last executing test programs: 1m14.109601853s ago: executing program 2 (id=4806): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000001b40)={0x0, {{0x2, 0x4e21, @multicast1}}, 0x1}, 0x90) 1m14.082912964s ago: executing program 2 (id=4809): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2a02, 0x0) ioctl$KVM_GET_MSRS_sys(r0, 0xc008ae88, 0x0) 1m14.051945686s ago: executing program 2 (id=4811): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x88f}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0xb, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m14.032187717s ago: executing program 2 (id=4813): syz_mount_image$exfat(&(0x7f00000009c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000002700)={[{@utf8}, {@errors_remount}, {@uid={'uid', 0x3d, 0xee01}}, {@iocharset={'iocharset', 0x3d, 'maccyrillic'}}, {}, {@utf8}, {@errors_remount}, {@dmask={'dmask', 0x3d, 0x3}}, {@dmask={'dmask', 0x3d, 0x11}}, {@errors_remount}]}, 0x1, 0x153e, &(0x7f0000001040)="$eJzs3AuYTlXbOPD7XmvtMSQ9TXIY1lr35kkOyyRJDklySJIkSXJKSJrklYTEkFPSkITkMCSHISSHiUnjfD4fEpKkSZKQnJL1v4RXfdX39r5v3+v7f3P/ruu5rPtZ+1577bmfbe+9HuabToOrN6xRpT4Rwb8FL/yRBACxANAfAK4BgAAAysSViTvfn11i0r+3E/bXeij1Ss+AXUlc/6yN65+1cf2zNq5/1sb1z9q4/lkb1z9r4/ozlpVtnJr/Wn5l3dc/tf7//H1/3Mfr//8f4uv//yGZJUd/sbrk9Z0BYv5sCtc/a+P6/58V/JmNuP5ZG9c/q4q90hNg/wvw+Z8VZPvDHq5/1sb1Zywr+9NrxQFc8bXqf+0l/9t+iGTt70Cu9OePMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxljWcMpfpgDgUvtKz4sxxhhjjDHGGGN/HZ/tSs+AMcYYY4wxxhhj//MQBEhQEEAMZINYyA45QADA1ZALroEIXAtxcB3khushD+SFfJAf4qEAFAQNBiwQhFAICkMUboAicCMUhWJQHEqAg5KQADdBKbgZSsMtUAZuhbJwG5SD8lABKsLtUAnugMpwJ1SBu6AqVIPqUAPuhppwD9SCe6E23Ad14H6oCw9APXgQ6sND0AAehobwCDSCR6ExNIGm0Aya/0v5L0A3eBG6Qw9Igp7QC16C3tAH+kI/6A8vwwB4BQbCq5AMg2AwvAZD4HUYCm/AMBgOI+BNGAlvwSgYDWNgLKTAOBgPb8MEeAcmwiSYDFMgFabCNHgXpsMMmAnvwSx4H2bDHJgL8yANPoD5sADS4UNYCB9BBiyCxbAElsIyWA4rYCWsgtWwBtbCOlgPG2AjbILNsAW2wjbYDh/DDvgEdsIu2P33+v0z+Sd/kf8p7IHOCAgoUKBChTEYg7EYizkwB+bEnJgLc2EEIxiHcZgbc2MezIP5MB/GYzwWxIJo0CAhYSEshFGMYhEsgkWxKBbH4ujQYQImYCm8GUtjaSyDZbAslsVyWB7LY0WsiJWwElbGylgFq2BVrIrVsTrejXdjT6yFtbA21sY6WOfS8hTWx/rYABtgQ2yIjbARNsbG2BSbYnNsji2wBbbEltgaW2MbbINtsS0mYiK2w3bYHttjB+yAHbEjdsJO2Bm7YJfMF7IBvogvYg+sKnpiL+yFvTE5W1/sh/3wZRyAr+Ar+Com4yAcjK/ha/g6DsUTOAyH4wgcgZXEWzgKRyOJsZiCKTgex+MEnIATcRJOwimYilNxGk7D6TgDZ+B7OAvfx/dxDs7BeZiGaTgfF2A6puNCPIkZuAgX4xJcistwKa7AlbgCV+MaXI3rcB1uwA24CTfhFtyC23AbfowKAD/BXbgLk3EP7sG9uBf34T7cj/sxEzPxAB7Ag3gQD+EhPIyH8QgexWN4FI/jcTyBJ/EUnsIzeAbP4nPxXzX4uNiqZBDnKaFEjIgRsSJW5BA5RE6RU+QSuURERESciBO5RW6RR+QR+UQ+ES/iRUFRUBhhBIkwBgBEVERFEVFEFBVFRXFRXDjhRIJIEKVEKVFalBZlxK2irLhNlBPlRStXUVQUlURrV1ncKaqIKqKqqCaqixqihqgpaopaopaoLWqLOqKOqCseEPVET+yLD4nzlWkoBmEjMRgbiyZCXjwDWoih2FK0Eq3FE2I4DsO2ooVLFE+LdmIUthd/E6PxWdFRjMVO4nnRWXQRXcULopto6bqLHmIi9hS9xBTsLfqIvqKfmI7VxHs4K3t18apIFoPEYPGamIevi6HiDTFMDBcjxJtipHhLjBKjxRgxVqSIcWK8eFtMEO+IiWKSmCymiFQxVUwT74rpYoaYKd4Ts8T7YraYI+aKeSJNfCDmiwUiXXwoFoqPRIZYJBaLJWKpWCaWixVipVglVos1Yq1YJ9aLDWKj2CQ2iy1iq9gmtouPxQ7xidgpdond4lOxR3wm9orPxT7xhdgvvhSZ4itxQHwtDopvxCHxrTgsvhNHxFFxTHwvjosfxAlxUpwSp8UZ8aM4K34S54QXIFEKKaWSgYyR2WSszC5zyKtkThlc/OleK+PkdTK3vF7mkXllPplfxssCsqDU0kgrSYaykCwso/IGWUTeKIvKYrK4LCGdLCkT5E2ylLxZlpa3yDLyVllW3ibLyfKygqwob5eV5B0SIhf2UVVWk9VlDXm3TIJ7ZC15r6wt75N15P2yrnxA1pMPyvryIdlAPiwbykdkI/mobCybyKaymWwuH5Mt5OOypWwlW8snZBv5pGwrn5KJ8mnZTvqLH5FnZUf5nOwkn5edZRfZVf4kz0kvu8seEnqC7CVfkr1lH9lX9pP95ctygHxFDpSvymQ5SA6Wr8kh8nU5VL4hh8nhcoR8U46Ub8lRcrQcI8fKFDlOjpdvywnyHTlRTpKT5RSZKqfKvhdHminlP8x/+5f55y+9cqoc+PPeN8iNcpPcLLfIrXKb3C4/ljvkDrlT7pS75W65R+6Re+VeuU/uk/vlfpkpM+UBeUAelAflIXlIHpaH5RF5VJ6W38vj8gd5Qp6UJ+VpeUaekWcv/gxAoRJKKqUCFaOyqViVXeVQV6mc6mqVS12jIupaFaeuU7nV9SqPyqvyqfwqXhVQBZVWRllFKlSFVGEVVTfgxQ+MKq5KKKdKqgR10z+Tr4qoG1VRVexX+Zfml/QH82uumqsWqoVqqVqq1qq1aqPaqLaqrUpUiaqdaqfaq/aqg+qgOqqOqpPqpDqrzqqr6qq6qW6qu+quklSS6qVeUr1VH9VX9VP91ctqgBqgBqqBKlklq8FqsBqihqihaqgapoapEWqEGqlGqlFqlBqjxqgUlaLGq/FqgpqgJqqJarKarFJVqpqmpqnparqaqWaqWWqWmq1mq7lqrkpTaWq+mq/SVbpaqBaqDLVILVJL1BK1TC1TK9QKtUqtUmvUGrVOrVMZaqPaqDarzWqr2qq2q+1qh9qhdqqdarfarfaoPWqv2qv2qX1qv9qvMlWmOqAOqIPqoDqkDqnD6rA6oo6oY+qYOq6OqxPqhDqlTqkz6ow6q86qc+qcgkCACESgAhXEBDFBbBAb5AhyBDmDnEGuIFcQCSJBXBAX5A6uD/IEeYN8Qf4gPigQFAx0YAIbiItFjwY3BEWCG4OiQbGgeFAicEHJICG4KSgV3ByUDm4JygS3BmWD24JyQfmgQlAxuD2oFNwRVA7uDKoEdwVVg2pB9aBGcHdQM7gnqBXcG9QO7gvqBPcHdYMHgnrBg0H94KGgQfBw0DB4JGgUPBo0DpoETYNmQfO/dHzvT+R93HXXPXSS7ql76Zd0b91H99X9dH/9sh6gX9ED9as6WQ/Sg/Vreoh+XQ/Vb+hhergeod/UI/VbepQercfosTpFj9Pj9dt6gn5HT9ST9GQ9RafqqXqafldP1zP0TP2enqXf17P1HD1Xz9Np+gM9Xy/Q6fpDvVB/pDP0Ir1YL9FL9TK9XK/QK/UqvVqv0Wv1Or1eb9Ab9Sa9WW/RW/U2vV1/rHfoT/ROvUvv1p/qPfozvVd/rvfpL/R+/aXO1F/pA/prfVB/ow/pb/Vh/Z0+oo/qY/p7fVz/oE/ok/qUPq3P6B/1Wf2TPqf9+Zv785d3o4wyMSbGxJpYk8PkMDlNTpPL5DIREzFxJs7kNrlNHpPH5DP5TLyJNwVNQXMeGTKFTCETNVFTxBQxRU1RU9wUN844k2ASTClTypQ2pU0ZU8aUNWVNOVPOVDAVzO3mdnOHucPcae40d5m7TDVTzdQwNUxNU9PUMrVMbVPb1DF1TF1T19Qz9Ux9U980MA1MQ9PQNDKNTGPT2DQ1TU1z09y0MC1MS9PStDatTRvTxrQ1bU2iSTTtTDvT3rQ3HUwH09F0NJ1MJ9PZdDZdTVfTzXQz3U13k2SSTC/Ty/Q2vU1f09f0N/3NADPADDQDTbJJNoPNYDPEDDFDzVAzzAw3I87fqJq3zCgz2owxY02KSTHjzXgzwUwwE81EM9lMNqkm1Uwz08x0M93MNDPNLDPLzDazzVwz16SZNDPfzDfpJt0sNAtNhskwi81is9QsNcvNcrPSrDSrzWqzFtaa9Wa92Wg2ms1ms9lqtprtZrvZYXaYnWan2W12mz1mj9lr9pp9Zp/Zb/abTJNpDpgD5qA5aA6ZQ+awOWyOmCPmmDlmjpvj5oQ5YU6ZU+aMyXvxeulNrM1uc9irbE57tc1lr7H/Nc5n89t4W8AWtNrmsXl/FRtrbVFbzBa3JayzJW2Cvek3cTlb3lawFe3ttpK9w1b+TVzT3mNr2XttbXufrWHv/lVcx95v69pHbD1EANvENrDNbEP7iG1kH7WNbRPb1DazbeyTtq