last executing test programs: 2.080460521s ago: executing program 3 (id=10360): openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1, 0x100004, 0x5, 0x4, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340), &(0x7f0000000240), 0x20000402, r0}, 0x38) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r0, &(0x7f0000000340), &(0x7f0000000000)=""/27}, 0x20) 1.552663874s ago: executing program 3 (id=10377): futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(0x0, 0x5, 0x0, 0x0, &(0x7f0000000040), 0x4000000) 1.344276321s ago: executing program 1 (id=10383): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) syz_emit_ethernet(0x1ea, &(0x7f0000000680)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x1b4, 0x2b, 0x0, @private2, @local, {[@srh={0x0, 0x2, 0x3, 0x1, 0x0, 0x68, 0x0, [@dev]}, @routing={0x0, 0x10, 0x0, 0x0, 0x0, [@ipv4={'\x00', '\xff\xff', @loopback}, @private2, @private2, @empty, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, @loopback]}, @fragment={0x0, 0x0, 0x5b, 0x1}, @dstopts={0x62, 0x13, '\x00', [@padn={0x1, 0x2, [0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x9}, @padn={0x1, 0x1, [0x0]}, @jumbo, @jumbo, @generic={0x0, 0x69, "1f2db8fb7156d5dc6a80fdf612f556a85af558f8a7f8aac5992049ac6f4b222fd514fd11efcf0cd9b991a0146909ba3420da3bb126dc0c779aabb0eff5d1b2af29d900606af3a0f76e6c8d9a35f03a8f6e320e61ae5079201b949f830c41e387fa789c358da1798914"}, @calipso={0x7, 0x18, {0x0, 0x4, 0x0, 0x0, [0x0, 0x0]}}]}], {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x4, "82f63de64f6ce2ee11028289aefdb3449391a823213e6336516748a7949bb108", "402fa83b1d661c18462075368a186092", {"9ddeb8f71aa23d391b8fa99e9816af2d", "040876a663a86d97f46b9665cc18492b"}}}}}}}}, 0x0) 1.343870771s ago: executing program 1 (id=10384): r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x28, r0, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'geneve1\x00'}}]}]}, 0x28}}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f0000000100)) 1.288550895s ago: executing program 1 (id=10385): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f0000000180), 0x8) 1.288371465s ago: executing program 1 (id=10386): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000a40)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a119b54c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c76d7756bf4fcaff0c", 0x87}, {&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be420467333d9ce17dddc425dad69c4c9395a5c170170a4fa63091786e2a563e3d5982a73c15edf854046e1a33b2728e74c856a58ba74c80f4f4166ac51d720f", 0x156}, {&(0x7f0000000f00)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c8461de7afec966f9c023ffe15c3c1caec8ff3ef304ed0ffedd061941d9d022b25a4b9632856295fee3a314f6c196d953bcaf1aff06d181d51662fdaa52e46d7905c0b4c6", 0x10e}], 0x3}}], 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 1.079732982s ago: executing program 4 (id=10396): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@ipv4_newroute={0x24, 0x19, 0x1, 0x0, 0x0, {0x2, 0x20, 0x0, 0xfc, 0xff}, [@RTA_DST={0x8, 0x1, @local}]}, 0x24}}, 0x0) 1.025172536s ago: executing program 4 (id=10397): socket$netlink(0x10, 0x3, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x2, 0xd, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@dev}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}]}, 0xa0}}, 0x0) sendto$inet6(r0, &(0x7f0000000040)="93", 0x34000, 0x0, 0x0, 0x44) 682.137035ms ago: executing program 3 (id=10400): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000001180)) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000040)={0x0, 'bridge0\x00'}) 603.916571ms ago: executing program 3 (id=10403): unshare(0x600) r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000140)=0x3, 0x20) sendmsg$tipc(r0, &(0x7f0000000240)={&(0x7f00000000c0)=@id, 0x10, 0x0}, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f0000001340), 0x0, 0x0) 603.793231ms ago: executing program 3 (id=10405): mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x0, &(0x7f0000000000/0x400000)=nil) io_setup(0x800, &(0x7f0000000080)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x55af) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_mreq(r1, 0x3a, 0x1, 0x0, &(0x7f0000000040)) 583.142362ms ago: executing program 2 (id=10407): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000140)=@ipmr_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0x80, 0x20}}, 0x1c}}, 0x0) 564.511284ms ago: executing program 2 (id=10408): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@can_newroute={0x14, 0x18, 0x1, 0x0, 0x0, {0x1d, 0x2}}, 0x14}}, 0x0) 518.804798ms ago: executing program 2 (id=10409): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) 518.085367ms ago: executing program 2 (id=10410): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x28, 0x3, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}}, 0x0) 472.974681ms ago: executing program 3 (id=10411): futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000000040), 0x4000000) 472.672212ms ago: executing program 2 (id=10412): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010"], 0xec}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x60, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x20, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x3, 0x2}}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8}]}, 0x60}}, 0x0) 472.503312ms ago: executing program 2 (id=10413): bpf$MAP_CREATE(0x0, &(0x7f0000002740)=@bloom_filter={0x1e, 0x0, 0x9, 0xfffff801, 0x14, 0x1}, 0x48) 406.386387ms ago: executing program 1 (id=10414): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1) ioctl$TCSETS(r0, 0x8910, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "bb5dee00"}) 300.590545ms ago: executing program 1 (id=10415): r0 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c) r1 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r1, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0xfffffffffffffe76, 0x0}}], 0x1, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x4008840, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @local}, 0x1c) sendto$inet6(r1, &(0x7f0000000000)="17", 0x1, 0x0, 0x0, 0x0) 236.194601ms ago: executing program 0 (id=10416): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1a10716, &(0x7f0000000d00)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@block_validity}, {@grpjquota_path}, {@stripe={'stripe', 0x3d, 0x1}}, {@prjquota}, {@usrjquota}, {@data_err_abort}, {@min_batch_time={'min_batch_time', 0x3d, 0x100409e}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}]}, 0xff, 0x46d, &(0x7f0000001bc0)="$eJzs289vVEUcAPDve7sFBGUrIgqCVNGk8UdLCyoHE6PRxIMmJnrAY20LQRZqaE2ENFqNwaMh8W48mvgXePJk1JOJVzyaGBKixAT04pq3+17pLrullYXddD+fZGFm3+zMfPvevJ2d2Q1gYI1k/yQRd0fExYioNLLNBUYa/127sjj995XF6SRqtTf/SOrlrl5ZnK7litdty+scTSPST5O8kRhaWe382XMnp6rV2TN5fnzh1Hvj82fPPX3i1NTx2eOzpyePHDl8aOK5ZyefadPr3y6sN84svqt7Ppzbu/vVty+8Pn30wjs/fpP1d9e+xvEsjvXWeTMjWeB/Nv42rcce73ZjPfZv7XqcSbnXvWGtShFRzgfnxahEKa6fvEq88klPOwfcVtk9e3Pnw0s1YANLotc9AHqjeKPPPv8Wjzs09egLl19sfADK4r6WPxpHypE2Pho1L1x02UhEHF3658vsES3rELU26wYAALfqu2z+81S7+V8au1aU257vDQ1HxL0RsSMi7ouInRFxf0S97AMR8WCnhjpMokZa8jfOP9NL/zu4Ncjmf8/ne1vN87+0KDJcynP31OMfSo6dqM4ezP8mozG0OctPtKu8qOLlXz7v1P7K+V/2yNov5oJ5JZfKjQW6LcUzM1MLU92alF7+OGJPuV38yfJOQBIRuyNiz/qq3l4kTjzx9d5OhW4e/yq6sM9U+6qoZHEpWuIvJKvvT45vierswfHiqrjRTz+ff6NT+7cUfxdk539r8/XfUqLyV7Jyv3Z++cALa23j/K+fdfxMWV779b8su/43JW/V93Q35c99MLWwcGYiYlPyWj3f9Pzk9dcW+aJ8Fv/ogfbjf0f+miz+hyIiu4j3RcTDEbE/P3ePRMSjEXFglfh/eOmxdzsd64fzP9P2/rd8/Q83n//1J0onv/+2U/tru/8drqdG82fq97+b6Nyd4jbacjUDAADABpbWvxufpGPL6TQdG2t8h39nbE2rc/MLTx6be//0TOM79MMxlBYrXZUV66ETyVJeYyM/ma8VF8cP5evGX5TuqufHpueqMz2OHQbdtg7jP/N7qde9A247v9eCwdU6/tMe9QO487z/w+Ay/mFwGf8wuNqN/49a8vYCYCOqVXrdA6B3zP9hcBn/MLiMfxhIt/K7/tuVKK/y632JfklE2hfd6JvE/j4aTeUujO4e35gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC65L8AAAD///Uk+Ss=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 170.651986ms ago: executing program 0 (id=10417): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x2, 0xd50, 0x12, &(0x7f0000000200)="967ea6141c24565debcb", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 95.573102ms ago: executing program 0 (id=10418): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f0000000000)={'veth0_vlan\x00', @random="0132014010ff"}) 95.220872ms ago: executing program 4 (id=10419): r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x28, r0, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'geneve1\x00'}}]}]}, 0x28}}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f0000000100)) 94.921952ms ago: executing program 4 (id=10420): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmmsg$sock(r0, 0x0, 0x0, 0x0) 75.714444ms ago: executing program 4 (id=10421): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wg2\x00'}) socket$can_raw(0x1d, 0x3, 0x1) r0 = socket(0x10, 0x803, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000a40)={0x14}, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=""/156, 0x9c}], 0x1}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000009240)={&(0x7f0000000600)=@newtfilter={0x7c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x3}, {}, {0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x4c, 0x2, [@TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @empty}, @TCA_FLOWER_KEY_ICMPV6_CODE_MASK={0xffffffffffffff80}, @TCA_FLOWER_KEY_ENC_UDP_DST_PORT={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_DST_MASK={0x14, 0x22, [0x0, 0x0, 0x0, 0xffffff00]}, @TCA_FLOWER_KEY_MPLS_BOS={0x5}, @TCA_FLOWER_KEY_IPV4_SRC={0x8, 0xa, @remote}]}}]}, 0x7c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 75.395084ms ago: executing program 0 (id=10422): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = socket(0x200000000000011, 0x2, 0x0) getsockopt$packet_int(r0, 0x107, 0x9, 0x0, &(0x7f0000000100)) 579.21µs ago: executing program 0 (id=10423): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x28, 0x3, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}}, 0x0) 264.25µs ago: executing program 4 (id=10424): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000a40)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a119b54c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c76d7756bf4fcaff0c", 0x87}, {&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be420467333d9ce17dddc425dad69c4c9395a5c170170a4fa63091786e2a563e3d5982a73c15edf854046e1a33b2728e74c856a58ba74c80f4f4166ac51d720f", 0x156}, {&(0x7f0000000f00)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c8461de7afec966f9c023ffe15c3c1caec8ff3ef304ed0ffedd061941d9d022b25a4b9632856295fee3a314f6c196d953bcaf1aff06d181d51662fdaa52e46d7905c0b4c6", 0x10e}], 0x3}}], 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 0s ago: executing program 0 (id=10425): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x8a, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@data_err_ignore}, {@grpjquota, 0x22}, {@resuid}, {@grpid}, {@errors_continue}, {@stripe={'stripe', 0x3d, 0x7ff}}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}]}, 0xfe, 0x461, &(0x7f00000016c0)="$eJzs3MtvVFUYAPBv7kzLs7YiPkDQ+orER0vLQxZuMJq40MREFxhXtS0EKdTQmgghWl3g0pC4Ny5N/AOMC8WNUVcmbnFvTBrDRmR1zZ25dxjamXbaDgwyv19y4Zx7zvSc7957Zs498wigZw1n/5QitkfElYgYrGVvrjBc++/a1QuT/169MFmKNH3z71K13j9XL0wWVYvHbatl0nSFdi++E9fTmmp+dP70+6Nz584/f/L0xInpE9Nnxo8cOXhgb//h8UMdiXMg6+vuj2b37Hr17UuvTx679O4v32T93Z6XN8axHlua7BuuHd26vob0Uxtp7A400JAuVbrYEdakHBGV/Nq8EoNRbriSB+OVT4s6VUmXOgncEmmapJtaFy+kwF0sm6gDvah4oc/uf4vtNk097giLR6O+jnEt32ollfrtTl9+j3QrDEfEsYXrX2ZbdGAdAgBgNZePRsRzzeZ/STzQUO+e/L2hoYi4NyJ2RMR9EbEzIu6PqNZ9MCIeWmP7w0vyy+c/6eC6AmtTNv97MX9v6+b5X32xe6ic5waq8feVjp+cmd6fH5N90bcpy4+t0MaPL//+eauyxvlftmXtF3PBvB9/VZYs0E1NzE9sJOZGi59E7K40i79Un/Nm8+NdEbG7rb/47bI9J5/5ek+r2qvHv4IOTMrTryKerp3/hVgSf6HU8v3JsRcOjx8a3Rwz0/tHi6tiuV9/u/hGq/Y3FH8HLF5OY2vT678e/1Bpc8TcufOnJmZmps/Orb2Ni3981vKeZr3Xf3/prWq6P9/34cT8/NmxiP7Sa8v3j994bJEv6i+WFmoFTcb/jrhxJB6OiOwi3hsRj0TEo3nfH4uIxyPiiRXi//mlJ9+7aUfSTvwrrMp3UDb+p1Y7/9F4/teeKJ/66btW7bd3/g9WU/vyPe08/7XbwY0cOwAAAPi/SKqfgS8lI/V0koyM1D7DvzO2JjOzc/PPHp/94MxU7bPyQ9GXFCtdgw3roWP52nCRH1+SP5CvG39R3lLNj0zOzkx1O3jocdtajP/Mn+Vu9w645XxfC3qX8Q+9y/iH3mX8Q+8y/qFXlZuO/4+70BPg9lvl9b/Zb9sBdwnzf+hdxj/0rkrE9wPd7gRwu7X8bnyyoa/8S3Qp8UP/xn6rof1EJHdIyHdNoi+aFlXa/jGLdSY2NS3q9jMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wXAAD//5JK6U8=") syz_open_procfs(0x0, &(0x7f0000000300)='mounts\x00') socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x0, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$TIPC_CONN_TIMEOUT(r4, 0x10f, 0x82, &(0x7f0000000340), &(0x7f0000000380)=0x4) kernel console output (not intermixed with test programs): 503][ T2248] RIP: 0033:0x7f8f6ca9c453 [ 684.442938][ T2248] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 684.462534][ T2248] RSP: 002b:00007f8f6be574b0 EFLAGS: 00010206 [ 684.468588][ T2248] RAX: 0000000000009000 RBX: 00007f8f6be57550 RCX: 00007f8f63a38000 [ 684.476544][ T2248] RDX: 00007f8f6be576f0 RSI: 0000000000000001 RDI: 00007f8f6be575f0 [ 684.484555][ T2248] RBP: 0000000000000083 R08: 0000000000000006 R09: 0000000000000014 [ 684.492573][ T2248] R10: 000000000000001a R11: 00007f8f6be57550 R12: 0000000000000001 [ 684.500536][ T2248] R13: 00007f8f6cc56f80 R14: 00000000000000ff R15: 00007f8f6be575f0 [ 684.508502][ T2248] [ 684.511595][ T2248] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 684.615640][ T2272] netlink: 'syz.1.9538': attribute type 1 has an invalid length. [ 684.642854][ T29] audit: type=1326 audit(2000000346.626:20642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2275 comm="syz.0.9540" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f6cbd6bd9 code=0x0 [ 684.659682][ T2284] loop1: detected capacity change from 0 to 512 [ 684.680268][ T2284] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 684.692828][ T2284] ext4 filesystem being mounted at /150/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 684.713905][T32084] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 685.586569][ T2311] netlink: 92 bytes leftover after parsing attributes in process `syz.0.9551'. [ 685.605951][ T2313] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9552'. [ 685.615790][ T2313] netlink: 'syz.0.9552': attribute type 10 has an invalid length. [ 685.640968][ T29] audit: type=1400 audit(2000000347.549:20643): avc: denied { module_load } for pid=2314 comm="syz.0.9553" path="/sys/power/wakeup_count" dev="sysfs" ino=192 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 685.795493][ T2340] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9563'. [ 685.804774][ T2340] netlink: 'syz.0.9563': attribute type 10 has an invalid length. [ 685.836660][ T2346] loop1: detected capacity change from 0 to 512 [ 685.843623][ T2346] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 685.852953][ T2346] EXT4-fs (loop1): orphan cleanup on readonly fs [ 685.859916][ T2346] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.9566: bg 0: block 248: padding at end of block bitmap is not set [ 685.874642][ T2346] Quota error (device loop1): write_blk: dquota write failed [ 685.882085][ T2346] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 685.892172][ T2346] EXT4-fs error (device loop1): ext4_acquire_dquot:6860: comm syz.1.9566: Failed to acquire dquot type 1 [ 685.904827][ T2346] EXT4-fs (loop1): 1 truncate cleaned up [ 685.912313][ T2346] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 685.926694][ T29] audit: type=1400 audit(2000000347.816:20644): avc: denied { wake_alarm } for pid=2345 comm="syz.1.9566" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 685.958268][ T2346] netlink: 'syz.1.9566': attribute type 4 has an invalid length. [ 685.968465][ T29] audit: type=1326 audit(2000000347.853:20645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2345 comm="syz.1.9566" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f070ffa1bd9 code=0x0 [ 686.380484][ T2354] FAULT_INJECTION: forcing a failure. [ 686.380484][ T2354] name failslab, interval 1, probability 0, space 0, times 0 [ 686.393202][ T2354] CPU: 1 PID: 2354 Comm: syz.2.9567 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 686.403332][ T2354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 686.413406][ T2354] Call Trace: [ 686.416718][ T2354] [ 686.419645][ T2354] dump_stack_lvl+0xf2/0x150 [ 686.424233][ T2354] dump_stack+0x15/0x20 [ 686.428448][ T2354] should_fail_ex+0x229/0x230 [ 686.433189][ T2354] ? qdisc_get_stab+0x36a/0x4a0 [ 686.438064][ T2354] __should_failslab+0x92/0xa0 [ 686.442887][ T2354] should_failslab+0x9/0x20 [ 686.447372][ T2354] __kmalloc_noprof+0xa5/0x370 [ 686.452147][ T2354] qdisc_get_stab+0x36a/0x4a0 [ 686.456956][ T2354] ? qdisc_lookup+0x1fd/0x2d0 [ 686.461668][ T2354] qdisc_create+0x5e6/0xae0 [ 686.466234][ T2354] ? __nla_parse+0x40/0x60 [ 686.470633][ T2354] tc_modify_qdisc+0x65f/0x1050 [ 686.475572][ T2354] ? ns_capable+0x7d/0xb0 [ 686.479941][ T2354] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 686.485208][ T2354] rtnetlink_rcv_msg+0x85e/0x910 [ 686.490192][ T2354] ? memcg_list_lru_alloc+0xd2/0x740 [ 686.495582][ T2354] ? ___slab_alloc+0x2b7/0x980 [ 686.500362][ T2354] ? __memcg_slab_free_hook+0xc9/0x1e0 [ 686.505874][ T2354] ? xas_load+0x3ae/0x3d0 [ 686.510197][ T2354] ? kmem_cache_free+0xd8/0x280 [ 686.515055][ T2354] ? nlmon_xmit+0x51/0x60 [ 686.519422][ T2354] ? __kfree_skb+0x102/0x150 [ 686.523990][ T2354] ? consume_skb+0x57/0x180 [ 686.528566][ T2354] ? nlmon_xmit+0x51/0x60 [ 686.532931][ T2354] ? dev_hard_start_xmit+0x3c1/0x3f0 [ 686.538205][ T2354] ? __dev_queue_xmit+0xb21/0x1e50 [ 686.543293][ T2354] ? ref_tracker_free+0x3a5/0x410 [ 686.548386][ T2354] netlink_rcv_skb+0x12c/0x230 [ 686.553305][ T2354] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 686.558754][ T2354] rtnetlink_rcv+0x1c/0x30 [ 686.563216][ T2354] netlink_unicast+0x58d/0x660 [ 686.564628][T31636] usb usb6-port1: attempt power cycle [ 686.568005][ T2354] netlink_sendmsg+0x5ca/0x6e0 [ 686.578151][ T2354] ? __pfx_netlink_sendmsg+0x10/0x10 [ 686.583420][ T2354] __sock_sendmsg+0x140/0x180 [ 686.588129][ T2354] ____sys_sendmsg+0x312/0x410 [ 686.592875][ T2354] __sys_sendmsg+0x1e9/0x280 [ 686.597513][ T2354] __x64_sys_sendmsg+0x46/0x50 [ 686.602275][ T2354] x64_sys_call+0xb25/0x2d70 [ 686.606860][ T2354] do_syscall_64+0xc9/0x1c0 [ 686.611356][ T2354] ? clear_bhb_loop+0x55/0xb0 [ 686.616090][ T2354] ? clear_bhb_loop+0x55/0xb0 [ 686.620748][ T2354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 686.626669][ T2354] RIP: 0033:0x7f1015cf4bd9 [ 686.631064][ T2354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 686.650694][ T2354] RSP: 002b:00007f1014f76048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 686.659172][ T2354] RAX: ffffffffffffffda RBX: 00007f1015e82f60 RCX: 00007f1015cf4bd9 [ 686.667141][ T2354] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 [ 686.675127][ T2354] RBP: 00007f1014f760a0 R08: 0000000000000000 R09: 0000000000000000 [ 686.683101][ T2354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 686.691058][ T2354] R13: 000000000000000b R14: 00007f1015e82f60 R15: 00007ffcfebaaeb8 [ 686.699079][ T2354] [ 686.715851][ T2357] loop2: detected capacity change from 0 to 256 [ 686.744694][T32084] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 686.755330][ T29] audit: type=1400 audit(2000000348.582:20646): avc: denied { audit_write } for pid=2358 comm="syz.0.9571" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 686.776719][ T29] audit: type=1107 audit(2000000348.582:20647): pid=2358 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 686.808104][ T2365] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9574'. [ 686.818277][ T2365] netlink: 'syz.0.9574': attribute type 10 has an invalid length. [ 686.832559][ T2368] 9pnet_fd: Insufficient options for proto=fd [ 686.858618][ T2373] loop2: detected capacity change from 0 to 512 [ 686.865544][ T2373] EXT4-fs warning (device loop2): ext4_multi_mount_protect:318: fsck is running on the filesystem [ 686.876175][ T2373] EXT4-fs warning (device loop2): ext4_multi_mount_protect:318: MMP failure info: last update time: 1669132786, last update node: dvyukov-desk.muc.corp.google.com, last update device: loop4 [ 686.930426][ T2379] loop1: detected capacity change from 0 to 2048 [ 686.937617][ T2379] ext4: Unknown parameter 'dont_appraise' [ 687.060121][ T2389] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2389 comm=syz.2.9581 [ 687.076733][ T2389] loop2: detected capacity change from 0 to 512 [ 687.085714][ T2389] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 687.098457][ T2389] ext4 filesystem being mounted at /144/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 687.114875][T32620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 687.165630][ T2395] sg_write: data in/out 32732/14 bytes for SCSI command 0x0-- guessing data in; [ 687.165630][ T2395] program syz.2.9582 not setting count and/or reply_len properly [ 687.223092][ T2399] usb usb5: usbfs: process 2399 (syz.2.9584) did not claim interface 0 before use [ 687.236635][ T2399] loop2: detected capacity change from 0 to 1024 [ 687.243274][ T2399] EXT4-fs: Ignoring removed nomblk_io_submit option [ 687.250370][ T2399] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 687.261497][ T2399] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 687.294806][T32620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 687.352377][ T2402] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9585'. [ 687.362341][ T2402] netlink: 'syz.2.9585': attribute type 10 has an invalid length. [ 687.447050][ T2418] loop2: detected capacity change from 0 to 512 [ 687.464782][ T2418] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 687.477397][ T2418] ext4 filesystem being mounted at /154/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 687.490307][ T2418] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.9591: corrupted inode contents [ 687.502228][ T2418] EXT4-fs error (device loop2): ext4_dirty_inode:5935: inode #2: comm syz.2.9591: mark_inode_dirty error [ 687.513907][ T2418] EXT4-fs error (device loop2): ext4_do_update_inode:5075: inode #2: comm syz.2.9591: corrupted inode contents [ 687.525851][ T2418] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.9591: mark_inode_dirty error [ 687.539929][ T2418] EXT4-fs error (device loop2): ext4_find_dest_de:2111: inode #2: block 45: comm syz.2.9591: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3925999616, rec_len=1, size=2048 fake=0 [ 687.566505][T32620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 687.621344][ T2422] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9592'. [ 687.759104][ T2437] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9597'. [ 687.769088][ T2437] netlink: 'syz.0.9597': attribute type 10 has an invalid length. [ 687.910278][ T2468] bond2: entered promiscuous mode [ 687.915359][ T2468] bond2: entered allmulticast mode [ 687.920683][ T2468] 8021q: adding VLAN 0 to HW filter on device bond2 [ 687.928954][ T2471] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9603'. [ 688.750624][ T2481] netlink: 'syz.2.9610': attribute type 1 has an invalid length. [ 688.751723][ T2480] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9609'. [ 688.758425][ T2481] netlink: 'syz.2.9610': attribute type 2 has an invalid length. [ 688.769712][ T2484] loop2: detected capacity change from 0 to 256 [ 688.777181][ T2480] netlink: 'syz.1.9609': attribute type 10 has an invalid length. [ 688.821614][ T2492] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2492 comm=syz.0.9615 [ 688.832505][ T2497] xt_TCPMSS: Only works on TCP SYN packets [ 688.835416][ T2494] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2494 comm=syz.0.9615 [ 688.839990][T31636] usb usb6-port1: unable to enumerate USB device [ 688.853368][ T2493] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9615'. [ 688.880597][ T2493] 8021q: adding VLAN 0 to HW filter on device bond3 [ 688.902326][ T2503] loop2: detected capacity change from 0 to 1024 [ 688.931935][ T2503] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 688.946468][ T2525] loop4: detected capacity change from 0 to 1024 [ 688.955492][ T2525] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (24866!=20869) [ 688.966757][ T2525] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 688.977984][ T2525] EXT4-fs (loop4): invalid journal inode [ 689.007456][ T2538] serio: Serial port pts0 [ 689.013098][ T2525] Invalid ELF header type: 0 != 1 [ 689.013225][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 689.013235][ T29] audit: type=1400 audit(2000000350.668:20651): avc: denied { module_load } for pid=2524 comm="syz.4.9626" path="/96/bus" dev="tmpfs" ino=534 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 689.047919][ T29] audit: type=1400 audit(2000000350.678:20652): avc: denied { write } for pid=2540 comm="syz.0.9632" name="ptp0" dev="devtmpfs" ino=220 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 689.089005][T32620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 689.102965][ T2550] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 689.110213][ T2550] IPv6: NLM_F_CREATE should be set when creating new route [ 689.119314][ T2550] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=2550 comm=syz.4.9635 [ 689.133280][ T29] audit: type=1400 audit(2000000350.779:20653): avc: denied { read } for pid=2547 comm="syz.4.9635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 689.153749][ T29] audit: type=1400 audit(2000000350.779:20654): avc: denied { listen } for pid=2547 comm="syz.4.9635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 689.253079][ T2562] bridge0: entered allmulticast mode [ 689.491187][ T2572] loop2: detected capacity change from 0 to 1024 [ 689.497831][ T2572] EXT4-fs: Ignoring removed nomblk_io_submit option [ 689.505490][ T2572] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 689.516313][ T2572] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 689.636268][T32620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 689.734257][ T2590] vlan2: entered promiscuous mode [ 689.966170][ T2595] loop3: detected capacity change from 0 to 2048 [ 690.028369][ T2601] audit: audit_lost=6 audit_rate_limit=0 audit_backlog_limit=64 [ 690.036439][ T2601] audit: out of memory in audit_log_start [ 690.047113][ T2595] Alternate GPT is invalid, using primary GPT. [ 690.053583][ T2595] loop3: p2 p3 p7 [ 690.102462][ T2605] validate_nla: 4 callbacks suppressed [ 690.102475][ T2605] netlink: 'syz.2.9657': attribute type 4 has an invalid length. [ 690.118651][ T29] audit: type=1326 audit(2000000351.684:20655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2604 comm="syz.2.9657" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1015cf4bd9 code=0x0 [ 690.158214][ T2609] FAULT_INJECTION: forcing a failure. [ 690.158214][ T2609] name failslab, interval 1, probability 0, space 0, times 0 [ 690.170965][ T2609] CPU: 0 PID: 2609 Comm: syz.3.9656 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 690.181033][ T2609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 690.191084][ T2609] Call Trace: [ 690.194351][ T2609] [ 690.197268][ T2609] dump_stack_lvl+0xf2/0x150 [ 690.201881][ T2609] dump_stack+0x15/0x20 [ 690.206028][ T2609] should_fail_ex+0x229/0x230 [ 690.210783][ T2609] ? skb_clone+0x154/0x1f0 [ 690.215187][ T2609] __should_failslab+0x92/0xa0 [ 690.220028][ T2609] should_failslab+0x9/0x20 [ 690.224522][ T2609] kmem_cache_alloc_noprof+0x4c/0x290 [ 690.229943][ T2609] skb_clone+0x154/0x1f0 [ 690.234175][ T2609] __netlink_deliver_tap+0x2bd/0x4c0 [ 690.239524][ T2609] netlink_sendskb+0x123/0x140 [ 690.244344][ T2609] netlink_unicast+0x291/0x660 [ 690.249118][ T2609] netlink_ack+0x4c2/0x4f0 [ 690.253527][ T2609] nfnetlink_rcv+0x135f/0x15b0 [ 690.258365][ T2609] netlink_unicast+0x58d/0x660 [ 690.263185][ T2609] netlink_sendmsg+0x5ca/0x6e0 [ 690.268097][ T2609] ? __pfx_netlink_sendmsg+0x10/0x10 [ 690.273375][ T2609] __sock_sendmsg+0x140/0x180 [ 690.278066][ T2609] ____sys_sendmsg+0x312/0x410 [ 690.282824][ T2609] __sys_sendmsg+0x1e9/0x280 [ 690.287424][ T2609] __x64_sys_sendmsg+0x46/0x50 [ 690.292175][ T2609] x64_sys_call+0xb25/0x2d70 [ 690.296754][ T2609] do_syscall_64+0xc9/0x1c0 [ 690.301249][ T2609] ? clear_bhb_loop+0x55/0xb0 [ 690.305915][ T2609] ? clear_bhb_loop+0x55/0xb0 [ 690.310580][ T2609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.316540][ T2609] RIP: 0033:0x7f3e29213bd9 [ 690.320965][ T2609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 690.340634][ T2609] RSP: 002b:00007f3e28495048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 690.349031][ T2609] RAX: ffffffffffffffda RBX: 00007f3e293a1f60 RCX: 00007f3e29213bd9 [ 690.357022][ T2609] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 690.364994][ T2609] RBP: 00007f3e284950a0 R08: 0000000000000000 R09: 0000000000000000 [ 690.373085][ T2609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 690.381045][ T2609] R13: 000000000000000b R14: 00007f3e293a1f60 R15: 00007ffcf77eeae8 [ 690.389087][ T2609] [ 690.435548][ T2622] netlink: 'syz.3.9662': attribute type 10 has an invalid length. [ 690.454289][ T2624] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=21530 sclass=netlink_route_socket pid=2624 comm=syz.2.9657 [ 690.596720][ T29] audit: type=1326 audit(2000000352.099:20656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2649 comm="syz.0.9673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 690.603905][ T2645] loop1: detected capacity change from 0 to 2048 [ 690.620435][ T29] audit: type=1326 audit(2000000352.099:20657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2649 comm="syz.0.9673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 690.626858][ T2645] EXT4-fs: Ignoring removed mblk_io_submit option [ 690.649967][ T29] audit: type=1326 audit(2000000352.099:20658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2649 comm="syz.0.9673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 690.786362][ T2657] loop4: detected capacity change from 0 to 512 [ 690.804227][ T2657] EXT4-fs: Mount option(s) incompatible with ext2 [ 690.816926][ T2645] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 690.870491][ T2645] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.9671: bg 0: block 234: padding at end of block bitmap is not set [ 690.885350][ T2645] EXT4-fs (loop1): Remounting filesystem read-only [ 690.894699][ T2645] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 690.904201][ T2645] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 690.916527][ T2645] netlink: 'syz.1.9671': attribute type 10 has an invalid length. [ 691.319004][ T2645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 691.326840][ T2645] team0: Port device bond0 added [ 691.476717][ T2674] veth0_to_hsr: entered promiscuous mode [ 691.482483][ T2674] vlan3: entered promiscuous mode [ 691.489527][ T2674] veth0_to_hsr: left promiscuous mode [ 691.490230][T31639] usb usb6-port1: attempt power cycle [ 691.507002][ T2678] __nla_validate_parse: 15 callbacks suppressed [ 691.507026][ T2678] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9684'. [ 691.519286][ T2686] xt_connbytes: Forcing CT accounting to be enabled [ 691.528886][ T2686] Cannot find add_set index 0 as target [ 691.536336][T32084] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 691.551840][ T2688] loop2: detected capacity change from 0 to 2048 [ 691.644367][ T2702] loop1: detected capacity change from 0 to 256 [ 691.651026][ T2702] FAT-fs (loop1): Unrecognized mount option "Xmask=00000000000000000000000" or missing value [ 691.653773][ T2703] loop2: detected capacity change from 0 to 512 [ 691.667796][ T2703] EXT4-fs: Ignoring removed i_version option [ 691.673872][ T2703] EXT4-fs: Ignoring removed nobh option [ 691.680493][ T2703] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 691.691774][ T2703] EXT4-fs (loop2): 1 truncate cleaned up [ 691.760044][ T2707] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9693'. [ 691.770385][ T2707] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9693'. [ 691.780327][ T2707] netlink: 'syz.2.9693': attribute type 10 has an invalid length. [ 691.802590][ T2709] netlink: 'syz.0.9694': attribute type 4 has an invalid length. [ 691.921499][ T2717] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=21530 sclass=netlink_route_socket pid=2717 comm=syz.0.9694 [ 692.423449][ T2730] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29712 sclass=netlink_route_socket pid=2730 comm=syz.3.9702 [ 