last executing test programs: 15.4576865s ago: executing program 4 (id=1252): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454da, &(0x7f0000000080)={'batadv0\x00'}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x103442, 0x0) ioctl$TUNSETIFF(r2, 0x400454da, &(0x7f0000000140)={'batadv0\x00'}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000002c0)={'pimreg0\x00', 0x1}) 15.209632564s ago: executing program 4 (id=1259): r0 = socket(0x2, 0x2, 0x1) bind$unix(r0, &(0x7f0000000000)=@abs, 0x6e) r1 = socket(0x2, 0x2, 0x1) bind$unix(r1, &(0x7f0000000000)=@abs, 0x6e) r2 = socket(0x2, 0x2, 0x1) bind$unix(r2, &(0x7f0000000000)=@abs, 0x6e) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00') preadv(r3, &(0x7f0000000700)=[{&(0x7f0000000640)=""/165, 0xa5}], 0x1, 0x180, 0x9) 15.209159294s ago: executing program 4 (id=1260): pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000240)=[{&(0x7f00000000c0)="3b256c7a40ff8cf30d776a89d5cfc3ce7467bd24", 0x14}, {&(0x7f0000000100)="0acbe8ef2f2c5f0d", 0x8}], 0x2, 0x0) r2 = socket$inet(0x2, 0x3, 0x7f) bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x8000, 0x0) 15.199322215s ago: executing program 4 (id=1262): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000080)={[{@i_version}, {@nogrpid}, {@bh}]}, 0x1, 0x523, &(0x7f0000000c00)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWceb1qp6gHJCCFVC9AgiNfbGsrzrtbzrUptIuGeuSFTiBEf+AM49ceeC4MalHJD4YYFqJA5TzezY2di79qaJvZb385FG89688X7fizPvzbxd7wtgbN2IiJ2ImIiIdyNipjyelFu81d3y8z7ZfbC4t/tgMYkse+dfSVGeH4uen8ldK19zKiJ+8J2InyRH47a3tlcXGo36Rpmf7TTXZ9tb27dXmgvL9eX6Wq02Pzd/5427r9ceozVTx5a+1JwoU1/++I873/hZXq3p8khvO56mbtMrB3FylyPie6cRbAQule2ZGHVF+EzSiHg+Il4urv+ZuFT8NgGAiyzLZiKb6c0DABddWsyBJWm1nAuYjjStVrtzeC/E1bTRandu3W9tri1158quRyW9v9Ko3ynnCq9HJcnzc0X6Yb52KH83Ip6LiF9OXiny1cVWY2mUNz4AMMauHRr//zvZHf8BgAvu+I/NAAAXkfEfAMaP8R8Axo/xHwDGT3f8v/K4P5Zl2c9PozoAwBnw/A8A48f4DwBj5ftvv51v2V75/ddL721trrbeu71Ub69Wm5uL1cXWxnp1udVaLr6zp3nS6zVarfW512Lz/evfXG93Zttb2/earc21zr3ie73v1SvFWTtn0DIAYJDnXvroL0k+Ir95pdiiZy2HykhrBpy2dNQVAEbm0qgrAIyM1b5gfD18xn/sDwGYHoALos8SvY+Y6vcHQlmWZadXJeCU3fyC+X8YVz3z/z4FDGPmpPn/Ym1gbxLChWT+H8ZXliXDrvkfw54IAJxvx8zxXz/L+xBgdAa8//98uf9d+ebAj5YOn/HhadYKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzrf99X+r5TK/05Gm1WrEM8UCQJXk/kqjficino2IP09WJvP83IjrDAA8qfTvSbn+182ZV6cfKXrx2kFyIiJ++ut3fvX+Qqez8aeIieTfk/vHOx+Wx2snBps6jRYAAMfbH6eLfc+D/Ce7Dxb3t7Oszz++3b0ryOPu7U7E3kH8y3G52E9FJSKu/icp811Jz9zFk9j5ICI+36/9SUwXcyDdW5bD8fPYz5xp/PSR+Gm5QHNa/lt87inUBcbNR3n/81a/6y+NG8W+//U/VfRQT67s//KXWtwr+sCH8ff7v0sD+r8bw8Z47Q/f7aauHC37IOKLlyP2Y+/19D/78ZMB8V8dMv5fv/Tiy4PKst9E3Iz+8XtjzXaa67Ptre3bK82F5fpyfa1Wm5+bv/PG3ddrs8Uc9ezg0eCfb956dlBZ3v6rA+JPndD+rw7Z/t/+/90ffuWY+F9/pV/8NF44Jn4+Jn5tyPgLV38/8Lk7j790tP3JML//W0PG//hv20eWDQcARqe9tb260GjUNyTGNPHjOBfVGC6R/5c9B9Xom/jWWcWaiP5Fv3ile00fKsqyzxRrUI/xNGbdgPPg4KKPiP+NujIAAAAAAAAAAAAAAEBfZ/EXS6NuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfXpwEAAP//+E3TQw==") open(&(0x7f0000000680)='./bus\x00', 0x4001410c2, 0x2e) mount(&(0x7f00000004c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000300)='./file1\x00', 0x14927e, 0x0) fallocate(r0, 0x0, 0x0, 0x1001f0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x40, 0x8005, 0x0, 0x0, 0xa, 0x4, "ef359f413bb93852f7d6a4ae6dddfbd1000000000000ff91031905b9aaaaf755a3f6a004000000000001000200", "036c47c6780820d1cbf733970000cf33768bbd9bffbcc2542ded71038259ca171ce1a310ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204, 0xffffffffffffffff]}) fallocate(r0, 0x3, 0x36e, 0x10000) 14.932960801s ago: executing program 4 (id=1265): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) bpf$MAP_DELETE_ELEM(0x2, 0x0, 0x0) socket$kcm(0x2c, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'ipvlan0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r3], 0x44}}, 0x0) 14.850098029s ago: executing program 4 (id=1272): bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, 0x0, r0, 0x0, 0x46) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7}, 0x18) close(r0) 14.844025869s ago: executing program 32 (id=1272): bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, 0x0, r0, 0x0, 0x46) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x7}, 0x18) close(r0) 1.616875742s ago: executing program 0 (id=1619): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r3, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000005c0)={0x4, 0x100, 0x1, 0x9, 0x400, 0x4, 0x2007, 0x7ffffffe}, 0x20) splice(r2, 0x0, r0, 0x0, 0x20000000000002, 0x2) 1.350927788s ago: executing program 1 (id=1635): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xf, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000009000000000000000200000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000cba327d3b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='tlb_flush\x00', r4}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r1}, 0x10) 1.324628901s ago: executing program 1 (id=1637): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20) r1 = socket$phonet(0x23, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4) bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0x4, r2, 0x30, r0}, 0x10) 1.145257368s ago: executing program 1 (id=1642): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x4}, 0x18) socket$netlink(0x10, 0x3, 0x0) r2 = socket(0xa, 0x5, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000100)={0x2017be01}) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000000)={0x40000000}) 1.086511504s ago: executing program 1 (id=1643): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x3}, 0x100002, 0x0, 0xffffffff, 0x2, 0x4, 0x100000, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0xb}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) sendto$inet6(r0, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) 1.042298898s ago: executing program 1 (id=1645): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000dc0)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbb0180c200000386dd6d002000006488ff00000000000000000000000000000000ff0200000000000000000000000000014f194e20004d90"], 0x9e) recvmmsg(r0, &(0x7f00000019c0)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000480)=""/236, 0xec}], 0x1}, 0x10000}], 0x1, 0x100, 0x0) 1.041352038s ago: executing program 3 (id=1646): socket(0x28, 0x5, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) 972.622395ms ago: executing program 3 (id=1649): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59) connect$inet6(r2, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x1e) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "2d432d74c04f228a", "d71d9a1e03558545115509e1c34caab9", "59f7766d", "5e33931677e0f2d7"}, 0x28) close(r2) 953.557647ms ago: executing program 3 (id=1650): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) timer_create(0x2, 0x0, &(0x7f0000bbdffc)) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xfe299e1951b87db8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x10000) 927.805329ms ago: executing program 2 (id=1651): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10208}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) r3 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000000c0)=ANY=[]) 857.158386ms ago: executing program 3 (id=1652): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r0}, 0x18) socket$netlink(0x10, 0x3, 0x10) openat(0xffffffffffffff9c, 0x0, 0xa000, 0xce) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000240)={@remote}, 0x14) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000280)={@remote}, 0x14) close(r1) 847.704227ms ago: executing program 3 (id=1653): perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x9) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$rds(0x15, 0x5, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x10000000000000, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 832.900669ms ago: executing program 2 (id=1654): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.stat\x00', 0x275a, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'macvlan1\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f00000004c0)={r4, 0x3, 0x6, @random="5e1cf8b4c253"}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f00000000c0)={r4, 0x3, 0x6, @random="cea0300a1672"}, 0x10) dup2(r1, r2) 806.234811ms ago: executing program 2 (id=1655): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000000)='kmem_cache_free\x00', r2, 0x0, 0xd4}, 0x18) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8000) 765.652435ms ago: executing program 0 (id=1656): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000300)=""/180}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 758.940656ms ago: executing program 5 (id=1657): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r2, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000340)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) recvmsg(0xffffffffffffffff, 0x0, 0x1f00) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdbf, 0x0, 0x0, 0x0, 0x80}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r4, 0x0, 0x2}, 0x18) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000400)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x34}}, 0x4000080) 695.635802ms ago: executing program 5 (id=1658): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xf4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10) r3 = dup2(r0, r0) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x8}) ioctl$BLKTRACESETUP(r3, 0x1276, 0x0) 684.436413ms ago: executing program 2 (id=1659): epoll_create1(0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x70, 0x103301) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) 682.409023ms ago: executing program 0 (id=1660): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = gettid() timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_REAPURB(r3, 0x4004550c, 0x0) 664.223805ms ago: executing program 0 (id=1661): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff7) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x6}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETOFFLOAD(r3, 0x4004743d, 0x110e22fff6) write$cgroup_type(r3, &(0x7f0000000280), 0xfffffeed) 599.657082ms ago: executing program 0 (id=1662): socket$inet_tcp(0x2, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18) sync() syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f0000000080), 0x6, 0x605, &(0x7f00000001c0)="$eJzs3c9rHFUcAPDvzCYxaaNpRcQWxYCHFqRpUotVL7b1YMGCBXsQ8dDQJDVk+4MmBVsLpuBBQUHEq0gv/gPepXdvIqg3z0IVqSiodGV2Z9pNspuubbKbZD4f2OS9N7P73ndnX+bNTN5OAKU1mv1II3ZF3D6VRIw0LRuOxsLRfL1bv189nT2SqNXe+C2JJC8r1k/y39vzzGBEfHc04tHKynrnL1+Zm6zWGt6P2L9w9sL++ctX9s2enTwzfWb63MSBFw4eGn9x4uDEmsS5Pf997PjrT37ywTvPz3xf3ZfE4TjZ/95ULItjrYzGaNzOQ2wu74uIQ1mixfuy2WyBEEqtkn8e+yPi8RiJSj3XMBKzH/e0ccC6qlUiakBJJfo/lFQxDiiO7Ts7Dj65zqOS7rl5pHEAtDL+vsa5kRisHxttu5U0HRk1zm3sWIP6szr+vbr7i+wRS85D/HVn6/StQT3tLF6LiCdaxZ/U27ajHmkWf/6E8WJpIzmQt++VB2hD0pRej/Mwq+k8/nTJdkgj4nD+Oys/ep/1jy7Ldzt+AMrpxpF8R76Y5e7u/7KxRzH+iRbjn+EW+6770ev9X/vxX7G/H6yfI0+XjcOyMcuJ1i/Zv7zg54+Ofdau/ubxX/bI6i/Ggt1w81rE7mXxf5gFm49/sviTFts/W+XU4c7qePWHX4+1W9br+GvXI/a0PP65OyrNUqtcn9w/M1udHm/8bFnHN9++/VW7+nsdf7b9t7WJv2n7p8ufl70nFzqs4+sT18+2WzZ8z/jTXwaSxvHmQF7y7uTCwsWJiIHkeL5KU/mB1dtSrFO8Rhb/3mda9/8ln/9rS19nqPiT2YELb87darfsfrZ/08Xk27UO29BOFv/Uvbf/iv6flX3aYR1/vnXpqXbLVot/6EECAwAAAAAAgBJK69dgk3TsTjpNx8Ya82Ufi21p9fz8wrMz5y+dm4rYW/9/yP60uNI90sgnWX4i/3/YIn9gWf65iNgZEZ9Xhur5sdPnq1O9Dh4AAAAAAAAAAAAAAAAAAAA2iO35/P/iPtV/VBrz/4GSWM8bzAEbm/4P5VXv/ytu8QSUgf0/lJf+D+Wl/0N56f9QXvo/lJf+D+Wl/0N56f8AAAAAsCXtfPrGT0lELL40VH9kBvJlZgTB1tbf6wYAPVPpdQOAnrlz6d9gH0qno/H/3/mXA65/c4AeSFoV1gcHtdU7/42WzwQAAAAAAAAAAAAA1sGeXe3n/5sbDFubaX9QXg8w/99XB8Am56v/obwc4wP3msU/2G6B+f8AAAAAAAAAAAAA0DXD9UeSjuVzgYcjTcfGIh6OiB3Rn8zMVqfHI+KRiPix0v9Qlp/odaMBAAAAAAAAAAAAAAAAAABgi5m/fGVuslqdvtic+GdFydzk1IqSrZMo7oLahbpejv/5rEi6/7YMRUSWeK2yyodk0yb6mkqSiMUswg3RsIvzsTGaUU/08q8SAAAAAAAAAAAAAAAAAACUU9Pc49Z2f9nlFgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA9929///6JXodIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwOf0XAAD//5j/PS4=") 598.983032ms ago: executing program 2 (id=1663): r0 = socket$kcm(0x10, 0x2, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@bridge_delvlan={0x30, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r3}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x3}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x4}}}]}, 0x30}}, 0x0) close(r0) socket$kcm(0x10, 0x2, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x24000890}, 0x0) 594.003252ms ago: executing program 5 (id=1664): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x3e, &(0x7f0000000300)={@link_local, @random="2059249b3790", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "108114", 0x8, 0x11, 0x0, @empty, @mcast2, {[], {0x0, 0xe22, 0x8}}}}}}, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="080086dd0001"], 0xfdef) 508.557ms ago: executing program 0 (id=1665): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x1a) close(r1) 417.558289ms ago: executing program 2 (id=1666): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffa9, 0x0, 0x0, 0x0, 0xb709}, 0x94) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 388.929722ms ago: executing program 5 (id=1667): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff0000/0x2000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x3, 0xc4}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, &(0x7f00000004c0), 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @rand_addr=0x64010102}]}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='*'], 0x50) io_uring_enter(r0, 0x2219, 0xcf74, 0x1a, 0x0, 0x0) 370.871794ms ago: executing program 5 (id=1668): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) write$cgroup_type(r1, &(0x7f0000000280), 0xffffff34) 247.647506ms ago: executing program 5 (id=1669): r0 = socket$pptp(0x18, 0x1, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f00000000c0), &(0x7f0000000140)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_connect(0x1, 0x24, &(0x7f0000000680)={{0x12, 0x1, 0x200, 0x74, 0x9c, 0x21, 0x10, 0xbd5c, 0xbba1, 0x279c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x8, 0x5, 0xd0, 0x7a, [{{0x9, 0x4, 0xdd, 0x9, 0x0, 0x8, 0x4, 0x50, 0x4}}]}}]}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 204.4966ms ago: executing program 1 (id=1670): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000340)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x300, 0x0, 0x28, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0x0, 0x700}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c) 0s ago: executing program 3 (id=1671): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000180)=0xb27, 0x4) connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto(r0, &(0x7f0000000740)="50fbdf12a30d7a48b2c5c84948f3426077a9f0ca1475183db3bf52a6b2cdb77ef9af2a603a3e78adff59fbb22bae1b2443011fd801251bcef8f165533aac58c7556dd51edc5a6865d4e29f0bbd0ed602050000000000002944de604d849a1e3b32905b0d26e9ff34b83f38a2ae8b1c", 0x6f, 0x4008044, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f00000003c0)='}', 0x1) sendto$inet(r0, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa4677d2eae3bc831e748000000", 0xfffffffffffffe88, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): ontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 33.420540][ T3317] veth0_macvtap: entered promiscuous mode [ 33.433997][ T29] audit: type=1400 audit(1761307761.531:86): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/root/syzkaller.bOlleO/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 33.449412][ T3317] veth1_macvtap: entered promiscuous mode [ 33.467093][ T29] audit: type=1400 audit(1761307761.541:87): avc: denied { unmount } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 33.494683][ T29] audit: type=1400 audit(1761307761.541:88): avc: denied { mounton } for pid=3313 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 33.495320][ T3313] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 33.517558][ T29] audit: type=1400 audit(1761307761.541:89): avc: denied { mount } for pid=3313 