.459584][ T3518] netlink: 24 bytes leftover after parsing attributes in process `syz.3.20'. [ 39.560396][ T3522] netlink: 'syz.3.22': attribute type 10 has an invalid length. [ 39.568311][ T3522] netlink: 40 bytes leftover after parsing attributes in process `syz.3.22'. [ 39.601084][ T3524] loop2: detected capacity change from 0 to 128 [ 39.627570][ T3524] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 39.637008][ T3522] dummy0: entered promiscuous mode [ 39.644687][ T3522] bridge0: port 3(dummy0) entered blocking state [ 39.651268][ T3522] bridge0: port 3(dummy0) entered disabled state [ 39.675113][ T3522] dummy0: entered allmulticast mode [ 39.757309][ T3522] bridge0: port 3(dummy0) entered blocking state [ 39.763802][ T3522] bridge0: port 3(dummy0) entered forwarding state [ 39.988458][ T3490] kexec: Could not allocate swap buffer [ 40.006321][ T3529] loop4: detected capacity change from 0 to 2048 [ 40.015093][ T3529] EXT4-fs: inline encryption not supported [ 40.082775][ T3529] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.171390][ T3529] EXT4-fs error (device loop4): ext4_ext_precache:632: inode #2: comm syz.4.25: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 40.286266][ T3546] loop2: detected capacity change from 0 to 1024 [ 40.293637][ T3546] ======================================================= [ 40.293637][ T3546] WARNING: The mand mount option has been deprecated and [ 40.293637][ T3546] and is ignored by this kernel. Remove the mand [ 40.293637][ T3546] option from the mount to silence this warning. [ 40.293637][ T3546] ======================================================= [ 40.331047][ T3546] EXT4-fs: Ignoring removed mblk_io_submit option [ 40.341083][ T3546] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 40.351790][ T3546] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 40.356450][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.368920][ T3550] debugfs: 'ttyS3' already exists in 'caif_serial' [ 40.380125][ T3546] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #11: comm syz.2.31: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 40.408905][ T3546] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.31: couldn't read orphan inode 11 (err -117) [ 40.492120][ T3546] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.513025][ T3559] loop0: detected capacity change from 0 to 128 [ 40.546995][ T3546] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.31: Invalid block bitmap block 0 in block_group 0 [ 40.574025][ T3546] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.31: Failed to acquire dquot type 0 [ 40.587885][ T3546] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 40.596869][ T3546] syz.2.31 (3546) used greatest stack depth: 10400 bytes left [ 40.608530][ T3559] syz.0.36: attempt to access beyond end of device [ 40.608530][ T3559] loop0: rw=2049, sector=154, nr_sectors = 72 limit=128 [ 40.634618][ T3559] syz.0.36: attempt to access beyond end of device [ 40.634618][ T3559] loop0: rw=2049, sector=226, nr_sectors = 8 limit=128 [ 40.648635][ T3559] syz.0.36: attempt to access beyond end of device [ 40.648635][ T3559] loop0: rw=2049, sector=232, nr_sectors = 2 limit=128 [ 40.649927][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.661994][ T3559] Buffer I/O error on dev loop0, logical block 116, lost async page write [ 40.692297][ T3559] syz.0.36: attempt to access beyond end of device [ 40.692297][ T3559] loop0: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 40.713749][ T3559] syz.0.36: attempt to access beyond end of device [ 40.713749][ T3559] loop0: rw=2049, sector=144, nr_sectors = 2 limit=128 [ 40.727038][ T3559] Buffer I/O error on dev loop0, logical block 72, lost async page write [ 40.736048][ T3566] loop4: detected capacity change from 0 to 164 [ 40.774358][ T3566] Unable to read rock-ridge attributes [ 40.777207][ T3559] syz.0.36: attempt to access beyond end of device [ 40.777207][ T3559] loop0: rw=2049, sector=146, nr_sectors = 8 limit=128 [ 40.808371][ T3566] Unable to read rock-ridge attributes [ 40.828186][ T3573] SELinux: ebitmap: truncated map [ 40.838942][ T3573] SELinux: failed to load policy [ 40.844342][ T3575] SELinux: Context Ü is not valid (left unmapped). [ 40.851011][ T3559] syz.0.36: attempt to access beyond end of device [ 40.851011][ T3559] loop0: rw=2049, sector=152, nr_sectors = 2 limit=128 [ 40.864309][ T3559] Buffer I/O error on dev loop0, logical block 76, lost async page write [ 40.918110][ T3559] syz.0.36: attempt to access beyond end of device [ 40.918110][ T3559] loop0: rw=2049, sector=234, nr_sectors = 8 limit=128 [ 40.949690][ T3559] syz.0.36: attempt to access beyond end of device [ 40.949690][ T3559] loop0: rw=2049, sector=240, nr_sectors = 2 limit=128 [ 40.964394][ T3559] Buffer I/O error on dev loop0, logical block 120, lost async page write [ 40.980013][ T3559] syz.0.36: attempt to access beyond end of device [ 40.980013][ T3559] loop0: rw=2049, sector=242, nr_sectors = 8 limit=128 [ 40.994276][ T3559] Buffer I/O error on dev loop0, logical block 124, lost async page write [ 41.028179][ T3586] loop3: detected capacity change from 0 to 8192 [ 41.173754][ T3613] loop2: detected capacity change from 0 to 128 [ 41.180511][ T3613] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 41.194347][ T3613] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 41.380357][ T3627] netlink: 340 bytes leftover after parsing attributes in process `syz.0.61'. [ 41.453095][ T3635] loop2: detected capacity change from 0 to 1024 [ 41.460923][ T3635] EXT4-fs: Ignoring removed bh option [ 41.479366][ T3635] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 41.499752][ T3635] EXT4-fs error (device loop2): ext4_quota_enable:7128: comm syz.2.66: inode #2304: comm syz.2.66: iget: illegal inode # [ 41.528512][ T3635] EXT4-fs (loop2): Remounting filesystem read-only [ 41.535135][ T3635] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix. [ 41.556435][ T3647] loop0: detected capacity change from 0 to 512 [ 41.571064][ T3647] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 41.584395][ T3647] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 41.607049][ T3635] EXT4-fs (loop2): mount failed [ 41.648835][ T3647] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 41.664197][ T3647] EXT4-fs (loop0): 1 truncate cleaned up [ 41.670329][ T3647] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.739626][ T3653] netlink: 'syz.3.71': attribute type 1 has an invalid length. [ 41.747353][ T3653] netlink: 'syz.3.71': attribute type 6 has an invalid length. [ 41.754945][ T3653] netlink: 'syz.3.71': attribute type 3 has an invalid length. [ 41.762577][ T3653] netlink: 24 bytes leftover after parsing attributes in process `syz.3.71'. [ 41.811118][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.940745][ T3675] loop3: detected capacity change from 0 to 128 [ 42.116173][ T3687] loop1: detected capacity change from 0 to 512 [ 42.138085][ T3687] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 42.156437][ T3687] EXT4-fs (loop1): mount failed [ 42.369834][ T3702] SELinux: failed to load policy [ 42.527015][ T3710] loop3: detected capacity change from 0 to 512 [ 42.543101][ T3710] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 42.574598][ T3710] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 42.586438][ T3710] EXT4-fs (loop3): 1 truncate cleaned up [ 42.592780][ T3710] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.608388][ T3710] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.812375][ T3735] netlink: 12 bytes leftover after parsing attributes in process `+}[@'. [ 42.838824][ T12] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 42.843129][ T3735] netlink: 12 bytes leftover after parsing attributes in process `+}[@'. [ 42.913170][ T3735] netlink: 12 bytes leftover after parsing attributes in process `+}[@'. [ 43.040694][ T3673] syz.0.81 (3673) used greatest stack depth: 7528 bytes left [ 43.346464][ T3757] capability: warning: `syz.4.111' uses 32-bit capabilities (legacy support in use) [ 43.473419][ T3767] loop2: detected capacity change from 0 to 8192 [ 43.564173][ T3777] IPv6: Can't replace route, no match found [ 43.666583][ T29] kauditd_printk_skb: 223 callbacks suppressed [ 43.666661][ T29] audit: type=1400 audit(1757149680.018:332): avc: denied { write } for pid=3784 comm="syz.3.124" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 44.211224][ T3781] Set syz1 is full, maxelem 65536 reached [ 44.234364][ T3801] ref_ctr_offset mismatch. inode: 0x7a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 44.330142][ T3813] loop3: detected capacity change from 0 to 1024 [ 44.357066][ T3813] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.430246][ T3821] netlink: 100 bytes leftover after parsing attributes in process `syz.2.142'. [ 44.464170][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.505298][ T29] audit: type=1326 audit(1757149680.858:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3826 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 44.528585][ T29] audit: type=1326 audit(1757149680.858:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3826 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 44.552248][ T29] audit: type=1326 audit(1757149680.858:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3826 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 44.562600][ T3832] loop4: detected capacity change from 0 to 164 [ 44.575533][ T29] audit: type=1326 audit(1757149680.858:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3826 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 44.605200][ T29] audit: type=1326 audit(1757149680.858:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3826 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 44.628536][ T29] audit: type=1326 audit(1757149680.858:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3826 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 44.651882][ T29] audit: type=1326 audit(1757149680.858:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3826 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 44.675227][ T29] audit: type=1326 audit(1757149680.858:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3826 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 44.683916][ T3832] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 44.743563][ T29] audit: type=1326 audit(1757149680.858:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3826 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 44.806962][ T3832] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 45.027462][ T3868] loop4: detected capacity change from 0 to 128 [ 45.029227][ T3856] syzkaller0: entered promiscuous mode [ 45.039427][ T3856] syzkaller0: entered allmulticast mode [ 45.073102][ T3868] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 45.102750][ T3868] System zones: 1-3, 19-19, 35-36 [ 45.125051][ T3868] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 45.137869][ T3868] ext4 filesystem being mounted at /26/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 45.177602][ T3875] netlink: 256 bytes leftover after parsing attributes in process `syz.3.165'. [ 45.188460][ T3313] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 