692.439106][ T2732] usb usb9: usbfs: process 2732 (syz.4.9703) did not claim interface 0 before use [ 692.518338][ T2756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9713'. [ 692.537098][ T2758] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9714'. [ 692.544429][ T2762] xt_l2tp: invalid flags combination: 0 [ 692.553221][ T2762] netlink: 'syz.3.9716': attribute type 27 has an invalid length. [ 692.579067][ T2768] loop4: detected capacity change from 0 to 164 [ 692.625151][ T2762] bridge0: port 2(bridge_slave_1) entered disabled state [ 692.632390][ T2762] bridge0: port 1(bridge_slave_0) entered disabled state [ 692.649257][ T2771] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 692.702249][ T2762] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 692.733553][ T2762] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 692.804872][ T2762] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.813878][ T2762] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.822863][ T2762] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.831928][ T2762] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 692.858898][ T2768] bridge0: port 2(bridge_slave_1) entered disabled state [ 692.866147][ T2768] bridge0: port 1(bridge_slave_0) entered disabled state [ 692.883781][ T2768] bridge0: entered allmulticast mode [ 692.894374][ T2787] loop1: detected capacity change from 0 to 512 [ 692.916680][ T2772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 692.924424][ T2772] 8021q: adding VLAN 0 to HW filter on device team0 [ 692.933340][ T2772] net_ratelimit: 47 callbacks suppressed [ 692.933347][ T2772] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 692.966070][ T2783] xt_NFQUEUE: number of total queues is 0 [ 692.980139][ T2787] loop1: detected capacity change from 0 to 512 [ 693.004437][ T2790] loop4: detected capacity change from 0 to 2048 [ 693.019581][ T2790] EXT4-fs: Ignoring removed mblk_io_submit option [ 693.035122][ T2787] loop1: detected capacity change from 0 to 256 [ 693.040939][ T2790] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.9724: bg 0: block 234: padding at end of block bitmap is not set [ 693.056094][ T2790] EXT4-fs (loop4): Remounting filesystem read-only [ 693.062212][ T2787] FAT-fs (loop1): Directory bread(block 64) failed [ 693.066095][ T2790] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 693.070531][ T2787] FAT-fs (loop1): Directory bread(block 65) failed [ 693.079578][ T2790] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 693.085565][ T2787] FAT-fs (loop1): Directory bread(block 66) failed [ 693.101821][ T2787] FAT-fs (loop1): Directory bread(block 67) failed [ 693.103728][ T2790] netlink: 'syz.4.9724': attribute type 10 has an invalid length. [ 693.108605][ T2787] FAT-fs (loop1): Directory bread(block 68) failed [ 693.116159][ T2790] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9724'. [ 693.131961][ T2787] FAT-fs (loop1): Directory bread(block 69) failed [ 693.138498][ T2787] FAT-fs (loop1): Directory bread(block 70) failed [ 693.142727][ T2790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 693.145085][ T2787] FAT-fs (loop1): Directory bread(block 71) failed [ 693.158173][ T2787] FAT-fs (loop1): Directory bread(block 72) failed [ 693.159136][ T2790] team0: Device bond0 failed to register rx_handler [ 693.178873][ T2790] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 693.184964][ T2787] FAT-fs (loop1): Directory bread(block 73) failed [ 693.225719][ T2796] netlink: 'syz.2.9727': attribute type 5 has an invalid length. [ 693.704298][T31639] usb usb6-port1: unable to enumerate USB device [ 693.764628][ T2819] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 693.987601][ T2836] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9740'. [ 694.041307][ T2837] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=2837 comm=syz.2.9739 [ 694.203388][ T2842] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9742'. [ 694.273801][ T2843] loop4: detected capacity change from 0 to 512 [ 694.280599][ T2843] EXT4-fs (loop4): bad s_want_extra_isize: 11962 [ 694.537474][ T29] kauditd_printk_skb: 48 callbacks suppressed [ 694.537490][ T29] audit: type=1326 audit(2000000355.754:20707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2844 comm="syz.1.9743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f070ffa1bd9 code=0x7ffc0000 [ 694.571825][ T29] audit: type=1326 audit(2000000355.754:20708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2844 comm="syz.1.9743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f070ffa1bd9 code=0x7ffc0000 [ 694.595463][ T29] audit: type=1326 audit(2000000355.754:20709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2844 comm="syz.1.9743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f070ffa1bd9 code=0x7ffc0000 [ 694.618955][ T29] audit: type=1326 audit(2000000355.791:20710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2844 comm="syz.1.9743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f070ffa1bd9 code=0x7ffc0000 [ 694.642423][ T29] audit: type=1326 audit(2000000355.791:20711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2844 comm="syz.1.9743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f070ffa1bd9 code=0x7ffc0000 [ 694.665878][ T29] audit: type=1326 audit(2000000355.791:20712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2844 comm="syz.1.9743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f070ffa1bd9 code=0x7ffc0000 [ 694.689356][ T29] audit: type=1326 audit(2000000355.791:20713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2844 comm="syz.1.9743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f070ffa1bd9 code=0x7ffc0000 [ 694.712888][ T29] audit: type=1326 audit(2000000355.791:20714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2844 comm="syz.1.9743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f070ffa1bd9 code=0x7ffc0000 [ 694.736424][ T29] audit: type=1326 audit(2000000355.791:20715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2844 comm="syz.1.9743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f070ffa1bd9 code=0x7ffc0000 [ 694.759801][ T29] audit: type=1326 audit(2000000355.791:20716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2844 comm="syz.1.9743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f070ffa1bd9 code=0x7ffc0000 [ 694.798936][ T2847] netlink: 66 bytes leftover after parsing attributes in process `syz.1.9745'. [ 694.910533][ T2857] loop2: detected capacity change from 0 to 512 [ 694.918974][ T2857] EXT4-fs (loop2): fragment/cluster size (2048) != block size (4096) [ 695.175760][ T2877] loop4: detected capacity change from 0 to 2048 [ 695.182857][ T2877] EXT4-fs (loop4): inodes count not valid: 0 vs 32 [ 695.285695][ T2879] netlink: 68 bytes leftover after parsing attributes in process `syz.4.9754'. [ 695.355862][ T2881] loop4: detected capacity change from 0 to 2048 [ 695.364457][ T2881] EXT4-fs (loop4): inodes count not valid: 32 vs 36 [ 695.981810][ T2898] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 695.989223][ T2898] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 696.223480][ T2900] netlink: 'syz.2.9762': attribute type 5 has an invalid length. [ 696.415310][ T2915] loop4: detected capacity change from 0 to 256 [ 696.568165][ T2927] loop4: detected capacity change from 0 to 1024 [ 696.574822][ T2927] EXT4-fs: Ignoring removed nomblk_io_submit option [ 696.581873][ T2927] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 696.711695][ T2941] netlink: 'syz.4.9773': attribute type 4 has an invalid length. [ 696.830524][ T2949] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=21530 sclass=netlink_route_socket pid=2949 comm=syz.4.9773 [ 696.879657][ T2952] loop3: detected capacity change from 0 to 1024 [ 696.887666][ T2952] EXT4-fs (loop3): corrupt root inode, run e2fsck [ 696.894371][ T2952] EXT4-fs (loop3): mount failed [ 696.972086][ T2963] loop2: detected capacity change from 0 to 1024 [ 696.978877][ T2963] EXT4-fs: Ignoring removed nomblk_io_submit option [ 696.985736][ T2963] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 696.996666][ T2967] openvswitch: netlink: Message has 4 unknown bytes. [ 696.997122][ T2966] openvswitch: netlink: Message has 4 unknown bytes. [ 697.077062][ T2981] loop3: detected capacity change from 0 to 2048 [ 697.138586][ T2985] loop2: detected capacity change from 0 to 1024 [ 697.145701][ T2985] EXT4-fs: Ignoring removed nomblk_io_submit option [ 697.152557][ T2985] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 697.165892][ T2989] loop3: detected capacity change from 0 to 693 [ 697.262680][ T2998] loop3: detected capacity change from 0 to 512 [ 697.271075][ T2998] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.9794: invalid indirect mapped block 256 (level 2) [ 697.284859][ T2998] EXT4-fs (loop3): 2 truncates cleaned up [ 697.330747][ T3006] vxcan1: entered allmulticast mode [ 697.348866][ T3008] loop2: detected capacity change from 0 to 512 [ 697.356969][ T3008] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz.2.9797: corrupted in-inode xattr: invalid ea_ino [ 697.371259][ T3008] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz.2.9797: couldn't read orphan inode 15 (err -117) [ 697.534038][ T3014] loop2: detected capacity change from 0 to 256 [ 697.540760][ T3014] FAT-fs (loop2): Unrecognized mount option "nodoto" or missing value [ 697.606203][ T3016] loop1: detected capacity change from 0 to 1024 [ 697.612829][ T3016] EXT4-fs: Ignoring removed nomblk_io_submit option [ 697.620861][ T3018] loop2: detected capacity change from 0 to 128 [ 697.627868][ T3016] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 697.642876][ T3025] FAULT_INJECTION: forcing a failure. [ 697.642876][ T3025] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 697.656119][ T3025] CPU: 1 PID: 3025 Comm: syz.0.9803 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 697.666293][ T3025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 697.676343][ T3025] Call Trace: [ 697.679615][ T3025] [ 697.682617][ T3025] dump_stack_lvl+0xf2/0x150 [ 697.687360][ T3025] dump_stack+0x15/0x20 [ 697.691563][ T3025] should_fail_ex+0x229/0x230 [ 697.696242][ T3025] should_fail+0xb/0x10 [ 697.700482][ T3025] should_fail_usercopy+0x1a/0x20 [ 697.705499][ T3025] strncpy_from_user+0x25/0x270 [ 697.710348][ T3025] ? should_failslab+0x9/0x20 [ 697.715083][ T3025] ? kmem_cache_alloc_noprof+0x10c/0x290 [ 697.720758][ T3025] getname_flags+0xb4/0x360 [ 697.725262][ T3025] user_path_at_empty+0x2c/0x120 [ 697.730246][ T3025] __se_sys_mount+0x24b/0x2d0 [ 697.734917][ T3025] __x64_sys_mount+0x67/0x80 [ 697.739501][ T3025] x64_sys_call+0x25c9/0x2d70 [ 697.744213][ T3025] do_syscall_64+0xc9/0x1c0 [ 697.748713][ T3025] ? clear_bhb_loop+0x55/0xb0 [ 697.753427][ T3025] ? clear_bhb_loop+0x55/0xb0 [ 697.758111][ T3025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.763994][ T3025] RIP: 0033:0x7f8f6cbd6bd9 [ 697.768397][ T3025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 697.788023][ T3025] RSP: 002b:00007f8f6be58048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 697.796427][ T3025] RAX: ffffffffffffffda RBX: 00007f8f6cd64f60 RCX: 00007f8f6cbd6bd9 [ 697.804414][ T3025] RDX: 0000000020000140 RSI: 0000000020000100 RDI: 0000000000000000 [ 697.812391][ T3025] RBP: 00007f8f6be580a0 R08: 0000000020000380 R09: 0000000000000000 [ 697.820380][ T3025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 697.828358][ T3025] R13: 000000000000000b R14: 00007f8f6cd64f60 R15: 00007ffd7862d568 [ 697.836334][ T3025] [ 697.862244][ T3018] loop2: detected capacity change from 0 to 512 [ 697.964046][ T3043] loop1: detected capacity change from 0 to 512 [ 697.971480][ T3043] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 697.982465][ T3043] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 not in group (block 2)! [ 697.992629][ T3043] EXT4-fs (loop1): group descriptors corrupted! [ 698.086353][ T3049] loop2: detected capacity change from 0 to 1024 [ 698.090236][ T3051] loop1: detected capacity change from 0 to 2048 [ 698.100368][ T3049] EXT4-fs: Ignoring removed orlov option [ 698.106242][ T3049] /dev/loop2: Can't open blockdev [ 698.148802][ T3057] loop2: detected capacity change from 0 to 2048 [ 698.155625][ T3057] EXT4-fs (loop2): invalid inodes per group: 0 [ 698.155625][ T3057] [ 698.189174][ T3051] loop1: detected capacity change from 2048 to 2046 [ 698.196803][ T3051] EXT4-fs error (device loop1): ext4_find_extent:936: inode #18: comm syz.1.9812: pblk 128 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 698.215666][ T3051] EXT4-fs error (device loop1): ext4_find_extent:936: inode #18: comm syz.1.9812: pblk 128 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 698.216622][ T3057] loop2: detected capacity change from 0 to 2048 [ 698.276239][ T3057] loop2: p1 p2 p3 [ 698.281421][ T3057] loop2: p3 size 2164260864 extends beyond EOD, truncated [ 698.329552][ T3070] __nla_validate_parse: 1 callbacks suppressed [ 698.329562][ T3070] netlink: 64 bytes leftover after parsing attributes in process `syz.3.9817'. [ 698.372502][ T3077] loop3: detected capacity change from 0 to 1024 [ 698.379221][ T3077] EXT4-fs: Ignoring removed nomblk_io_submit option [ 698.386162][ T3077] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 698.415886][ T3080] netlink: 'syz.2.9820': attribute type 12 has an invalid length. [ 698.423749][ T3080] netlink: 132 bytes leftover after parsing attributes in process `syz.2.9820'. [ 698.474108][T31646] hid-generic 0000:0000:0000.0006: item fetching failed at offset 0/1 [ 698.482479][T31646] hid-generic 0000:0000:0000.0006: probe with driver hid-generic failed with error -22 [ 698.600126][ T3095] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9826'. [ 698.985475][T32084] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /193/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 699.010783][ T4886] EXT4-fs error (device loop1): ext4_find_extent:936: inode #18: comm kworker/u8:30: pblk 128 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 699.029392][ T4886] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 117 [ 699.033107][ T3104] loop4: detected capacity change from 0 to 1024 [ 699.041738][ T4886] EXT4-fs (loop1): This should not happen!! Data will be lost [ 699.041738][ T4886] [ 699.059106][ T4886] EXT4-fs error (device loop1): ext4_find_extent:936: inode #18: comm kworker/u8:30: pblk 128 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 699.077606][ T4886] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 4 with max blocks 2 with error 117 [ 699.089915][ T4886] EXT4-fs (loop1): This should not happen!! Data will be lost [ 699.089915][ T4886] [ 699.110699][ T3104] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9830'. [ 699.182665][ T3111] loop4: detected capacity change from 0 to 256 [ 699.286935][ T3108] chnl_net:caif_netlink_parms(): no params data found [ 699.325691][ T3108] bridge0: port 1(bridge_slave_0) entered blocking state [ 699.332953][ T3108] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.340355][ T3108] bridge_slave_0: entered allmulticast mode [ 699.346869][ T3108] bridge_slave_0: entered promiscuous mode [ 699.355966][ T3108] bridge0: port 2(bridge_slave_1) entered blocking state [ 699.363310][ T3108] bridge0: port 2(bridge_slave_1) entered disabled state [ 699.372260][ T3108] bridge_slave_1: entered allmulticast mode [ 699.381866][ T3108] bridge_slave_1: entered promiscuous mode [ 699.394459][ T3137] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9837'. [ 699.408857][ T3137] netlink: 'syz.3.9837': attribute type 10 has an invalid length. [ 699.419252][ T3139] 9pnet_fd: Insufficient options for proto=fd [ 699.420008][ T3108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 699.437320][ T3108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 699.458418][ T3141] syz.2.9839[3141] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 699.467240][ T3108] team0: Port device team_slave_0 added [ 699.485432][ T3108] team0: Port device team_slave_1 added [ 699.502528][ T3108] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 699.509583][ T3108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 