comm="syz-executor" name="/" dev="gadgetfs" ino=3747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 33.557519][ T3321] veth1_macvtap: entered promiscuous mode [ 33.568666][ T52] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.577750][ T52] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.597812][ T29] audit: type=1400 audit(1761307761.811:90): avc: denied { read write } for pid=3313 comm="syz-executor" name="loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 33.608524][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.635720][ T52] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.648946][ T3325] veth1_vlan: entered promiscuous mode [ 33.657435][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.668674][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.677180][ T52] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.687778][ T3481] loop0: detected capacity change from 0 to 512 [ 33.695576][ T52] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.708668][ T52] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.726207][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.739233][ T3481] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.754724][ T3481] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.771751][ T3325] veth0_macvtap: entered promiscuous mode [ 33.782640][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.784059][ T2443] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.826659][ T3325] veth1_macvtap: entered promiscuous mode [ 33.847294][ T2443] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.872009][ T3325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.887253][ T168] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.897603][ T3325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.918698][ T168] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.946172][ T3495] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.963797][ T168] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.973727][ T168] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.985944][ T168] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.034945][ T168] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.057476][ T168] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.075774][ T168] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.117852][ T3519] loop4: detected capacity change from 0 to 128 [ 34.126309][ T3519] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 34.140522][ T3519] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 34.158375][ T3524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 34.167110][ T3524] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 34.181291][ T37] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 34.236449][ T3530] Illegal XDP return value 4294967274 on prog (id 9) dev syz_tun, expect packet loss! [ 34.278700][ T3536] loop2: detected capacity change from 0 to 128 [ 34.379476][ T3545] loop3: detected capacity change from 0 to 512 [ 34.385992][ T3543] loop4: detected capacity change from 0 to 8192 [ 34.388460][ T3536] syz.2.16: attempt to access beyond end of device [ 34.388460][ T3536] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 34.405491][ T3536] Buffer I/O error on dev loop2, logical block 2078, async page read [ 34.409713][ T3545] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 34.422332][ T3536] syz.2.16: attempt to access beyond end of device [ 34.422332][ T3536] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 34.436065][ T3545] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.20: couldn't read orphan inode 26 (err -116) [ 34.439770][ T3536] Buffer I/O error on dev loop2, logical block 2078, async page read [ 34.460578][ T3536] syz.2.16: attempt to access beyond end of device [ 34.460578][ T3536] loop2: rw=0, sector=2078, nr_sectors = 1 limit=128 [ 34.462217][ T3545] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.473723][ T3536] Buffer I/O error on dev loop2, logical block 2078, async page read [ 34.487579][ T3545] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.574342][ T3325] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.631214][ T3552] loop3: detected capacity change from 0 to 128 [ 34.638432][ T3552] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 34.651721][ T3552] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 34.691756][ T3555] syz.4.23 uses obsolete (PF_INET,SOCK_PACKET) [ 34.701379][ T37] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 34.736118][ T3559] process 'syz.3.24' launched './file1' with NULL argv: empty string added [ 34.909753][ T3573] loop0: detected capacity change from 0 to 256 [ 34.916664][ T3573] ======================================================= [ 34.916664][ T3573] WARNING: The mand mount option has been deprecated and [ 34.916664][ T3573] and is ignored by this kernel. Remove the mand [ 34.916664][ T3573] option from the mount to silence this warning. [ 34.916664][ T3573] ======================================================= [ 35.038556][ T3586] loop2: detected capacity change from 0 to 512 [ 35.095063][ T3586] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a84ec018, mo2=0002] [ 35.111605][ T3586] System zones: 0-2, 18-18, 34-35 [ 35.131441][ T3586] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.166805][ T3586] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 35.232146][ T3606] netlink: 8 bytes leftover after parsing attributes in process `syz.4.43'. [ 35.240938][ T3606] netlink: 12 bytes leftover after parsing attributes in process `syz.4.43'. [ 35.249880][ T3606] netlink: 'syz.4.43': attribute type 11 has an invalid length. [ 35.274701][ T37] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 35.275365][ T3606] netlink: 8 bytes leftover after parsing attributes in process `syz.4.43'. [ 35.283875][ T37] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 35.292240][ T3606] netlink: 12 bytes leftover after parsing attributes in process `syz.4.43'. [ 35.301206][ T37] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 35.309807][ T3606] netlink: 'syz.4.43': attribute type 11 has an invalid length. [ 35.319956][ T37] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 35.327573][ T3586] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 35.341906][ T3606] Zero length message leads to an empty skb [ 35.520922][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.686099][ T3617] loop3: detected capacity change from 0 to 512 [ 35.747607][ T3617] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.808390][ T3617] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.825340][ T3617] netlink: 'syz.3.49': attribute type 13 has an invalid length. [ 35.888242][ T3617] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.895561][ T3617] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.958194][ T3617] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 35.969739][ T3617] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 36.076348][ T31] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.086250][ T31] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.095582][ T31] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.108100][ T31] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.156951][ T3617] syz.3.49 (3617) used greatest stack depth: 9824 bytes left [ 36.165692][ T3325] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.206256][ T3640] netlink: 'syz.3.58': attribute type 3 has an invalid length. [ 36.310553][ T3652] 9pnet_fd: Insufficient options for proto=fd [ 36.388195][ T3661] loop2: detected capacity change from 0 to 512 [ 36.400904][ T3661] EXT4-fs: Ignoring removed oldalloc option [ 36.408387][ T3661] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 36.409973][ T3663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 36.444038][ T3663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 36.488747][ T3661] EXT4-fs (loop2): too many log groups per flexible block group [ 36.496590][ T3661] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 36.503431][ T3661] EXT4-fs (loop2): mount failed [ 37.218307][ C0] vcan0: j1939_tp_rxtimer: 0xffff88811a92f600: rx timeout, send abort [ 37.467668][ T3688] loop3: detected capacity change from 0 to 8192 [ 37.726679][ C0] vcan0: j1939_tp_rxtimer: 0xffff88811a92f600: abort rx timeout. Force session deactivation [ 37.968197][ T3697] loop1: detected capacity change from 0 to 128 [ 37.980239][ T3697] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 38.007430][ T3697] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 38.045680][ T37] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 38.110483][ T3703] loop1: detected capacity change from 0 to 512 [ 38.114637][ T3636] Bluetooth: hci0: command 0x1003 tx timeout [ 38.122806][ T3582] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 38.156389][ T3703] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.80: couldn't read orphan inode 26 (err -116) [ 38.175667][ T3709] loop0: detected capacity change from 0 to 128 [ 38.182524][ T3703] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.186531][ T3709] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 38.202189][ T3703] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.277371][ T3711] 9pnet_fd: Insufficient options for proto=fd [ 38.289021][ T3709] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 38.340096][ T31] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 38.350468][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.377074][ T3712] loop4: detected capacity change from 0 to 512 [ 38.402453][ T3712] EXT4-fs: Ignoring removed oldalloc option [ 38.416458][ T3712] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 38.435559][ T3712] EXT4-fs (loop4): too many log groups per flexible block group [ 38.453475][ T3712] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 38.463432][ T3712] EXT4-fs (loop4): mount failed [ 38.478175][ T3719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 38.500857][ T3719] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.700693][ T29] kauditd_printk_skb: 109 callbacks suppressed [ 38.700737][ T29] audit: type=1400 audit(1761307766.921:200): avc: denied { mount } for pid=3729 comm="syz.0.96" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 38.748618][ T29] audit: type=1400 audit(1761307766.961:201): avc: denied { read } for pid=3732 comm="syz.4.87" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 38.805261][ T29] audit: type=1400 audit(1761307767.031:202): avc: denied { unmount } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 38.838430][ T3738] loop0: detected capacity change from 0 to 512 [ 38.875918][ T3738] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.895913][ T3738] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.931949][ T29] audit: type=1400 audit(1761307767.151:203): avc: denied { add_name } for pid=3736 comm="syz.0.90" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 38.952506][ T29] audit: type=1400 audit(1761307767.151:204): avc: denied { create } for pid=3736 comm="syz.0.90" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 38.972570][ T29] audit: type=1400 audit(1761307767.151:205): avc: denied { create } for pid=3742 comm="syz.3.91" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 38.999708][ T29] audit: type=1400 audit(1761307767.151:206): avc: denied { read write } for pid=3736 comm="syz.0.90" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 39.022174][ T29] audit: type=1400 audit(1761307767.151:207): avc: denied { open } for pid=3736 comm="syz.0.90" path="/11/file1/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 39.044940][ T29] audit: type=1326 audit(1761307767.151:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3742 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c40befc9 code=0x7ffc0000 [ 39.068138][ T29] audit: type=1326 audit(1761307767.151:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3742 comm="syz.3.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01c40befc9 code=0x7ffc0000 [ 39.094780][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.161611][ T3752] loop3: detected capacity change from 0 to 128 [ 39.172331][ T3752] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 39.214614][ T3752] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 39.246634][ T168] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 39.300340][ T3757] 9pnet_fd: Insufficient options for proto=fd [ 39.555131][ T3759] loop3: detected capacity change from 0 to 512 [ 39.702013][ T3759] EXT4-fs: Ignoring removed oldalloc option [ 39.772116][ T3759] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 39.806715][ T3759] EXT4-fs (loop3): too many log groups per flexible block group [ 39.816306][ T3759] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 39.823166][ T3759] EXT4-fs (loop3): mount failed [ 39.953973][ T3777] loop4: detected capacity change from 0 to 2048 [ 40.050752][ T3777] EXT4-fs (loop4): failed to initialize system zone (-117) [ 40.058324][ T3777] EXT4-fs (loop4): mount failed [ 40.071169][ T3777] netlink: 'syz.4.104': attribute type 13 has an invalid length. [ 40.139343][ T3777] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.146596][ T3777] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.195477][ T3777] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 40.205373][ T3777] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 40.262834][ T2443] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 40.271928][ T2443] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.291247][ T2443] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 40.300358][ T2443] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.325367][ T2443] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 40.334401][ T2443] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.343688][ T2443] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 40.352754][ T2443] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.503422][ T3829] 9pnet_fd: Insufficient options for proto=fd [ 40.647709][ T3836] loop1: detected capacity change from 0 to 512 [ 40.680901][ T3836] EXT4-fs: Ignoring removed oldalloc option [ 40.699909][ T3836] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 40.776486][ T3836] EXT4-fs (loop1): too many log groups per flexible block group [ 40.784369][ T3836] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 40.791378][ T3836] EXT4-fs (loop1): mount failed [ 41.134543][ T3851] vhci_hcd: invalid port number 96 [ 41.139752][ T3851] vhci_hcd: default hub control req: 2000 vfffc i0060 l7 [ 41.489006][ T3881] netlink: 12 bytes leftover after parsing attributes in process `syz.3.136'. [ 41.520953][ T52] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.546903][ T52] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.554645][ T3881] netlink: 12 bytes leftover after parsing attributes in process `syz.3.136'. [ 41.561591][ T52] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.619258][ T37] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.628860][ T3888] netlink: 4 bytes leftover after parsing attributes in process `syz.0.140'. [ 41.710716][ T3898] 9pnet_fd: Insufficient options for proto=fd [ 41.855738][ T3904] loop0: detected capacity change from 0 to 512 [ 42.012021][ T3904] EXT4-fs: Ignoring removed oldalloc option [ 42.092025][ T3904] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 42.147495][ T3904] EXT4-fs (loop0): too many log groups per flexible block group [ 42.176961][ T3904] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 42.203338][ T3904] EXT4-fs (loop0): mount failed [ 42.216660][ T3920] unsupported nla_type 52263 [ 42.447713][ T3940] netlink: 4 bytes leftover after parsing attributes in process `syz.0.162'. [ 42.535344][ T3388] kernel write not supported for file bpf-prog (pid: 3388 comm: kworker/0:3) [ 42.561657][ T3949] 9p: Unknown Cache mode or invalid value free [ 42.805266][ T3965] 9pnet_fd: Insufficient options for proto=fd [ 42.868297][ T3965] loop2: detected capacity change from 0 to 512 [ 42.875479][ T3965] EXT4-fs: Ignoring removed oldalloc option [ 42.882228][ T3965] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 42.922769][ T3965] EXT4-fs (loop2): too many log groups per flexible block group [ 42.932791][ T3965] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 42.940230][ T3965] EXT4-fs (loop2): mount failed [ 43.532801][ T3981] loop3: detected capacity change from 0 to 764 [ 43.680866][ T4005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 43.690496][ T4003] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4003 comm=syz.2.189 [ 43.701521][ T4005] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 43.702959][ T4003] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4003 comm=syz.2.189 [ 43.764219][ T29] kauditd_printk_skb: 95 callbacks suppressed [ 43.764280][ T29] audit: type=1400 audit(1761307771.981:305): avc: denied { execmem } for pid=4008 comm="syz.4.191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 43.859830][ T4015] 9pnet_fd: Insufficient options for proto=fd [ 43.928986][ T4019] loop0: detected capacity change from 0 to 512 [ 43.939962][ T4019] EXT4-fs: Ignoring removed oldalloc option [ 43.965103][ T4019] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 44.013245][ T4019] EXT4-fs (loop0): too many log groups per flexible block group [ 44.021066][ T4019] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 44.028144][ T4019] EXT4-fs (loop0): mount failed [ 44.110238][ T29] audit: type=1326 audit(1761307772.331:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4029 comm="syz.4.