45.222285][ T3877] netlink: 32 bytes leftover after parsing attributes in process `syz.0.167'. [ 45.391834][ T3905] netlink: 92 bytes leftover after parsing attributes in process `syz.4.176'. [ 45.400794][ T3905] netem: unknown loss type 0 [ 45.405441][ T3905] netem: change failed [ 45.484724][ T3893] netlink: 24 bytes leftover after parsing attributes in process `syz.1.172'. [ 45.620391][ T1035] IPVS: starting estimator thread 0... [ 45.699817][ T3942] netlink: 256 bytes leftover after parsing attributes in process `syz.0.194'. [ 45.711662][ T3934] IPVS: using max 2448 ests per chain, 122400 per kthread [ 45.734821][ T3951] program syz.2.197 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 45.768665][ T3955] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125 [ 45.807234][ T3957] hub 9-0:1.0: USB hub found [ 45.815694][ T3957] hub 9-0:1.0: 8 ports detected [ 45.907785][ T3966] bond1: entered promiscuous mode [ 45.913067][ T3966] bond1: entered allmulticast mode [ 45.926268][ T3966] 8021q: adding VLAN 0 to HW filter on device bond1 [ 45.936697][ T3966] bond1 (unregistering): Released all slaves [ 46.153571][ T3992] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 46.178017][ T3995] loop2: detected capacity change from 0 to 512 [ 46.187039][ T3995] EXT4-fs: Ignoring removed orlov option [ 46.213070][ T3995] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.225687][ T3995] ext4 filesystem being mounted at /66/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 46.281739][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.312308][ T4006] loop2: detected capacity change from 0 to 164 [ 46.319262][ T4006] iso9660: Unknown parameter '18446744073709551615ã)-Çô껑¡Bè' [ 46.644210][ T4026] netlink: 4 bytes leftover after parsing attributes in process `syz.3.228'. [ 47.320752][ T4033] syz.3.230 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 47.334834][ T4033] CPU: 0 UID: 0 PID: 4033 Comm: syz.3.230 Not tainted syzkaller #0 PREEMPT(voluntary) [ 47.334869][ T4033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 47.334885][ T4033] Call Trace: [ 47.334894][ T4033] [ 47.334904][ T4033] __dump_stack+0x1d/0x30 [ 47.334932][ T4033] dump_stack_lvl+0xe8/0x140 [ 47.334996][ T4033] dump_stack+0x15/0x1b [ 47.335012][ T4033] dump_header+0x81/0x220 [ 47.335044][ T4033] oom_kill_process+0x342/0x400 [ 47.335137][ T4033] out_of_memory+0x979/0xb80 [ 47.335171][ T4033] try_charge_memcg+0x5e6/0x9e0 [ 47.335278][ T4033] obj_cgroup_charge_pages+0xa6/0x150 [ 47.335415][ T4033] __memcg_kmem_charge_page+0x9f/0x170 [ 47.335459][ T4033] __alloc_frozen_pages_noprof+0x188/0x360 [ 47.335559][ T4033] alloc_pages_mpol+0xb3/0x250 [ 47.335598][ T4033] alloc_pages_noprof+0x90/0x130 [ 47.335684][ T4033] __vmalloc_node_range_noprof+0x6f2/0xe00 [ 47.335735][ T4033] __kvmalloc_node_noprof+0x30f/0x4e0 [ 47.335817][ T4033] ? ip_set_alloc+0x1f/0x30 [ 47.335844][ T4033] ? ip_set_alloc+0x1f/0x30 [ 47.335863][ T4033] ? __kmalloc_cache_noprof+0x189/0x320 [ 47.335927][ T4033] ip_set_alloc+0x1f/0x30 [ 47.335952][ T4033] hash_netiface_create+0x282/0x740 [ 47.335981][ T4033] ? __pfx_hash_netiface_create+0x10/0x10 [ 47.336006][ T4033] ip_set_create+0x3c9/0x960 [ 47.336103][ T4033] ? __nla_parse+0x40/0x60 [ 47.336132][ T4033] nfnetlink_rcv_msg+0x4c3/0x590 [ 47.336170][ T4033] netlink_rcv_skb+0x123/0x220 [ 47.336199][ T4033] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 47.336344][ T4033] nfnetlink_rcv+0x16b/0x1690 [ 47.336391][ T4033] ? nlmon_xmit+0x4f/0x60 [ 47.336420][ T4033] ? consume_skb+0x49/0x150 [ 47.336479][ T4033] ? nlmon_xmit+0x4f/0x60 [ 47.336600][ T4033] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 47.336653][ T4033] ? __dev_queue_xmit+0x1200/0x2000 [ 47.336696][ T4033] ? __dev_queue_xmit+0x182/0x2000 [ 47.336735][ T4033] ? ref_tracker_free+0x37d/0x3e0 [ 47.336763][ T4033] ? __netlink_deliver_tap+0x4dc/0x500 [ 47.336799][ T4033] netlink_unicast+0x5bd/0x690 [ 47.336831][ T4033] netlink_sendmsg+0x58b/0x6b0 [ 47.336861][ T4033] ? __pfx_netlink_sendmsg+0x10/0x10 [ 47.336896][ T4033] __sock_sendmsg+0x142/0x180 [ 47.336940][ T4033] ____sys_sendmsg+0x31e/0x4e0 [ 47.337029][ T4033] ___sys_sendmsg+0x17b/0x1d0 [ 47.337081][ T4033] __x64_sys_sendmsg+0xd4/0x160 [ 47.337122][ T4033] x64_sys_call+0x191e/0x2ff0 [ 47.337178][ T4033] do_syscall_64+0xd2/0x200 [ 47.337219][ T4033] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 47.337330][ T4033] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 47.337370][ T4033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.337424][ T4033] RIP: 0033:0x7fddfa2eebe9 [ 47.337439][ T4033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 47.337460][ T4033] RSP: 002b:00007fddf8d4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 47.337484][ T4033] RAX: ffffffffffffffda RBX: 00007fddfa525fa0 RCX: 00007fddfa2eebe9 [ 47.337501][ T4033] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 47.337514][ T4033] RBP: 00007fddfa371e19 R08: 0000000000000000 R09: 0000000000000000 [ 47.337525][ T4033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 47.337565][ T4033] R13: 00007fddfa526038 R14: 00007fddfa525fa0 R15: 00007ffc4ab526f8 [ 47.337590][ T4033] [ 47.337599][ T4033] memory: usage 307200kB, limit 307200kB, failcnt 176 [ 47.675254][ T4033] memory+swap: usage 307380kB, limit 9007199254740988kB, failcnt 0 [ 47.683301][ T4033] kmem: usage 307048kB, limit 9007199254740988kB, failcnt 0 [ 47.690777][ T4033] Memory cgroup stats for /syz3: [ 47.693129][ T4033] cache 147456 [ 47.701543][ T4033] rss 0 [ 47.704311][ T4033] shmem 0 [ 47.707255][ T4033] mapped_file 0 [ 47.710712][ T4033] dirty 0 [ 47.713736][ T4033] writeback 0 [ 47.717023][ T4033] workingset_refault_anon 9 [ 47.721548][ T4033] workingset_refault_file 3 [ 47.726055][ T4033] swap 184320 [ 47.729411][ T4033] swapcached 8192 [ 47.733211][ T4033] pgpgin 5553 [ 47.736531][ T4033] pgpgout 5515 [ 47.740038][ T4033] pgfault 8144 [ 47.743488][ T4033] pgmajfault 5 [ 47.746872][ T4033] inactive_anon 8192 [ 47.750772][ T4033] active_anon 0 [ 47.754411][ T4033] inactive_file 0 [ 47.758073][ T4033] active_file 81920 [ 47.761976][ T4033] unevictable 0 [ 47.765444][ T4033] hierarchical_memory_limit 314572800 [ 47.770830][ T4033] hierarchical_memsw_limit 9223372036854771712 [ 47.777081][ T4033] total_cache 147456 [ 47.780985][ T4033] total_rss 0 [ 47.784311][ T4033] total_shmem 0 [ 47.787774][ T4033] total_mapped_file 0 [ 47.791847][ T4033] total_dirty 0 [ 47.795302][ T4033] total_writeback 0 [ 47.799113][ T4033] total_workingset_refault_anon 9 [ 47.804196][ T4033] total_workingset_refault_file 3 [ 47.809227][ T4033] total_swap 184320 [ 47.813063][ T4033] total_swapcached 8192 [ 47.817276][ T4033] total_pgpgin 5553 [ 47.821148][ T4033] total_pgpgout 5515 [ 47.826284][ T4033] total_pgfault 8144 [ 47.830244][ T4033] total_pgmajfault 5 [ 47.834247][ T4033] total_inactive_anon 8192 [ 47.838727][ T4033] total_active_anon 0 [ 47.842733][ T4033] total_inactive_file 0 [ 47.847010][ T4033] total_active_file 81920 [ 47.851517][ T4033] total_unevictable 0 [ 47.855515][ T4033] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.230,pid=4032,uid=0 [ 47.870310][ T4033] Memory cgroup out of memory: Killed process 4032 (syz.3.230) total-vm:95888kB, anon-rss:1136kB, file-rss:22324kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 48.061343][ T4067] ieee802154 phy0 wpan0: encryption failed: -22 [ 48.077504][ T4068] cgroup2: Unknown parameter 'dhf' [ 48.141244][ T4074] loop2: detected capacity change from 0 to 2048 [ 48.181538][ T4033] syz.3.230 (4033) used greatest stack depth: 7304 bytes left [ 48.212380][ T4074] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.222754][ T4079] syz_tun: entered allmulticast mode [ 48.237601][ T4078] syz_tun: left allmulticast mode [ 48.286378][ T4083] sd 0:0:1:0: device reset [ 48.303277][ T4084] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.246: bg 0: block 234: padding at end of block bitmap is not set [ 48.332966][ T4084] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 812 with error 28 [ 48.345455][ T4084] EXT4-fs (loop2): This should not happen!! Data will be lost [ 48.345455][ T4084] [ 48.355166][ T4084] EXT4-fs (loop2): Total free blocks count 0 [ 48.361162][ T4084] EXT4-fs (loop2): Free/Dirty block details [ 48.367103][ T4084] EXT4-fs (loop2): free_blocks=0 [ 48.372099][ T4084] EXT4-fs (loop2): dirty_blocks=816 [ 48.377387][ T4084] EXT4-fs (loop2): Block reservation details [ 48.383455][ T4084] EXT4-fs (loop2): i_reserved_data_blocks=51 [ 48.433713][ T4091] capability: warning: `syz.3.252' uses deprecated v2 capabilities in a way that may be insecure [ 48.495978][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.527226][ T9] IPVS: starting estimator thread 0... [ 48.544630][ T4097] pimreg: entered allmulticast mode [ 48.551857][ T4097] pimreg: left allmulticast mode [ 48.621750][ T4098] IPVS: using max 2256 ests per chain, 112800 per kthread [ 48.623380][ T4113] loop4: detected capacity change from 0 to 512 [ 48.651069][ T12] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x7d [ 48.670530][ T4113] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 48.678463][ T29] kauditd_printk_skb: 203 callbacks suppressed [ 48.678477][ T29] audit: type=1326 audit(1757149685.028:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4118 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 48.718989][ T29] audit: type=1326 audit(1757149685.038:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4118 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 48.742306][ T29] audit: type=1326 audit(1757149685.038:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4118 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 48.765685][ T29] audit: type=1326 audit(1757149685.038:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4118 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 48.788959][ T29] audit: type=1326 audit(1757149685.038:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4118 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 48.812396][ T29] audit: type=1326 audit(1757149685.038:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4118 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 48.835623][ T29] audit: type=1326 audit(1757149685.058:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4118 comm="syz.3.264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 48.859107][ T29] audit: type=1326 audit(1757149685.098:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4121 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 48.882485][ T29] audit: type=1326 audit(1757149685.098:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4121 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 48.905741][ T29] audit: type=1326 audit(1757149685.098:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4121 comm="syz.3.266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 49.222968][ T4156] syz.0.280 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 49.328799][ T4173] syz.4.286 uses obsolete (PF_INET,SOCK_PACKET) [ 49.383650][ T4177] Zero length message leads to an empty skb [ 49.476495][ T4189] loop3: detected capacity change from 0 to 128 [ 49.499842][ T4189] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 49.537576][ T4189] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 49.667693][ T4211] netlink: 'syz.2.306': attribute type 2 has an invalid length. [ 49.675415][ T4211] netlink: 'syz.2.306': attribute type 1 has an invalid length. [ 49.683211][ T4211] netlink: 199820 bytes leftover after parsing attributes in process `syz.2.306'. [ 49.763060][ T4221] netlink: 'syz.1.311': attribute type 3 has an invalid length. [ 49.873405][ T4238] netlink: 8 bytes leftover after parsing attributes in process `syz.4.318'. [ 49.890136][ T4238] netlink: 8 bytes leftover after parsing attributes in process `syz.4.318'. [ 49.903034][ T4238] netlink: 8 bytes leftover after parsing attributes in process `syz.4.318'. [ 49.912405][ T4238] netlink: 8 bytes leftover after parsing attributes in process `syz.4.318'. [ 49.967320][ T4250] netlink: zone id is out of range [ 49.994036][ T4252] loop4: detected capacity change from 0 to 1024 [ 50.006384][ T4252] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.025033][ T4252] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.325: Allocating blocks 497-513 which overlap fs metadata [ 50.041197][ T4252] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.325: Allocating blocks 497-513 which overlap fs metadata [ 50.057348][ T4252] EXT4-fs (loop4): pa ffff8881072b22a0: logic 16, phys. 145, len 23 [ 50.065512][ T4252] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1 [ 50.092899][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.318289][ T4273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.333'. [ 50.329739][ T4273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.333'. [ 50.339011][ T4273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.333'. [ 50.348285][ T4273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.333'. [ 50.477573][ T4288] netlink: 5 bytes leftover after parsing attributes in process `syz.1.340'. [ 50.487644][ T4288] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 50.497123][ T4288] 0ªî{X¹¦: entered allmulticast mode [ 50.506287][ T4288] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 50.926144][ T4350] 9pnet_fd: Insufficient options for proto=fd [ 51.127858][ T4358] 9pnet_fd: Insufficient options for proto=fd [ 51.178499][ T4371] loop3: detected capacity change from 0 to 512 [ 51.188920][ T4371] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 51.725380][ T4393] 9pnet_fd: Insufficient options for proto=fd [ 51.793602][ T4410] loop1: detected capacity change from 0 to 1024 [ 51.802933][ T4410] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.834183][ T4410] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.392: Allocating blocks 449-513 which overlap fs metadata [ 51.857659][ T4409] EXT4-fs (loop1): pa ffff8881072b22a0: logic 48, phys. 177, len 21 [ 51.865795][ T4409] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 51.898593][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.280042][ T4428] usb usb1: usbfs: process 4428 (syz.2.409) did not claim interface 4 before use [ 52.613440][ T4436] syzkaller0: entered promiscuous mode [ 52.618986][ T4436] syzkaller0: entered allmulticast mode [ 53.089223][ T4455] loop2: detected capacity change from 0 to 128 [ 53.113181][ T4425] syz.4.399 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 53.127385][ T4425] CPU: 0 UID: 0 PID: 4425 Comm: syz.4.399 Not tainted syzkaller #0 PREEMPT(voluntary) [ 53.127420][ T4425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 53.127435][ T4425] Call Trace: [ 53.127444][ T4425] [ 53.127455][ T4425] __dump_stack+0x1d/0x30 [ 53.127539][ T4425] dump_stack_lvl+0xe8/0x140 [ 53.127565][ T4425] dump_stack+0x15/0x1b [ 53.127587][ T4425] dump_header+0x81/0x220 [ 53.127619][ T4425] oom_kill_process+0x342/0x400 [ 53.127684][ T4425] out_of_memory+0x979/0xb80 [ 53.127754][ T4425] try_charge_memcg+0x5e6/0x9e0 [ 53.127784][ T4425] obj_cgroup_charge_pages+0xa6/0x150 [ 53.127868][ T4425] __memcg_kmem_charge_page+0x9f/0x170 [ 53.127913][ T4425] __alloc_frozen_pages_noprof+0x188/0x360 [ 53.127954][ T4425] alloc_pages_mpol+0xb3/0x250 [ 53.128054][ T4425] alloc_pages_noprof+0x90/0x130 [ 53.128184][ T4425] __vmalloc_node_range_noprof+0x6f2/0xe00 [ 53.128254][ T4425] __kvmalloc_node_noprof+0x30f/0x4e0 [ 53.128344][ T4425] ? ip_set_alloc+0x1f/0x30 [ 53.128369][ T4425] ? ip_set_alloc+0x1f/0x30 [ 53.128449][ T4425] ? __kmalloc_cache_noprof+0x189/0x320 [ 53.128488][ T4425] ip_set_alloc+0x1f/0x30 [ 53.128512][ T4425] hash_netiface_create+0x282/0x740 [ 53.128539][ T4425] ? __pfx_hash_netiface_create+0x10/0x10 [ 53.128636][ T4425] ip_set_create+0x3c9/0x960 [ 53.128744][ T4425] ? __nla_parse+0x40/0x60 [ 53.128841][ T4425] nfnetlink_rcv_msg+0x4c3/0x590 [ 53.128916][ T4425] netlink_rcv_skb+0x123/0x220 [ 53.128956][ T4425] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 53.128986][ T4425] nfnetlink_rcv+0x16b/0x1690 [ 53.129029][ T4425] ? nlmon_xmit+0x4f/0x60 [ 53.129074][ T4425] ? consume_skb+0x49/0x150 [ 53.129102][ T4425] ? nlmon_xmit+0x4f/0x60 [ 53.129138][ T4425] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 53.129200][ T4425] ? __dev_queue_xmit+0x1200/0x2000 [ 53.129226][ T4425] ? __dev_queue_xmit+0x182/0x2000 [ 53.129254][ T4425] ? ref_tracker_free+0x37d/0x3e0 [ 53.129287][ T4425] ? __netlink_deliver_tap+0x4dc/0x500 [ 53.129317][ T4425] netlink_unicast+0x5bd/0x690 [ 53.129423][ T4425] netlink_sendmsg+0x58b/0x6b0 [ 53.129474][ T4425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 53.129508][ T4425] __sock_sendmsg+0x142/0x180 [ 53.129550][ T4425] ____sys_sendmsg+0x31e/0x4e0 [ 53.129648][ T4425] ___sys_sendmsg+0x17b/0x1d0 [ 53.129698][ T4425] __x64_sys_sendmsg+0xd4/0x160 [ 53.129763][ T4425] x64_sys_call+0x191e/0x2ff0 [ 53.129831][ T4425] do_syscall_64+0xd2/0x200 [ 53.129926][ T4425] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 53.129958][ T4425] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 53.129997][ T4425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.130024][ T4425] RIP: 0033:0x7f68d9dfebe9 [ 53.130080][ T4425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.130103][ T4425] RSP: 002b:00007f68d8867038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 53.130127][ T4425] RAX: ffffffffffffffda RBX: 00007f68da035fa0 RCX: 00007f68d9dfebe9 [ 53.130144][ T4425] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 53.130165][ T4425] RBP: 00007f68d9e81e19 R08: 0000000000000000 R09: 0000000000000000 [ 53.130229][ T4425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.130241][ T4425] R13: 00007f68da036038 R14: 00007f68da035fa0 R15: 00007ffeb7dd11f8 [ 53.130261][ T4425] [ 53.130268][ T4425] memory: usage 307200kB, limit 307200kB, failcnt 172 [ 53.269699][ T4455] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 53.274472][ T4425] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0 [ 53.274492][ T4425] kmem: usage 307056kB, limit 9007199254740988kB, failcnt 0 [ 53.282476][ T4455] System zones: [ 53.284657][ T4425] Memory cgroup stats for [ 53.288973][ T4455] 1-3, 19-19, 35-36 [ 53.487015][ T4455] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 53.490798][ T4425] /syz4 [ 53.496444][ T4455] ext4 filesystem being mounted at /107/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 53.498800][ T4425] : [ 53.549927][ T4425] cache 147456 [ 53.555784][ T4425] rss 0 [ 53.558550][ T4425] shmem 0 [ 53.561510][ T4425] mapped_file 0 [ 53.564970][ T4425] dirty 0 [ 53.567922][ T4425] writeback 0 [ 53.571270][ T4425] workingset_refault_anon 2 [ 53.575779][ T4425] workingset_refault_file 439 [ 53.580507][ T4425] swap 192512 [ 53.584151][ T4425] swapcached 0 [ 53.587528][ T4425] pgpgin 10030 [ 53.590895][ T4425] pgpgout 9994 [ 53.594588][ T4425] pgfault 14500 [ 53.598043][ T4425] pgmajfault 8 [ 53.601477][ T4425] inactive_anon 0 [ 53.605115][ T4425] active_anon 0 [ 53.608634][ T4425] inactive_file 86016 [ 53.612620][ T4425] active_file 61440 [ 53.616418][ T4425] unevictable 0 [ 53.619865][ T4425] hierarchical_memory_limit 314572800 [ 53.625325][ T4425] hierarchical_memsw_limit 9223372036854771712 [ 53.631485][ T4425] total_cache 147456 [ 53.635474][ T4425] total_rss 0 [ 53.638780][ T4425] total_shmem 0 [ 53.642266][ T4425] total_mapped_file 0 [ 53.646240][ T4425] total_dirty 0 [ 53.649698][ T4425] total_writeback 0 [ 53.653506][ T4425] total_workingset_refault_anon 2 [ 53.658527][ T4425] total_workingset_refault_file 439 [ 53.663726][ T4425] total_swap 192512 [ 53.667524][ T4425] total_swapcached 0 [ 53.671507][ T4425] total_pgpgin 10030 [ 53.675478][ T4425] total_pgpgout 9994 [ 53.679420][ T4425] total_pgfault 14500 [ 53.683400][ T4425] total_pgmajfault 8 [ 53.687282][ T4425] total_inactive_anon 0 [ 53.691453][ T4425] total_active_anon 0 [ 53.695436][ T4425] total_inactive_file 86016 [ 53.699998][ T4425] total_active_file 61440 [ 53.704332][ T4425] total_unevictable 0 [ 53.708396][ T4425] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.399,pid=4421,uid=0 [ 53.722988][ T4425] Memory cgroup out of memory: Killed process 4421 (syz.4.399) total-vm:95888kB, anon-rss:1004kB, file-rss:22308kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 53.750601][ T29] kauditd_printk_skb: 220 callbacks suppressed [ 53.750617][ T29] audit: type=1400 audit(1757149690.098:775): avc: denied { read write } for pid=4458 comm="syz.0.410" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 53.780380][ T29] audit: type=1400 audit(1757149690.098:776): avc: denied { open } for pid=4458 comm="syz.0.410" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 53.803878][ T29] audit: type=1400 audit(1757149690.098:777): avc: denied { ioctl } for pid=4458 comm="syz.0.410" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 53.853723][ T3305] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 53.868163][ T29] audit: type=1400 audit(1757149690.158:778): avc: denied { unmount } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 53.904113][ T29] audit: type=1400 audit(1757149690.248:779): avc: denied { create } for pid=4464 comm="syz.2.412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.924295][ T29] audit: type=1400 audit(1757149690.258:780): avc: denied { open } for pid=4464 comm="syz.2.412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 53.943395][ T29] audit: type=1400 audit(1757149690.258:781): avc: denied { kernel } for pid=4464 comm="syz.2.412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 53.962753][ T29] audit: type=1400 audit(1757149690.258:782): avc: denied { tracepoint } for pid=4464 comm="syz.2.412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 53.982857][ T29] audit: type=1400 audit(1757149690.328:783): avc: denied { read write } for pid=4460 comm="syz.0.411" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 54.006521][ T29] audit: type=1400 audit(1757149690.328:784): avc: denied { open } for pid=4460 comm="syz.0.411" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 54.737189][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 54.744777][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 54.752213][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 54.759692][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 54.767129][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 54.774636][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 