19yibap207+8xv4vl2gV1pV9nVdo3daXfZU/a0PWi/sWfsj7a77WH725ftAPuKHWhftcl20G/iEfZNO9K+ZUfZ0XaMHfubeLKdYlPtVDvNvmun2xm/idPsB3aWTbez7Rw71877OT4/p3T7oV1oP7IZNoDFdoldapfZ5XbF3+e6xK6z6+0Gu8N+YjfbLXar3Wa3X7oRtrvsbvup3WM/swfs13af/cLut4dspv3q5/j88R2y39rD9jt7xB61x+z39rj9QV3KPn/s39uf7DnrLRASkCRFAcVQNoql7JSDrqKcdDXlomsoQtdSHF1Huel6ykN5KR/lp3gqQAVJkyFLRCEVosIUpRvo0vSKUwlyVJIS6CYqRTdTabqFytCtVJZuo3JUnipQRbqdKtEdVJnupCp0F1WlalSdatDdVJPuoVp0L9Wm+6gO3U916QGqRw9SfXqIGtDD1JAeoUb0KDWmJtSUmlFzeoxa0OPUklpRa3qC2tCT1JaeokR6mtrRM9Se/kYd6FnqSM9RJ3qeOlMX6kovUDd6kbpTD0qintSLXqLe1If6Uj/qTy/TAHqFBtKrlEyDaDC9RkPodRpKb9AwGk4j6E0aSW/RKBpNY2gspdA4Gk9v0wR6hybSJJpMUyiVptI0epem0wyaSe/RLHqfZtMcmkvzKI0+oPm0gNLpQ1pIH1EGLaLFtISW0jJaTitoJa2i1bSG1tI6Wk8baCNtos20hbbSNtpOH9MO+oR20i7aTZ/SHvqM9tLntI++oP30JWXSV3SAvqaD9A0dom99D/qOjtBROkbf03H6gU7QSTpFp+kM/Uhn6Sc6R54gxFCEMlRhEMaE2cLYMHuYI7wqzBleHeYKrwkj4bVhXHhdmDu8PswT5g3zhfnD+LBAWDDUoQltSGEYFgoLh9HwhrBIeGNYNCwWFg9LhC4sGSaEN4WlwpvD0uEtYZnw1rBseFtYLiwfPnJfxfD2sFJ4R1g5vDOsEt4VVg2rhdXDGuHdYc3wnrBWeG9YO7wvLB3eH9YNHwjrhQ+G9cOHwgbhw2HD8JGwUfho2DhsEjYNm4XNw8fCFuHjYcuwVdg6fCJsEz4Ztg2fChPDp8N24TM/99+/4I/7k8KeYa/wpfCl0Pt75dzovGha9IPo/OiCaHr0w+jC6EfRjOii6OLokujS6LLo8uiK6Mroqujq6Jro2ui66Prohqj3NbKBQyecdMoFLsZlc7Euu8vhrnI53dUul7vGRdy1Ls5d53K7610el9flc/ldvCvgCjrtjLOOXOgKucIu6m5wRdyNrqgr5oq7Es65ki7BNXPNXXPXwj3uWrpWrrV7wj3hnnRPuqfcU+5p184949q7v7kO7lnX0T3nnnPPu86ui+vqXnDd3LhcF87JJNfL9XK9XW/X1/V1/V1/N8ANcAPdQJfskt1gN9gNcUPcUDfUDXPD3Ag3wo10I90oN8qNcWNciktx4914N8FNcBPdRDfZTXapLtVNc9PcdDfdVZpxYS+z3Ww31811aS7NzXfn7xnT3UK30GW4DLfYLXZL3VK33C13K91Kt9qtdmvdWrferXcb3Ua32W12W91Wt91tdzvcDrfTX3NhULfH7XV73T63z+13X7pM95U74L52B9037pD71h1237kj7qg75r53x90P7oQ76U650+6M+9GddT+5c867lMi4yPjI25EJkXciEyOTIpMjUyKpkamRaZF3I9MjMyIzI+9FZkXej8yOzInMjcyLpEU+iMyPLIikRz6MLIx8FMmILIosjiyJLI0si3hfYHPoC/nCPupv8EX8jb6oL+aL+xLe+ZI+wd/kS/mbfWl/iy/jb/Vl/W2+nC/vK/hHfWPfxDf1zXxz/5hv4R/3LX0r39o/4dv4J31b/5RP9E/7dv4Z397/zXfwz/qO/jnfyT/vO/suvqt/wXfzL/ruvodP8j19L/+S7+37+L6+n+/vX/YD/Ct+oH/VJ/tBfrB/zQ/xr/uh/g0/zA/3I2Le9CMvPSLDWJ/ix/nx/m0/wb/jJ/pJfrKf4lP9VD/Nv+un+xl+pn/Pz/Lv+9l+jp/r5/k0/4Gf7xf4dP+hX+g/8hl+0aVFSb/cr/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3X/sd/hP/E6/y+/2n/o9/jO/13/u9/kv/H7/pc/0X/kD/mt/0H/jD/lv/WH/nT/ij/pj/nt/3P/gT/iT/pQ/7c/4H/1Z/5M/x/9njTHGGGPsTxl3uSl+3XNhOb/n7+SIX2zcCwCu3pI/85f95+8o1+a50O4j4ttEAODpHp0euvSqWjUpKenithkSgsJzAC59E3ReDFyOF0FreBISoRWU+t359xFdztA/GD96K0COX+TEwuX48vifA2DS74z/2BMj5pcNT8X9N+PPASha+HJOdrgcL4LWP6+vtILSfzD/vC3+wfyzf5EC0PIXOTnhcnx5/gnwODwDib/akjHGGGOMMcYYu6CPqNDh0vPnpX/x+XvP5/Hqck42uBz/o+dzxhhjjDHGGGOMXXnPdun61GOJia06/PONyv9S1p9uNIL/qZG58bsN7wEuvaMA4N8cEOB8Q/4nj2LTf2RfyRdPnf/atfS0D+B/Ryn/9caYv79zhf9iYowxxhhjjP3lLt/9//p9daUmxBhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMZUH/id8rdqWPkTHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGLvS/l8AAAD//w3Y/pc=") mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) 