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 44.133653][ T29] audit: type=1326 audit(1761307772.331:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4029 comm="syz.4.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 44.172103][ T29] audit: type=1326 audit(1761307772.331:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4029 comm="syz.4.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 44.195477][ T29] audit: type=1326 audit(1761307772.331:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4029 comm="syz.4.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 44.218747][ T29] audit: type=1326 audit(1761307772.331:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4029 comm="syz.4.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 44.242041][ T29] audit: type=1326 audit(1761307772.331:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4029 comm="syz.4.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 44.265284][ T29] audit: type=1326 audit(1761307772.331:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4029 comm="syz.4.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 44.288515][ T29] audit: type=1326 audit(1761307772.331:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4029 comm="syz.4.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 44.311751][ T29] audit: type=1326 audit(1761307772.331:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4029 comm="syz.4.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 44.586212][ T4059] gretap0: entered promiscuous mode [ 44.605219][ T4061] 9pnet_fd: Insufficient options for proto=fd [ 44.828914][ T4061] loop4: detected capacity change from 0 to 512 [ 44.860567][ T4061] EXT4-fs: Ignoring removed oldalloc option [ 44.902044][ T4061] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 44.977484][ T4061] EXT4-fs (loop4): too many log groups per flexible block group [ 45.033857][ T4061] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 45.099718][ T4061] EXT4-fs (loop4): mount failed [ 45.145281][ T4078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.216'. [ 45.155308][ T4078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.216'. [ 45.179782][ T4075] loop1: detected capacity change from 0 to 8192 [ 45.284444][ T4080] Falling back ldisc for ttyS3. [ 45.375993][ T4090] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 45.397065][ T4093] loop3: detected capacity change from 0 to 512 [ 45.413362][ T4093] EXT4-fs (loop3): orphan cleanup on readonly fs [ 45.433952][ C1] hrtimer: interrupt took 40904 ns [ 45.437847][ T4093] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.223: bad orphan inode 13 [ 45.449496][ T4093] ext4_test_bit(bit=12, block=18) = 1 [ 45.454909][ T4093] is_bad_inode(inode)=0 [ 45.459083][ T4093] NEXT_ORPHAN(inode)=2130706432 [ 45.464058][ T4093] max_ino=32 [ 45.467265][ T4093] i_nlink=1 [ 45.477671][ T4093] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 45.490965][ T4093] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 45.504737][ T4093] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 45.521609][ T3325] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.603653][ T4109] 9pnet_fd: Insufficient options for proto=fd [ 45.615622][ T4110] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.228' sets config #0 [ 45.674342][ T4114] loop3: detected capacity change from 0 to 512 [ 45.683087][ T4114] EXT4-fs: Ignoring removed oldalloc option [ 45.692002][ T4114] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 45.711593][ T4114] EXT4-fs (loop3): too many log groups per flexible block group [ 45.720354][ T4114] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 45.727343][ T4114] EXT4-fs (loop3): mount failed [ 46.108406][ T4131] netlink: 228 bytes leftover after parsing attributes in process `syz.2.236'. [ 46.369597][ T4144] loop0: detected capacity change from 0 to 164 [ 46.377261][ T4144] Unable to read rock-ridge attributes [ 46.384772][ T4144] Unable to read rock-ridge attributes [ 46.415604][ T4148] netlink: 12 bytes leftover after parsing attributes in process `syz.0.245'. [ 46.424780][ T4146] netlink: 16 bytes leftover after parsing attributes in process `syz.3.244'. [ 46.452294][ T4150] 9pnet_fd: Insufficient options for proto=fd [ 46.508231][ T4150] loop0: detected capacity change from 0 to 512 [ 46.517754][ T4150] EXT4-fs: Ignoring removed oldalloc option [ 46.527332][ T4150] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 46.554826][ T4150] EXT4-fs (loop0): too many log groups per flexible block group [ 46.562608][ T4150] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 46.572550][ T4150] EXT4-fs (loop0): mount failed [ 46.679879][ T4164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.251'. [ 46.774234][ T4173] netlink: 'syz.0.254': attribute type 2 has an invalid length. [ 46.840165][ T4181] can0: slcan on ttyS3. [ 46.849940][ T4183] loop0: detected capacity change from 0 to 128 [ 46.857743][ T4183] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 46.873065][ T4183] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 46.894095][ T4181] can0 (unregistered): slcan off ttyS3. [ 46.906144][ T4181] Falling back ldisc for ttyS3. [ 46.933445][ T4192] af_packet: tpacket_rcv: packet too big, clamped from 65232 to 4294967272. macoff=96 [ 47.228529][ T4217] 9pnet_fd: Insufficient options for proto=fd [ 47.316296][ T4220] loop4: detected capacity change from 0 to 512 [ 47.402563][ T4222] loop2: detected capacity change from 0 to 512 [ 47.445225][ T4220] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.509350][ T4222] EXT4-fs: Ignoring removed oldalloc option [ 47.552507][ T4220] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.575578][ T4222] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 47.591506][ T4220] netlink: 4 bytes leftover after parsing attributes in process `syz.4.265'. [ 47.611422][ T4222] EXT4-fs (loop2): too many log groups per flexible block group [ 47.619388][ T4222] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 47.626480][ T4222] EXT4-fs (loop2): mount failed [ 47.660081][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.694455][ T4235] netlink: 8 bytes leftover after parsing attributes in process `syz.4.268'. [ 47.723626][ T4235] netlink: 8 bytes leftover after parsing attributes in process `syz.4.268'. [ 47.961413][ T4252] macvlan1: entered promiscuous mode [ 47.994828][ T4252] ipvlan0: entered promiscuous mode [ 48.000596][ T4252] ipvlan0: left promiscuous mode [ 48.015308][ T4252] macvlan1: left promiscuous mode [ 48.238543][ T4264] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.498190][ T4264] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.796917][ T29] kauditd_printk_skb: 150 callbacks suppressed [ 48.796933][ T29] audit: type=1400 audit(1761307777.021:465): avc: denied { ioctl } for pid=4273 comm="syz.0.284" path="socket:[6846]" dev="sockfs" ino=6846 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 48.872430][ T4278] netlink: 7 bytes leftover after parsing attributes in process `syz.3.286'. [ 48.893489][ T29] audit: type=1400 audit(1761307777.111:466): avc: denied { mount } for pid=4281 comm="syz.4.288" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 48.984896][ T29] audit: type=1400 audit(1761307777.121:467): avc: denied { unmount } for pid=4281 comm="syz.4.288" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 49.004543][ T29] audit: type=1326 audit(1761307777.201:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4285 comm="syz.0.289" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc3150efc9 code=0x0 [ 49.094072][ T4299] netlink: 68 bytes leftover after parsing attributes in process `syz.3.296'. [ 49.157793][ T29] audit: type=1400 audit(1761307777.381:469): avc: denied { shutdown } for pid=4301 comm="syz.3.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 49.201100][ T29] audit: type=1400 audit(1761307777.401:470): avc: denied { getopt } for pid=4301 comm="syz.3.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 49.254141][ T4306] netlink: 12 bytes leftover after parsing attributes in process `syz.1.299'. [ 49.374600][ T29] audit: type=1400 audit(1761307777.601:471): avc: denied { load_policy } for pid=4316 comm="syz.1.304" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 49.385303][ T4317] SELinux: failed to load policy [ 49.670885][ T29] audit: type=1326 audit(1761307777.891:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4324 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6d365efc9 code=0x7ffc0000 [ 49.694336][ T29] audit: type=1326 audit(1761307777.891:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4324 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6d365efc9 code=0x7ffc0000 [ 49.717672][ T29] audit: type=1326 audit(1761307777.891:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4324 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7fa6d365efc9 code=0x7ffc0000 [ 49.796573][ T4327] netlink: 176 bytes leftover after parsing attributes in process `syz.1.309'. [ 49.823689][ T4329] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13 sclass=netlink_route_socket pid=4329 comm=syz.0.310 [ 49.854169][ T4329] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13 sclass=netlink_route_socket pid=4329 comm=syz.0.310 [ 49.874056][ T4329] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13 sclass=netlink_route_socket pid=4329 comm=syz.0.310 [ 49.966447][ T4340] netlink: 1040 bytes leftover after parsing attributes in process `wÞ££‘'. [ 50.050968][ T4345] netlink: 12 bytes leftover after parsing attributes in process `syz.1.318'. [ 50.128889][ T4350] loop1: detected capacity change from 0 to 164 [ 50.208749][ T4352] loop3: detected capacity change from 0 to 256 [ 50.232155][ T4352] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 198) [ 50.240346][ T4352] FAT-fs (loop3): Filesystem has been set read-only [ 50.273249][ T4358] loop1: detected capacity change from 0 to 128 [ 50.303245][ T4358] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 50.322143][ T4362] mmap: syz.0.327 (4362) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 50.515587][ T2443] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 50.534646][ T2443] kworker/u8:7: attempt to access beyond end of device [ 50.534646][ T2443] loop1: rw=1, sector=169, nr_sectors = 8 limit=128 [ 50.564042][ T2443] kworker/u8:7: attempt to access beyond end of device [ 50.564042][ T2443] loop1: rw=1, sector=185, nr_sectors = 16 limit=128 [ 50.602248][ T2443] kworker/u8:7: attempt to access beyond end of device [ 50.602248][ T2443] loop1: rw=1, sector=209, nr_sectors = 8 limit=128 [ 50.620430][ T2443] kworker/u8:7: attempt to access beyond end of device [ 50.620430][ T2443] loop1: rw=1, sector=225, nr_sectors = 8 limit=128 [ 50.643010][ T2443] kworker/u8:7: attempt to access beyond end of device [ 50.643010][ T2443] loop1: rw=1, sector=241, nr_sectors = 8 limit=128 [ 50.658531][ T2443] kworker/u8:7: attempt to access beyond end of device [ 50.658531][ T2443] loop1: rw=1, sector=257, nr_sectors = 8 limit=128 [ 50.672654][ T2443] kworker/u8:7: attempt to access beyond end of device [ 50.672654][ T2443] loop1: rw=1, sector=273, nr_sectors = 8 limit=128 [ 50.694676][ T4378] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4378 comm=syz.4.333 [ 50.712244][ T2443] kworker/u8:7: attempt to access beyond end of device [ 50.712244][ T2443] loop1: rw=1, sector=289, nr_sectors = 8 limit=128 [ 50.725796][ T2443] kworker/u8:7: attempt to access beyond end of device [ 50.725796][ T2443] loop1: rw=1, sector=305, nr_sectors = 8 limit=128 [ 50.739266][ T2443] kworker/u8:7: attempt to access beyond end of device [ 50.739266][ T2443] loop1: rw=1, sector=321, nr_sectors = 8 limit=128 [ 51.280695][ T4408] $Hÿ: renamed from bond0 (while UP) [ 51.325047][ T4408] $Hÿ: entered promiscuous mode [ 51.330169][ T4408] bond_slave_0: entered promiscuous mode [ 51.336053][ T4408] bond_slave_1: entered promiscuous mode [ 51.464589][ T4418] syzkaller1: entered promiscuous mode [ 51.470128][ T4418] syzkaller1: entered allmulticast mode [ 51.752517][ T4441] loop4: detected capacity change from 0 to 512 [ 51.767043][ T1036] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x4 [ 51.774854][ T1036] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x2 [ 51.777403][ T4441] EXT4-fs: Ignoring removed oldalloc option [ 51.789415][ T1036] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 51.797222][ T1036] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 51.804928][ T1036] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 51.812605][ T1036] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 51.814102][ T4441] /dev/loop4: Can't open blockdev [ 51.820299][ T1036] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 51.833194][ T1036] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 51.840887][ T1036] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 51.848663][ T1036] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 51.921336][ T4452] netlink: 8 bytes leftover after parsing attributes in process `syz.0.359'. [ 51.932897][ T1036] hid-generic 0000:3000000:0000.0001: hidraw0: HID v0.00 Device [sy] on syz0 [ 51.961040][ T4457] netlink: 20 bytes leftover after parsing attributes in process `syz.4.361'. [ 52.023796][ T4455] fido_id[4455]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 52.091139][ T4473] loop1: detected capacity change from 0 to 512 [ 52.120749][ T4477] netlink: 28 bytes leftover after parsing attributes in process `syz.0.371'. [ 52.132326][ T4473] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.146407][ T4480] netlink: 52 bytes leftover after parsing attributes in process `syz.3.372'. [ 52.161833][ T4473] EXT4-fs (loop1): shut down requested (0) [ 52.193848][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.262186][ T4498] netlink: 'syz.1.379': attribute type 3 has an invalid length. [ 52.368257][ T4505] loop1: detected capacity change from 0 to 512 [ 52.376929][ T4505] EXT4-fs: Ignoring removed i_version option [ 52.383006][ T4505] EXT4-fs: Ignoring removed bh option [ 52.405487][ T4505] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.491372][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.600976][ T4525] netlink: 7 bytes leftover after parsing attributes in process `syz.1.390'. [ 52.610077][ T4525] netlink: 7 bytes leftover after parsing attributes