54.782075][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 54.789539][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 54.797004][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 54.804426][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 54.812801][ T10] hid-generic 0000:0000:0000.0001: hidraw0: HID v8.00 Device [syz0] on syz0 [ 55.022256][ T4496] __nla_validate_parse: 1 callbacks suppressed [ 55.022270][ T4496] netlink: 256 bytes leftover after parsing attributes in process `syz.1.427'. [ 55.180848][ T4525] veth0_to_team: entered promiscuous mode [ 55.263973][ T4535] ref_ctr_offset mismatch. inode: 0x198 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 55.696463][ T4547] netlink: 8 bytes leftover after parsing attributes in process `syz.0.449'. [ 55.707960][ T4547] netlink: 8 bytes leftover after parsing attributes in process `syz.0.449'. [ 55.717674][ T4547] netlink: 8 bytes leftover after parsing attributes in process `syz.0.449'. [ 55.727136][ T4547] netlink: 8 bytes leftover after parsing attributes in process `syz.0.449'. [ 55.932133][ T4588] process 'syz.3.469' launched './file1' with NULL argv: empty string added [ 56.046575][ T4604] netlink: 4 bytes leftover after parsing attributes in process `syz.3.476'. [ 56.099874][ T4604] netlink: 4 bytes leftover after parsing attributes in process `syz.3.476'. [ 56.227828][ T3399] hid-generic 0000:3000000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 56.254256][ T4635] netlink: 28 bytes leftover after parsing attributes in process `syz.4.490'. [ 56.263208][ T4635] netlink: 28 bytes leftover after parsing attributes in process `syz.4.490'. [ 56.296486][ T4640] loop4: detected capacity change from 0 to 512 [ 56.304561][ T4640] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 56.319236][ T4640] EXT4-fs (loop4): 1 truncate cleaned up [ 56.331991][ T4640] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.449819][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.545248][ T4667] loop4: detected capacity change from 0 to 128 [ 56.873181][ T4693] netlink: 340 bytes leftover after parsing attributes in process `syz.3.512'. [ 56.914603][ T4700] loop1: detected capacity change from 0 to 128 [ 56.922909][ T4698] netlink: 'GPL': attribute type 4 has an invalid length. [ 57.072708][ T4730] SELinux: policydb table sizes (133,14) do not match mine (8,7) [ 57.085557][ T4730] SELinux: failed to load policy [ 57.319703][ T4759] loop2: detected capacity change from 0 to 128 [ 57.414160][ T4774] netlink: 'syz.1.549': attribute type 83 has an invalid length. [ 57.631358][ T4810] loop4: detected capacity change from 0 to 512 [ 57.682041][ T4810] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 57.710765][ T4810] EXT4-fs (loop4): mount failed [ 58.228348][ T4812] loop1: detected capacity change from 0 to 32768 [ 58.281853][ T4812] loop1: p1 p3 < > [ 58.742493][ T4931] mmap: syz.1.571 (4931) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 58.834305][ T4943] loop2: detected capacity change from 0 to 512 [ 58.841478][ T29] kauditd_printk_skb: 200 callbacks suppressed [ 58.841494][ T29] audit: type=1400 audit(1757149695.188:984): avc: denied { create } for pid=4944 comm="syz.3.577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 58.844680][ T4943] EXT4-fs: Ignoring removed mblk_io_submit option [ 58.847712][ T29] audit: type=1400 audit(1757149695.188:985): avc: denied { getopt } for pid=4944 comm="syz.3.577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 58.875401][ T4943] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 58.923305][ T4943] EXT4-fs (loop2): 1 truncate cleaned up [ 58.930666][ T4943] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.966551][ T4954] loop1: detected capacity change from 0 to 512 [ 58.973270][ T4954] EXT4-fs: Ignoring removed mblk_io_submit option [ 58.979926][ T4954] EXT4-fs: Ignoring removed nomblk_io_submit option [ 58.988419][ T29] audit: type=1400 audit(1757149695.338:986): avc: denied { write } for pid=4941 comm="syz.2.575" name="bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 59.014762][ T4954] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 59.023840][ T4954] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 59.035242][ T4956] team0 (unregistering): Port device team_slave_0 removed [ 59.067394][ T4956] team0 (unregistering): Port device team_slave_1 removed [ 59.088239][ T4954] EXT4-fs (loop1): can't mount with journal_checksum, fs mounted w/o journal [ 59.213952][ T29] audit: type=1400 audit(1757149695.568:987): avc: denied { sqpoll } for pid=4971 comm="syz.3.582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 59.468295][ T29] audit: type=1400 audit(1757149695.808:988): avc: denied { create } for pid=4988 comm="syz.3.584" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 59.487993][ T29] audit: type=1400 audit(1757149695.808:989): avc: denied { getopt } for pid=4988 comm="syz.3.584" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 59.536057][ T9] hid-generic 0000:3000000:0000.0003: hidraw0: HID v0.00 Device [sy] on syz0 [ 59.597715][ T29] audit: type=1400 audit(1757149695.948:990): avc: denied { sys_module } for pid=4999 comm="syz.3.588" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 59.708580][ T5011] loop4: detected capacity change from 0 to 512 [ 59.716127][ T5011] EXT4-fs: Ignoring removed mblk_io_submit option [ 59.723048][ T5011] EXT4-fs: Ignoring removed nomblk_io_submit option [ 59.730865][ T5011] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 59.739347][ T5011] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 59.765926][ T5011] EXT4-fs (loop4): can't mount with journal_checksum, fs mounted w/o journal [ 59.811772][ T29] audit: type=1400 audit(1757149696.168:991): avc: denied { read write } for pid=5018 comm="+}[@" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 59.835542][ T29] audit: type=1400 audit(1757149696.168:992): avc: denied { open } for pid=5018 comm="+}[@" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 59.878516][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.905012][ T5024] loop2: detected capacity change from 0 to 512 [ 59.923517][ T5024] Quota error (device loop2): v2_read_file_info: Free block number 1 out of range (1, 6). [ 59.933768][ T5024] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 59.948834][ T5024] EXT4-fs (loop2): mount failed [ 59.973734][ T5036] netlink: 'syz.4.603': attribute type 2 has an invalid length. [ 59.981496][ T5036] netlink: 'syz.4.603': attribute type 1 has an invalid length. [ 59.998812][ T5038] netlink: 'syz.2.604': attribute type 10 has an invalid length. [ 60.055431][ T5048] loop4: detected capacity change from 0 to 512 [ 60.062597][ T5048] EXT4-fs: Ignoring removed mblk_io_submit option [ 60.069560][ T5048] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 60.090733][ T5048] EXT4-fs (loop4): 1 truncate cleaned up [ 60.103614][ T5054] __nla_validate_parse: 9 callbacks suppressed [ 60.103626][ T5054] netlink: 268 bytes leftover after parsing attributes in process `syz.0.611'. [ 60.108531][ T5048] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 60.109896][ T5054] unsupported nla_type 65024 [ 60.410296][ T5080] 9pnet_fd: Insufficient options for proto=fd [ 60.417170][ T5082] ref_ctr_offset mismatch. inode: 0x230 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 60.454449][ T5084] loop1: detected capacity change from 0 to 512 [ 60.475145][ T5084] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.489801][ T5084] ext4 filesystem being mounted at /103/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.535598][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.785085][ T5104] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 60.794673][ T5104] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 61.084724][ T5125] ref_ctr_offset mismatch. inode: 0x316 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 61.133714][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.178129][ T5138] smc: net device bond0 applied user defined pnetid SYZ0 [ 61.195695][ T5138] smc: net device bond0 erased user defined pnetid SYZ0 [ 61.465785][ T5173] ref_ctr_offset mismatch. inode: 0x2ed offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 61.534064][ T5179] hub 9-0:1.0: USB hub found [ 61.539062][ T5179] hub 9-0:1.0: 8 ports detected [ 61.670036][ T5190] pim6reg: entered allmulticast mode [ 61.741318][ T5190] pim6reg: left allmulticast mode [ 61.928090][ T5216] netlink: 96 bytes leftover after parsing attributes in process `syz.2.685'. [ 62.260928][ T5253] netlink: 27 bytes leftover after parsing attributes in process `syz.0.702'. [ 62.330774][ T5259] netlink: 20 bytes leftover after parsing attributes in process `syz.2.705'. [ 62.435442][ C1] hrtimer: interrupt took 45421 ns [ 62.468720][ T5283] loop1: detected capacity change from 0 to 512 [ 62.479308][ T5283] EXT4-fs: Ignoring removed mblk_io_submit option [ 62.488375][ T5283] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 62.499700][ T5285] syz.2.714 (5285) used obsolete PPPIOCDETACH ioctl [ 62.537714][ T5283] EXT4-fs (loop1): 1 truncate cleaned up [ 62.545104][ T5283] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.190294][ T5328] netlink: 4 bytes leftover after parsing attributes in process `syz.4.735'. [ 63.199503][ T5328] netlink: 32 bytes leftover after parsing attributes in process `syz.4.735'. [ 63.424701][ T5314] Set syz1 is full, maxelem 65536 reached [ 63.490337][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.539817][ T5338] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 63.577306][ T5341] netlink: 8 bytes leftover after parsing attributes in process `syz.4.741'. [ 63.646926][ T5359] $Hÿ: renamed from bond0 (while UP) [ 63.655887][ T5359] $Hÿ: entered promiscuous mode [ 63.660966][ T5359] bond_slave_0: entered promiscuous mode [ 63.666858][ T5359] bond_slave_1: entered promiscuous mode [ 63.841638][ T5395] netlink: 8 bytes leftover after parsing attributes in process `syz.2.766'. [ 63.883695][ T29] kauditd_printk_skb: 170 callbacks suppressed [ 63.883713][ T29] audit: type=1326 audit(1757149700.238:1163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 63.918142][ T29] audit: type=1326 audit(1757149700.238:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 63.941687][ T29] audit: type=1326 audit(1757149700.238:1165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 63.965208][ T29] audit: type=1326 audit(1757149700.238:1166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f3bc40aec23 code=0x7ffc0000 [ 63.988628][ T29] audit: type=1326 audit(1757149700.238:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3bc40ad69f code=0x7ffc0000 [ 64.011937][ T29] audit: type=1326 audit(1757149700.238:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f3bc40aec77 code=0x7ffc0000 [ 64.038135][ T29] audit: type=1326 audit(1757149700.298:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3bc40ad550 code=0x7ffc0000 [ 64.061563][ T29] audit: type=1326 audit(1757149700.298:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3bc40ad84a code=0x7ffc0000 [ 64.084750][ T29] audit: type=1326 audit(1757149700.298:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 64.108120][ T29] audit: type=1326 audit(1757149700.298:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5387 