1m13.81202137s ago: executing program 2 (id=4825): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) 1m13.47816546s ago: executing program 2 (id=4832): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x15, 0x0, 0x0) 1m13.463163851s ago: executing program 32 (id=4832): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x15, 0x0, 0x0) 912.298326ms ago: executing program 5 (id=9557): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) preadv(r0, &(0x7f0000000500)=[{&(0x7f0000000080)=""/243, 0xf3}, {&(0x7f0000000180)=""/75, 0x4b}, {&(0x7f0000000200)=""/156, 0xfffffe80}, {&(0x7f0000000580)=""/209, 0xcf}, {&(0x7f00000003c0)=""/157, 0x9d}, {&(0x7f0000000480)=""/105, 0x69}], 0x6, 0x0, 0x0) 650.692982ms ago: executing program 0 (id=9570): r0 = gettid() rt_sigqueueinfo(r0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x5}) 563.024337ms ago: executing program 0 (id=9575): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x400, 0x0) ioctl$TIOCNXCL(r0, 0x540d) 527.329079ms ago: executing program 5 (id=9578): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f0000000280)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="2400000000000000000000000700000044140de7"], 0x28}, 0x4000810) 488.957301ms ago: executing program 0 (id=9581): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000001b00)={'syz_tun\x00', &(0x7f0000001ac0)=@ethtool_cmd={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}}) 483.763852ms ago: executing program 5 (id=9583): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f00000012c0)={[{@utf8no}, {@uni_xlateno}, {@fat=@errors_remount}, {@fat=@nfs}, {@fat=@codepage={'codepage', 0x3d, '1255'}}, {@shortname_lower}, {@numtail}, {@fat=@uid}, {@uni_xlateno}, {@utf8no}, {@uni_xlate}, {@utf8no}, {@shortname_lower}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@shortname_lower}]}, 0x2a, 0x34c, &(0x7f0000000400)="$eJzs3T1onHUYAPDn+l5yaaAmg1B0Ot0EKU3EQV0SSoViBq0cfi0eNvUjdxZyeJAMuWZRHBUXQSe3Djo4dBYHETcHVytIVVzsFmjxlbv3zd17H7FRudTS328ID8///9z//36QexNyT15diY0LM3Hxxo3rMTdXivLKmZXYK8ViHIskMpdjgvKkJABwN9hL0/gjzdx+9ofz+9HslPcFAExP7/3/9RODROVO7gYAOAqH/Pn/2YnZS1PbFgAwRXsx8v7/8NDwyK/5y/2/CQAA7l7Pv/TyM6trEeer1bmI5nvtWrsWTw7GVy/Gm9GI9TgdC3ErIntQyJ4Wul+fPrd29nS165fFqHUr2rWIZqddy54UVpNefSWWYiEW8/q0X59065d69dWIuNzprR/NUrs2E/P5+j/Ox3osx0LcP1YfcW7t7HI1f4Fac7++E7Ebc/sH0d3/qViI71+LS9GIC9GtHex/Z6laPZOuDdW3r1R68wAAAAAAAAAAAAAAAAAAAAAAYBpOVfsW+/1v0man/e750QmLQ/1xatlw3h9oN+sPlFb2u/O8n4z2Bxruz9OulePYHT1yAAAAAAAAAAAAAAAAAAAA+P9obc1GvdFY32xtbW8Ug04h8/a3n399PEbnvJUMMlHOXm5oTp6LQlUS/fK0X54mQ3PyIIkYTL5ytb/j4pxK/yi295sJFF+nkg0VMqV8T/VG48RDP38ytujW9safg0wSY6dlOCiNL9q8L0v9TdXBwfJt5lxL0/Sg8p2Px6uiFFEeu3D/JZjNg2+uv/HAY62Tj/eGvsqbPjzy6MIL1z767LeNeiPyU9NozG62bqX/Zq3ILsHg3ijl57k04U6YHOwOMrubra168sPvLz74wXcjk5OYWJ4WM+8cvNYXo5nZLOhu8zBHOjPh5p8QPPVl/ZWb/bv3n1/Bk5+u1K/u/PTrYasK3yQ06gAAAAAAAAAAAAAAAAAAgCNR+Lj1oWSfvX7iuenuCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACO1uD//xeC3bHMYYKbnRgfqqxvtg5c/PiRHioAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPewvwIAAP//6GpzqQ==") creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) 422.755495ms ago: executing program 3 (id=9584): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt(r0, 0x0, 0x6, &(0x7f0000000140), 0x0) 421.509055ms ago: executing program 1 (id=9585): r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x34}, 0x4}, 0xe) 376.102268ms ago: executing program 3 (id=9587): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@ipv4_newrule={0x24, 0x20, 0x1, 0x70bd2a, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@FRA_GENERIC_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x1}]}, 0x24}}, 0x0) 342.24634ms ago: executing program 1 (id=9588): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@setlink={0x4c, 0x13, 0x1, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x34740, 0x80}, [@IFLA_IFALIASn={0x4}, @IFLA_IFNAME={0x14, 0x3, 'bond_slave_0\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0xfffff000, 0x7}}]}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000) 335.322411ms ago: executing program 4 (id=9589): r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) write$binfmt_register(r0, &(0x7f00000000c0)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x9, 0x3a, '#! ', 0x3a, '#! ', 0x3a, './file1', 0x3a, [0x50, 0x50, 0x4f]}, 0x30) 291.609203ms ago: executing program 1 (id=9590): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x6, &(0x7f0000000140)={0x11, {{0x29, 0x0, 0xb000000, @rand_addr=' \x01\x00', 0x401}}}, 0x88) 281.711954ms ago: executing program 4 (id=9591): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@bridge_delneigh={0x2c, 0x1e, 0x1, 0x70bd29, 0x4, {0x2}, [@NDA_IFINDEX={0x8}, @NDA_DST_IPV4={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10008000}, 0x20000080) 262.978394ms ago: executing program 0 (id=9592): mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000040)='./bus\x00') 262.728645ms ago: executing program 3 (id=9593): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc3, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x58, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0xea}, @IFLA_XFRM_LINK={0x8, 0x1, 