in process `syz.1.390'. [ 52.816536][ T4545] netlink: 8 bytes leftover after parsing attributes in process `syz.1.399'. [ 53.158788][ T4582] netlink: 16 bytes leftover after parsing attributes in process `syz.1.415'. [ 53.216035][ T4591] loop1: detected capacity change from 0 to 764 [ 53.227649][ T4591] rock: directory entry would overflow storage [ 53.233869][ T4591] rock: sig=0x4654, size=5, remaining=4 [ 53.276288][ T4597] pim6reg1: entered promiscuous mode [ 53.281726][ T4597] pim6reg1: entered allmulticast mode [ 53.322706][ T4603] program syz.2.424 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 53.412324][ T4610] loop1: detected capacity change from 0 to 1024 [ 53.428224][ T4610] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.445028][ T4610] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 1 with error 28 [ 53.457533][ T4610] EXT4-fs (loop1): This should not happen!! Data will be lost [ 53.457533][ T4610] [ 53.467259][ T4610] EXT4-fs (loop1): Total free blocks count 0 [ 53.473304][ T4610] EXT4-fs (loop1): Free/Dirty block details [ 53.479221][ T4610] EXT4-fs (loop1): free_blocks=0 [ 53.484263][ T4610] EXT4-fs (loop1): dirty_blocks=0 [ 53.489353][ T4610] EXT4-fs (loop1): Block reservation details [ 53.495416][ T4610] EXT4-fs (loop1): i_reserved_data_blocks=0 [ 53.516177][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.021915][ T4635] pimreg: entered allmulticast mode [ 54.029218][ T4635] pimreg: left allmulticast mode [ 54.164020][ T29] kauditd_printk_skb: 118 callbacks suppressed [ 54.164037][ T29] audit: type=1400 audit(54.117:593): avc: denied { write } for pid=4648 comm="syz.3.443" path="socket:[8052]" dev="sockfs" ino=8052 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 54.207177][ T4660] netlink: 'syz.0.449': attribute type 3 has an invalid length. [ 54.224413][ T29] audit: type=1326 audit(54.177:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4655 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 54.247028][ T29] audit: type=1326 audit(54.177:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4655 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 54.269695][ T29] audit: type=1326 audit(54.177:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4655 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 54.292286][ T29] audit: type=1326 audit(54.177:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4655 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 54.325041][ T4668] netlink: 4 bytes leftover after parsing attributes in process `syz.1.448'. [ 54.334316][ T4668] netlink: 4 bytes leftover after parsing attributes in process `syz.1.448'. [ 54.343700][ T29] audit: type=1326 audit(54.227:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4655 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 54.366324][ T29] audit: type=1326 audit(54.247:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4655 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 54.388983][ T29] audit: type=1326 audit(54.247:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4655 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 54.411619][ T29] audit: type=1326 audit(54.247:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4655 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 54.434247][ T29] audit: type=1326 audit(54.247:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4655 comm="syz.4.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f590b7defc9 code=0x7ffc0000 [ 54.479931][ T4675] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 54.487187][ T4675] IPv6: NLM_F_CREATE should be set when creating new route [ 54.494452][ T4675] IPv6: NLM_F_CREATE should be set when creating new route [ 54.501717][ T4675] IPv6: NLM_F_CREATE should be set when creating new route [ 54.540732][ T4677] SELinux: ebitmap: truncated map [ 54.559606][ T4677] SELinux: failed to load policy [ 54.652380][ T4691] loop4: detected capacity change from 0 to 512 [ 54.673649][ T4691] EXT4-fs: Ignoring removed orlov option [ 54.718384][ T4691] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 54.754868][ T4691] EXT4-fs (loop4): 1 orphan inode deleted [ 54.760713][ T4691] EXT4-fs (loop4): 1 truncate cleaned up [ 54.771552][ T4691] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.801189][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.068322][ T4743] loop4: detected capacity change from 0 to 1024 [ 55.118907][ T4743] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 55.147544][ T4743] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 55.159721][ T4759] loop2: detected capacity change from 0 to 128 [ 55.292534][ T4776] loop4: detected capacity change from 0 to 256 [ 55.319931][ T4779] loop2: detected capacity change from 0 to 2048 [ 55.343809][ T4779] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.359088][ T4776] FAT-fs (loop4): error, corrupted file size (i_pos 196, 2097152) [ 55.366996][ T4776] FAT-fs (loop4): Filesystem has been set read-only [ 55.460043][ T4784] netlink: 'syz.4.502': attribute type 2 has an invalid length. [ 55.478352][ T3321] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 55.507722][ T3388] IPVS: starting estimator thread 0... [ 55.516876][ T3321] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 55.534568][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.602998][ T4797] 9pnet_fd: Insufficient options for proto=fd [ 55.609622][ T4786] IPVS: using max 1872 ests per chain, 93600 per kthread [ 55.620314][ T4799] ALSA: seq fatal error: cannot create timer (-19) [ 55.894974][ T4820] netlink: 'syz.4.516': attribute type 2 has an invalid length. [ 56.206964][ T4827] bridge_slave_1: left allmulticast mode [ 56.212673][ T4827] bridge_slave_1: left promiscuous mode [ 56.218474][ T4827] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.373080][ T4827] bridge_slave_0: left allmulticast mode [ 56.378802][ T4827] bridge_slave_0: left promiscuous mode [ 56.384563][ T4827] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.631066][ T4847] loop4: detected capacity change from 0 to 256 [ 56.638031][ T4847] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 56.663230][ T4855] 9pnet_fd: Insufficient options for proto=fd [ 56.669937][ T4847] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 56.906023][ T4876] netlink: 'syz.4.540': attribute type 9 has an invalid length. [ 57.103022][ T4887] __nla_validate_parse: 10 callbacks suppressed [ 57.103036][ T4887] netlink: 24 bytes leftover after parsing attributes in process `syz.2.545'. [ 57.616755][ T4915] netlink: 4 bytes leftover after parsing attributes in process `syz.0.556'. [ 57.628790][ T4917] netlink: 4 bytes leftover after parsing attributes in process `syz.2.557'. [ 57.651315][ T4917] netlink: 4 bytes leftover after parsing attributes in process `syz.2.557'. [ 57.651548][ T12] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 57.760011][ T12] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 57.786142][ T12] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 57.795474][ T12] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 57.807319][ T4928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 57.816640][ T4928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 57.848144][ T4930] netlink: 4 bytes leftover after parsing attributes in process `syz.3.563'. [ 57.864221][ T4930] bridge_slave_1: left allmulticast mode [ 57.869910][ T4930] bridge_slave_1: left promiscuous mode [ 57.875606][ T4930] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.883625][ T4930] bridge_slave_0: left allmulticast mode [ 57.889550][ T4930] bridge_slave_0: left promiscuous mode [ 57.895695][ T4930] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.434628][ T4968] netlink: 4 bytes leftover after parsing attributes in process `syz.1.579'. [ 58.557278][ T4974] loop4: detected capacity change from 0 to 128 [ 58.572001][ T4977] loop2: detected capacity change from 0 to 256 [ 58.583576][ T4977] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 58.607572][ T4977] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 58.619610][ T4974] FAT-fs (loop4): Directory bread(block 32) failed [ 58.629340][ T4974] FAT-fs (loop4): Directory bread(block 33) failed [ 58.638926][ T4974] FAT-fs (loop4): Directory bread(block 34) failed [ 58.645736][ T4974] FAT-fs (loop4): Directory bread(block 35) failed [ 58.664018][ T4974] FAT-fs (loop4): Directory bread(block 36) failed [ 58.670594][ T4974] FAT-fs (loop4): Directory bread(block 37) failed [ 58.694207][ T4974] FAT-fs (loop4): Directory bread(block 38) failed [ 58.700926][ T4974] FAT-fs (loop4): Directory bread(block 39) failed [ 58.707734][ T4974] FAT-fs (loop4): Directory bread(block 40) failed [ 58.714424][ T4974] FAT-fs (loop4): Directory bread(block 41) failed [ 58.957547][ T5002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.975536][ T5002] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.989687][ T5005] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 58.991422][ T5006] pimreg: entered allmulticast mode [ 58.996972][ T5005] IPv6: NLM_F_CREATE should be set when creating new route [ 58.996986][ T5005] IPv6: NLM_F_CREATE should be set when creating new route [ 58.996997][ T5005] IPv6: NLM_F_CREATE should be set when creating new route [ 59.029482][ T5006] pimreg: left allmulticast mode [ 59.059214][ T5008] 9pnet_fd: Insufficient options for proto=fd [ 59.124900][ T5014] loop4: detected capacity change from 0 to 512 [ 59.142208][ T5014] EXT4-fs: Ignoring removed oldalloc option [ 59.156033][ T5014] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 59.194942][ T5020] loop2: detected capacity change from 0 to 1024 [ 59.235490][ T5020] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.255266][ T5023] loop1: detected capacity change from 0 to 2048 [ 59.277270][ T5014] EXT4-fs (loop4): too many log groups per flexible block group [ 59.280756][ T5020] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 1 with error 28 [ 59.294271][ T5014] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 59.297397][ T5020] EXT4-fs (loop2): This should not happen!! Data will be lost [ 59.297397][ T5020] [ 59.313820][ T5020] EXT4-fs (loop2): Total free blocks count 0 [ 59.314198][ T5023] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.319875][ T5020] EXT4-fs (loop2): Free/Dirty block details [ 59.337805][ T5020] EXT4-fs (loop2): free_blocks=0 [ 59.342768][ T5020] EXT4-fs (loop2): dirty_blocks=0 [ 59.347950][ T5020] EXT4-fs (loop2): Block reservation details [ 59.349000][ T5014] EXT4-fs (loop4): mount failed [ 59.354070][ T5020] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 59.476182][ T3317] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 59.512609][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.522485][ T3317] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 59.541520][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.945759][ T29] kauditd_printk_skb: 91 callbacks suppressed [ 59.945775][ T29] audit: type=1326 audit(59.927:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5046 comm="syz.1.609" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa6d365efc9 code=0x0 [ 60.096007][ T5050] netlink: 4 bytes leftover after parsing attributes in process `syz.3.610'. [ 60.522143][ T5066] netlink: 8 bytes leftover after parsing attributes in process `syz.4.617'. [ 60.574358][ T5073] netlink: 20 bytes leftover after parsing attributes in process `syz.0.620'. [ 60.576713][ T5069] netlink: 'syz.3.619': attribute type 3 has an invalid length. [ 60.621484][ T5077] 9pnet_fd: Insufficient options for proto=fd [ 60.658215][ T29] audit: type=1326 audit(60.637:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5080 comm="syz.4.624" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f590b7defc9 code=0x0 [ 60.944400][ T36] hid_parser_main: 6 callbacks suppressed [ 60.944437][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4 [ 60.957950][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2 [ 60.974276][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 60.981975][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 60.989732][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 60.997426][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 61.005102][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 61.012937][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 61.020654][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 61.028424][ T36] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 61.082925][ T5108] netlink: 'syz.0.633': attribute type 3 has an invalid length. [ 61.093847][ T5107] netlink: 4 bytes leftover after parsing attributes in process `syz.1.634'. [ 61.107504][ T36] hid-generic 0000:3000000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 61.129884][ T29] audit: type=1326 audit(61.107:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5110 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3150efc9 code=0x7ffc0000 [ 61.163116][ T5112] fido_id[5112]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 61.182622][ T29] audit: type=1326 audit(61.107:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5110 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3150efc9 code=0x7ffc0000 [ 61.205296][ T29] audit: type=1326 audit(61.107:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5110 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbc3150efc9 code=0x7ffc0000 [ 61.223787][ T5117] loop2: detected capacity change from 0 to 512 [ 61.228003][ T29] audit: type=1326 audit(61.107:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5110 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3150efc9 code=0x7ffc0000 [ 61.256705][ T29] audit: type=1326 audit(61.107:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5110 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3150efc9 code=0x7ffc0000 [ 61.277208][ T5117] EXT4-fs: Ignoring removed oldalloc option [ 61.279554][ T29] audit: type=1326 audit(61.107:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5110 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fbc3150efc9 code=0x7ffc0000 [ 61.307836][ T29] audit: type=1326 audit(61.107:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5110 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3150efc9 code=0x7ffc0000 [ 61.330456][ T29] audit: type=1326 audit(61.107:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5110 comm="syz.0.636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbc3150efc9 code=0x7ffc0000 [ 61.353819][ T5120] 9pnet_fd: Insufficient options for proto=fd [ 61.375357][ T5117] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.427503][ T5125] $Hÿ: renamed from bond0 (while UP) [ 61.435005][ T5126] loop1: detected capacity change from 0 to 512 [ 61.441833][ T5117] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.638: bg 0: block 217: padding at end of block bitmap is not set [ 61.458048][ T5126] EXT4-fs: Ignoring removed oldalloc option [ 61.459747][ T5125] $Hÿ: entered promiscuous mode [ 61.469094][ T5125] bond_slave_0: entered promiscuous mode [ 61.474885][ T5125] bond_slave_1: entered promiscuous mode [ 61.494274][ T5126] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 61.511208][ T5128] loop4: detected capacity change from 0 to 164 [ 61.533156][ T5126] EXT4-fs (loop1): too many log groups per flexible block group [ 61.572486][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.573574][ T5126] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 61.609880][ T5126] EXT4-fs (loop1): mount failed [ 61.627511][ T5138] loop4: detected capacity change from 0 to 128 [ 61.733686][ T5138] bio_check_eod: 99 callbacks suppressed [ 61.733708][ T5138] syz.4.647: attempt to access beyond end of device [ 61.733708][ T5138] loop4: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 61.763169][ T5138] syz.4.647: attempt to access beyond end of device [ 61.763169][ T5138] loop4: rw=34817, sector=113, nr_sectors = 16 limit=128 [ 61.789753][ T5138] syz.4.647: attempt to access beyond end of device [ 61.789753][ T5138] loop4: rw=34817, sector=145, nr_sectors = 16 limit=128 [ 61.906553][ T5162] loop2: detected capacity change from 0 to 512 [ 61.914224][ T5162] EXT4-fs: Ignoring removed bh option [ 61.930079][ T5162] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.093797][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.138386][ T5172] loop1: detected capacity change from 0 to 512 [ 62.183183][ T5172] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 62.224594][ T5172] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 62.238104][ T5172] EXT4-fs (loop1): 1 truncate cleaned up [ 62.245617][ T5172] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.401529][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.100463][ T5235] hsr0: entered promiscuous mode [ 63.106499][ T5236] sctp: [Deprecated]: syz.0.686 (pid 5236) Use of struct sctp_assoc_value in delayed_ack socket option. [ 63.106499][ T5236] Use struct sctp_sack_info instead [ 63.122970][ T5235] vlan2: entered promiscuous mode [ 63.278940][ T5255] loop4: detected capacity change from 0 to 1024 [ 63.292279][ T5257] loop1: detected capacity change from 0 to 512 [ 63.318211][ T5255] EXT4-fs: Ignoring removed orlov option [ 63.324025][ T5255] EXT4-fs: Ignoring removed nomblk_io_submit option [ 63.350412][ T5257] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.377463][ T5257] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #2: comm syz.1.695: corrupted inode contents [ 63.389764][ T5257] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #2: comm syz.1.695: mark_inode_dirty error [ 63.401863][ T5255] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.414669][ T5257] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #2: comm syz.1.695: corrupted inode contents [ 63.447275][ T5257] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #2: comm syz.1.695: corrupted inode contents [ 63.459979][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.475911][ T5257] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #2: comm syz.1.695: mark_inode_dirty error [ 63.508307][ T5257] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #2: comm syz.1.695: corrupted inode contents [ 63.520599][ T5279] 9pnet_fd: Insufficient options for proto=fd [ 63.527250][ T5257] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.695: mark_inode_dirty error [ 63.556606][ T5257] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #2: comm syz.1.695: corrupted inode contents [ 63.569591][ T5257] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #2: comm syz.1.695: mark_inode_dirty error [ 63.623463][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.783888][ T5306] __nla_validate_parse: 1 callbacks suppressed [ 63.783903][ T5306] netlink: 14 bytes leftover after parsing attributes in process `syz.3.718'. [ 63.823014][ T5306] hsr_slave_0: left promiscuous mode [ 63.830743][ T5306] hsr_slave_1: left promiscuous mode [ 63.861539][ T5311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.720'. [ 64.112680][ T5334] SELinux: Context system_u:object is not valid (left unmapped). [ 64.230735][ T5351] loop4: detected capacity change from 0 to 128 [ 64.241142][ T5352] netlink: 32 bytes leftover after parsing attributes in process `syz.3.737'. [ 64.259075][ T5351] syz.4.738 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 64.269690][ T3693] IPVS: starting estimator thread 0... [ 64.277270][ T5356] loop1: detected capacity change from 0 to 512 [ 64.301806][ T5356] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 64.320258][ T5356] EXT4-fs (loop1): 1 truncate cleaned up [ 64.349725][ T5356] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 64.384495][ T5357] IPVS: using max 1776 ests per chain, 88800 per kthread [ 64.415727][ T5363] loop5: detected capacity change from 0 to 7 [ 64.466510][ T5366] netlink: 332 bytes leftover after parsing attributes in process `syz.4.744'. [ 64.475674][ T5366] netlink: 'syz.4.744': attribute type 9 has an invalid length. [ 64.483340][ T5366] netlink: 108 bytes leftover after parsing attributes in process `syz.4.744'. [ 64.492488][ T5366] netlink: 32 bytes leftover after parsing attributes in process `syz.4.744'. [ 64.562805][ T5369] loop4: detected capacity change from 0 to 1024 [ 64.611180][ T5371] netlink: 4 bytes leftover after parsing attributes in process `syz.2.746'. [ 64.639652][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.674200][ T5369] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 64.710495][ T5377] loop2: detected capacity change from 0 to 764 [ 64.745617][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.785940][ T5381] netlink: 4 bytes leftover after parsing attributes in process `syz.1.752'. [ 64.805928][ T5384] netlink: 16 bytes leftover after parsing attributes in process `syz.0.750'. [ 64.823346][ T5385] loop4: detected capacity change from 0 to 512 [ 64.832362][ T5377] Symlink component flag not implemented [ 64.838077][ T5377] Symlink component flag not implemented [ 64.846067][ T5381] netlink: 12 bytes leftover after parsing attributes in process `syz.1.752'. [ 64.855559][ T5385] EXT4-fs: Ignoring removed oldalloc option [ 64.869444][ T5377] Symlink component flag not implemented (129) [ 64.875691][ T5377] Symlink component flag not implemented (6) [ 64.884658][ T5385] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: comm syz.4.751: Parent and EA inode have the same ino 15 [ 64.910483][ T5385] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: comm syz.4.751: Parent and EA inode have the same ino 15 [ 64.924500][ T5385] EXT4-fs (loop4): 1 orphan inode deleted [ 64.924533][ T5377] rock: directory entry would overflow storage [ 64.930918][ T5385] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.936456][ T5377] rock: sig=0x4f50, size=4, remaining=3 [ 64.954581][ T5377] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 64.963776][ T29] kauditd_printk_skb: 85 callbacks suppressed [ 64.963790][ T29] audit: type=1400 audit(64.937:789): avc: denied { execute } for pid=5390 comm="syz.0.754" name="file0" dev="tmpfs" ino=763 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 65.011154][ T29] audit: type=1400 audit(64.967:790): avc: denied { execute_no_trans } for pid=5390 comm="syz.0.754" path="/143/file0" dev="tmpfs" ino=763 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 65.033747][ T29] audit: type=1326 audit(64.967:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5376 comm="syz.2.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 65.056295][ T29] audit: type=1326 audit(64.967:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5376 comm="syz.2.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 65.085038][ T29] audit: type=1400 audit(65.017:793): avc: denied { unmount } for pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 65.093079][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.133737][ T29] audit: type=1400 audit(65.107:794): avc: denied { create } for pid=5392 comm="syz.1.755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 65.172449][ T29] audit: type=1400 audit(65.127:795): avc: denied { connect } for pid=5392 comm="syz.1.755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 65.191421][ T29] audit: type=1400 audit(65.127:796): avc: denied { write } for pid=5392 comm="syz.1.755" path="socket:[11371]" dev="sockfs" ino=11371 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 65.219905][ T29] audit: type=1400 audit(65.147:797): avc: denied { name_bind } for pid=5401 comm="syz.3.760" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 65.240950][ T29] audit: type=1400 audit(65.197:798): avc: denied { create } for pid=5406 comm="syz.2.763" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 65.269457][ T5411] netlink: 'syz.1.762': attribute type 10 has an invalid length. [ 65.284032][ T5411] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 65.292872][ T5414] loop4: detected capacity change from 0 to 1024 [ 65.326234][ T5414] EXT4-fs: Ignoring removed nobh option [ 65.331875][ T5414] EXT4-fs: Ignoring removed bh option [ 65.354492][ T5414] EXT4-fs (loop4): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 65.375848][ T5414] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 66.050237][ T5465] geneve2: entered promiscuous mode [ 66.083659][ T5467] macvtap0: entered promiscuous mode [ 66.090389][ T5467] macvtap0: left promiscuous mode [ 66.152015][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.397722][ T5501] loop9: detected capacity change from 0 to 7 [ 66.404652][ T5501] Buffer I/O error on dev loop9, logical block 0, async page read [ 66.412538][ T5501] Buffer I/O error on dev loop9, logical block 0, async page read [ 66.420547][ T5501] loop9: unable to read partition table [ 66.427962][ T5501] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯  [ 66.427962][ T5501] ) failed (rc=-5) [ 66.442426][ T3307] Buffer I/O error on dev loop9, logical block 0, async page read [ 66.458964][ T3307] Buffer I/O error on dev loop9, logical block 0, async page read [ 66.485301][ T3307] Buffer I/O error on dev loop9, logical block 0, async page read [ 66.493283][ T3307] Buffer I/O error on dev loop9, logical block 0, async page read [ 66.517532][ T5511] 9pnet_fd: Insufficient options for proto=fd [ 66.523872][ T3307] Buffer I/O error on dev loop9, logical block 0, async page read [ 66.572900][ T5512] veth1_macvtap: left promiscuous mode [ 66.879833][ T5548] loop1: detected capacity change from 0 to 512 [ 66.923025][ T5548] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.953741][ T5548] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #2: comm syz.1.819: corrupted inode contents [ 66.972880][ T5559] 9pnet_fd: Insufficient options for proto=fd [ 67.003752][ T5548] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #2: comm syz.1.819: mark_inode_dirty error [ 67.076511][ T5548] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #2: comm syz.1.819: corrupted inode contents [ 67.111020][ T5548] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.819: mark_inode_dirty error [ 67.180947][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.333369][ T5596] vlan2: entered allmulticast mode [ 67.338554][ T5596] bridge_slave_0: entered allmulticast mode [ 67.458853][ T5606] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5606 comm=syz.0.840 [ 67.483394][ T5584] loop4: detected capacity change from 0 to 512 [ 67.526925][ T5584] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.843: bad orphan inode 11862016 [ 67.553673][ T5584] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 67.700466][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 68.224079][ T5683] ALSA: seq fatal error: cannot create timer (-19) [ 68.256864][ T5694] loop4: detected capacity change from 0 to 164 [ 68.267100][ T5694] ISOFS: unable to read i-node block [ 68.272493][ T5694] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 68.339516][ T5702] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5702 comm=syz.0.885 [ 68.352119][ T5702] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5702 comm=syz.0.885 [ 68.526247][ T5725] loop2: detected capacity change from 0 to 512 [ 68.564099][ T5725] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 68.598898][ T5725] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 68.665741][ T5743] vhci_hcd: invalid port number 96 [ 68.670921][ T5743] vhci_hcd: default hub control req: 2000 vfffc i0060 l7 [ 68.763390][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 68.800224][ T5761] __nla_validate_parse: 6 callbacks suppressed [ 68.800240][ T5761] netlink: 19 bytes leftover after parsing attributes in process `syz.4.912'. [ 68.806825][ T5760] tipc: Started in network mode [ 68.820428][ T5760] tipc: Node identity ac14140f, cluster identity 4711 [ 68.845241][ T5760] tipc: New replicast peer: 255.255.255.83 [ 68.851157][ T5760] tipc: Enabled bearer , priority 10 [ 68.932451][ T5776] syzkaller1: entered promiscuous mode [ 68.938019][ T5776] syzkaller1: entered allmulticast mode [ 69.059305][ T5783] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 69.069370][ T5783] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.105940][ T5783] geneve2: left promiscuous mode [ 69.117112][ T57] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.151712][ T57] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.183659][ T57] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.198888][ T5802] loop1: detected capacity change from 0 to 164 [ 69.214258][ T5805] atomic_op ffff88811acba528 conn xmit_atomic 0000000000000000 [ 69.218414][ T5803] SELinux: failed to load policy [ 69.236258][ T57] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.260094][ T5802] ISOFS: unable to read i-node block [ 69.269225][ T5802] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 69.354950][ T5813] netlink: 'syz.3.936': attribute type 83 has an invalid length. [ 69.377478][ T5823] netlink: 19 bytes leftover after parsing attributes in process `syz.2.940'. [ 69.491669][ T5837] netlink: 172 bytes leftover after parsing attributes in process `syz.3.946'. [ 69.522691][ T5841] netlink: 'syz.4.948': attribute type 10 has an invalid length. [ 69.534250][ T5841] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 69.736601][ T5852] netlink: 96 bytes leftover after parsing attributes in process `syz.3.952'. [ 69.755565][ T5853] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=5853 comm=syz.2.951 [ 69.974873][ T36] tipc: Node number set to 2886997007 [ 70.265787][ T5867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.957'. [ 70.279531][ T5867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.957'. [ 70.559975][ T29] kauditd_printk_skb: 192 callbacks suppressed [ 70.559992][ T29] audit: type=1400 audit(70.535:991): avc: denied { map } for pid=5884 comm="syz.0.964" path="socket:[12292]" dev="sockfs" ino=12292 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 70.588846][ T29] audit: type=1400 audit(70.535:992): avc: denied { read } for pid=5884 comm="syz.0.964" path="socket:[12292]" dev="sockfs" ino=12292 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 70.774236][ T29] audit: type=1400 audit(70.745:993): avc: denied { create } for pid=5891 comm="syz.2.967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 70.893509][ T5898] sd 0:0:1:0: device reset [ 70.899708][ T5900] netlink: 36 bytes leftover after parsing attributes in process `syz.1.971'. [ 70.908755][ T29] audit: type=1400 audit(70.865:994): avc: denied { write } for pid=5895 comm="syz.2.968" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 70.951257][ T29] audit: type=1326 audit(70.925:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5909 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c40befc9 code=0x7ffc0000 [ 71.016089][ T29] audit: type=1326 audit(70.955:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5909 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c40befc9 code=0x7ffc0000 [ 71.038798][ T29] audit: type=1326 audit(70.955:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5909 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01c40befc9 code=0x7ffc0000 [ 71.038823][ T29] audit: type=1326 audit(70.955:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5909 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c40befc9 code=0x7ffc0000 [ 71.038865][ T29] audit: type=1326 audit(70.955:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5909 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01c40befc9 code=0x7ffc0000 [ 71.106530][ T29] audit: type=1326 audit(70.955:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5909 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01c40befc9 code=0x7ffc0000 [ 71.357126][ T5945] block device autoloading is deprecated and will be removed. [ 71.403043][ T5949] veth0_vlan: entered allmulticast mode [ 71.436080][ T5949] veth0_vlan: left promiscuous mode [ 71.457064][ T5949] veth0_vlan: entered promiscuous