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 64.248448][ T5426] netlink: 'syz.1.780': attribute type 10 has an invalid length. [ 64.256270][ T5426] netlink: 40 bytes leftover after parsing attributes in process `syz.1.780'. [ 64.281412][ T5429] loop2: detected capacity change from 0 to 512 [ 64.289742][ T5426] dummy0: entered promiscuous mode [ 64.297089][ T5429] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.782: bg 0: block 5: invalid block bitmap [ 64.304908][ T5426] bridge0: port 3(dummy0) entered blocking state [ 64.315863][ T5426] bridge0: port 3(dummy0) entered disabled state [ 64.322525][ T5429] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 64.333603][ T5426] dummy0: entered allmulticast mode [ 64.339492][ T5426] bridge0: port 3(dummy0) entered blocking state [ 64.345886][ T5426] bridge0: port 3(dummy0) entered forwarding state [ 64.352785][ T5429] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.782: invalid indirect mapped block 3 (level 2) [ 64.354259][ T5434] SELinux: ebitmap: truncated map [ 64.367459][ T5429] EXT4-fs (loop2): 2 truncates cleaned up [ 64.374159][ T5434] SELinux: failed to load policy [ 64.379115][ T5429] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.410907][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.433541][ T5438] netlink: 20 bytes leftover after parsing attributes in process `syz.1.787'. [ 64.499497][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 64.510101][ T5454] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.560514][ T5454] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 65.157422][ T5519] netlink: 'syz.3.823': attribute type 10 has an invalid length. [ 65.165295][ T5519] __nla_validate_parse: 1 callbacks suppressed [ 65.165310][ T5519] netlink: 40 bytes leftover after parsing attributes in process `syz.3.823'. [ 65.399547][ T5549] $Hÿ: renamed from bond0 (while UP) [ 65.413994][ T5549] $Hÿ: entered promiscuous mode [ 65.419168][ T5549] bond_slave_0: entered promiscuous mode [ 65.425097][ T5549] bond_slave_1: entered promiscuous mode [ 65.500265][ T5558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.840'. [ 65.704154][ T5595] netlink: 8 bytes leftover after parsing attributes in process `syz.4.857'. [ 65.897693][ T5617] netlink: 'syz.4.869': attribute type 10 has an invalid length. [ 65.905609][ T5617] netlink: 40 bytes leftover after parsing attributes in process `syz.4.869'. [ 65.925774][ T5623] netlink: 20 bytes leftover after parsing attributes in process `syz.3.872'. [ 65.932896][ T5617] dummy0: entered promiscuous mode [ 65.947712][ T5621] SELinux: ebitmap: truncated map [ 65.953369][ T5617] bridge0: port 3(dummy0) entered blocking state [ 65.955667][ T5621] SELinux: failed to load policy [ 65.959785][ T5617] bridge0: port 3(dummy0) entered disabled state [ 65.960096][ T5617] dummy0: entered allmulticast mode [ 65.977320][ T5617] bridge0: port 3(dummy0) entered blocking state [ 65.983724][ T5617] bridge0: port 3(dummy0) entered forwarding state [ 66.054787][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 66.171866][ T5653] loop4: detected capacity change from 0 to 512 [ 66.188116][ T5653] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.884: bg 0: block 5: invalid block bitmap [ 66.204138][ T5662] netlink: 20 bytes leftover after parsing attributes in process `syz.2.890'. [ 66.247542][ T5653] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 66.256562][ T5653] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.884: invalid indirect mapped block 3 (level 2) [ 66.292186][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 66.306318][ T5653] EXT4-fs (loop4): 2 truncates cleaned up [ 66.312653][ T5653] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.359796][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.491183][ T5687] netlink: 20 bytes leftover after parsing attributes in process `syz.0.902'. [ 67.154596][ T5749] vlan2: entered allmulticast mode [ 67.159896][ T5749] dummy0: entered allmulticast mode [ 67.211286][ T5753] geneve0: entered allmulticast mode [ 67.610890][ T5762] geneve0: entered allmulticast mode [ 67.622146][ T9] hid_parser_main: 24 callbacks suppressed [ 67.622224][ T9] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4 [ 67.635787][ T9] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2 [ 67.646688][ T9] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x3 [ 67.662478][ T9] hid-generic 0000:3000000:0000.0004: hidraw0: HID v0.00 Device [sy] on syz0 [ 67.732307][ T5775] netlink: 8 bytes leftover after parsing attributes in process `'. [ 67.786782][ T5785] vlan2: entered allmulticast mode [ 67.982083][ T5780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.000796][ T5780] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 68.140307][ C0] vcan0: j1939_tp_rxtimer: 0xffff8881199f8200: rx timeout, send abort [ 68.148754][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8881199f8200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 68.232697][ T5817] netlink: 4 bytes leftover after parsing attributes in process `syz.2.962'. [ 68.248685][ T5817] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 68.261685][ T5817] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 68.473770][ T36] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 68.481235][ T36] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 68.488715][ T36] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 68.496269][ T36] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 68.503683][ T36] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 68.511079][ T36] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 68.518598][ T36] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 68.532167][ T36] hid-generic 0000:0000:0000.0005: hidraw0: HID v8.00 Device [syz0] on syz0 [ 68.555322][ T5827] geneve0: entered allmulticast mode [ 68.600307][ T5833] netlink: 32 bytes leftover after parsing attributes in process `GPL'. [ 68.819749][ T5857] geneve0: entered allmulticast mode [ 68.883355][ T5865] veth0_to_team: entered promiscuous mode [ 69.083974][ T5879] veth0_to_team: entered promiscuous mode [ 69.145527][ T5885] ref_ctr_offset mismatch. inode: 0x48c offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 70.313631][ T5945] ref_ctr_offset mismatch. inode: 0x428 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 70.365892][ T5950] __nla_validate_parse: 6 callbacks suppressed [ 70.365912][ T5950] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1026'. [ 70.383723][ T5950] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1026'. [ 70.395349][ T5950] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1026'. [ 70.395792][ T29] kauditd_printk_skb: 204 callbacks suppressed [ 70.395808][ T29] audit: type=1326 audit(1757149706.748:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5952 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 70.405091][ T5950] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1026'. [ 70.433947][ T29] audit: type=1326 audit(1757149706.758:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5952 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 70.433998][ T29] audit: type=1326 audit(1757149706.768:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5952 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 70.434036][ T29] audit: type=1326 audit(1757149706.768:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5952 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 70.555734][ T5961] ref_ctr_offset mismatch. inode: 0x435 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6 [ 70.763423][ T1035] hid-generic 0000:3000000:0000.0006: hidraw0: HID v0.00 Device [sy] on syz0 [ 70.907714][ T5999] netlink: 32 bytes leftover after parsing attributes in process `GPL'. [ 71.624750][ T29] audit: type=1326 audit(1757149707.978:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6040 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 71.689743][ T29] audit: type=1326 audit(1757149707.978:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6040 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 71.712746][ T29] audit: type=1326 audit(1757149707.978:1383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6040 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 71.735647][ T29] audit: type=1326 audit(1757149707.978:1384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6040 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 71.758632][ T29] audit: type=1326 audit(1757149708.008:1385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6040 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 71.799684][ T29] audit: type=1400 audit(1757149708.098:1386): avc: denied { bind } for pid=6053 comm="syz.4.1074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 71.927755][ T6063] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 71.927755][ T6063] program syz.2.1077 not setting count and/or reply_len properly [ 72.038033][ T6081] netlink: 'GPL': attribute type 4 has an invalid length. [ 72.160801][ T6095] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1095'. [ 72.227786][ T6101] netlink: 'syz.3.1097': attribute type 83 has an invalid length. [ 72.482966][ T6136] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1111'. [ 72.500864][ T6138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1110'. [ 72.513012][ T6138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1110'. [ 72.524149][ T6140] netlink: 'syz.2.1112': attribute type 83 has an invalid length. [ 72.536722][ T6138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1110'. [ 72.834111][ T6168] Illegal XDP return value 4294967294 on prog (id 791) dev N/A, expect packet loss! [ 73.286247][ C1] vcan0: j1939_tp_rxtimer: 0xffff888101246a00: rx timeout, send abort [ 73.294553][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888101246a00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 73.462071][ T6247] Invalid ELF header magic: != ELF [ 73.816701][ T6279] futex_wake_op: syz.1.1177 tries to shift op by -1; fix this program [ 74.036320][ T6301] 9pnet_fd: Insufficient options for proto=fd [ 74.053127][ T6302] netlink: 'syz.1.1195': attribute type 2 has an invalid length. [ 74.060917][ T6302] netlink: 'syz.1.1195': attribute type 1 has an invalid length. [ 75.021314][ T6376] pim6reg: entered allmulticast mode [ 75.038171][ T6376] pim6reg: left allmulticast mode [ 75.107159][ T6389] siw: device registration error -23 [ 75.408737][ T6419] siw: device registration error -23 [ 75.731371][ T29] kauditd_printk_skb: 170 callbacks suppressed [ 75.731389][ T29] audit: type=1326 audit(1757149712.078:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6435 comm="syz.0.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 75.761092][ T29] audit: type=1326 audit(1757149712.078:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6435 comm="syz.0.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 75.788632][ T6436] pim6reg: entered allmulticast mode [ 75.821856][ T29] audit: type=1326 audit(1757149712.158:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6435 comm="syz.0.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 75.832249][ T6436] pim6reg: left allmulticast mode [ 75.845450][ T29] audit: type=1326 audit(1757149712.158:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6435 comm="syz.0.