0x3}]}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}]}, 0x58}}, 0x0) 223.698497ms ago: executing program 4 (id=9594): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x3, 0x0, 0x0) 215.829958ms ago: executing program 1 (id=9595): r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, 0x0) 190.750139ms ago: executing program 3 (id=9596): r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$binfmt_register(r0, 0x0, 0x0) 186.052819ms ago: executing program 4 (id=9597): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000001e000100fdffff082e947eff00000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\n\x00\r'], 0x28}}, 0x0) 169.53237ms ago: executing program 0 (id=9598): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newrule={0x40, 0x20, 0x1, 0x70bd2b, 0x25dfdbfb, {0xa, 0x20, 0x0, 0x79, 0x9, 0x0, 0x0, 0x4}, [@FIB_RULE_POLICY=@FRA_DPORT_RANGE={0x8, 0x18, {0x4e24, 0x4e22}}, @FRA_DST={0x14, 0x1, @private2}, @FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e22, 0x4e24}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8884}, 0x4005850) 128.210823ms ago: executing program 3 (id=9599): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@delneigh={0x1c, 0x1d, 0x409, 0x800000, 0x0, {0x7, 0x0, 0x0, 0x0, 0x10, 0xa}}, 0x1c}}, 0x0) 124.494473ms ago: executing program 5 (id=9600): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff025}]}, 0x8) 107.121094ms ago: executing program 4 (id=9601): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d412000000000000002900000036000000", 0xfe60) 103.737254ms ago: executing program 1 (id=9602): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f0, 0x128, 0x111, 0x4b4, 0x128, 0xd4feffff, 0x220, 0x20a, 0x278, 0x220, 0x278, 0x3, 0x0, {[{{@ipv6={@private2, @loopback, [], [], 'bond_slave_1\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0x100, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x2, 0x5}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350) 86.704195ms ago: executing program 3 (id=9603): syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x2014c00, &(0x7f0000000000)={[{@errors_remount}]}, 0x1, 0x4ec, &(0x7f0000001a00)="$eJzs3VFrHFsdAPD/TLK3aZvr5qLIteC9FxtJL9rd5MZ7G0RqBdGnglrfY0w2IWSTDdlNbULRFD+AIKKCTz75IvgBBOlHEKGg76JFEW31wQftyM5ObNPuJkuTZnXz+8HpnDNndv7nTLNnd3YOMwGcWe9ExI2IGImIdyOiXKxPizRfpPZ2jx/dXWynJLLs1l+TSIp1+/tql0cj4mJE7EXEWER87csR30xejNvc2V1bqNdrW0W52lrfrDZ3dq+uri+s1FZqG7OzMx/MXZt7f246Kxyrn5ci4voXH/7wez/70vVfffpbv5//85Vvt5v1uY922h0Ri8cK0ENn36X8WOxrH6OtVxFsAEaK/pQG3RAAAPoyGRGXI+IT+ff/cozk3+YAAACAYZJ9fjz+lURkAAAAwNBKI2I8krRSzPcdjzStVDpzeD8SF9J6o9n61HJje2OpXRcxEaV0ebVemy7mCk9EKWmXZ/L80/J7z5VnI+KNiPhB+Xxeriw26kuD/vEDAAAAzoiLbx88//9HOc3zAAAAwJCZ6FkAAAAAhoVTfgAAABh+zv8BAABgqH3l5s12yvaf4710e2d7rXH76lKtuVZZ316sLDa2NisrjcZKfs++9aP2V280Nj8TG9t3qq1as1Vt7uzOrze2N1rzqwcegQ0AAACcojfevv+7JCL2Pns+T1HcBxDggD8OugHASRoZdAOAgRkddAOAgSkduYURAoZdckR9z8k7vz75tgAAAK/G1MdevP7/WlF39G8DwP8zc30A4OxxdQ/OrpIZgHDmTXYW53rVj0WPSQB9X//PspdqGAAAcGLG85SkleJa4HikaaUS8Xr+WIBSsrxar01HxIci4rfl0rl2eSZ/ZXLknGEAAAAAAAAAAAAAAAAAAAAAAAAAoCPLksgAAACAoRaR/inJ7+YfMVWeHH/+94HXkn+W42FR+MmtH91ZaLW2Ztrr/1bO6yOi9eNi/XuZRwIAAADA/4DOeXqxnBl0awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNo8f3V3cT6cZ9y9fiIiJbvFHYyxfjkUpIi78PYnRZ16XRMTICcTfuxcRb3aLn8STLMsmilZ0i3/+FcefyA9N9/hpRFw8gfhwlt1vjz83ur3/0ngnX3Z//40W6bh6j3/pf8e/kR7jz+t9xrj04BfVnvHvRVwa7T7+7MdPesS/3Gf8b3x9d7dXXfbTiKmunz/JgVjV1vpmtbmze3V1fWGltlLbmJ2d+WDu2tz7c9PV5dV6rfi3a4zvf/yXTw7r/4Ue8SeO6P9kn/3/94M7jz7cyZa6xb9yufvn75s94qfFZ98ni3y7fmo/v9fJP+utn//mrcP6v9Sj/0f9/1/ps//vfvW7f+hzUwDgFDR3dtcW6vXa1iGZsT62kZE5Tib7Tufv8Xj76fny9OV2mA36sLx8JuKY++kxYJw7zdEJAAA4SU+/9A+6JQAAAAAAAAAAAAAAAAAAAHB2ncbdyJ6PuTeYrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOo/AQAA//+KZt0m") open(&(0x7f00009e1000)='./file2\x00', 0x50840, 0x8) 72.427786ms ago: executing program 0 (id=9604): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newtaction={0x74, 0x26, 0xffff, 0x70bd2b, 0x0, {}, [{0x60, 0x1, [@m_xt={0x2c, 0x1f, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_police={0x30, 0x5, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x7, 0x1}}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x10000081}, 0x0) 37.082658ms ago: executing program 5 (id=9605): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev(r0, &(0x7f0000000540)=[{&(0x7f0000000040)="e2", 0x1}, {&(0x7f0000000080)="e46c", 0x2}, {&(0x7f0000000200)="2e24908a2e9f29628672dff67568b0836698bbe4832128e7bf2a23506eee62af3634a8949cd612915c715e4056d1bd59387c1699e12d75737c212a5659289646a4c447c71fd63b4ce080cc5ddc7a1b471eeba11db717731fe6b4385458025b60e4c9dce8c61edb1c9faa36784777bafc12ee75abc7d9208a0e05e7f6a10155ed9c68b09ed2f3628a92bb59504b6ba0fb9caa7de378bbaae70a3853a9117a76246796308a18fb221161d3f4ad878db47b89ef5280457065cde896c3cc", 0xbc}, {&(0x7f0000000300)="d40067acd07522d02cfa63a8db45ce39e302d0c5ad2e9fbe4d960a8819359e29cd6e523e0351692522c6d0397d0cd8f7f89d8e241f95776ba50c28090e699ab43fd2de3eee7df768165894b91e48b3d8ffe0def58209bdcf6ffea9b72b3b173febf54c613e0da72d931efbaa7c08038245bef0b55e9feaa623f131d070b4d89da6a1d97aa993d611cef8ebd20328febad8770e63590c179d47", 