mode [ 71.489724][ T5955] 9pnet_fd: Insufficient options for proto=fd [ 71.573497][ T5964] loop0: detected capacity change from 0 to 512 [ 71.585872][ T5967] netlink: 64 bytes leftover after parsing attributes in process `syz.4.998'. [ 71.614426][ T5964] EXT4-fs: Ignoring removed oldalloc option [ 71.641944][ T5964] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 71.686316][ T5964] EXT4-fs (loop0): too many log groups per flexible block group [ 71.694224][ T5964] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 71.713990][ T5964] EXT4-fs (loop0): mount failed [ 71.791509][ T5981] SELinux: failed to load policy [ 72.186755][ T6001] netlink: 'syz.2.1011': attribute type 10 has an invalid length. [ 72.195020][ T6001] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.196175][ T6003] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1012'. [ 72.202391][ T6001] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.211258][ T6003] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1012'. [ 72.232007][ T6001] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.239096][ T6001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.246461][ T6001] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.253561][ T6001] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.281436][ T6001] bridge0: entered promiscuous mode [ 72.287122][ T6001] $Hÿ: (slave bridge0): Enslaving as an active interface with an up link [ 72.497298][ T6016] loop1: detected capacity change from 0 to 512 [ 72.503963][ T6016] EXT4-fs: Ignoring removed bh option [ 72.521208][ T6016] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 72.547926][ T6020] loop2: detected capacity change from 0 to 1024 [ 72.554888][ T6016] EXT4-fs (loop1): 1 truncate cleaned up [ 72.561043][ T6016] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.577123][ T6016] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 72.596828][ T6028] loop0: detected capacity change from 0 to 512 [ 72.603838][ T6016] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 72.614374][ T6020] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.638083][ T6028] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 72.705181][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.870013][ T6028] EXT4-fs (loop0): 1 truncate cleaned up [ 72.890685][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.900288][ T6040] netlink: 'syz.1.1024': attribute type 10 has an invalid length. [ 72.909586][ T6028] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.990019][ T6043] pim6reg1: entered promiscuous mode [ 72.995424][ T6043] pim6reg1: entered allmulticast mode [ 73.018619][ T6045] loop1: detected capacity change from 0 to 512 [ 73.044260][ T6045] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.076584][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.114630][ T6045] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.634880][ T6080] 9pnet_fd: Insufficient options for proto=fd [ 73.698654][ T6084] loop4: detected capacity change from 0 to 512 [ 73.736938][ T6084] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 73.774094][ T6080] loop1: detected capacity change from 0 to 512 [ 73.784360][ T6084] EXT4-fs (loop4): 1 truncate cleaned up [ 73.790504][ T6084] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.819155][ T6080] EXT4-fs: Ignoring removed oldalloc option [ 73.862890][ T6080] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.895099][ T6080] EXT4-fs (loop1): too many log groups per flexible block group [ 73.903789][ T6080] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 73.952563][ T6080] EXT4-fs (loop1): mount failed [ 73.997847][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.067159][ T6094] loop0: detected capacity change from 0 to 256 [ 74.135559][ T6094] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 198) [ 74.143681][ T6094] FAT-fs (loop0): Filesystem has been set read-only [ 74.196139][ T6098] loop4: detected capacity change from 0 to 128 [ 74.308824][ T6102] program syz.2.1050 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 74.334738][ T6102] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 74.388729][ T6113] geneve2: entered promiscuous mode [ 74.393543][ T6116] __nla_validate_parse: 2 callbacks suppressed [ 74.393605][ T6116] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1056'. [ 74.438259][ T6118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1057'. [ 74.477467][ T6120] loop2: detected capacity change from 0 to 2048 [ 74.552924][ T6127] netlink: 'syz.3.1061': attribute type 10 has an invalid length. [ 74.581721][ T3307] loop2: p1 p2 p3 [ 74.632727][ T6120] loop2: p1 p2 p3 [ 74.757710][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 74.769067][ T3307] udevd[3307]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 74.780376][ T3720] udevd[3720]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 74.807991][ T6154] loop4: detected capacity change from 0 to 512 [ 74.822804][ T6154] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 74.852610][ T6154] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 74.865474][ T6158] loop2: detected capacity change from 0 to 512 [ 74.873843][ T6158] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 74.886253][ T6158] EXT4-fs (loop2): 1 truncate cleaned up [ 74.892317][ T6158] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.930595][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.973791][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 74.984247][ T6165] Falling back ldisc for ttyS3. [ 75.361972][ T6189] loop4: detected capacity change from 0 to 512 [ 75.368871][ T6189] EXT4-fs: Ignoring removed bh option [ 75.388414][ T6189] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.432461][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.551572][ T6204] netlink: 'syz.2.1088': attribute type 4 has an invalid length. [ 75.570354][ T29] kauditd_printk_skb: 178 callbacks suppressed [ 75.570379][ T29] audit: type=1400 audit(75.545:1179): avc: denied { execute } for pid=6201 comm="syz.3.1089" path="/264/file1" dev="tmpfs" ino=1390 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 75.576795][ T6206] loop4: detected capacity change from 0 to 512 [ 75.599520][ T6204] netlink: 'syz.2.1088': attribute type 4 has an invalid length. [ 75.628195][ T6206] EXT4-fs: Ignoring removed orlov option [ 75.649911][ T6206] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 75.660634][ T29] audit: type=1400 audit(75.635:1180): avc: denied { create } for pid=6209 comm="syz.2.1092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 75.701006][ T29] audit: type=1400 audit(75.655:1181): avc: denied { setopt } for pid=6209 comm="syz.2.1092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 75.703717][ T6206] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 75.719980][ T29] audit: type=1400 audit(75.655:1182): avc: denied { bind } for pid=6209 comm="syz.2.1092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 75.746515][ T29] audit: type=1400 audit(75.655:1183): avc: denied { name_bind } for pid=6209 comm="syz.2.1092" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 75.767675][ T29] audit: type=1400 audit(75.655:1184): avc: denied { node_bind } for pid=6209 comm="syz.2.1092" saddr=::ffff:0.0.0.0 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 75.768252][ T6206] EXT4-fs error (device loop4): ext4_iget_extra_inode:5075: inode #15: comm syz.4.1090: corrupted in-inode xattr: e_value size too large [ 75.789606][ T29] audit: type=1400 audit(75.655:1185): avc: denied { write } for pid=6209 comm="syz.2.1092" laddr=::ffff:0.0.0.0 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 75.789639][ T29] audit: type=1400 audit(75.655:1186): avc: denied { connect } for pid=6209 comm="syz.2.1092" laddr=::ffff:0.0.0.0 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 75.789722][ T29] audit: type=1400 audit(75.655:1187): avc: denied { name_connect } for pid=6209 comm="syz.2.1092" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 75.813764][ T6206] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1090: couldn't read orphan inode 15 (err -117) [ 75.855871][ T29] audit: type=1400 audit(75.715:1188): avc: denied { tracepoint } for pid=6213 comm="syz.3.1093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 75.870107][ T6206] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.922819][ T6217] pim6reg1: entered promiscuous mode [ 75.928179][ T6217] pim6reg1: entered allmulticast mode [ 75.947983][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.236000][ T6237] loop4: detected capacity change from 0 to 512 [ 76.242663][ T6237] EXT4-fs: Ignoring removed orlov option [ 76.260709][ T6237] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.1103: inode has both inline data and extents flags [ 76.277044][ T6237] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1103: couldn't read orphan inode 15 (err -117) [ 76.293215][ T6237] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.357604][ T6247] sch_fq: defrate 0 ignored. [ 76.400568][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.436693][ T6255] loop4: detected capacity change from 0 to 128 [ 76.522330][ T6259] loop2: detected capacity change from 0 to 1024 [ 76.548531][ T6259] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.570592][ T2443] kworker/u8:7: attempt to access beyond end of device [ 76.570592][ T2443] loop4: rw=1, sector=145, nr_sectors = 8 limit=128 [ 76.584320][ T2443] kworker/u8:7: attempt to access beyond end of device [ 76.584320][ T2443] loop4: rw=1, sector=161, nr_sectors = 8 limit=128 [ 76.600563][ T6259] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4193: comm syz.2.1111: Allocating blocks 497-513 which overlap fs metadata [ 76.612297][ T2443] kworker/u8:7: attempt to access beyond end of device [ 76.612297][ T2443] loop4: rw=1, sector=177, nr_sectors = 8 limit=128 [ 76.615626][ T6259] EXT4-fs (loop2): pa ffff888106e69540: logic 16, phys. 129, len 24 [ 76.629633][ T2443] kworker/u8:7: attempt to access beyond end of device [ 76.629633][ T2443] loop4: rw=1, sector=193, nr_sectors = 8 limit=128 [ 76.635912][ T6259] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 1 [ 76.649491][ T2443] kworker/u8:7: attempt to access beyond end of device [ 76.649491][ T2443] loop4: rw=1, sector=209, nr_sectors = 8 limit=128 [ 76.672671][ T2443] kworker/u8:7: attempt to access beyond end of device [ 76.672671][ T2443] loop4: rw=1, sector=225, nr_sectors = 8 limit=128 [ 76.686343][ T2443] kworker/u8:7: attempt to access beyond end of device [ 76.686343][ T2443] loop4: rw=1, sector=241, nr_sectors = 8 limit=128 [ 76.700073][ T2443] kworker/u8:7: attempt to access beyond end of device [ 76.700073][ T2443] loop4: rw=1, sector=257, nr_sectors = 8 limit=128 [ 76.713443][ T2443] kworker/u8:7: attempt to access beyond end of device [ 76.713443][ T2443] loop4: rw=1, sector=273, nr_sectors = 8 limit=128 [ 76.727214][ T2443] kworker/u8:7: attempt to access beyond end of device [ 76.727214][ T2443] loop4: rw=1, sector=289, nr_sectors = 8 limit=128 [ 76.728094][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.717733][ T6315] netlink: 'syz.0.1134': attribute type 27 has an invalid length. [ 77.771575][ T6315] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.778835][ T6315] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.789947][ T6315] $Hÿ: left promiscuous mode [ 77.794975][ T6315] bond_slave_0: left promiscuous mode [ 77.800779][ T6315] bond_slave_1: left promiscuous mode [ 77.845457][ T6315] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.856606][ T6315] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.921180][ T6325] 8021q: adding VLAN 0 to HW filter on device $Hÿ [ 77.932718][ T6325] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.947065][ T6331] 9pnet_fd: Insufficient options for proto=fd [ 77.953376][ T6325] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 77.974915][ T2443] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.984504][ T2443] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.999489][ T2443] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.011753][ T2443] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.057210][ T6337] loop2: detected capacity change from 0 to 512 [ 78.078781][ T6337] EXT4-fs: Ignoring removed oldalloc option [ 78.086504][ T6337] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.136381][ T6337] EXT4-fs (loop2): too many log groups per flexible block group [ 78.145040][ T6337] EXT4-fs (loop2): failed to initialize mballoc (-12) [ 78.152214][ T6337] EXT4-fs (loop2): mount failed [ 78.159557][ T6351] ªªªªªª: renamed from vlan0 [ 78.606037][ T6372] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1156'. [ 78.768715][ T6377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1159'. [ 78.890312][ T6385] loop2: detected capacity change from 0 to 1024 [ 78.897220][ T6385] EXT4-fs: inline encryption not supported [ 78.916547][ T6385] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.947766][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.954776][ T6393] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1164'. [ 79.068004][ T6401] xt_hashlimit: max too large, truncated to 1048576 [ 79.177976][ T6413] loop2: detected capacity change from 0 to 1024 [ 79.185469][ T6413] EXT4-fs: Ignoring removed nomblk_io_submit option [ 79.192740][ T6413] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.223844][ T6413] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.334691][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.402226][ T6425] loop4: detected capacity change from 0 to 1024 [ 79.415900][ T6425] EXT4-fs: Ignoring removed orlov option [ 79.421651][ T6425] EXT4-fs: Ignoring removed nomblk_io_submit option [ 79.442043][ T6425] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.471120][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.539902][ T168] syzkaller0: tun_net_xmit 76 [ 79.544811][ T168] syzkaller0: tun_net_xmit 48 [ 79.550881][ T6432] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 79.556798][ T6432] syzkaller0: Linktype set failed because interface is up [ 79.564120][ T1036] syzkaller0: tun_net_xmit 76 [ 79.627927][ T6438] loop4: detected capacity change from 0 to 512 [ 79.639232][ T6438] EXT4-fs (loop4): 1 truncate cleaned up [ 79.647504][ T6438] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.774671][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.830727][ T6447] loop4: detected capacity change from 0 to 1024 [ 79.846638][ T6447] EXT4-fs: inline encryption not supported [ 79.897971][ T6447] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.918583][ T6452] loop2: detected capacity change from 0 to 1024 [ 79.968551][ T6452] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.049077][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.092190][ T6452] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 1 with error 28 [ 80.104717][ T6452] EXT4-fs (loop2): This should not happen!! Data will be lost [ 80.104717][ T6452] [ 80.114516][ T6452] EXT4-fs (loop2): Total free blocks count 0 [ 80.120520][ T6452] EXT4-fs (loop2): Free/Dirty block details [ 80.126469][ T6452] EXT4-fs (loop2): free_blocks=0 [ 80.131426][ T6452] EXT4-fs (loop2): dirty_blocks=0 [ 80.136535][ T6452] EXT4-fs (loop2): Block reservation details [ 80.142517][ T6452] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 80.178549][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.190927][ T6411] syz.3.1172 (6411) used greatest stack depth: 7304 bytes left [ 80.222740][ T6470] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1194'. [ 80.443764][ T6503] netlink: 'syz.2.1212': attribute type 27 has an invalid length. [ 80.477044][ T6503] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.484276][ T6503] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.495446][ T6503] $Hÿ: left promiscuous mode [ 80.500250][ T6503] bond_slave_0: left promiscuous mode [ 80.506322][ T6503] bond_slave_1: left promiscuous mode [ 80.512107][ T6503] bridge0: left promiscuous mode [ 80.546088][ T6503] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 80.556388][ T6503] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 80.592703][ T6503] geneve2: left promiscuous mode [ 80.640626][ T6510] 8021q: adding VLAN 0 to HW filter on device $Hÿ [ 80.652925][ T6510] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.662236][ T6510] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 80.681030][ T12] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 80.690226][ T12] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.703196][ T12] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 80.712198][ T12] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.721302][ T12] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 80.730301][ T12] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.740044][ T12] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 80.749174][ T12] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.766207][ T29] kauditd_printk_skb: 138 callbacks suppressed [ 80.766223][ T29] audit: type=1400 audit(80.745:1327): avc: denied { mount } for pid=6517 comm="syz.3.1217" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 80.796637][ T29] audit: type=1326 audit(80.755:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6519 comm="syz.2.