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 75.873882][ T29] audit: type=1326 audit(1757149712.158:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6435 comm="syz.0.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 75.897349][ T29] audit: type=1326 audit(1757149712.168:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6435 comm="syz.0.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 75.933298][ T6443] smc: net device bond0 applied user defined pnetid SYZ0 [ 75.945268][ T6443] smc: net device bond0 erased user defined pnetid SYZ0 [ 76.035214][ T29] audit: type=1326 audit(1757149712.368:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6444 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 76.058680][ T29] audit: type=1326 audit(1757149712.368:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6444 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 76.082128][ T29] audit: type=1326 audit(1757149712.368:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6444 comm="syz.1.1251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 76.587777][ T29] audit: type=1326 audit(1757149712.938:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6451 comm="syz.1.1264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 76.649335][ T6461] futex_wake_op: syz.2.1256 tries to shift op by -1; fix this program [ 76.963984][ T6500] __nla_validate_parse: 6 callbacks suppressed [ 76.963998][ T6500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1278'. [ 76.985761][ T6500] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1278'. [ 77.157327][ T6526] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1292'. [ 77.824706][ T6566] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1307'. [ 78.278830][ T6533] syz.0.1303 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0 [ 78.292748][ T6533] CPU: 0 UID: 0 PID: 6533 Comm: syz.0.1303 Not tainted syzkaller #0 PREEMPT(voluntary) [ 78.292776][ T6533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 78.292788][ T6533] Call Trace: [ 78.292795][ T6533] [ 78.292805][ T6533] __dump_stack+0x1d/0x30 [ 78.292828][ T6533] dump_stack_lvl+0xe8/0x140 [ 78.292847][ T6533] dump_stack+0x15/0x1b [ 78.292914][ T6533] dump_header+0x81/0x220 [ 78.292949][ T6533] oom_kill_process+0x342/0x400 [ 78.293041][ T6533] out_of_memory+0x979/0xb80 [ 78.293137][ T6533] try_charge_memcg+0x5e6/0x9e0 [ 78.293175][ T6533] obj_cgroup_charge_pages+0xa6/0x150 [ 78.293308][ T6533] __memcg_kmem_charge_page+0x9f/0x170 [ 78.293388][ T6533] __alloc_frozen_pages_noprof+0x188/0x360 [ 78.293485][ T6533] alloc_pages_mpol+0xb3/0x250 [ 78.293567][ T6533] alloc_pages_noprof+0x90/0x130 [ 78.293600][ T6533] __vmalloc_node_range_noprof+0x6f2/0xe00 [ 78.293654][ T6533] __kvmalloc_node_noprof+0x30f/0x4e0 [ 78.293750][ T6533] ? ip_set_alloc+0x1f/0x30 [ 78.293777][ T6533] ? ip_set_alloc+0x1f/0x30 [ 78.293803][ T6533] ? __kmalloc_cache_noprof+0x189/0x320 [ 78.293847][ T6533] ip_set_alloc+0x1f/0x30 [ 78.293865][ T6533] hash_netiface_create+0x282/0x740 [ 78.293892][ T6533] ? __pfx_hash_netiface_create+0x10/0x10 [ 78.293922][ T6533] ip_set_create+0x3c9/0x960 [ 78.294022][ T6533] ? __nla_parse+0x40/0x60 [ 78.294058][ T6533] nfnetlink_rcv_msg+0x4c3/0x590 [ 78.294100][ T6533] netlink_rcv_skb+0x123/0x220 [ 78.294190][ T6533] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 78.294222][ T6533] nfnetlink_rcv+0x16b/0x1690 [ 78.294286][ T6533] ? nlmon_xmit+0x4f/0x60 [ 78.294325][ T6533] ? consume_skb+0x49/0x150 [ 78.294422][ T6533] ? nlmon_xmit+0x4f/0x60 [ 78.294455][ T6533] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 78.294481][ T6533] ? __dev_queue_xmit+0x1200/0x2000 [ 78.294560][ T6533] ? __dev_queue_xmit+0x182/0x2000 [ 78.294586][ T6533] ? ref_tracker_free+0x37d/0x3e0 [ 78.294622][ T6533] ? __netlink_deliver_tap+0x4dc/0x500 [ 78.294660][ T6533] netlink_unicast+0x5bd/0x690 [ 78.294729][ T6533] netlink_sendmsg+0x58b/0x6b0 [ 78.294755][ T6533] ? __pfx_netlink_sendmsg+0x10/0x10 [ 78.294782][ T6533] __sock_sendmsg+0x142/0x180 [ 78.294892][ T6533] ____sys_sendmsg+0x31e/0x4e0 [ 78.294920][ T6533] ___sys_sendmsg+0x17b/0x1d0 [ 78.295002][ T6533] __x64_sys_sendmsg+0xd4/0x160 [ 78.295042][ T6533] x64_sys_call+0x191e/0x2ff0 [ 78.295065][ T6533] do_syscall_64+0xd2/0x200 [ 78.295126][ T6533] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 78.295153][ T6533] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 78.295238][ T6533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.295260][ T6533] RIP: 0033:0x7f3bc40aebe9 [ 78.295275][ T6533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.295293][ T6533] RSP: 002b:00007f3bc2b17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 78.295323][ T6533] RAX: ffffffffffffffda RBX: 00007f3bc42e5fa0 RCX: 00007f3bc40aebe9 [ 78.295336][ T6533] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 78.295421][ T6533] RBP: 00007f3bc4131e19 R08: 0000000000000000 R09: 0000000000000000 [ 78.295438][ T6533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 78.295453][ T6533] R13: 00007f3bc42e6038 R14: 00007f3bc42e5fa0 R15: 00007ffe36f16228 [ 78.295476][ T6533] [ 78.295484][ T6533] memory: usage 307200kB, limit 307200kB, failcnt 444 [ 78.632170][ T6533] memory+swap: usage 307632kB, limit 9007199254740988kB, failcnt 0 [ 78.640075][ T6533] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0 [ 78.647380][ T6533] Memory cgroup stats for /syz0: [ 78.647676][ T6533] cache 4096 [ 78.655807][ T6533] rss 4096 [ 78.658948][ T6533] shmem 0 [ 78.661933][ T6533] mapped_file 4096 [ 78.665648][ T6533] dirty 0 [ 78.668639][ T6533] writeback 0 [ 78.671963][ T6533] workingset_refault_anon 109 [ 78.676629][ T6533] workingset_refault_file 771 [ 78.681295][ T6533] swap 446464 [ 78.684588][ T6533] swapcached 4096 [ 78.688217][ T6533] pgpgin 46353 [ 78.691649][ T6533] pgpgout 46351 [ 78.695107][ T6533] pgfault 64376 [ 78.698579][ T6533] pgmajfault 65 [ 78.702077][ T6533] inactive_anon 0 [ 78.705718][ T6533] active_anon 4096 [ 78.709428][ T6533] inactive_file 0 [ 78.713081][ T6533] active_file 4096 [ 78.716847][ T6533] unevictable 0 [ 78.720296][ T6533] hierarchical_memory_limit 314572800 [ 78.725712][ T6533] hierarchical_memsw_limit 9223372036854771712 [ 78.731894][ T6533] total_cache 4096 [ 78.735673][ T6533] total_rss 4096 [ 78.739231][ T6533] total_shmem 0 [ 78.742750][ T6533] total_mapped_file 4096 [ 78.747049][ T6533] total_dirty 0 [ 78.750566][ T6533] total_writeback 0 [ 78.754418][ T6533] total_workingset_refault_anon 109 [ 78.759631][ T6533] total_workingset_refault_file 771 [ 78.764915][ T6533] total_swap 446464 [ 78.769053][ T6533] total_swapcached 4096 [ 78.773477][ T6533] total_pgpgin 46353 [ 78.777486][ T6533] total_pgpgout 46351 [ 78.781518][ T6533] total_pgfault 64376 [ 78.785511][ T6533] total_pgmajfault 65 [ 78.789496][ T6533] total_inactive_anon 0 [ 78.793728][ T6533] total_active_anon 4096 [ 78.798131][ T6533] total_inactive_file 0 [ 78.802317][ T6533] total_active_file 4096 [ 78.806563][ T6533] total_unevictable 0 [ 78.810616][ T6533] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.620,pid=5074,uid=0 [ 78.825274][ T6533] Memory cgroup out of memory: Killed process 5074 (syz.0.620) total-vm:95744kB, anon-rss:1012kB, file-rss:20736kB, shmem-rss:0kB, UID:0 pgtables:96kB oom_score_adj:1000 [ 78.925341][ T6529] syz.0.1303 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 78.936125][ T6529] CPU: 1 UID: 0 PID: 6529 Comm: syz.0.1303 Not tainted syzkaller #0 PREEMPT(voluntary) [ 78.936151][ T6529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 78.936183][ T6529] Call Trace: [ 78.936190][ T6529] [ 78.936198][ T6529] __dump_stack+0x1d/0x30 [ 78.936224][ T6529] dump_stack_lvl+0xe8/0x140 [ 78.936268][ T6529] dump_stack+0x15/0x1b [ 78.936289][ T6529] dump_header+0x81/0x220 [ 78.936324][ T6529] oom_kill_process+0x342/0x400 [ 78.936364][ T6529] out_of_memory+0x979/0xb80 [ 78.936455][ T6529] try_charge_memcg+0x5e6/0x9e0 [ 78.936613][ T6529] charge_memcg+0x51/0xc0 [ 78.936636][ T6529] __mem_cgroup_charge+0x28/0xb0 [ 78.936661][ T6529] filemap_add_folio+0x4e/0x1b0 [ 78.936740][ T6529] __filemap_get_folio+0x31e/0x6b0 [ 78.936785][ T6529] filemap_fault+0x41f/0xb40 [ 78.936808][ T6529] ? css_rstat_updated+0xb7/0x240 [ 78.936840][ T6529] ? __rcu_read_lock+0x37/0x50 [ 78.936941][ T6529] __do_fault+0xb9/0x200 [ 78.936971][ T6529] handle_mm_fault+0xd69/0x2c20 [ 78.937007][ T6529] do_user_addr_fault+0x636/0x1090 [ 78.937237][ T6529] exc_page_fault+0x62/0xa0 [ 78.937279][ T6529] asm_exc_page_fault+0x26/0x30 [ 78.937304][ T6529] RIP: 0033:0x7f3bc3f8ed3a [ 78.937403][ T6529] Code: 01 4c 89 44 24 10 4c 89 54 24 08 e8 60 7d fe ff 48 8b 43 38 4c 8b 44 24 10 83 43 28 08 4c 8b 54 24 08 48 8d 48 f8 48 89 4b 38 <48> 89 68 f8 45 3b 78 04 0f 82 5e fe ff ff e9 ed fe ff ff 0f 1f 00 [ 78.937423][ T6529] RSP: 002b:00007ffe36f162b0 EFLAGS: 00010202 [ 78.937438][ T6529] RAX: 0000001b33518e00 RBX: 00007f3bc4e15720 RCX: 0000001b33518df8 [ 78.937449][ T6529] RDX: 0000001b32f24220 RSI: 0000000000000008 RDI: 00007f3bc4e15720 [ 78.937461][ T6529] RBP: ffffffff844a9caf R08: 00007f3bc42e6038 R09: 00007f3bc42d2000 [ 78.937477][ T6529] R10: 00007f3bc3b1f008 R11: 0000000000000002 R12: 0000000000000002 [ 78.937492][ T6529] R13: 0000000000000001 R14: ffffffff844a95c5 R15: 0000000000000001 [ 78.937550][ T6529] ? __x64_sys_sendmsg+0x25/0x160 [ 78.937595][ T6529] ? __sys_recvmsg_sock+0x1f/0x50 [ 78.937633][ T6529] [ 78.937641][ T6529] memory: usage 307200kB, limit 307200kB, failcnt 594 [ 79.143493][ T6529] memory+swap: usage 307488kB, limit 9007199254740988kB, failcnt 0 [ 79.151496][ T6529] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 79.158787][ T6529] Memory cgroup stats for /syz0: [ 79.161478][ T6529] cache 0 [ 79.169439][ T6529] rss 0 [ 79.172308][ T6529] shmem 0 [ 79.175255][ T6529] mapped_file 0 [ 79.178713][ T6529] dirty 0 [ 79.181678][ T6529] writeback 0 [ 79.184979][ T6529] workingset_refault_anon 134 [ 79.189726][ T6529] workingset_refault_file 831 [ 79.194501][ T6529] swap 294912 [ 79.197800][ T6529] swapcached 4096 [ 79.201466][ T6529] pgpgin 46449 [ 79.204880][ T6529] pgpgout 46448 [ 79.208353][ T6529] pgfault 64394 [ 79.211928][ T6529] pgmajfault 80 [ 79.215471][ T6529] inactive_anon 4096 [ 79.219377][ T6529] active_anon 0 [ 79.222861][ T6529] inactive_file 0 [ 79.226484][ T6529] active_file 0 [ 79.229931][ T6529] unevictable 0 [ 79.233396][ T6529] hierarchical_memory_limit 314572800 [ 79.238800][ T6529] hierarchical_memsw_limit 9223372036854771712 [ 79.244958][ T6529] total_cache 0 [ 79.248410][ T6529] total_rss 0 [ 79.251706][ T6529] total_shmem 0 [ 79.255167][ T6529] total_mapped_file 0 [ 79.259193][ T6529] total_dirty 0 [ 79.262684][ T6529] total_writeback 0 [ 79.266507][ T6529] total_workingset_refault_anon 134 [ 79.271778][ T6529] total_workingset_refault_file 831 [ 79.276973][ T6529] total_swap 294912 [ 79.280827][ T6529] total_swapcached 4096 [ 79.285000][ T6529] total_pgpgin 46449 [ 79.288890][ T6529] total_pgpgout 46448 [ 79.292948][ T6529] total_pgfault 64394 [ 79.296922][ T6529] total_pgmajfault 80 [ 79.300890][ T6529] total_inactive_anon 4096 [ 79.305310][ T6529] total_active_anon 0 [ 79.309357][ T6529] total_inactive_file 0 [ 79.313514][ T6529] total_active_file 0 [ 79.317484][ T6529] total_unevictable 0 [ 79.321477][ T6529] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.1303,pid=6529,uid=0 [ 79.336073][ T6529] Memory cgroup out of memory: Killed process 6529 (syz.0.1303) total-vm:96008kB, anon-rss:1008kB, file-rss:22184kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:0 [ 79.358427][ T6606] futex_wake_op: syz.3.1322 tries to shift op by -1; fix this program [ 79.659592][ T6533] syz.0.1303 (6533) used greatest stack depth: 6376 bytes left [ 79.711144][ T6639] futex_wake_op: syz.4.1343 tries to shift op by -1; fix this program [ 79.723906][ T6641] netlink: 'syz.0.1341': attribute type 3 has an invalid length. [ 80.675495][ T6658] netlink: 'syz.2.1351': attribute type 10 has an invalid length. [ 80.694625][ T6658] team0: Port device dummy0 added [ 80.720795][ T6658] netlink: 'syz.2.1351': attribute type 10 has an invalid length. [ 80.731527][ T29] kauditd_printk_skb: 30 callbacks suppressed [ 80.731543][ T29] audit: type=1326 audit(1757149717.088:1597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6663 comm="syz.1.