699.535649][ T3108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 699.547038][ T3108] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 699.554109][ T3108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 699.580155][ T3108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 699.606528][ T3108] hsr_slave_0: entered promiscuous mode [ 699.612807][ T3108] hsr_slave_1: entered promiscuous mode [ 699.618814][ T3108] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 699.626534][ T3108] Cannot create hsr debugfs directory [ 699.677559][ T3108] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 699.718565][ T3108] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 699.772345][ T3108] team0: Port device netdevsim1 removed [ 699.778816][ T3108] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 699.816087][ T3108] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 699.881189][ T3108] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 699.889355][ T3108] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 699.897862][ T3108] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 699.906234][ T3108] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 699.919679][ T3108] bridge0: port 2(bridge_slave_1) entered blocking state [ 699.926745][ T3108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 699.934070][ T3108] bridge0: port 1(bridge_slave_0) entered blocking state [ 699.941106][ T3108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 699.969238][ T3108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 699.982052][T31648] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.989986][T31648] bridge0: port 2(bridge_slave_1) entered disabled state [ 700.003383][ T3108] 8021q: adding VLAN 0 to HW filter on device team0 [ 700.013844][T31639] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.020969][T31639] bridge0: port 1(bridge_slave_0) entered forwarding state [ 700.031453][T31639] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.038584][T31639] bridge0: port 2(bridge_slave_1) entered forwarding state [ 700.061591][ T3108] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 700.110752][ T3108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 700.170292][ T3108] veth0_vlan: entered promiscuous mode [ 700.181189][ T3108] veth1_vlan: entered promiscuous mode [ 700.195899][ T3108] veth0_macvtap: entered promiscuous mode [ 700.203218][ T3108] veth1_macvtap: entered promiscuous mode [ 700.213671][ T3108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 700.224125][ T3108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.234013][ T3108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 700.244628][ T3108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.254481][ T3108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 700.265000][ T3108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.274839][ T3108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 700.285237][ T3108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.296308][ T3108] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 700.307657][ T3108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 700.318161][ T3108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.328023][ T3108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 700.338464][ T3108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.348353][ T3108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 700.358807][ T3108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.368710][ T3108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 700.379209][ T3108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 700.395851][ T3108] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 700.406603][ T29] kauditd_printk_skb: 43 callbacks suppressed [ 700.406618][ T29] audit: type=1400 audit(2000000873.175:20760): avc: denied { bind } for pid=3176 comm="syz.3.9846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 700.418023][ T3108] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.433336][ T3177] nftables ruleset with unbound set [ 700.441638][ T3108] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.441685][ T3108] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.441712][ T3108] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.505112][ T3186] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9850'. [ 700.516235][ T3186] netlink: 'syz.3.9850': attribute type 10 has an invalid length. [ 700.527990][ T3190] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9852'. [ 700.602379][ T3200] loop2: detected capacity change from 0 to 256 [ 700.788280][ T3210] loop1: detected capacity change from 0 to 512 [ 700.795827][ T3210] EXT4-fs: Ignoring removed nobh option [ 700.806524][ T3210] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 700.815309][ T3210] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #13: comm syz.1.9857: casefold flag without casefold feature [ 700.831018][ T3210] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.9857: couldn't read orphan inode 13 (err -117) [ 700.846213][ T3210] EXT4-fs mount: 26 callbacks suppressed [ 700.846230][ T3210] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 700.868982][ T3210] EXT4-fs warning (device loop1): ext4_lookup:1866: Inconsistent encryption contexts: 2/12 [ 700.881950][ T3210] EXT4-fs warning (device loop1): ext4_lookup:1866: Inconsistent encryption contexts: 2/12 [ 700.897355][ T3108] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 701.011302][ T3217] FAULT_INJECTION: forcing a failure. [ 701.011302][ T3217] name failslab, interval 1, probability 0, space 0, times 0 [ 701.015147][ T29] audit: type=1400 audit(2000000873.738:20761): avc: denied { read } for pid=3214 comm="syz.1.9859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 701.024010][ T3217] CPU: 1 PID: 3217 Comm: syz.4.9860 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 701.054484][ T3217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 701.064547][ T3217] Call Trace: [ 701.067837][ T3217] [ 701.070774][ T3217] dump_stack_lvl+0xf2/0x150 [ 701.075373][ T3217] dump_stack+0x15/0x20 [ 701.079603][ T3217] should_fail_ex+0x229/0x230 [ 701.084347][ T3217] ? kvmalloc_node_noprof+0x72/0x170 [ 701.089651][ T3217] __should_failslab+0x92/0xa0 [ 701.094425][ T3217] should_failslab+0x9/0x20 [ 701.098930][ T3217] __kmalloc_node_noprof+0xa8/0x380 [ 701.104183][ T3217] kvmalloc_node_noprof+0x72/0x170 [ 701.109299][ T3217] io_pin_pages+0x64/0x130 [ 701.113712][ T3217] __io_uaddr_map+0x81/0x160 [ 701.118305][ T3217] io_allocate_scq_urings+0x148/0x300 [ 701.123674][ T3217] io_uring_create+0x51f/0x920 [ 701.128456][ T3217] __se_sys_io_uring_setup+0x1d2/0x1e0 [ 701.133954][ T3217] __x64_sys_io_uring_setup+0x31/0x40 [ 701.139412][ T3217] x64_sys_call+0x1fc6/0x2d70 [ 701.144119][ T3217] do_syscall_64+0xc9/0x1c0 [ 701.148619][ T3217] ? clear_bhb_loop+0x55/0xb0 [ 701.153310][ T3217] ? clear_bhb_loop+0x55/0xb0 [ 701.157983][ T3217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.163881][ T3217] RIP: 0033:0x7f9197c00bd9 [ 701.168337][ T3217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 701.187951][ T3217] RSP: 002b:00007f9196e81fd8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 701.196354][ T3217] RAX: ffffffffffffffda RBX: 00007f9197d8ef60 RCX: 00007f9197c00bd9 [ 701.204369][ T3217] RDX: 00000000200004c0 RSI: 0000000020000400 RDI: 0000000000002c0c [ 701.212389][ T3217] RBP: 0000000020000400 R08: 0000000000000000 R09: 00000000200004c0 [ 701.220351][ T3217] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 701.228312][ T3217] R13: 0000000020000480 R14: 0000000000002c0c R15: 00000000200004c0 [ 701.236283][ T3217] [ 701.269675][ T3225] netlink: 40 bytes leftover after parsing attributes in process `syz.1.9863'. [ 701.279051][ T3225] netlink: 'syz.1.9863': attribute type 10 has an invalid length. [ 701.295978][ T3225] team0: Failed to send options change via netlink (err -105) [ 701.303592][ T3225] team0: Port device netdevsim1 added [ 701.322013][ T3229] loop3: detected capacity change from 0 to 512 [ 701.329931][ T3229] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 701.331277][ T3231] loop4: detected capacity change from 0 to 256 [ 701.372678][ T3229] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 701.401939][ T3229] ext4 filesystem being mounted at /240/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 701.416309][ T3243] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9870'. [ 701.447435][ T29] audit: type=1326 audit(2000000874.135:20762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3242 comm="syz.1.9870" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae365f0bd9 code=0x0 [ 701.471668][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 701.533041][ T3254] loop2: detected capacity change from 0 to 512 [ 701.542129][ T3254] EXT4-fs: quotafile must be on filesystem root [ 701.549229][ T3257] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 701.576436][ T3263] loop4: detected capacity change from 0 to 1024 [ 701.584611][ T3263] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 701.585372][ T3265] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9879'. [ 701.595548][ T3263] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (25054!=20869) [ 701.623540][ T3265] netlink: 'syz.3.9879': attribute type 10 has an invalid length. [ 701.623780][ T3263] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 701.641838][ T3263] EXT4-fs (loop4): filesystem has both journal inode and journal device! [ 701.859178][ T29] audit: type=1400 audit(2000000874.514:20763): avc: denied { write } for pid=3295 comm="syz.3.9890" lport=60237 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 701.882898][ T29] audit: type=1400 audit(2000000874.514:20764): avc: denied { setopt } for pid=3295 comm="syz.3.9890" lport=60237 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 702.014423][ T3297] loop3: detected capacity change from 0 to 512 [ 702.028493][ T3297] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 702.041673][ T3297] ext4 filesystem being mounted at /249/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 702.250377][ T3309] netlink: 'syz.0.9894': attribute type 10 has an invalid length. [ 702.261237][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 702.277055][ T3311] FAULT_INJECTION: forcing a failure. [ 702.277055][ T3311] name failslab, interval 1, probability 0, space 0, times 0 [ 702.289715][ T3311] CPU: 1 PID: 3311 Comm: syz.2.9896 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 702.299781][ T3311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 702.309827][ T3311] Call Trace: [ 702.313097][ T3311] [ 702.316059][ T3311] dump_stack_lvl+0xf2/0x150 [ 702.320701][ T3311] dump_stack+0x15/0x20 [ 702.324851][ T3311] should_fail_ex+0x229/0x230 [ 702.329584][ T3311] ? getname_flags+0x86/0x360 [ 702.334280][ T3311] __should_failslab+0x92/0xa0 [ 702.339095][ T3311] should_failslab+0x9/0x20 [ 702.343593][ T3311] kmem_cache_alloc_noprof+0x4c/0x290 [ 702.349030][ T3311] getname_flags+0x86/0x360 [ 702.353532][ T3311] user_path_at_empty+0x2c/0x120 [ 702.358517][ T3311] __se_sys_mount+0x24b/0x2d0 [ 702.363190][ T3311] __x64_sys_mount+0x67/0x80 [ 702.367836][ T3311] x64_sys_call+0x25c9/0x2d70 [ 702.372509][ T3311] do_syscall_64+0xc9/0x1c0 [ 702.377070][ T3311] ? clear_bhb_loop+0x55/0xb0 [ 702.381760][ T3311] ? clear_bhb_loop+0x55/0xb0 [ 702.386481][ T3311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.392366][ T3311] RIP: 0033:0x7f1015cf4bd9 [ 702.396770][ T3311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 702.416370][ T3311] RSP: 002b:00007f1014f76048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 702.424773][ T3311] RAX: ffffffffffffffda RBX: 00007f1015e82f60 RCX: 00007f1015cf4bd9 [ 702.432780][ T3311] RDX: 0000000020000140 RSI: 0000000020000100 RDI: 0000000000000000 [ 702.440766][ T3311] RBP: 00007f1014f760a0 R08: 0000000020000380 R09: 0000000000000000 [ 702.448766][ T3311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 702.456729][ T3311] R13: 000000000000000b R14: 00007f1015e82f60 R15: 00007ffcfebaaeb8 [ 702.464694][ T3311] [ 702.479638][ T29] audit: type=1326 audit(2000000875.086:20765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3312 comm="syz.0.9897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 702.492401][ T3313] netlink: 'syz.0.9897': attribute type 1 has an invalid length. [ 702.506226][ T29] audit: type=1326 audit(2000000875.095:20766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3312 comm="syz.0.9897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 702.534520][ T29] audit: type=1326 audit(2000000875.095:20767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3312 comm="syz.0.9897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 702.558245][ T29] audit: type=1326 audit(2000000875.095:20768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3312 comm="syz.0.9897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 702.581794][ T29] audit: type=1326 audit(2000000875.095:20769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3312 comm="syz.0.9897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 702.639152][ T3331] usb usb5: usbfs: process 3331 (syz.3.9902) did not claim interface 0 before use [ 702.687306][ T3343] FAULT_INJECTION: forcing a failure. [ 702.687306][ T3343] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 702.700518][ T3343] CPU: 1 PID: 3343 Comm: syz.3.9908 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 702.710605][ T3343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 702.720652][ T3343] Call Trace: [ 702.723922][ T3343] [ 702.726845][ T3343] dump_stack_lvl+0xf2/0x150 [ 702.731494][ T3343] dump_stack+0x15/0x20 [ 702.735713][ T3343] should_fail_ex+0x229/0x230 [ 702.740390][ T3343] should_fail+0xb/0x10 [ 702.744542][ T3343] should_fail_usercopy+0x1a/0x20 [ 702.749608][ T3343] copy_page_from_iter_atomic+0x22a/0xda0 [ 702.755346][ T3343] ? shmem_write_begin+0xa0/0x1c0 [ 702.760436][ T3343] ? shmem_write_begin+0x10c/0x1c0 [ 702.765624][ T3343] generic_perform_write+0x21a/0x410 [ 702.770957][ T3343] ? __pfx_shmem_write_end+0x10/0x10 [ 702.776241][ T3343] shmem_file_write_iter+0xc8/0xf0 [ 702.781365][ T3343] vfs_write+0x78f/0x900 [ 702.785648][ T3343] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 702.791524][ T3343] ksys_write+0xeb/0x1b0 [ 702.795856][ T3343] __x64_sys_write+0x42/0x50 [ 702.800459][ T3343] x64_sys_call+0x27ef/0x2d70 [ 702.805138][ T3343] do_syscall_64+0xc9/0x1c0 [ 702.809713][ T3343] ? clear_bhb_loop+0x55/0xb0 [ 702.814387][ T3343] ? clear_bhb_loop+0x55/0xb0 [ 702.819057][ T3343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.825010][ T3343] RIP: 0033:0x7f3e2921275f [ 702.829490][ T3343] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 702.849098][ T3343] RSP: 002b:00007f3e28494e00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 702.857529][ T3343] RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f3e2921275f [ 702.865506][ T3343] RDX: 0000000000040000 RSI: 00007f3e20075000 RDI: 0000000000000004 [ 702.873482][ T3343] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000455 [ 702.881518][ T3343] R10: 00000000000003bc R11: 0000000000000293 R12: 0000000000000004 [ 702.889502][ T3343] R13: 00007f3e28494f00 R14: 00007f3e28494ec0 R15: 00007f3e20075000 [ 702.897530][ T3343] [ 702.903605][ T3343] loop3: detected capacity change from 0 to 512 [ 702.910560][ T3343] EXT4-fs: Ignoring removed nomblk_io_submit option [ 702.920180][ T3343] EXT4-fs error (device loop3): ext4_init_orphan_info:586: comm syz.3.9908: inode #0: comm syz.3.9908: iget: illegal inode # [ 702.920965][ T3346] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 702.934517][ T3343] EXT4-fs (loop3): Remounting filesystem read-only [ 702.939614][ T3346] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 702.946147][ T3343] EXT4-fs (loop3): get orphan inode failed [ 702.953758][ T3346] vhci_hcd vhci_hcd.0: Device attached [ 702.961655][ T3343] EXT4-fs (loop3): mount failed [ 702.983346][ T3351] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.007657][ T3351] bridge_slave_0 (unregistering): left allmulticast mode [ 703.014811][ T3351] bridge_slave_0 (unregistering): left promiscuous mode [ 703.022147][ T3351] bridge0: port 1(bridge_slave_0) entered disabled state [ 703.059099][ T3360] loop3: detected capacity change from 0 to 512 [ 703.067267][ T3360] EXT4-fs: Ignoring removed nomblk_io_submit option [ 703.075450][ T3360] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 703.083698][ T3360] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 703.092077][ T3360] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3011510273 > max in inode 13 [ 703.102357][ T3360] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3011510274 > max in inode 13 [ 703.113066][ T3360] EXT4-fs (loop3): 1 truncate cleaned up [ 703.120020][ T3360] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 703.140282][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 703.165160][ T3364] loop4: detected capacity change from 0 to 128 [ 703.352231][ T3389] loop3: detected capacity change from 0 to 256 [ 703.425192][ T3391] loop3: detected capacity change from 0 to 1024 [ 703.434291][ T3391] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 703.466417][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 703.563058][ T3348] vhci_hcd: connection closed [ 703.563254][ T4459] vhci_hcd: stop threads [ 703.563602][ T3399] loop3: detected capacity change from 0 to 2048 [ 703.567963][ T4459] vhci_hcd: release socket [ 703.583062][ T4459] vhci_hcd: disconnect device [ 703.608255][ T3399] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 703.634042][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 703.714651][ T3411] loop3: detected capacity change from 0 to 2048 [ 703.721515][ T3411] ext4: Unknown parameter 'uid' [ 703.867218][ T3415] loop3: detected capacity change from 0 to 1024 [ 703.873978][ T3415] EXT4-fs: Ignoring removed orlov option [ 703.879697][ T3415] EXT4-fs: Ignoring removed nomblk_io_submit option [ 703.889538][ T3415] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 703.908826][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 703.973322][ T3421] __nla_validate_parse: 5 callbacks suppressed [ 703.973338][ T3421] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9934'. [ 704.039823][ T3434] loop1: detected capacity change from 0 to 128 [ 704.067021][ T3436] netlink: 92 bytes leftover after parsing attributes in process `syz.3.9938'. [ 704.085676][ T3438] ieee802154 phy1 wpan1: encryption failed: -22 [ 704.240294][ T3448] veth0_to_hsr: entered promiscuous mode [ 704.246101][ T3448] vlan2: entered promiscuous mode [ 704.288863][ T3448] veth0_to_hsr: left promiscuous mode [ 704.544269][ T3456] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9943'. [ 704.682263][ T3478] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 37855 - 0 [ 704.691199][ T3478] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 37855 - 0 [ 704.700081][ T3478] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 37855 - 0 [ 704.708949][ T3478] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 37855 - 0 [ 704.718174][ T3478] netdevsim netdevsim4 netdevsim0: set [1, 2] type 2 family 0 port 49002 - 0 [ 704.727115][ T3478] netdevsim netdevsim4 netdevsim1: set [1, 2] type 2 family 0 port 49002 - 0 [ 704.735986][ T3478] netdevsim netdevsim4 netdevsim2: set [1, 2] type 2 family 0 port 49002 - 0 [ 704.740786][ T3473] loop1: detected capacity change from 0 to 1764 [ 704.745476][ T3478] netdevsim netdevsim4 netdevsim3: set [1, 2] type 2 family 0 port 49002 - 0 [ 704.745658][ T3478] geneve2: entered promiscuous mode [ 704.760717][ T3478] geneve2: entered allmulticast mode [ 704.776688][ T3473] netlink: 'syz.1.9951': attribute type 4 has an invalid length. [ 704.823628][ T3483] loop4: detected capacity change from 0 to 2048 [ 704.834442][ T3485] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9956'. [ 704.843781][ T3485] netlink: 'syz.0.9956': attribute type 10 has an invalid length. [ 704.853865][ T3483] EXT4-fs error (device loop4): ext4_orphan_get:1420: comm syz.4.9955: bad orphan inode 8192 [ 704.864719][ T3483] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 704.875057][ T3489] FAULT_INJECTION: forcing a failure. [ 704.875057][ T3489] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 704.889784][ T3489] CPU: 1 PID: 3489 Comm: syz.0.9958 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 704.889805][ T3489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 704.889832][ T3489] Call Trace: [ 704.889838][ T3489] [ 704.889844][ T3489] dump_stack_lvl+0xf2/0x150 [ 704.889871][ T3489] dump_stack+0x15/0x20 [ 704.889891][ T3489] should_fail_ex+0x229/0x230 [ 704.929671][ T3489] should_fail+0xb/0x10 [ 704.933939][ T3489] should_fail_usercopy+0x1a/0x20 [ 704.938961][ T3489] _copy_to_user+0x1e/0xa0 [ 704.943454][ T3489] simple_read_from_buffer+0xa0/0x110 [ 704.948850][ T3489] proc_fail_nth_read+0xfc/0x140 [ 704.953880][ T3489] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 704.959432][ T3489] vfs_read+0x1a2/0x6e0 [ 704.963595][ T3489] ? __rcu_read_unlock+0x4e/0x70 [ 704.968596][ T3489] ? __fget_files+0x1da/0x210 [ 704.973267][ T3489] ksys_read+0xeb/0x1b0 [ 704.977427][ T3489] __x64_sys_read+0x42/0x50 [ 704.982031][ T3489] x64_sys_call+0x27e5/0x2d70 [ 704.986835][ T3489] do_syscall_64+0xc9/0x1c0 [ 704.991353][ T3489] ? clear_bhb_loop+0x55/0xb0 [ 704.996052][ T3489] ? clear_bhb_loop+0x55/0xb0 [ 705.000733][ T3489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.006624][ T3489] RIP: 0033:0x7f8f6cbd56bc [ 705.011115][ T3489] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 705.030833][ T3489] RSP: 002b:00007f8f6be58040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 705.039289][ T3489] RAX: ffffffffffffffda RBX: 00007f8f6cd64f60 RCX: 00007f8f6cbd56bc [ 705.047266][ T3489] RDX: 000000000000000f RSI: 00007f8f6be580b0 RDI: 0000000000000005 [ 705.055232][ T3489] RBP: 00007f8f6be580a0 R08: 0000000000000000 R09: 0000000000000000 [ 705.063317][ T3489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 705.071282][ T3489] R13: 000000000000000b R14: 00007f8f6cd64f60 R15: 00007ffd7862d568 [ 705.079316][ T3489] [ 705.091497][ T3483] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9955'. [ 705.100528][ T3483] bridge_slave_1: left allmulticast mode [ 705.106195][ T3483] bridge_slave_1: left promiscuous mode [ 705.111881][ T3483] bridge0: port 2(bridge_slave_1) entered disabled state [ 705.133060][ T3495] loop3: detected capacity change from 0 to 2048 [ 705.140372][ T3483] bridge_slave_0: left allmulticast mode [ 705.146112][ T3483] bridge_slave_0: left promiscuous mode [ 705.151080][ T3498] syz.2.9961[3498] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 705.151768][ T3483] bridge0: port 1(bridge_slave_0) entered disabled state [ 705.178529][ T3495] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 705.232746][ T3501] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 705.240953][ T3501] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 705.259052][T22413] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 705.274469][T22413] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 705.286896][T22413] EXT4-fs (loop3): This should not happen!! Data will be lost [ 705.286896][T22413] [ 705.296721][T22413] EXT4-fs (loop3): Total free blocks count 0 [ 705.302772][T22413] EXT4-fs (loop3): Free/Dirty block details [ 705.307417][ T3522] loop2: detected capacity change from 0 to 128 [ 705.308671][T22413] EXT4-fs (loop3): free_blocks=2415919104 [ 705.320619][T22413] EXT4-fs (loop3): dirty_blocks=16 [ 705.325776][T22413] EXT4-fs (loop3): Block reservation details [ 705.331799][T22413] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 705.338707][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 705.402075][ T3539] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9968'. [ 705.504335][ T3563] FAULT_INJECTION: forcing a failure. [ 705.504335][ T3563] name failslab, interval 1, probability 0, space 0, times 0 [ 705.517138][ T3563] CPU: 0 PID: 3563 Comm: syz.0.9985 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 705.527211][ T3563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 705.537272][ T3563] Call Trace: [ 705.540539][ T3563] [ 705.543459][ T3563] dump_stack_lvl+0xf2/0x150 [ 705.548050][ T3563] dump_stack+0x15/0x20 [ 705.552191][ T3563] should_fail_ex+0x229/0x230 [ 705.556859][ T3563] ? __kernfs_new_node+0x6a/0x380 [ 705.561916][ T3563] __should_failslab+0x92/0xa0 [ 705.566664][ T3563] should_failslab+0x9/0x20 [ 705.571184][ T3563] kmem_cache_alloc_noprof+0x4c/0x290 [ 705.576598][ T3563] __kernfs_new_node+0x6a/0x380 [ 705.581496][ T3563] ? rb_insert_color+0x263/0x290 [ 705.586471][ T3563] ? up_write+0x30/0xf0 [ 705.590662][ T3563] ? kernfs_activate+0x256/0x270 [ 705.595589][ T3563] kernfs_new_node+0xc8/0x140 [ 705.600344][ T3563] __kernfs_create_file+0x49/0x180 [ 705.605511][ T3563] ? __pfx_dev_attr_store+0x10/0x10 [ 705.610702][ T3563] sysfs_add_file_mode_ns+0x136/0x1c0 [ 705.616074][ T3563] internal_create_group+0x464/0x9b0 [ 705.621361][ T3563] sysfs_create_groups+0x3c/0xe0 [ 705.626293][ T3563] device_add_attrs+0x69/0x400 [ 705.631040][ T3563] ? kobject_put+0x107/0x180 [ 705.635797][ T3563] device_add+0x38d/0x790 [ 705.640164][ T3563] netdev_register_kobject+0x100/0x230 [ 705.645646][ T3563] register_netdevice+0x8b9/0xdd0 [ 705.650683][ T3563] br_dev_newlink+0x25/0xe0 [ 705.655180][ T3563] ? __pfx_br_dev_newlink+0x10/0x10 [ 705.660361][ T3563] rtnl_newlink+0xefd/0x1690 [ 705.664988][ T3563] ? security_capable+0x64/0x80 [ 705.669826][ T3563] ? ns_capable+0x7d/0xb0 [ 705.674192][ T3563] ? __pfx_rtnl_newlink+0x10/0x10 [ 705.679256][ T3563] rtnetlink_rcv_msg+0x85e/0x910 [ 705.684196][ T3563] ? memcg_list_lru_alloc+0xd2/0x740 [ 705.689559][ T3563] ? mod_objcg_state+0x2e2/0x4e0 [ 705.694525][ T3563] ? __memcg_slab_free_hook+0xc9/0x1e0 [ 705.700052][ T3563] ? xas_load+0x3ae/0x3d0 [ 705.704374][ T3563] ? kmem_cache_free+0xd8/0x280 [ 705.709223][ T3563] ? nlmon_xmit+0x51/0x60 [ 705.713626][ T3563] ? __kfree_skb+0x102/0x150 [ 705.718241][ T3563] ? consume_skb+0x57/0x180 [ 705.722772][ T3563] ? nlmon_xmit+0x51/0x60 [ 705.727168][ T3563] ? dev_hard_start_xmit+0x3c1/0x3f0 [ 705.732437][ T3563] ? __dev_queue_xmit+0xb21/0x1e50 [ 705.737531][ T3563] ? ref_tracker_free+0x3a5/0x410 [ 705.742625][ T3563] netlink_rcv_skb+0x12c/0x230 [ 705.747428][ T3563] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 705.752988][ T3563] rtnetlink_rcv+0x1c/0x30 [ 705.757413][ T3563] netlink_unicast+0x58d/0x660 [ 705.762228][ T3563] netlink_sendmsg+0x5ca/0x6e0 [ 705.767010][ T3563] ? __pfx_netlink_sendmsg+0x10/0x10 [ 705.772362][ T3563] __sock_sendmsg+0x140/0x180 [ 705.777030][ T3563] ____sys_sendmsg+0x312/0x410 [ 705.781779][ T3563] __sys_sendmsg+0x1e9/0x280 [ 705.786419][ T3563] __x64_sys_sendmsg+0x46/0x50 [ 705.791170][ T3563] x64_sys_call+0xb25/0x2d70 [ 705.795746][ T3563] do_syscall_64+0xc9/0x1c0 [ 705.800261][ T3563] ? clear_bhb_loop+0x55/0xb0 [ 705.804939][ T3563] ? clear_bhb_loop+0x55/0xb0 [ 705.809755][ T3563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.815651][ T3563] RIP: 0033:0x7f8f6cbd6bd9 [ 705.820120][ T3563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 705.839789][ T3563] RSP: 002b:00007f8f6be58048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 705.848186][ T3563] RAX: ffffffffffffffda RBX: 00007f8f6cd64f60 RCX: 00007f8f6cbd6bd9 [ 705.856148][ T3563] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 705.864189][ T3563] RBP: 00007f8f6be580a0 R08: 0000000000000000 R09: 0000000000000000 [ 705.872151][ T3563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 705.880185][ T3563] R13: 000000000000000b R14: 00007f8f6cd64f60 R15: 00007ffd7862d568 [ 705.888196][ T3563] [ 705.894648][ T760] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 705.943401][ T3579] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3579 comm=syz.4.9986 [ 705.977831][ T3585] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 706.016766][ T3593] 9pnet_fd: Insufficient options for proto=fd [ 706.052511][ T3603] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9997'. [ 706.062692][ T3603] netlink: 'syz.4.9997': attribute type 10 has an invalid length. [ 706.118436][ T29] kauditd_printk_skb: 71 callbacks suppressed [ 706.118450][ T29] audit: type=1326 audit(2000000878.446:20841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3613 comm="syz.0.10000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 706.148286][ T29] audit: type=1326 audit(2000000878.446:20842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3613 comm="syz.0.10000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 706.171895][ T29] audit: type=1326 audit(2000000878.446:20843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3613 comm="syz.0.10000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 706.195644][ T29] audit: type=1326 audit(2000000878.446:20844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3613 comm="syz.0.10000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 706.219369][ T29] audit: type=1326 audit(2000000878.446:20845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3613 comm="syz.0.10000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 706.242884][ T29] audit: type=1326 audit(2000000878.446:20846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3613 comm="syz.0.10000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 706.266432][ T29] audit: type=1326 audit(2000000878.446:20847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3613 comm="syz.0.10000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=265 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 706.290048][ T29] audit: type=1326 audit(2000000878.446:20848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3613 comm="syz.0.10000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f6cbd6bd9 code=0x7ffc0000 [ 706.313584][ T29] audit: type=1326 audit(2000000878.446:20849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3613 comm="syz.0.10000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8f6cbd89f7 code=0x7ffc0000 [ 706.337099][ T29] audit: type=1326 audit(2000000878.446:20850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3613 comm="syz.0.10000" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f8f6cbd896c code=0x7ffc0000 [ 706.407042][ T3628] loop1: detected capacity change from 0 to 2048 [ 706.425781][ T3628] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 706.478535][ T3108] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 706.495158][ T3637] netlink: 40 bytes leftover after parsing attributes in process `syz.0.10009'. [ 706.504851][ T3637] netlink: 'syz.0.10009': attribute type 10 has an invalid length. [ 706.533848][ T3641] syz.1.10010[3641] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 706.534009][ T3641] syz.1.10010[3641] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 706.641468][ T3652] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10014'. [ 706.727860][ T3667] netlink: 40 bytes leftover after parsing attributes in process `syz.0.10021'. [ 706.737292][ T3667] netlink: 'syz.0.10021': attribute type 10 has an invalid length. [ 706.776428][ T3674] syzkaller0: entered promiscuous mode [ 706.784458][ T3673] syzkaller0: left promiscuous mode [ 706.889712][ T3683] netdevsim netdevsim0 netdevsim0: Unsupported IPsec algorithm [ 706.915107][ T3691] FAULT_INJECTION: forcing a failure. [ 706.915107][ T3691] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 706.928429][ T3691] CPU: 1 PID: 3691 Comm: syz.0.10031 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 706.938587][ T3691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 706.948645][ T3691] Call Trace: [ 706.951940][ T3691] [ 706.954872][ T3691] dump_stack_lvl+0xf2/0x150 [ 706.959543][ T3691] dump_stack+0x15/0x20 [ 706.963720][ T3691] should_fail_ex+0x229/0x230 [ 706.968431][ T3691] __should_fail_alloc_page+0xfd/0x110 [ 706.973995][ T3691] __alloc_pages_noprof+0x109/0x360 [ 706.979196][ T3691] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 706.984578][ T3691] shmem_get_folio_gfp+0x3e4/0xb70 [ 706.989690][ T3691] shmem_write_begin+0xa0/0x1c0 [ 706.994554][ T3691] generic_perform_write+0x1d5/0x410 [ 706.999885][ T3691] ? __pfx_shmem_write_end+0x10/0x10 [ 707.005166][ T3691] shmem_file_write_iter+0xc8/0xf0 [ 707.010270][ T3691] vfs_write+0x78f/0x900 [ 707.014621][ T3691] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 707.020451][ T3691] ksys_write+0xeb/0x1b0 [ 707.024685][ T3691] __x64_sys_write+0x42/0x50 [ 707.029275][ T3691] x64_sys_call+0x27ef/0x2d70 [ 707.033946][ T3691] do_syscall_64+0xc9/0x1c0 [ 707.038503][ T3691] ? clear_bhb_loop+0x55/0xb0 [ 707.043259][ T3691] ? clear_bhb_loop+0x55/0xb0 [ 707.047933][ T3691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 707.053865][ T3691] RIP: 0033:0x7f8f6cbd575f [ 707.058290][ T3691] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 707.077889][ T3691] RSP: 002b:00007f8f6be57e00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 707.086289][ T3691] RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f8f6cbd575f [ 707.094247][ T3691] RDX: 0000000000040000 RSI: 00007f8f63a38000 RDI: 0000000000000004 [ 707.102217][ T3691] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000487 [ 707.110177][ T3691] R10: 0000000020000982 R11: 0000000000000293 R12: 0000000000000004 [ 707.118178][ T3691] R13: 00007f8f6be57f00 R14: 00007f8f6be57ec0 R15: 00007f8f63a38000 [ 707.126224][ T3691] [ 707.148897][ T3694] loop7: detected capacity change from 0 to 16384 [ 707.157371][ T3695] netlink: 'syz.2.10033': attribute type 10 has an invalid length. [ 707.177895][ T3689] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(15) [ 707.184587][ T3689] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 707.192026][ T3689] vhci_hcd vhci_hcd.0: Device attached [ 707.197404][ T3699] loop2: detected capacity change from 0 to 128 [ 707.204258][ T3696] vhci_hcd: connection closed [ 707.204868][ T4459] vhci_hcd: stop threads [ 707.213863][ T4459] vhci_hcd: release socket [ 707.218404][ T4459] vhci_hcd: disconnect device [ 707.223552][ T3699] EXT4-fs: Ignoring removed nobh option [ 707.231782][ T3699] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 707.244358][ T3699] ext4 filesystem being mounted at /245/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 707.274412][T32620] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 707.321421][ T3703] loop4: detected capacity change from 0 to 512 [ 707.341260][ T3703] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 707.374804][ T3715] loop2: detected capacity change from 0 to 764 [ 707.396891][ T3703] ext4 filesystem being mounted at /168/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 707.419649][ T3715] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 707.451295][ T760] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 707.479646][ T3721] netlink: 'syz.0.10044': attribute type 10 has an invalid length. [ 707.523180][ T3725] netlink: 'syz.4.10041': attribute type 1 has an invalid length. [ 707.593155][ T3742] team0: Device macsec1 is already an upper device of the team interface [ 707.736410][ T3757] validate_nla: 1 callbacks suppressed [ 707.736423][ T3757] netlink: 'syz.0.10056': attribute type 10 has an invalid length. [ 707.820146][ T3767] netlink: 'syz.0.10060': attribute type 4 has an invalid length. [ 707.867350][ T3776] loop3: detected capacity change from 0 to 512 [ 707.890703][ T3776] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 707.903372][ T3776] ext4 filesystem being mounted at /282/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 707.922622][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 707.940988][ T3779] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=21530 sclass=netlink_route_socket pid=3779 comm=syz.0.10060 [ 707.970362][ T3782] loop2: detected capacity change from 0 to 256 [ 708.002891][ T3790] netlink: 'syz.3.10067': attribute type 10 has an invalid length. [ 708.062241][ T3806] netlink: 'syz.2.10074': attribute type 7 has an invalid length. [ 708.064899][ T3807] loop3: detected capacity change from 0 to 512 [ 708.082815][ T3807] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 708.096704][ T3807] ext4 filesystem being mounted at /288/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 708.118956][ T3807] EXT4-fs error (device loop3): ext4_search_dir:1548: inode #2: block 3: comm syz.3.10073: bad entry in directory: directory entry overrun - offset=16444, inode=113, rec_len=26368, size=2048 fake=0 [ 708.145712][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 708.335841][ T3819] loop3: detected capacity change from 0 to 128 [ 708.342648][ T3819] FAT-fs (loop3): bogus logical sector size 12 [ 708.348826][ T3819] FAT-fs (loop3): Can't find a valid FAT filesystem [ 708.536318][ T3825] netlink: 'syz.4.10080': attribute type 10 has an invalid length. [ 708.644452][ T3842] netlink: 'syz.4.10085': attribute type 7 has an invalid length. [ 708.701699][ T3849] loop4: detected capacity change from 0 to 512 [ 708.708521][ T3849] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 708.717318][ T3830] chnl_net:caif_netlink_parms(): no params data found [ 708.735916][ T3849] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 708.746933][ T3849] EXT4-fs (loop4): group descriptors corrupted! [ 708.769268][ T3830] bridge0: port 1(bridge_slave_0) entered blocking state [ 708.776471][ T3830] bridge0: port 1(bridge_slave_0) entered disabled state [ 708.783604][ T3830] bridge_slave_0: entered allmulticast mode [ 708.790034][ T3830] bridge_slave_0: entered promiscuous mode [ 708.797260][ T3830] bridge0: port 2(bridge_slave_1) entered blocking state [ 708.804329][ T3830] bridge0: port 2(bridge_slave_1) entered disabled state [ 708.811795][ T3830] bridge_slave_1: entered allmulticast mode [ 708.818423][ T3830] bridge_slave_1: entered promiscuous mode [ 708.832757][ T4050] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.850454][ T3830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 708.861330][ T3830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 708.881560][ T3830] team0: Port device team_slave_0 added [ 708.888434][ T3830] team0: Port device team_slave_1 added [ 708.902449][ T4050] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.921150][ T3830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 708.928144][ T3830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 708.954032][ T3830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 708.966665][ T3830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 708.973684][ T3830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 708.999587][ T3830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 709.019441][ T4050] team0: Port device netdevsim1 removed [ 709.026755][ T4050] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.053334][ T3830] hsr_slave_0: entered promiscuous mode [ 709.059434][ T3830] hsr_slave_1: entered promiscuous mode [ 709.065176][ T3830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 709.072949][ T3830] Cannot create hsr debugfs directory [ 709.083328][ T4050] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.102791][ T3864] netlink: 'syz.2.10091': attribute type 10 has an invalid length. [ 709.138961][ T3867] loop2: detected capacity change from 0 to 512 [ 709.158637][ T3869] loop4: detected capacity change from 0 to 1024 [ 709.179202][ T3867] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 709.195609][ T3867] ext4 filesystem being mounted at /260/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 709.200317][ T4050] bridge_slave_1: left allmulticast mode [ 709.211770][ T4050] bridge_slave_1: left promiscuous mode [ 709.217473][ T4050] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.230750][ T4050] bridge_slave_0: left allmulticast mode [ 709.236412][ T4050] bridge_slave_0: left promiscuous mode [ 709.242165][ T4050] bridge0: port 1(bridge_slave_0) entered disabled state [ 709.261367][T32620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 709.351461][ T4050] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 709.365239][ T4050] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 709.376946][ T4050] bond0 (unregistering): Released all slaves [ 709.388551][ T3880] netlink: 'syz.3.10096': attribute type 7 has an invalid length. [ 709.398677][ T3887] loop2: detected capacity change from 0 to 128 [ 709.422562][ T3886] veth0_to_hsr: entered promiscuous mode [ 709.430413][ T3886] vlan2: entered promiscuous mode [ 709.437678][ T3886] veth0_to_hsr: left promiscuous mode [ 709.438797][ T3889] loop3: detected capacity change from 0 to 512 [ 709.458709][ T3889] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.10098: attempt to clear invalid blocks 2 len 1 [ 709.473682][ T3889] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 709.488365][ T3889] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.10098: invalid indirect mapped block 1819239214 (level 0) [ 709.506291][ T3889] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.10098: invalid indirect mapped block 1819239214 (level 1) [ 709.522761][ T3889] EXT4-fs (loop3): 1 truncate cleaned up [ 709.528877][ T3889] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 709.539704][ T3887] loop2: detected capacity change from 0 to 128 [ 709.550439][ T4050] hsr_slave_0: left promiscuous mode [ 709.555978][ T3889] EXT4-fs warning (device loop3): dx_probe:832: inode #2: comm syz.3.10098: Unrecognised inode hash code 20 [ 709.567558][ T3889] EXT4-fs warning (device loop3): dx_probe:965: inode #2: comm syz.3.10098: Corrupt directory, running e2fsck is recommended [ 709.582845][ T4050] hsr_slave_1: left promiscuous mode [ 709.591629][ T4050] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 709.599157][ T4050] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 709.607956][ T3889] EXT4-fs warning (device loop3): dx_probe:832: inode #2: comm syz.3.10098: Unrecognised inode hash code 20 [ 709.619539][ T3889] EXT4-fs warning (device loop3): dx_probe:965: inode #2: comm syz.3.10098: Corrupt directory, running e2fsck is recommended [ 709.635867][ T4050] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 709.643439][ T4050] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 709.651790][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 709.669527][ T4050] veth1_macvtap: left promiscuous mode [ 709.675095][ T4050] veth0_macvtap: left promiscuous mode [ 709.680594][ T4050] veth1_vlan: left promiscuous mode [ 709.685828][ T4050] veth0_vlan: left promiscuous mode [ 709.784068][ T3896] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3896 comm=syz.0.10099 [ 709.800984][ T4050] team0 (unregistering): Port device team_slave_1 removed [ 709.814648][ T4050] team0 (unregistering): Port device team_slave_0 removed [ 709.862848][ T3893] __nla_validate_parse: 8 callbacks suppressed [ 709.862907][ T3893] netlink: 40 bytes leftover after parsing attributes in process `syz.0.10099'. [ 710.047809][ T3830] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 710.057634][ T3830] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 710.066341][ T3830] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 710.076198][ T3830] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 710.134806][ T3830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 710.148791][ T3830] 8021q: adding VLAN 0 to HW filter on device team0 [ 710.159823][T31646] bridge0: port 1(bridge_slave_0) entered blocking state [ 710.166943][T31646] bridge0: port 1(bridge_slave_0) entered forwarding state [ 710.184483][T31636] bridge0: port 2(bridge_slave_1) entered blocking state [ 710.191690][T31636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 710.208266][ T3830] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 710.218649][ T3830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 710.343399][ T3830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 710.428273][ T3830] veth0_vlan: entered promiscuous mode [ 710.437449][ T3830] veth1_vlan: entered promiscuous mode [ 710.467943][ T3830] veth0_macvtap: entered promiscuous mode [ 710.480753][ T3830] veth1_macvtap: entered promiscuous mode [ 710.499251][ T3830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 710.509760][ T3830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.519607][ T3830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 710.530047][ T3830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.539874][ T3830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 710.550285][ T3830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.560093][ T3830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 710.570514][ T3830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.586124][ T3830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 710.599789][ T3830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.610356][ T3830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.620223][ T3830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.630690][ T3830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.640526][ T3830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.650950][ T3830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.660887][ T3830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 710.671342][ T3830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.682435][ T3830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 710.694031][ T3830] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 710.702800][ T3830] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 710.711526][ T3830] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 710.720311][ T3830] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 710.838513][ T3941] FAULT_INJECTION: forcing a failure. [ 710.838513][ T3941] name failslab, interval 1, probability 0, space 0, times 0 [ 710.851205][ T3941] CPU: 1 PID: 3941 Comm: syz.1.10112 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 710.861348][ T3941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 710.871397][ T3941] Call Trace: [ 710.874665][ T3941] [ 710.877645][ T3941] dump_stack_lvl+0xf2/0x150 [ 710.882300][ T3941] dump_stack+0x15/0x20 [ 710.886445][ T3941] should_fail_ex+0x229/0x230 [ 710.891153][ T3941] ? alloc_fs_context+0x44/0x4e0 [ 710.896121][ T3941] __should_failslab+0x92/0xa0 [ 710.900910][ T3941] should_failslab+0x9/0x20 [ 710.905429][ T3941] kmalloc_trace_noprof+0x4b/0x2a0 [ 710.910538][ T3941] alloc_fs_context+0x44/0x4e0 [ 710.915316][ T3941] ? try_module_get+0xae/0x1a0 [ 710.920232][ T3941] fs_context_for_mount+0x21/0x30 [ 710.925239][ T3941] do_new_mount+0xf3/0x690 [ 710.929672][ T3941] path_mount+0x49b/0xb30 [ 710.934060][ T3941] __se_sys_mount+0x27f/0x2d0 [ 710.938726][ T3941] __x64_sys_mount+0x67/0x80 [ 710.943345][ T3941] x64_sys_call+0x25c9/0x2d70 [ 710.948011][ T3941] do_syscall_64+0xc9/0x1c0 [ 710.952524][ T3941] ? clear_bhb_loop+0x55/0xb0 [ 710.957189][ T3941] ? clear_bhb_loop+0x55/0xb0 [ 710.961928][ T3941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.967876][ T3941] RIP: 0033:0x7fb8c102cbd9 [ 710.972363][ T3941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 710.992045][ T3941] RSP: 002b:00007fb8c028d048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 711.000519][ T3941] RAX: ffffffffffffffda RBX: 00007fb8c11bb038 RCX: 00007fb8c102cbd9 [ 711.008476][ T3941] RDX: 0000000020000180 RSI: 00000000200000c0 RDI: 0000000000000000 [ 711.016434][ T3941] RBP: 00007fb8c028d0a0 R08: 0000000020000400 R09: 0000000000000000 [ 711.024403][ T3941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 711.032375][ T3941] R13: 000000000000006e R14: 00007fb8c11bb038 R15: 00007ffdb06318e8 [ 711.040407][ T3941] [ 711.288217][ T3945] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 711.373505][ T3948] loop2: detected capacity change from 0 to 128 [ 711.435007][ T3948] loop2: detected capacity change from 0 to 128 [ 711.709855][ T3958] loop3: detected capacity change from 0 to 8192 [ 711.726621][ T3960] netlink: 16 bytes leftover after parsing attributes in process `syz.1.10119'. [ 711.847770][ T29] kauditd_printk_skb: 195 callbacks suppressed [ 711.847785][ T29] audit: type=1326 audit(2000000883.734:21046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3967 comm="syz.3.10120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e29213bd9 code=0x7ffc0000 [ 711.883660][ T29] audit: type=1326 