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 80.819538][ T29] audit: type=1326 audit(80.755:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6519 comm="syz.2.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 80.842330][ T29] audit: type=1326 audit(80.755:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6519 comm="syz.2.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 80.865154][ T29] audit: type=1326 audit(80.755:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6519 comm="syz.2.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 80.887871][ T29] audit: type=1326 audit(80.755:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6519 comm="syz.2.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 80.910716][ T29] audit: type=1326 audit(80.755:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6519 comm="syz.2.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 80.933509][ T29] audit: type=1326 audit(80.755:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6519 comm="syz.2.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 80.956277][ T29] audit: type=1326 audit(80.755:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6519 comm="syz.2.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 80.979120][ T29] audit: type=1326 audit(80.775:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6519 comm="syz.2.1219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 81.049906][ T6531] loop2: detected capacity change from 0 to 512 [ 81.056851][ T6531] EXT4-fs: Ignoring removed i_version option [ 81.062880][ T6531] EXT4-fs: Ignoring removed bh option [ 81.113301][ T6531] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.347905][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.903257][ T6542] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 81.923206][ T6542] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 82.340543][ T6574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1240'. [ 82.374790][ T6574] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1240'. [ 82.414359][ T6580] loop4: detected capacity change from 0 to 512 [ 82.488941][ T6580] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.1246: inode has both inline data and extents flags [ 82.504800][ T6580] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1246: couldn't read orphan inode 15 (err -117) [ 82.517931][ T6580] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.533235][ T6580] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters [ 82.617406][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.897199][ T6623] loop4: detected capacity change from 0 to 512 [ 82.904404][ T6623] EXT4-fs: Ignoring removed i_version option [ 82.910444][ T6623] EXT4-fs: Ignoring removed bh option [ 82.927424][ T6623] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.014007][ T6623] loop4: detected capacity change from 512 to 64 [ 83.020982][ T6623] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Out of memory [ 83.030553][ T6623] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #15: comm syz.4.1262: mark_inode_dirty error [ 83.061843][ T6623] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Out of memory [ 83.071507][ T6623] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #15: comm syz.4.1262: mark_inode_dirty error [ 83.094491][ T6552] syz.3.1231 (6552) used greatest stack depth: 7096 bytes left [ 83.105418][ T3314] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 3: comm syz-executor: path /241/bus: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=17104912, rec_len=26982, size=2048 fake=0 [ 83.154096][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.433299][ T12] bridge_slave_1: left allmulticast mode [ 83.439085][ T12] bridge_slave_1: left promiscuous mode [ 83.444793][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.453449][ T12] bridge_slave_0: left allmulticast mode [ 83.459162][ T12] bridge_slave_0: left promiscuous mode [ 83.464925][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.502022][ T12] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 83.596203][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.605577][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 83.614569][ T12] bond0 (unregistering): Released all slaves [ 83.630616][ T6673] netlink: 'syz.1.1278': attribute type 4 has an invalid length. [ 83.642494][ T6655] chnl_net:caif_netlink_parms(): no params data found [ 83.710694][ T12] hsr_slave_0: left promiscuous mode [ 83.729610][ T12] hsr_slave_1: left promiscuous mode [ 83.750047][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 83.782315][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 83.791594][ T6700] netlink: 388 bytes leftover after parsing attributes in process `syz.1.1283'. [ 83.809848][ T6696] loop2: detected capacity change from 0 to 2048 [ 83.843347][ T12] team0 (unregistering): Port device team_slave_1 removed [ 83.866862][ T12] team0 (unregistering): Port device team_slave_0 removed [ 83.896651][ T6696] loop2: unable to read partition table [ 83.912188][ T6696] loop2: partition table beyond EOD, truncated [ 83.918455][ T6696] loop_reread_partitions: partition scan of loop2 () failed (rc=-5) [ 83.952605][ T6655] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.959890][ T6655] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.968536][ T6655] bridge_slave_0: entered allmulticast mode [ 83.975465][ T6655] bridge_slave_0: entered promiscuous mode [ 83.983671][ T6655] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.990906][ T6655] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.998184][ T6655] bridge_slave_1: entered allmulticast mode [ 84.004839][ T6655] bridge_slave_1: entered promiscuous mode [ 84.010283][ T3005] loop2: unable to read partition table [ 84.017278][ T3005] loop2: partition table beyond EOD, truncated [ 84.041312][ T6655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.130018][ T6655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.219288][ T6655] team0: Port device team_slave_0 added [ 84.236632][ T6655] team0: Port device team_slave_1 added [ 84.268449][ T6754] loop2: detected capacity change from 0 to 136 [ 84.296516][ T12] IPVS: stop unused estimator thread 0... [ 84.309592][ T6655] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.316607][ T6655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.342680][ T6655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.379287][ T6655] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.386279][ T6655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.412235][ T6655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.479588][ T6655] hsr_slave_0: entered promiscuous mode [ 84.501551][ T6655] hsr_slave_1: entered promiscuous mode [ 84.507605][ T6655] debugfs: 'hsr0' already exists in 'hsr' [ 84.513376][ T6655] Cannot create hsr debugfs directory [ 84.523336][ T6771] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1307'. [ 84.532278][ T6771] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.540009][ T6771] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.666902][ T6655] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 84.693554][ T6655] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 84.706725][ T6790] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1315'. [ 84.711058][ T6655] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 84.735611][ T6655] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 84.804681][ T6655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.824005][ T6655] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.832416][ T6815] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1323'. [ 84.845958][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.853105][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.882886][ T6815] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1323'. [ 84.898266][ T6655] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 84.908896][ T6655] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.957730][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.964894][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.071630][ T6655] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.148236][ T6845] siw: device registration error -23 [ 85.336331][ T6655] veth0_vlan: entered promiscuous mode [ 85.353111][ T6655] veth1_vlan: entered promiscuous mode [ 85.395602][ T6655] veth0_macvtap: entered promiscuous mode [ 85.421529][ T6655] veth1_macvtap: entered promiscuous mode [ 85.451078][ T6655] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.478707][ T6655] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.504665][ T168] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.536812][ T168] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.560524][ T168] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.573239][ T168] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.636251][ T6909] loop5: detected capacity change from 0 to 512 [ 85.653656][ T6909] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 85.764782][ T6948] syzkaller1: entered promiscuous mode [ 85.770321][ T6948] syzkaller1: entered allmulticast mode [ 85.906738][ T6960] loop2: detected capacity change from 0 to 2048 [ 85.933039][ T29] kauditd_printk_skb: 134 callbacks suppressed [ 85.933056][ T29] audit: type=1400 audit(85.905:1471): avc: denied { mount } for pid=6961 comm="syz.3.1342" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 85.964863][ T6960] loop2: p1 < > p4 [ 85.969222][ T6960] loop2: p4 size 8388608 extends beyond EOD, truncated [ 85.980293][ T6965] sch_tbf: burst 0 is lower than device vlan0 mtu (1514) ! [ 85.999444][ T29] audit: type=1400 audit(85.975:1472): avc: denied { read append } for pid=6959 comm="syz.2.1341" name="loop2p4" dev="devtmpfs" ino=876 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 86.022121][ T29] audit: type=1400 audit(85.975:1473): avc: denied { open } for pid=6959 comm="syz.2.1341" path="/dev/loop2p4" dev="devtmpfs" ino=876 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 86.284800][ T6992] loop5: detected capacity change from 0 to 2048 [ 86.304289][ T6994] capability: warning: `syz.0.1357' uses deprecated v2 capabilities in a way that may be insecure [ 86.324476][ T6992] loop5: p1 < > p4 [ 86.329039][ T6992] loop5: p4 size 8388608 extends beyond EOD, truncated [ 86.409036][ T29] audit: type=1326 audit(86.385:1474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 86.431973][ T29] audit: type=1326 audit(86.385:1475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 86.524146][ T29] audit: type=1326 audit(86.435:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0cfeadd810 code=0x7ffc0000 [ 86.546939][ T29] audit: type=1326 audit(86.435:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0cfeadd810 code=0x7ffc0000 [ 86.569667][ T29] audit: type=1326 audit(86.435:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 86.592562][ T29] audit: type=1326 audit(86.435:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 86.615433][ T29] audit: type=1326 audit(86.435:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f0cfeadefc9 code=0x7ffc0000 [ 86.980456][ T7032] pim6reg1: entered promiscuous mode [ 86.985820][ T7032] pim6reg1: entered allmulticast mode [ 87.386799][ T7060] loop2: detected capacity change from 0 to 512 [ 87.393566][ T7060] EXT4-fs: Ignoring removed bh option [ 87.399585][ T7060] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 87.409089][ T7060] EXT4-fs (loop2): 1 truncate cleaned up [ 87.415160][ T7060] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.467025][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.589726][ T7072] program syz.2.1390 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 87.718614][ T7090] loop2: detected capacity change from 0 to 1024 [ 87.731909][ T7090] EXT4-fs: Ignoring removed orlov option [ 87.739942][ T7090] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.835889][ T7103] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7103 comm=syz.1.1402 [ 87.891873][ T7105] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1403'. [ 87.948552][ T7112] 9pnet_fd: Insufficient options for proto=fd [ 88.038844][ T3321] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.217828][ T7133] netlink: 'syz.1.1412': attribute type 27 has an invalid length. [ 88.225894][ T7133] netlink: 'syz.1.1412': attribute type 4 has an invalid length. [ 88.233800][ T7133] netlink: 140 bytes leftover after parsing attributes in process `syz.1.1412'. [ 88.262045][ T7140] tipc: Started in network mode [ 88.267131][ T7140] tipc: Node identity ac141413, cluster identity 4711 [ 88.275398][ T7140] tipc: New replicast peer: 10.1.1.2 [ 88.280991][ T7140] tipc: Enabled bearer , priority 10 [ 88.539259][ T7170] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1426'. [ 88.640474][ T7182] loop5: detected capacity change from 0 to 512 [ 88.647747][ T7182] EXT4-fs: Ignoring removed i_version option [ 88.653794][ T7182] EXT4-fs: Ignoring removed bh option [ 88.665534][ T7182] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.717177][ T6655] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.934867][ T7209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1442'. [ 89.230241][ T7235] ÿÿÿÿÿÿ: renamed from vlan1 [ 89.293945][ T3693] tipc: Node number set to 2886997011 [ 90.289674][ T7288] loop2: detected capacity change from 0 to 512 [ 90.322241][ T7288] ext4: Unknown parameter 'subj_user' [ 90.380474][ T7297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1481'. [ 90.895235][ T7330] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1494'. [ 90.933766][ T7330] hsr_slave_1 (unregistering): left promiscuous mode [ 91.110142][ T29] kauditd_printk_skb: 581 callbacks suppressed [ 91.110156][ T29] audit: type=1400 audit(91.085:2062): avc: denied { connect } for pid=7340 comm="syz.3.1498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 91.329799][ T29] audit: type=1400 audit(91.115:2063): avc: denied { write } for pid=7340 comm="syz.3.1498" path="socket:[16780]" dev="sockfs" ino=16780 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 91.807236][ T7370] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1511'. [ 91.822028][ T7372] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1512'. [ 91.853738][ T29] audit: type=1400 audit(91.825:2064): avc: denied { create } for pid=7375 comm="syz.5.1514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 92.001279][ T29] audit: type=1400 audit(91.975:2065): avc: denied { setopt } for pid=7382 comm="syz.1.1517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 92.029599][ T29] audit: type=1400 audit(91.985:2066): avc: denied { bind } for pid=7382 comm="syz.1.1517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 92.048586][ T29] audit: type=1400 audit(91.985:2067): avc: denied { listen } for pid=7382 comm="syz.1.1517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 92.067584][ T29] audit: type=1400 audit(91.985:2068): avc: denied { write } for pid=7382 comm="syz.1.1517" path="socket:[16812]" dev="sockfs" ino=16812 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 92.284117][ T29] audit: type=1400 audit(92.255:2069): avc: denied { write } for pid=7400 comm=77DEA305FF07 name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 92.306874][ T29] audit: type=1326 audit(92.265:2070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7402 comm="syz.0.