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 80.761935][ T6658] team0: Port device dummy0 removed [ 80.767894][ T29] audit: type=1326 audit(1757149717.118:1598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6663 comm="syz.1.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 80.791464][ T29] audit: type=1326 audit(1757149717.118:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6663 comm="syz.1.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 80.814964][ T29] audit: type=1326 audit(1757149717.118:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6663 comm="syz.1.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 80.840761][ T6658] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 80.881546][ T29] audit: type=1400 audit(1757149717.228:1601): avc: denied { getopt } for pid=6673 comm="syz.2.1357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 80.921963][ T6678] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 80.988956][ T29] audit: type=1400 audit(1757149717.338:1602): avc: denied { setopt } for pid=6686 comm="syz.2.1363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 81.028422][ T29] audit: type=1326 audit(1757149717.378:1603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6688 comm="syz.1.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 81.051990][ T29] audit: type=1326 audit(1757149717.378:1604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6688 comm="syz.1.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 81.111143][ T29] audit: type=1326 audit(1757149717.428:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6688 comm="syz.1.1364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 81.134722][ T29] audit: type=1326 audit(1757149717.428:1606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6688 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 81.137415][ T6700] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1370'. [ 81.189450][ T6700] 8021q: adding VLAN 0 to HW filter on device bond1 [ 81.243640][ T6700] bond1: (slave batadv1): Opening slave failed [ 81.365406][ T10] hid_parser_main: 24 callbacks suppressed [ 81.365453][ T10] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 81.378864][ T10] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 81.386320][ T10] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 81.395616][ T10] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 81.403081][ T10] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 81.410493][ T10] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 81.418123][ T10] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 81.425556][ T10] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 81.432990][ T10] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 81.440387][ T10] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 81.458256][ T10] hid-generic 0000:0000:0000.0007: hidraw0: HID v8.00 Device [syz0] on syz1 [ 81.621327][ T6739] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1387'. [ 81.641908][ T6739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.659966][ T6739] bond0: (slave batadv1): Opening slave failed [ 81.763601][ T6761] netlink: 'syz.4.1394': attribute type 10 has an invalid length. [ 81.776871][ T6761] bridge0: port 3(dummy0) entered disabled state [ 81.784152][ T6761] dummy0: left allmulticast mode [ 81.789143][ T6761] dummy0: left promiscuous mode [ 81.794197][ T6761] bridge0: port 3(dummy0) entered disabled state [ 81.804902][ T6761] team0: Port device dummy0 added [ 81.821656][ T6767] netlink: 'syz.4.1394': attribute type 10 has an invalid length. [ 81.837453][ T6767] team0: Port device dummy0 removed [ 81.844748][ T6767] dummy0: entered promiscuous mode [ 81.850248][ T6767] $Hÿ: (slave dummy0): Enslaving as an active interface with an up link [ 82.122829][ T6792] macvtap0: refused to change device tx_queue_len [ 82.174757][ T6802] netlink: 'syz.0.1414': attribute type 10 has an invalid length. [ 82.193815][ T6802] team0: Port device dummy0 added [ 82.205288][ T6802] netlink: 'syz.0.1414': attribute type 10 has an invalid length. [ 82.215496][ T6802] team0: Port device dummy0 removed [ 82.222413][ T6802] dummy0: entered promiscuous mode [ 82.227871][ T6802] $Hÿ: (slave dummy0): Enslaving as an active interface with an up link [ 83.109657][ T6830] macvtap0: refused to change device tx_queue_len [ 83.131899][ T6832] sch_tbf: peakrate 64 is lower than or equals to rate 17038211371681383082 ! [ 83.221976][ T6842] netlink: 'syz.1.1430': attribute type 10 has an invalid length. [ 83.243573][ T6842] bridge0: port 3(dummy0) entered disabled state [ 83.250532][ T6842] dummy0: left promiscuous mode [ 83.255704][ T6842] bridge0: port 3(dummy0) entered disabled state [ 83.265188][ T6842] team0: Port device dummy0 added [ 83.281918][ T6842] netlink: 'syz.1.1430': attribute type 10 has an invalid length. [ 83.293009][ T6842] team0: Port device dummy0 removed [ 83.323028][ T6842] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 83.401082][ T6853] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1436'. [ 83.431846][ T6853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.463994][ T6853] bond0: (slave batadv1): Opening slave failed [ 84.376281][ T6901] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1454'. [ 84.428942][ T6901] 8021q: adding VLAN 0 to HW filter on device bond1 [ 84.447710][ T6905] bond1: (slave batadv1): Opening slave failed [ 84.509757][ T6913] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1460'. [ 84.874018][ T6923] netlink: 'syz.3.1462': attribute type 10 has an invalid length. [ 84.883777][ T6923] bridge0: port 3(dummy0) entered disabled state [ 84.901479][ T6923] dummy0: left allmulticast mode [ 84.913217][ T6923] dummy0: left promiscuous mode [ 84.918269][ T6923] bridge0: port 3(dummy0) entered disabled state [ 84.940834][ T6930] netlink: 'syz.3.1462': attribute type 10 has an invalid length. [ 84.963173][ T6930] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 84.983333][ T6936] netlink: 204 bytes leftover after parsing attributes in process `syz.2.1468'. [ 85.056037][ T6941] netlink: 'syz.4.1473': attribute type 3 has an invalid length. [ 85.232236][ T6967] netlink: 'syz.1.1484': attribute type 10 has an invalid length. [ 85.249493][ T6967] bond0: (slave dummy0): Releasing backup interface [ 85.265522][ T6967] team0: Port device dummy0 added [ 85.282455][ T6967] netlink: 'syz.1.1484': attribute type 10 has an invalid length. [ 85.310148][ T6967] team0: Port device dummy0 removed [ 85.327623][ T6967] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 85.507369][ T6987] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1495'. [ 86.272203][ T7065] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.1514'. [ 86.428259][ T29] kauditd_printk_skb: 53 callbacks suppressed [ 86.428277][ T29] audit: type=1326 audit(1757149722.768:1660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7073 comm="syz.0.1507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3bc40a5ba7 code=0x7ffc0000 [ 86.457866][ T29] audit: type=1326 audit(1757149722.768:1661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7073 comm="syz.0.1507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3bc404adb9 code=0x7ffc0000 [ 86.481295][ T29] audit: type=1326 audit(1757149722.768:1662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7073 comm="syz.0.1507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3bc40a5ba7 code=0x7ffc0000 [ 86.504750][ T29] audit: type=1326 audit(1757149722.768:1663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7073 comm="syz.0.1507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3bc404adb9 code=0x7ffc0000 [ 86.528251][ T29] audit: type=1326 audit(1757149722.768:1664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7073 comm="syz.0.1507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 86.551683][ T29] audit: type=1326 audit(1757149722.768:1665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7073 comm="syz.0.1507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 86.566556][ T7076] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1508'. [ 86.758604][ T29] audit: type=1326 audit(1757149722.768:1666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7073 comm="syz.0.1507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=155 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 86.782100][ T29] audit: type=1326 audit(1757149722.778:1667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7073 comm="syz.0.1507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3bc40aebe9 code=0x7ffc0000 [ 86.867716][ T29] audit: type=1400 audit(1757149723.168:1668): avc: denied { search } for pid=7081 comm="syz.2.1511" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 86.889588][ T29] audit: type=1400 audit(1757149723.168:1669): avc: denied { search } for pid=7081 comm="syz.2.1511" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 86.997450][ T7104] netlink: 63503 bytes leftover after parsing attributes in process `syz.3.1519'. [ 87.015267][ T7106] netlink: 'syz.0.1520': attribute type 3 has an invalid length. [ 87.395388][ T7139] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.1537'. [ 87.622003][ T7178] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1559'. [ 87.697452][ T7195] netdevsim netdevsim4: Direct firmware load for ./file0/file1 failed with error -2 [ 87.804221][ T7211] 8021q: adding VLAN 0 to HW filter on device bond1 [ 87.826595][ T7211] bond1: (slave batadv1): Opening slave failed [ 87.925846][ T7228] 9pnet_fd: Insufficient options for proto=fd [ 88.195710][ T7273] bridge0: entered promiscuous mode [ 88.200994][ T7273] macvtap1: entered allmulticast mode [ 88.206463][ T7273] bridge0: entered allmulticast mode [ 88.212967][ T7273] bridge0: port 3(macvtap1) entered blocking state [ 88.219528][ T7273] bridge0: port 3(macvtap1) entered disabled state [ 88.226855][ T7273] bridge0: left allmulticast mode [ 88.231939][ T7273] bridge0: left promiscuous mode [ 88.482214][ T7306] netdevsim netdevsim3: Direct firmware load for ./file0/file1 failed with error -2 [ 88.512952][ T7310] __nla_validate_parse: 