audit(2000000883.762:21047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3967 comm="syz.3.10120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f3e29213bd9 code=0x7ffc0000 [ 711.907343][ T29] audit: type=1326 audit(2000000883.762:21048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3967 comm="syz.3.10120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e29213bd9 code=0x7ffc0000 [ 711.931068][ T29] audit: type=1326 audit(2000000883.762:21049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3967 comm="syz.3.10120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3e29213bd9 code=0x7ffc0000 [ 711.954603][ T29] audit: type=1326 audit(2000000883.762:21050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3967 comm="syz.3.10120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e29213bd9 code=0x7ffc0000 [ 711.978319][ T29] audit: type=1326 audit(2000000883.762:21051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3967 comm="syz.3.10120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3e29213bd9 code=0x7ffc0000 [ 712.001799][ T29] audit: type=1326 audit(2000000883.762:21052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3967 comm="syz.3.10120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e29213bd9 code=0x7ffc0000 [ 712.025403][ T29] audit: type=1326 audit(2000000883.762:21053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3967 comm="syz.3.10120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3e29213bd9 code=0x7ffc0000 [ 712.048862][ T29] audit: type=1326 audit(2000000883.762:21054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3967 comm="syz.3.10120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e29213bd9 code=0x7ffc0000 [ 712.059590][ T3974] netlink: 'syz.1.10124': attribute type 4 has an invalid length. [ 712.072444][ T29] audit: type=1326 audit(2000000883.762:21055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3967 comm="syz.3.10120" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3e2921275f code=0x7ffc0000 [ 712.218198][ T3975] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=21530 sclass=netlink_route_socket pid=3975 comm=syz.1.10124 [ 712.493802][ T3981] loop4: detected capacity change from 0 to 8192 [ 712.546183][ T3981] loop4: p1 p2 p4 < > [ 712.550286][ T3981] loop4: partition table partially beyond EOD, truncated [ 712.557538][ T3981] loop4: p1 size 108986237 extends beyond EOD, truncated [ 712.565052][ T3981] loop4: p2 start 65535 is beyond EOD, truncated [ 712.571595][ T3981] loop4: p4 start 50331648 is beyond EOD, truncated [ 712.582040][ T3981] netlink: 132 bytes leftover after parsing attributes in process `syz.4.10126'. [ 712.610093][ T3981] team0: Port device team_slave_0 removed [ 712.643884][ T3988] loop2: detected capacity change from 0 to 512 [ 712.650501][ T3988] ext4: Unknown parameter './bus' [ 712.692501][ T3996] loop4: detected capacity change from 0 to 512 [ 712.699407][ T3996] EXT4-fs: Ignoring removed nomblk_io_submit option [ 712.712886][ T3996] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #15: comm syz.4.10130: casefold flag without casefold feature [ 712.725972][ T3996] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz.4.10130: couldn't read orphan inode 15 (err -117) [ 712.740639][ T3996] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 712.806492][ T3996] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10130'. [ 712.815547][ T3996] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 712.822937][ T3996] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 712.853668][ T4006] loop2: detected capacity change from 0 to 256 [ 712.860425][ T4006] FAT-fs (loop2): Unrecognized mount option "mask=00000000000000000000000" or missing value [ 712.963746][ T3996] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 712.971252][ T3996] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 713.035113][ T4010] loop1: detected capacity change from 0 to 512 [ 713.091323][ T4012] netlink: 40 bytes leftover after parsing attributes in process `syz.3.10134'. [ 713.102143][ T4013] netlink: 40 bytes leftover after parsing attributes in process `syz.4.10130'. [ 713.127863][ T4012] netlink: 'syz.3.10134': attribute type 10 has an invalid length. [ 713.282078][ T4021] loop3: detected capacity change from 0 to 512 [ 713.349252][ T4021] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 713.361826][ T4021] ext4 filesystem being mounted at /302/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 713.409745][ T4024] 9pnet: Could not find request transport: _d [ 713.422696][ T760] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 714.339273][ T4036] loop1: detected capacity change from 0 to 128 [ 714.468415][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 714.579375][ T4048] netlink: 'syz.1.10141': attribute type 4 has an invalid length. [ 714.607961][ T4058] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10144'. [ 714.647106][ T4048] netlink: 'syz.1.10141': attribute type 4 has an invalid length. [ 715.989361][ T4091] netlink: 25 bytes leftover after parsing attributes in process `syz.1.10156'. [ 716.051744][ T4114] loop2: detected capacity change from 0 to 512 [ 716.064443][ T4114] EXT4-fs: Ignoring removed orlov option [ 716.085677][ T4114] EXT4-fs (loop2): orphan cleanup on readonly fs [ 716.101775][ T4114] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz.2.10165: corrupted in-inode xattr: e_value size too large [ 716.132552][ T4114] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz.2.10165: couldn't read orphan inode 15 (err -117) [ 716.177881][ T4114] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 716.242689][T32620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 716.465734][ T4138] loop4: detected capacity change from 0 to 512 [ 716.497253][ T4138] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 716.545246][ T4138] ext4 filesystem being mounted at /210/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 716.658230][ T760] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 716.853420][ T4175] netlink: 'syz.4.10187': attribute type 1 has an invalid length. [ 717.063846][ T1582] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 717.154662][ T1582] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 717.263308][ T1582] team0: Port device netdevsim1 removed [ 717.271863][ T1582] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 717.326631][ T1582] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 717.345855][ T4165] chnl_net:caif_netlink_parms(): no params data found [ 717.433932][ T4165] bridge0: port 1(bridge_slave_0) entered blocking state [ 717.441056][ T4165] bridge0: port 1(bridge_slave_0) entered disabled state [ 717.470444][ T4165] bridge_slave_0: entered allmulticast mode [ 717.490741][ T4165] bridge_slave_0: entered promiscuous mode [ 717.514889][ T4165] bridge0: port 2(bridge_slave_1) entered blocking state [ 717.522037][ T4165] bridge0: port 2(bridge_slave_1) entered disabled state [ 717.547007][ T4165] bridge_slave_1: entered allmulticast mode [ 717.562485][ T4165] bridge_slave_1: entered promiscuous mode [ 717.593099][ T1582] bridge_slave_1: left allmulticast mode [ 717.598847][ T1582] bridge_slave_1: left promiscuous mode [ 717.604468][ T1582] bridge0: port 2(bridge_slave_1) entered disabled state [ 717.625494][ T1582] bridge_slave_0: left allmulticast mode [ 717.631204][ T1582] bridge_slave_0: left promiscuous mode [ 717.636916][ T1582] bridge0: port 1(bridge_slave_0) entered disabled state [ 718.000279][ T1582] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 718.078087][ T1582] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 718.100743][ T1582] bond0 (unregistering): Released all slaves [ 718.134940][ T1582] bond1 (unregistering): Released all slaves [ 718.208651][ T1582] bond2 (unregistering): Released all slaves [ 718.252947][ T4165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 718.297274][ T4165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 718.344540][ T4165] team0: Port device team_slave_0 added [ 718.352258][ T1582] hsr_slave_0: left promiscuous mode [ 718.362022][ T1582] hsr_slave_1: left promiscuous mode [ 718.381942][ T1582] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 718.389414][ T1582] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 718.419827][ T1582] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 718.427302][ T1582] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 718.449861][ T1582] veth0_macvtap: left promiscuous mode [ 718.455360][ T1582] veth1_vlan: left promiscuous mode [ 718.460765][ T1582] veth0_vlan: left promiscuous mode [ 718.619791][ T1582] team0 (unregistering): Port device team_slave_1 removed [ 718.632066][ T1582] team0 (unregistering): Port device team_slave_0 removed [ 718.680685][ T4165] team0: Port device team_slave_1 added [ 718.707851][ T4165] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 718.714876][ T4165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 718.740769][ T4165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 718.798510][ T4165] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 718.805530][ T4165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 718.831543][ T4165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 718.873091][ T4165] hsr_slave_0: entered promiscuous mode [ 718.882752][ T4165] hsr_slave_1: entered promiscuous mode [ 718.893408][ T4165] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 718.912051][ T4165] Cannot create hsr debugfs directory [ 719.094989][ T1582] IPVS: stop unused estimator thread 0... [ 719.211884][ T4165] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 719.236972][ T4165] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 719.255189][ T4165] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 719.273831][ T4165] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 719.340512][ T4165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 719.364132][ T4165] 8021q: adding VLAN 0 to HW filter on device team0 [ 719.379425][T31636] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.386564][T31636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 719.422096][T31648] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.429333][T31648] bridge0: port 2(bridge_slave_1) entered forwarding state [ 719.456399][ T4165] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 719.466894][ T4165] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 719.529006][ T4165] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 719.637470][ T4165] veth0_vlan: entered promiscuous mode [ 719.656705][ T4165] veth1_vlan: entered promiscuous mode [ 719.679365][ T4165] veth0_macvtap: entered promiscuous mode [ 719.697257][ T4165] veth1_macvtap: entered promiscuous mode [ 719.722635][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 719.733268][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.743278][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 719.753813][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.763665][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 719.774097][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.811193][ T4165] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 719.812930][ T4241] loop3: detected capacity change from 0 to 512 [ 719.819592][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 719.835318][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.845247][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 719.855704][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.865549][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 719.876057][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 719.887462][ T4165] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 719.899201][ T4165] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 719.908042][ T4165] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 719.916893][ T4165] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 719.925644][ T4165] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 719.928245][ T4241] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 719.969467][ T4241] ext4 filesystem being mounted at /317/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 720.061833][ T4241] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 720.109213][ T4241] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 511 with error 28 [ 720.121617][ T4241] EXT4-fs (loop3): This should not happen!! Data will be lost [ 720.121617][ T4241] [ 720.131296][ T4241] EXT4-fs (loop3): Total free blocks count 0 [ 720.137269][ T4241] EXT4-fs (loop3): Free/Dirty block details [ 720.143270][ T4241] EXT4-fs (loop3): free_blocks=65280 [ 720.148543][ T4241] EXT4-fs (loop3): dirty_blocks=511 [ 720.153818][ T4241] EXT4-fs (loop3): Block reservation details [ 720.159787][ T4241] EXT4-fs (loop3): i_reserved_data_blocks=511 [ 720.228229][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 720.480877][ T4276] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10214'. [ 720.621552][ T4294] loop4: detected capacity change from 0 to 512 [ 720.749012][ T4303] dccp_invalid_packet: P.Data Offset(0) too small [ 720.751647][ T4294] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 720.792195][ T4294] ext4 filesystem being mounted at /225/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 720.848676][ T4294] EXT4-fs error (device loop4): ext4_xattr_block_get:596: inode #15: comm syz.4.10220: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 720.877365][ T4314] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10228'. [ 720.890812][ T4294] EXT4-fs (loop4): Remounting filesystem read-only [ 720.897353][ T4294] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 720.920784][ T4314] team_slave_0: entered promiscuous mode [ 720.926455][ T4314] team_slave_0: entered allmulticast mode [ 720.939280][ T4294] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 720.953749][ T4314] team0: Port device team_slave_0 removed [ 720.993736][ T760] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 721.073011][ T4339] sch_tbf: burst 88 is lower than device macsec0 mtu (1482) ! [ 721.095540][ T4341] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993 [ 721.141502][ T4309] chnl_net:caif_netlink_parms(): no params data found [ 721.219486][ T4309] bridge0: port 1(bridge_slave_0) entered blocking state [ 721.226631][ T4309] bridge0: port 1(bridge_slave_0) entered disabled state [ 721.248485][ T4309] bridge_slave_0: entered allmulticast mode [ 721.254913][ T4309] bridge_slave_0: entered promiscuous mode [ 721.264193][ T4309] bridge0: port 2(bridge_slave_1) entered blocking state [ 721.271323][ T4309] bridge0: port 2(bridge_slave_1) entered disabled state [ 721.278644][ T4309] bridge_slave_1: entered allmulticast mode [ 721.285021][ T4309] bridge_slave_1: entered promiscuous mode [ 721.299405][ T4361] tipc: Started in network mode [ 721.304285][ T4361] tipc: Node identity aaaaaaaaaa41, cluster identity 4711 [ 721.311955][ T4361] tipc: Enabled bearer , priority 10 [ 721.335622][ T4309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 721.338478][ T4359] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10243'. [ 721.365720][ T4309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 721.381942][ T4368] team_slave_1: entered promiscuous mode [ 721.390445][ T4367] loop1: detected capacity change from 0 to 256 [ 721.406457][ T4368] team_slave_1: left promiscuous mode [ 721.412970][ T4367] FAT-fs (loop1): IO charset cp855 not found [ 721.414563][ T4309] team0: Port device team_slave_0 added [ 721.435481][ T4309] team0: Port device team_slave_1 added [ 721.443389][ T4359] team_slave_0: entered promiscuous mode [ 721.449038][ T4359] team_slave_0: entered allmulticast mode [ 721.455968][ T4359] team0: Port device team_slave_0 removed [ 721.500344][ T4379] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 721.521937][ T4383] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.10252'. [ 721.537423][ T4309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 721.544403][ T4309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.570340][ T4309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 721.582171][ T4309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 721.589121][ T4309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.615136][ T4309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 721.652346][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 721.652359][ T29] audit: type=1326 audit(2000000892.789:21068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4388 comm="syz.1.10255" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8c102cbd9 code=0x0 [ 721.706120][ T4309] hsr_slave_0: entered promiscuous mode [ 721.712294][ T4309] hsr_slave_1: entered promiscuous mode [ 721.718159][ T4309] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 721.727114][ T4309] Cannot create hsr debugfs directory [ 721.808426][ T4397] loop3: detected capacity change from 0 to 512 [ 721.821507][ T4397] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 721.835694][ T4397] ext4 filesystem being mounted at /326/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 721.841835][ T4309] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.873809][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 722.002773][ T4309] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 722.251880][ T4309] team0: Port device netdevsim1 removed [ 722.265089][ T4309] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 722.354296][ T4309] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 722.403684][T31648] tipc: Node number set to 15444650 [ 722.428959][ T4409] loop4: detected capacity change from 0 to 512 [ 722.435858][ T4409] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 722.448946][ T4409] EXT4-fs (loop4): 1 truncate cleaned up [ 722.455076][ T4409] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 722.470484][ T4309] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 722.477886][ T760] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 722.481264][ T4309] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 722.496275][ T4309] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 722.506602][ T4309] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 722.552102][ T4309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 722.575340][ T4309] 8021q: adding VLAN 0 to HW filter on device team0 [ 722.588870][T31634] bridge0: port 1(bridge_slave_0) entered blocking state [ 722.590572][ T4414] loop1: detected capacity change from 0 to 1024 [ 722.595944][T31634] bridge0: port 1(bridge_slave_0) entered forwarding state [ 722.619249][ T4414] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 722.636930][T31639] bridge0: port 2(bridge_slave_1) entered blocking state [ 722.642466][ T4414] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 722.644083][T31639] bridge0: port 2(bridge_slave_1) entered forwarding state [ 722.674273][ T4418] team_slave_1: entered promiscuous mode [ 722.684487][ T4309] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 722.694936][ T4309] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 722.711789][ T3830] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 722.722890][ T4418] team_slave_1: left promiscuous mode [ 722.910793][ T4309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 723.034274][ T4441] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10273'. [ 723.043539][ T4441] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10273'. [ 723.262530][ T4309] veth0_vlan: entered promiscuous mode [ 723.280418][ T4450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10275'. [ 723.295048][ T4309] veth1_vlan: entered promiscuous mode [ 723.318561][ T4454] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10276'. [ 723.332877][ T4309] veth0_macvtap: entered promiscuous mode [ 723.350939][ T4309] veth1_macvtap: entered promiscuous mode [ 723.364502][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.374981][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.384868][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.395323][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.405174][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.415697][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.425900][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.436402][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.449255][ T4309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 723.461317][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.471853][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.481724][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.492440][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.502266][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.512677][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.522489][ T4309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 723.532932][ T4309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 723.607918][ T4309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 723.624231][ T4309] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.633048][ T4309] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.641783][ T4309] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 723.650479][ T4309] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.037297][ T4504] 9pnet: p9_errstr2errno: server reported unknown error @΂(QhQIr錃;9Wgt_->! [ 724.038376][ T4506] netlink: 'syz.3.10296': attribute type 1 has an invalid length. [ 724.066909][ T4506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10296'. [ 724.081706][ T4506] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 724.100558][ T4506] netlink: 'syz.3.10296': attribute type 2 has an invalid length. [ 724.293183][ T4513] loop3: detected capacity change from 0 to 512 [ 724.404042][ T4513] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #15: comm syz.3.10299: casefold flag without casefold feature [ 724.422139][ T4513] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.10299: couldn't read orphan inode 15 (err -117) [ 724.436279][ T4513] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 724.462703][T31565] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 724.649353][ T4537] bridge0: port 3(gretap0) entered blocking state [ 724.655863][ T4537] bridge0: port 3(gretap0) entered disabled state [ 724.662550][ T4537] gretap0: entered allmulticast mode [ 724.668754][ T4537] gretap0: entered promiscuous mode [ 724.674196][ T4537] bridge0: port 3(gretap0) entered blocking state [ 724.680674][ T4537] bridge0: port 3(gretap0) entered forwarding state [ 724.693033][ T4537] gretap0: left allmulticast mode [ 724.698093][ T4537] gretap0: left promiscuous mode [ 724.703745][ T4537] bridge0: port 3(gretap0) entered disabled state [ 725.616561][ T4583] netlink: set zone limit has 8 unknown bytes [ 726.212426][ T4602] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 726.253607][ T4608] vlan2: entered promiscuous mode [ 726.258665][ T4608] team0: entered promiscuous mode [ 726.263770][ T4608] team_slave_0: entered promiscuous mode [ 726.269532][ T4608] team_slave_1: entered promiscuous mode [ 726.275291][ T4608] vlan2: entered allmulticast mode [ 726.280406][ T4608] team0: entered allmulticast mode [ 726.285515][ T4608] team_slave_0: entered allmulticast mode [ 726.291234][ T4608] team_slave_1: entered allmulticast mode [ 726.470825][ T4635] vlan2: entered promiscuous mode [ 726.475953][ T4635] team0: entered promiscuous mode [ 726.481056][ T4635] team_slave_1: entered promiscuous mode [ 726.486782][ T4635] netdevsim netdevsim3 netdevsim1: entered promiscuous mode [ 726.494211][ T4635] vlan2: entered allmulticast mode [ 726.499331][ T4635] team0: entered allmulticast mode [ 726.504425][ T4635] team_slave_1: entered allmulticast mode [ 726.510155][ T4635] netdevsim netdevsim3 netdevsim1: entered allmulticast mode [ 726.908803][ T4679] netlink: 'syz.1.10369': attribute type 29 has an invalid length. [ 726.952429][ T4679] netlink: 'syz.1.10369': attribute type 29 has an invalid length. [ 726.973959][ T4685] pimreg: entered allmulticast mode [ 727.006022][ T4679] netlink: 'syz.1.10369': attribute type 29 has an invalid length. [ 727.120779][ T4695] netlink: 703 bytes leftover after parsing attributes in process `syz.1.10376'. [ 727.181843][ T4699] loop1: detected capacity change from 0 to 8192 [ 727.591483][ T4736] vlan2: entered promiscuous mode [ 727.596604][ T4736] team0: entered promiscuous mode [ 727.601825][ T4736] team_slave_1: entered promiscuous mode [ 727.607758][ T4736] netdevsim netdevsim4 netdevsim1: entered promiscuous mode [ 727.615369][ T4736] vlan2: entered allmulticast mode [ 727.620484][ T4736] team0: entered allmulticast mode [ 727.625591][ T4736] team_slave_1: entered allmulticast mode [ 727.631401][ T4736] netdevsim netdevsim4 netdevsim1: entered allmulticast mode [ 728.116985][ T4763] @: renamed from veth0_vlan (while UP) [ 728.607530][ T4789] @: renamed from veth0_vlan (while UP) [ 728.656722][ T4795] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4795 comm=syz.4.10421 [ 728.774269][ T4777] ================================================================== [ 728.782390][ T4777] BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64 [ 728.792211][ T4777] [ 728.794521][ T4777] read-write to 0xffffffff860079c0 of 8 bytes by interrupt on cpu 1: [ 728.802577][ T4777] tick_do_update_jiffies64+0x112/0x1b0 [ 728.808136][ T4777] tick_nohz_handler+0x7c/0x2d0 [ 728.812986][ T4777] __hrtimer_run_queues+0x20d/0x5e0 [ 728.818178][ T4777] hrtimer_interrupt+0x210/0x7b0 [ 728.823114][ T4777] __sysvec_apic_timer_interrupt+0x5c/0x1a0 [ 728.829025][ T4777] sysvec_apic_timer_interrupt+0x6e/0x80 [ 728.834652][ T4777] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 728.840636][ T4777] __tsan_read8+0x114/0x180 [ 728.845146][ T4777] handle_mm_fault+0x110d/0x2a80 [ 728.850095][ T4777] __get_user_pages+0x49d/0xf10 [ 728.854962][ T4777] __mm_populate+0x25b/0x3b0 [ 728.859582][ T4777] vm_mmap_pgoff+0x1d6/0x290 [ 728.864175][ T4777] ksys_mmap_pgoff+0xd0/0x340 [ 728.868854][ T4777] x64_sys_call+0x1835/0x2d70 [ 728.873535][ T4777] do_syscall_64+0xc9/0x1c0 [ 728.878037][ T4777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.883926][ T4777] [ 728.886235][ T4777] read to 0xffffffff860079c0 of 8 bytes by task 4777 on cpu 0: [ 728.893771][ T4777] mem_cgroup_flush_stats_ratelimited+0x29/0x100 [ 728.900104][ T4777] count_shadow_nodes+0x6b/0x230 [ 728.905039][ T4777] do_shrink_slab+0x5a/0x690 [ 728.909622][ T4777] shrink_slab+0x4ed/0x860 [ 728.914033][ T4777] shrink_node+0xa0d/0x13c0 [ 728.918533][ T4777] do_try_to_free_pages+0x3c6/0xc50 [ 728.923722][ T4777] try_to_free_mem_cgroup_pages+0x1eb/0x4e0 [ 728.929619][ T4777] try_charge_memcg+0x27a/0xcd0 [ 728.934465][ T4777] obj_cgroup_charge_pages+0xbd/0x1d0 [ 728.939837][ T4777] __memcg_kmem_charge_page+0x9d/0x170 [ 728.945296][ T4777] __alloc_pages_noprof+0x1bc/0x360 [ 728.950491][ T4777] __vmalloc_node_range_noprof+0x6c2/0xef0 [ 728.956302][ T4777] bpf_map_area_alloc+0xd8/0x110 [ 728.961246][ T4777] bloom_map_alloc+0x1a9/0x2a0 [ 728.966006][ T4777] map_create+0x83c/0xb90 [ 728.970329][ T4777] __sys_bpf+0x667/0x7a0 [ 728.974574][ T4777] __x64_sys_bpf+0x43/0x50 [ 728.978987][ T4777] x64_sys_call+0x2655/0x2d70 [ 728.983662][ T4777] do_syscall_64+0xc9/0x1c0 [ 728.988167][ T4777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.994059][ T4777] [ 728.996380][ T4777] value changed: 0x00000001000093f7 -> 0x00000001000093f8 [ 729.003474][ T4777] [ 729.005785][ T4777] Reported by Kernel Concurrency Sanitizer on: [ 729.011916][ T4777] CPU: 0 PID: 4777 Comm: syz.2.10413 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 729.022055][ T4777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 729.032102][ T4777] ================================================================== [ 729.133198][ T4776] syz.2.10413 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 729.144443][ T4776] CPU: 0 PID: 4776 Comm: syz.2.10413 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 729.154635][ T4776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 729.164692][ T4776] Call Trace: [ 729.167960][ T4776] [ 729.170887][ T4776] dump_stack_lvl+0xf2/0x150 [ 729.175481][ T4776] dump_stack+0x15/0x20 [ 729.179709][ T4776] dump_header+0x83/0x2d0 [ 729.184114][ T4776] oom_kill_process+0x33e/0x4c0 [ 729.189046][ T4776] out_of_memory+0x9af/0xbe0 [ 729.193719][ T4776] mem_cgroup_out_of_memory+0x13e/0x190 [ 729.199297][ T4776] try_charge_memcg+0x745/0xcd0 [ 729.204196][ T4776] ? _raw_spin_unlock+0x26/0x50 [ 729.209049][ T4776] ? radix_tree_lookup+0xf9/0x150 [ 729.214137][ T4776] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 729.220213][ T4776] __read_swap_cache_async+0x2b9/0x520 [ 729.225678][ T4776] swap_cluster_readahead+0x276/0x3f0 [ 729.231153][ T4776] swapin_readahead+0xe2/0x7a0 [ 729.235925][ T4776] ? __filemap_get_folio+0x420/0x5b0 [ 729.241210][ T4776] ? swap_cache_get_folio+0x6e/0x210 [ 729.246560][ T4776] do_swap_page+0x3bc/0x1840 [ 729.251263][ T4776] ? cgroup_rstat_updated+0x99/0x550 [ 729.256560][ T4776] ? __rcu_read_lock+0x36/0x50 [ 729.261404][ T4776] handle_mm_fault+0x809/0x2a80 [ 729.266300][ T4776] ? mas_walk+0x204/0x320 [ 729.270640][ T4776] exc_page_fault+0x3b9/0x650 [ 729.275350][ T4776] asm_exc_page_fault+0x26/0x30 [ 729.280211][ T4776] RIP: 0033:0x7f2a3c460564 [ 729.284617][ T4776] Code: 00 69 3d 53 b1 de 00 e8 03 00 00 48 8d 1d 14 9a 2b 00 e8 df b5 12 00 eb 11 0f 1f 44 00 00 48 81 c3 d8 00 00 00 48 39 dd 74 bc <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df e8 87 ee ff ff eb [ 729.304300][ T4776] RSP: 002b:00007ffcd5240150 EFLAGS: 00010206 [ 729.310363][ T4776] RAX: 0000000000000000 RBX: 00007f2a3c719f60 RCX: 0000000000000000 [ 729.318328][ T4776] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055558123b808 [ 729.326318][ T4776] RBP: 00007f2a3c71ba60 R08: 0000000000000000 R09: 7fffffffffffffff [ 729.334290][ T4776] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000a5e93 [ 729.342283][ T4776] R13: 0000000000000032 R14: 00007f2a3c71ba60 R15: 00007ffcd5240230 [ 729.350339][ T4776] [ 729.353629][ T4776] memory: usage 307200kB, limit 307200kB, failcnt 3296 [ 729.360660][ T4776] memory+swap: usage 307696kB, limit 9007199254740988kB, failcnt 0 [ 729.368614][ T4776] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0 [ 729.375928][ T4776] Memory cgroup stats for /syz2: [ 729.376084][ T4776] cache 0 [ 729.384060][ T4776] rss 0 [ 729.386893][ T4776] shmem 0 [ 729.389935][ T4776] mapped_file 0 [ 729.393436][ T4776] dirty 0 [ 729.396403][ T4776] writeback 0 [ 729.399674][ T4776] workingset_refault_anon 140 [ 729.404360][ T4776] workingset_refault_file 298 [ 729.409032][ T4776] swap 507904 [ 729.412306][ T4776] swapcached 12288 [ 729.416096][ T4776] pgpgin 771867 [ 729.419553][ T4776] pgpgout 771863 [ 729.423187][ T4776] pgfault 828786 [ 729.426745][ T4776] pgmajfault 115 [ 729.430283][ T4776] inactive_anon 12288 [ 729.434253][ T4776] active_anon 0 [ 729.437722][ T4776] inactive_file 4096 [ 729.441658][ T4776] active_file 0 [ 729.445151][ T4776] unevictable 0 [ 729.448613][ T4776] hierarchical_memory_limit 314572800 [ 729.453969][ T4776] hierarchical_memsw_limit 9223372036854771712 [ 729.460177][ T4776] total_cache 0 [ 729.463625][ T4776] total_rss 0 [ 729.466919][ T4776] total_shmem 0 [ 729.470461][ T4776] total_mapped_file 0 [ 729.474428][ T4776] total_dirty 0 [ 729.477995][ T4776] total_writeback 0 [ 729.481828][ T4776] total_workingset_refault_anon 140 [ 729.487013][ T4776] total_workingset_refault_file 298 [ 729.492327][ T4776] total_swap 507904 [ 729.496123][ T4776] total_swapcached 12288 [ 729.500369][ T4776] total_pgpgin 771870 [ 729.504372][ T4776] total_pgpgout 771866 [ 729.508426][ T4776] total_pgfault 828789 [ 729.512487][ T4776] total_pgmajfault 115 [ 729.516545][ T4776] total_inactive_anon 12288 [ 729.521109][ T4776] total_active_anon 0 [ 729.525129][ T4776] total_inactive_file 4096 [ 729.529601][ T4776] total_active_file 0 [ 729.533584][ T4776] total_unevictable 0 [ 729.537556][ T4776] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.10413,pid=4776,uid=0 [ 729.552578][ T4776] Memory cgroup out of memory: Killed process 4776 (syz.2.10413) total-vm:80548kB, anon-rss:448kB, file-rss:9164kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000