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3150efc9 code=0x7ffc0000 [ 92.329759][ T29] audit: type=1326 audit(92.265:2071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7402 comm="syz.0.1525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3150efc9 code=0x7ffc0000 [ 92.879519][ T7428] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 92.879519][ T7428] program syz.5.1535 not setting count and/or reply_len properly [ 93.145744][ T7446] netlink: 'syz.3.1544': attribute type 10 has an invalid length. [ 93.165651][ T7446] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 93.434675][ T7483] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1555'. [ 93.558303][ T7504] netlink: 'syz.5.1559': attribute type 10 has an invalid length. [ 93.566334][ T7505] loop2: detected capacity change from 0 to 128 [ 93.576494][ T7505] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 93.585538][ T7504] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.596011][ T7504] bridge_slave_1: left allmulticast mode [ 93.601681][ T7504] bridge_slave_1: left promiscuous mode [ 93.607450][ T7504] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.615762][ T7505] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 93.627588][ T7504] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 93.672917][ T52] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 94.120879][ T7577] netlink: 'syz.5.1574': attribute type 10 has an invalid length. [ 94.157698][ T7577] team0 (unregistering): Port device team_slave_0 removed [ 94.180783][ T7577] team0 (unregistering): Port device team_slave_1 removed [ 94.574204][ T7639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1584'. [ 94.665899][ T7649] program syz.5.1583 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 94.707059][ T7656] loop2: detected capacity change from 0 to 128 [ 94.722513][ T7653] sch_fq: defrate 0 ignored. [ 94.732122][ T7656] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 94.774030][ T7656] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 94.851096][ T7679] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1591'. [ 94.902063][ T7679] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 95.592656][ T7699] netlink: 'syz.0.1594': attribute type 10 has an invalid length. [ 95.611294][ T7703] loop5: detected capacity change from 0 to 1024 [ 95.614807][ T7699] bridge_slave_1: left allmulticast mode [ 95.623680][ T7699] bridge_slave_1: left promiscuous mode [ 95.629685][ T7699] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.638356][ T7703] EXT4-fs: Ignoring removed nomblk_io_submit option [ 95.666916][ T7699] $Hÿ: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 95.742038][ T7703] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.939529][ T6655] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.015518][ T7741] syz_tun: entered allmulticast mode [ 96.022722][ T7740] syz_tun: left allmulticast mode [ 96.641244][ T29] kauditd_printk_skb: 86 callbacks suppressed [ 96.641257][ T29] audit: type=1400 audit(96.615:2158): avc: denied { create } for pid=7808 comm="syz.1.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 96.767912][ T7826] loop5: detected capacity change from 0 to 512 [ 96.774677][ T29] audit: type=1400 audit(96.755:2159): avc: denied { create } for pid=7823 comm="syz.1.1637" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 96.807879][ T7826] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.820326][ T29] audit: type=1400 audit(96.755:2160): avc: denied { ioctl } for pid=7823 comm="syz.1.1637" path="socket:[17523]" dev="sockfs" ino=17523 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 96.860480][ T6655] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.879407][ T7837] 9pnet_fd: Insufficient options for proto=fd [ 96.887909][ T29] audit: type=1400 audit(96.865:2161): avc: denied { create } for pid=7833 comm="syz.2.1640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 96.907362][ T29] audit: type=1400 audit(96.865:2162): avc: denied { bind } for pid=7833 comm="syz.2.1640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 96.928889][ T29] audit: type=1400 audit(96.865:2163): avc: denied { setopt } for pid=7833 comm="syz.2.1640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 96.948159][ T29] audit: type=1400 audit(96.865:2164): avc: denied { write } for pid=7833 comm="syz.2.1640" path="socket:[17534]" dev="sockfs" ino=17534 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 96.979846][ T7843] loop5: detected capacity change from 0 to 512 [ 96.987621][ T7843] EXT4-fs: Ignoring removed oldalloc option [ 96.995306][ T7843] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 97.034384][ T7843] EXT4-fs (loop5): too many log groups per flexible block group [ 97.042222][ T7843] EXT4-fs (loop5): failed to initialize mballoc (-12) [ 97.050716][ T7843] EXT4-fs (loop5): mount failed [ 97.180098][ T29] audit: type=1400 audit(97.155:2165): avc: denied { append } for pid=7867 comm="syz.2.1651" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 97.203461][ T7868] program syz.2.1651 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 97.231055][ T29] audit: type=1326 audit(97.205:2166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7871 comm="syz.3.1653" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f01c40befc9 code=0x0 [ 97.276712][ T7876] netlink: 'syz.2.1655': attribute type 10 has an invalid length. [ 97.287746][ T7876] team0: Port device dummy0 added [ 97.304211][ T7876] netlink: 'syz.2.1655': attribute type 10 has an invalid length. [ 97.315549][ T7876] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 97.329717][ T7876] team0: Failed to send options change via netlink (err -105) [ 97.337913][ T7876] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 97.346873][ T7876] team0: Port device dummy0 removed [ 97.354708][ T7876] $Hÿ: (slave dummy0): Enslaving as an active interface with an up link [ 97.427322][ T7889] hub 2-0:1.0: USB hub found [ 97.433948][ T7889] hub 2-0:1.0: 8 ports detected [ 97.479738][ T7896] $Hÿ: (slave bridge0): Releasing backup interface [ 97.491748][ T7896] $Hÿ: (slave dummy0): Releasing backup interface [ 97.505692][ T7896] bridge_slave_0: left allmulticast mode [ 97.511399][ T7896] bridge_slave_0: left promiscuous mode [ 97.517143][ T7896] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.525209][ T7896] bridge_slave_1: left allmulticast mode [ 97.530913][ T7896] bridge_slave_1: left promiscuous mode [ 97.536684][ T7896] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.547650][ T7896] $Hÿ: (slave bond_slave_0): Releasing backup interface [ 97.573162][ T7896] $Hÿ: (slave bond_slave_1): Releasing backup interface [ 97.582372][ T7896] team0: Port device team_slave_0 removed [ 97.589333][ T7896] team0: Port device team_slave_1 removed [ 97.595659][ T7896] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 97.603180][ T7896] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 97.610691][ T7896] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 97.706625][ T29] audit: type=1400 audit(97.685:2167): avc: denied { read } for pid=7911 comm="syz.5.1668" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 97.790657][ T7914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 97.799367][ T7914] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 97.872809][ T7916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1670'. [ 98.134014][ T7916] ================================================================== [ 98.142248][ T7916] BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64 [ 98.144784][ T7915] syz.1.1670 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 98.152120][ T7916] [ 98.152126][ T7916] read-write to 0xffffffff868099c0 of 8 bytes by interrupt on cpu 0: [ 98.152148][ T7916] tick_do_update_jiffies64+0x113/0x1c0 [ 98.162855][ T7915] CPU: 0 UID: 0 PID: 7915 Comm: syz.1.1670 Not tainted syzkaller #0 PREEMPT(voluntary) [ 98.162889][ T7915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 98.162906][ T7915] Call Trace: [ 98.162922][ T7915] [ 98.162992][ T7915] __dump_stack+0x1d/0x30 [ 98.163062][ T7915] dump_stack_lvl+0xe8/0x140 [ 98.163088][ T7915] dump_stack+0x15/0x1b [ 98.163109][ T7915] dump_header+0x81/0x220 [ 98.163133][ T7915] oom_kill_process+0x342/0x400 [ 98.163324][ T7915] out_of_memory+0x979/0xb80 [ 98.163367][ T7915] try_charge_memcg+0x610/0xa10 [ 98.163465][ T7915] charge_memcg+0x51/0xc0 [ 98.163494][ T7915] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 98.163583][ T7915] __read_swap_cache_async+0x17b/0x2d0 [ 98.163680][ T7915] swap_cluster_readahead+0x262/0x3c0 [ 98.163715][ T7915] swapin_readahead+0xde/0x6f0 [ 98.163742][ T7915] ? mod_memcg_lruvec_state+0x1fc/0x2c0 [ 98.163788][ T7915] ? __lruvec_stat_mod_folio+0xd6/0x120 [ 98.163876][ T7915] ? __rcu_read_unlock+0x4f/0x70 [ 98.163920][ T7915] ? swap_cache_get_folio+0x277/0x280 [ 98.163949][ T7915] do_swap_page+0x2ae/0x2370 [ 98.163982][ T7915] ? css_rstat_updated+0xb7/0x240 [ 98.164039][ T7915] ? __pfx_default_wake_function+0x10/0x10 [ 98.164077][ T7915] handle_mm_fault+0x9a5/0x2be0 [ 98.164110][ T7915] ? vma_start_read+0x141/0x1f0 [ 98.164170][ T7915] do_user_addr_fault+0x630/0x1080 [ 98.164198][ T7915] ? fpregs_restore_userregs+0xe2/0x1d0 [ 98.164378][ T7915] ? switch_fpu_return+0xe/0x20 [ 98.164484][ T7915] ? fpregs_assert_state_consistent+0xb4/0xe0 [ 98.164530][ T7915] exc_page_fault+0x62/0xa0 [ 98.164601][ T7915] asm_exc_page_fault+0x26/0x30 [ 98.164627][ T7915] RIP: 0033:0x7fa6d35358ec [ 98.164648][ T7915] Code: 66 0f 1f 44 00 00 69 3d c6 fd ea 00 e8 03 00 00 48 8d 1d c7 06 38 00 e8 42 96 12 00 eb 0c 48 81 c3 f0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00 [ 98.164671][ T7915] RSP: 002b:00007ffeb2aa5280 EFLAGS: 00010206 [ 98.164691][ T7915] RAX: 0000000000000000 RBX: 00007fa6d38b5fa0 RCX: 0000000000000000 [ 98.164707][ T7915] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555583a97808 [ 98.164769][ T7915] RBP: 00007fa6d38b7da0 R08: 0000000000000000 R09: 7fffffffffffffff [ 98.164786][ T7915] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000018178 [ 98.164802][ T7915] R13: 00007fa6d38b6090 R14: ffffffffffffffff R15: 00007ffeb2aa5390 [ 98.164825][ T7915] [ 98.164865][ T7915] memory: usage 307200kB, limit 307200kB, failcnt 554 [ 98.165136][ T7916] tick_nohz_handler+0x7f/0x2d0 [ 98.173189][ T7915] memory+swap: usage 307500kB, limit 9007199254740988kB, failcnt 0 [ 98.178728][ T7916] __hrtimer_run_queues+0x20f/0x5a0 [ 98.178757][ T7916] hrtimer_interrupt+0x21a/0x460 [ 98.188520][ T7915] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0 [ 98.198524][ T7916] __sysvec_apic_timer_interrupt+0x5f/0x1d0 [ 98.198564][ T7916] sysvec_apic_timer_interrupt+0x6f/0x80 [ 98.198597][ T7916] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 98.201882][ T7915] Memory cgroup stats for /syz1 [ 98.204814][ T7916] mem_cgroup_iter+0x2dc/0x340 [ 98.209170][ T7915] : [ 98.213722][ T7916] shrink_node+0x7e2/0x2120 [ 98.483120][ T7916] do_try_to_free_pages+0x3f6/0xcd0 [ 98.488335][ T7916] try_to_free_mem_cgroup_pages+0x1ab/0x410 [ 98.494242][ T7916] try_charge_memcg+0x383/0xa10 [ 98.499117][ T7916] charge_memcg+0x51/0xc0 [ 98.503464][ T7916] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 98.509461][ T7916] __read_swap_cache_async+0x17b/0x2d0 [ 98.514935][ T7916] swap_cluster_readahead+0x262/0x3c0 [ 98.520332][ T7916] swapin_readahead+0xde/0x6f0 [ 98.525104][ T7916] do_swap_page+0x2ae/0x2370 [ 98.529704][ T7916] handle_mm_fault+0x9a5/0x2be0 [ 98.534570][ T7916] do_user_addr_fault+0x630/0x1080 [ 98.539686][ T7916] exc_page_fault+0x62/0xa0 [ 98.544210][ T7916] asm_exc_page_fault+0x26/0x30 [ 98.549069][ T7916] [ 98.551398][ T7916] read to 0xffffffff868099c0 of 8 bytes by task 7916 on cpu 1: [ 98.558941][ T7916] mem_cgroup_flush_stats_ratelimited+0x29/0x70 [ 98.565225][ T7916] count_shadow_nodes+0x6a/0x230 [ 98.570179][ T7916] do_shrink_slab+0x63/0x680 [ 98.574806][ T7916] shrink_slab+0x448/0x760 [ 98.579257][ T7916] shrink_node+0x6c3/0x2120 [ 98.583783][ T7916] do_try_to_free_pages+0x3f6/0xcd0 [ 98.589011][ T7916] try_to_free_mem_cgroup_pages+0x1ab/0x410 [ 98.594917][ T7916] try_charge_memcg+0x383/0xa10 [ 98.599785][ T7916] obj_cgroup_charge_pages+0xa6/0x150 [ 98.605163][ T7916] __memcg_kmem_charge_page+0x9f/0x170 [ 98.610631][ T7916] __alloc_frozen_pages_noprof+0x188/0x360 [ 98.616478][ T7916] __alloc_pages_noprof+0x9/0x20 [ 98.621436][ T7916] __vmalloc_node_range_noprof+0x6eb/0xed0 [ 98.627273][ T7916] bpf_map_area_alloc+0xfa/0x150 [ 98.632228][ T7916] array_map_alloc+0x1d3/0x3c0 [ 98.637012][ T7916] map_create+0x840/0xda0 [ 98.641351][ T7916] __sys_bpf+0x54e/0x7c0 [ 98.645602][ T7916] __x64_sys_bpf+0x41/0x50 [ 98.650044][ T7916] x64_sys_call+0x2aee/0x3000 [ 98.654733][ T7916] do_syscall_64+0xd2/0x200 [ 98.659248][ T7916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.665145][ T7916] [ 98.667466][ T7916] value changed: 0x00000000ffffb0f1 -> 0x00000000ffffb0f2 [ 98.674579][ T7916] [ 98.676918][ T7916] Reported by Kernel Concurrency Sanitizer on: [ 98.683080][ T7916] CPU: 1 UID: 0 PID: 7916 Comm: syz.1.1670 Not tainted syzkaller #0 PREEMPT(voluntary) [ 98.692800][ T7916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 98.702871][ T7916] ================================================================== [ 98.731466][ T7915] cache 4096 [ 98.734802][ T7915] rss 4096 [ 98.737876][ T7915] shmem 0 [ 98.740831][ T7915] mapped_file 0 [ 98.744307][ T7915] dirty 0 [ 98.747243][ T7915] writeback 4096 [ 98.750819][ T7915] workingset_refault_anon 9 [ 98.755532][ T7915] workingset_refault_file 7 [ 98.760046][ T7915] swap 307200 [ 98.763359][ T7915] swapcached 4096 [ 98.767043][ T7915] pgpgin 82021 [ 98.770452][ T7915] pgpgout 82018 [ 98.773941][ T7915] pgfault 97236 [ 98.777401][ T7915] pgmajfault 7 [ 98.780776][ T7915] inactive_anon 4096 [ 98.784735][ T7915] active_anon 0 [ 98.788200][ T7915] inactive_file 8192 [ 98.792086][ T7915] active_file 0 [ 98.795565][ T7915] unevictable 0 [ 98.799027][ T7915] hierarchical_memory_limit 314572800 [ 98.804424][ T7915] hierarchical_memsw_limit 9223372036854771712 [ 98.810656][ T7915] total_cache 4096 [ 98.814389][ T7915] total_rss 4096 [ 98.817943][ T7915] total_shmem 0 [ 98.821400][ T7915] total_mapped_file 0 [ 98.825517][ T7915] total_dirty 0 [ 98.828984][ T7915] total_writeback 4096 [ 98.833055][ T7915] total_workingset_refault_anon 9 [ 98.838159][ T7915] total_workingset_refault_file 7 [ 98.843186][ T7915] total_swap 307200 [ 98.847022][ T7915] total_swapcached 4096 [ 98.851240][ T7915] total_pgpgin 82021 [ 98.855153][ T7915] total_pgpgout 82018 [ 98.859136][ T7915] total_pgfault 97236 [ 98.863118][ T7915] total_pgmajfault 7 [ 98.867024][ T7915] total_inactive_anon 4096 [ 98.871436][ T7915] total_active_anon 0 [ 98.875441][ T7915] total_inactive_file 8192 [ 98.879866][ T7915] total_active_file 0 [ 98.883920][ T7915] total_unevictable 0 [ 98.887910][ T7915] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.734,pid=5347,uid=0 [ 98.902590][ T7915] Memory cgroup out of memory: Killed process 5347 (syz.1.734) total-vm:93824kB, anon-rss:1148kB, file-rss:20736kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000