2 callbacks suppressed [ 88.512972][ T7310] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1618'. [ 88.899926][ T7344] netdevsim netdevsim0: Direct firmware load for ./file0/file1 failed with error -2 [ 88.947851][ T7352] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1634'. [ 88.994962][ T7358] netlink: 'syz.3.1644': attribute type 3 has an invalid length. [ 89.327419][ T7390] 9pnet_fd: Insufficient options for proto=fd [ 89.470627][ T7417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1672'. [ 89.479577][ T7417] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1672'. [ 89.522910][ T7425] netlink: 'syz.1.1675': attribute type 1 has an invalid length. [ 89.542304][ T7423] netlink: 'syz.0.1674': attribute type 3 has an invalid length. [ 89.644419][ T7447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1688'. [ 89.653472][ T7447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1688'. [ 89.711804][ T7457] netlink: 'syz.1.1692': attribute type 3 has an invalid length. [ 90.082231][ T7496] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1709'. [ 90.177168][ T7503] bridge0: entered promiscuous mode [ 90.182532][ T7503] macvtap0: entered allmulticast mode [ 90.187917][ T7503] bridge0: entered allmulticast mode [ 90.194732][ T7503] bridge0: port 3(macvtap0) entered blocking state [ 90.201280][ T7503] bridge0: port 3(macvtap0) entered disabled state [ 90.208667][ T7503] bridge0: left allmulticast mode [ 90.213790][ T7503] bridge0: left promiscuous mode [ 90.481633][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1717'. [ 90.624722][ T7531] netlink: 'syz.3.1725': attribute type 3 has an invalid length. [ 90.667784][ T7539] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1730'. [ 90.833417][ T7562] netlink: 'syz.4.1740': attribute type 3 has an invalid length. [ 90.897950][ T7570] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1743'. [ 91.060275][ T7591] netlink: 'syz.0.1752': attribute type 3 has an invalid length. [ 91.231686][ T7610] 9pnet_fd: Insufficient options for proto=fd [ 91.255523][ T7613] macvtap0: refused to change device tx_queue_len [ 91.358671][ T7621] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 91.752914][ T7646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.761694][ T7646] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.784522][ T29] kauditd_printk_skb: 161 callbacks suppressed [ 91.784539][ T29] audit: type=1400 audit(1757149728.138:1831): avc: denied { setopt } for pid=7647 comm="syz.3.1777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 91.810805][ T29] audit: type=1400 audit(1757149728.138:1832): avc: denied { connect } for pid=7647 comm="syz.3.1777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 92.126648][ T7702] macvtap0: refused to change device tx_queue_len [ 92.292840][ T29] audit: type=1326 audit(1757149728.638:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7732 comm="syz.1.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 92.316824][ T29] audit: type=1326 audit(1757149728.638:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7732 comm="syz.1.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 92.340239][ T29] audit: type=1326 audit(1757149728.638:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7732 comm="syz.1.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 92.363743][ T29] audit: type=1326 audit(1757149728.638:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7732 comm="syz.1.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 92.387170][ T29] audit: type=1326 audit(1757149728.638:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7732 comm="syz.1.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 92.410710][ T29] audit: type=1326 audit(1757149728.638:1838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7732 comm="syz.1.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 92.434400][ T29] audit: type=1326 audit(1757149728.638:1839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7732 comm="syz.1.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 92.457833][ T29] audit: type=1326 audit(1757149728.638:1840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7732 comm="syz.1.1791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb80e71ebe9 code=0x7ffc0000 [ 92.561899][ T7734] 9pnet_fd: Insufficient options for proto=fd [ 93.162872][ T7850] 9pnet_fd: Insufficient options for proto=fd [ 93.174091][ T7852] macvtap0: refused to change device tx_queue_len [ 93.676734][ T7902] __nla_validate_parse: 14 callbacks suppressed [ 93.676824][ T7902] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1835'. [ 93.706879][ T7908] 9pnet_fd: Insufficient options for proto=fd [ 93.850707][ T7934] sch_tbf: peakrate 7 is lower than or equals to rate 19 ! [ 94.245662][ T8001] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1855'. [ 94.737843][ T8079] sch_tbf: peakrate 7 is lower than or equals to rate 19 ! [ 95.024399][ T8110] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1878'. [ 96.099147][ T8200] netlink: 'syz.0.1903': attribute type 3 has an invalid length. [ 96.184234][ T8211] macsec1: entered allmulticast mode [ 96.189625][ T8211] bond0: entered allmulticast mode [ 96.206118][ T8211] bond0: left allmulticast mode [ 97.089643][ T8347] bond_slave_0: entered promiscuous mode [ 97.095408][ T8347] bond_slave_1: entered promiscuous mode [ 97.101071][ T8347] dummy0: entered promiscuous mode [ 97.108510][ T8347] macsec1: entered allmulticast mode [ 97.114022][ T8347] bond0: entered allmulticast mode [ 97.119199][ T8347] bond_slave_0: entered allmulticast mode [ 97.125032][ T8347] bond_slave_1: entered allmulticast mode [ 97.133645][ T8347] dummy0: entered allmulticast mode [ 97.140830][ T8347] bond0: left allmulticast mode [ 97.145988][ T8347] bond_slave_0: left allmulticast mode [ 97.151663][ T8347] bond_slave_1: left allmulticast mode [ 97.158400][ T8347] dummy0: left allmulticast mode [ 97.163491][ T8347] bond_slave_0: left promiscuous mode [ 97.168931][ T8347] bond_slave_1: left promiscuous mode [ 97.174412][ T8347] dummy0: left promiscuous mode [ 97.179255][ T8349] netlink: 'syz.4.1928': attribute type 3 has an invalid length. [ 97.204702][ T8354] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) ! [ 97.255829][ T29] kauditd_printk_skb: 84 callbacks suppressed [ 97.255846][ T29] audit: type=1326 audit(1757149733.608:1925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8360 comm="syz.3.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 97.300974][ T29] audit: type=1326 audit(1757149733.608:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8360 comm="syz.3.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 97.324385][ T29] audit: type=1326 audit(1757149733.608:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8360 comm="syz.3.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 97.347965][ T29] audit: type=1326 audit(1757149733.608:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8360 comm="syz.3.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 97.371413][ T29] audit: type=1326 audit(1757149733.608:1929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8360 comm="syz.3.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 97.394938][ T29] audit: type=1326 audit(1757149733.618:1930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8360 comm="syz.3.1932" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 97.498124][ T29] audit: type=1400 audit(1757149733.848:1931): avc: denied { mounton } for pid=8378 comm="syz.4.1940" path="/398/file0" dev="tmpfs" ino=2063 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 97.545383][ T8385] netlink: 'syz.3.1942': attribute type 3 has an invalid length. [ 97.579273][ T29] audit: type=1400 audit(1757149733.928:1932): avc: denied { map } for pid=8393 comm="syz.3.1947" path="socket:[17026]" dev="sockfs" ino=17026 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 97.602899][ T29] audit: type=1400 audit(1757149733.928:1933): avc: denied { read } for pid=8393 comm="syz.3.1947" path="socket:[17026]" dev="sockfs" ino=17026 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 97.635231][ T29] audit: type=1326 audit(1757149733.988:1934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8395 comm="syz.3.1959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddfa2eebe9 code=0x7ffc0000 [ 97.948171][ T8449] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) ! [ 98.148657][ T8484] atomic_op ffff88814ab0b528 conn xmit_atomic 0000000000000000 [ 98.216996][ T8500] atomic_op ffff88814ab0b528 conn xmit_atomic 0000000000000000 [ 98.228087][ T8502] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) ! [ 98.508209][ T8555] netlink: 'syz.1.1989': attribute type 4 has an invalid length. [ 98.516088][ T8555] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1989'. [ 98.546066][ T8558] hub 9-0:1.0: USB hub found [ 98.558781][ T8558] hub 9-0:1.0: 8 ports detected [ 98.879524][ T8603] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2000'. [ 98.888611][ T8603] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2000'. [ 98.897629][ T8603] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2000'. [ 98.909164][ T8603] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2000'. [ 98.918345][ T8603] netlink: 'syz.1.2000': attribute type 6 has an invalid length. [ 99.186087][ T8660] netlink: 'syz.0.2015': attribute type 3 has an invalid length. [ 99.519485][ T8701] netlink: 'syz.2.2042': attribute type 4 has an invalid length. [ 99.527299][ T8701] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2042'. [ 99.596519][ T8675] ================================================================== [ 99.604658][ T8675] BUG: KCSAN: data-race in shmem_file_splice_read / shmem_file_splice_read [ 99.613267][ T8675] [ 99.615611][ T8675] write to 0xffff8881180dbca8 of 8 bytes by task 8684 on cpu 1: [ 99.623259][ T8675] shmem_file_splice_read+0x470/0x600 [ 99.628656][ T8675] splice_direct_to_actor+0x26f/0x680 [ 99.634035][ T8675] do_splice_direct+0xda/0x150 [ 99.638809][ T8675] do_sendfile+0x380/0x650 [ 99.643255][ T8675] __x64_sys_sendfile64+0x105/0x150 [ 99.648473][ T8675] x64_sys_call+0x2bb0/0x2ff0 [ 99.653159][ T8675] do_syscall_64+0xd2/0x200 [ 99.657808][ T8675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.663732][ T8675] [ 99.666070][ T8675] write to 0xffff8881180dbca8 of 8 bytes by task 8675 on cpu 0: [ 99.673796][ T8675] shmem_file_splice_read+0x470/0x600 [ 99.679198][ T8675] splice_direct_to_actor+0x26f/0x680 [ 99.684593][ T8675] do_splice_direct+0xda/0x150 [ 99.689382][ T8675] do_sendfile+0x380/0x650 [ 99.693830][ T8675] __x64_sys_sendfile64+0x105/0x150 [ 99.699060][ T8675] x64_sys_call+0x2bb0/0x2ff0 [ 99.703747][ T8675] do_syscall_64+0xd2/0x200 [ 99.708283][ T8675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.714190][ T8675] [ 99.716526][ T8675] value changed: 0x00000000000258b0 -> 0x00000000000258ec [ 99.723634][ T8675] [ 99.725968][ T8675] Reported by Kernel Concurrency Sanitizer on: [ 99.732151][ T8675] CPU: 0 UID: 0 PID: 8675 Comm: syz.3.2021 Not tainted syzkaller #0 PREEMPT(voluntary) [ 99.741908][ T8675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 99.751969][ T8675] ==================================================================