0x99}, {&(0x7f00000006c0)="336cfb6169850f885b6f8fe7abab741fe91b8229e045f8293f0661d2d339620615ddf3a092e26332a384219e29a602261352f041de8e15e824cff527936c567f367c255a73504ade819a62b1f91384201217817b2f940a2dd505b8767268a83ff3b7b7dcbd9b8a8664e693d028967f3154275c9f440a2be988c5d01a97e7568732d199b76c2d1b1d1cf9b89f595133600d02cf47c592933bd51e47908feeb7c565a39075da98c0d30463fdee65a71e67d969b4788474dbfeba4e62ed327f7c0dc9b92f21a054f70161f740e4d37b367c1548f7d258603f58d0e8ecfbad409b983c6dc83855cdf1cd701597434e33c535577cb908c3bacad1be9994b932b1facf3f21d1bbe8fd089991f8367924ba1f35dc9b1c7fc80141f40b7c9777a6d6cec48dd77e315f14ed8dc61518f32f4498a35de69b4cd80ef8fc13d1fa951b4bd1587f3be837e5a2d5dd07fb0b41081438b45cb0986c795ff26796980d8298ad4cd8781472e25ff970f2f4f3e1d5161c9f21866a71b4efab11354d3d071edf2d7e76d3557d493cacbac9bb7c275aac5241a6d39d71955317aafe96d8a3a0a991a4dc718878f4ae5bc31e54d14159f162e2644df3580cfec9eb411874c8cad6fc6aeb5ee4028879ec20ab73dd1e8ee79528585298f31224711aa52f00b68e7bdd0450b2b472c540ab9e43a9390d0ec27e7918a51565c0d6e3f21163e8813d4f763dd49ef130f8dba1f8b94fb501ab11c76b1917f2f9d19bc6f38aa34ec7a578cd714a71f3da077515637f01b2aa2b96a2814bcd9059c4f050ca4c2cb1bc3ce560150858368341edb288a190eae3c88e061dd4807ef6c1aef4052fea1f985281477a6b20581201f188e74dd72680b82d0ccd35f4fb3d52275823b0f856c6b40f7923b4fe790b039652deb5ba6fdc30c5e15491c8c3965bd75295df99b1a3bbc603d27723f9f8e5e69ef52c98f98a9db32db1b7f3f303a888b98898230d47b4c29aa1d61c05cf15a7884f4f28ac45f061562ebe13ba844693a5d6a97144f7b6763e1d5a29ec4f60403f8f369ee89f0fdfae3e115281fb3757d4e77362f0ca9cfc7a44dfbb368a3f5997b6f67460d6e7e46ede163e536ab56db6a0b308b1a3342a8ed435d347149a2593c75482e3339a21af4a879368c63367b46d3367edae576b313abdb896c9ae91e21d3a61c4f40a6faa966d84113e47fbb884473b25a3157a88d65cf55239dfbeb78d97272099bd0ca07c56073dd7db03327df2ca6f9d268ffbd15a0c722d9d6715e6e9c51149f5f8a71d809b99c5e4128e4ff186b504f87b963ad4cdb0fb7cfead2f9cdaa4f3accfffb82e28bb657244d8068cc4a67b224a00062acc65d563a1f9ab7d8b04e35ed161bc27418db9bec1b9be9d8d2fca241edfcc01149003c0f34e6f9225999ea408b7e5f1f89a81a377ea3e260f428849a1848bb099ca76aa921af23c44a34abcffdfde91d21342880944d8cf6a3d2aade34e5a3cfb41dce4a18d62139027408bc952e627cdc65a380c3f38f7543971ae7825fffc3b052d06df06f8166d74fc70d5e549e0d21d57a09283f38023e3014481ad7f345fb50a19e9f371d3fd3cd0b4dce5a2ee4fef23d5a6b14130e6eec5118a7eeaed4ae2444cf067b27ea5749a34c810469eeb66361eed3161129a824d2e560eb075b61fdbb3979a30e0dc6a7d92ff996bbb53c371a97004dc1abc73f774f34a6ad8863abd57fa2c25deb2455fa82e1735fa250ab8fdbbc4a9a4d352b8f2d8f415bba14c914f119f6e790d69608f06737194c5abecdb12882d0843c95465a8db2f08ebf17f67426d17d71f99df3c77533b7ea39d72fe631bb216498c580c56a0b6fb96a229ea115893017caf2e8b04120d6df77f876f8a7836d35788ddb7cae7ad0f131d269a789b76d6e0f349515cb737517e373c85dac77a5b073810f8ea19c505165c5db037497a68e0facae6b25fc3be88c96a77cf89a77985a070fb42b11a7535648949686e05c4141989e7c0d4057e561015ac015d9a196c53cc066503cdff34b514c8000b6cc3d68f8dbdd9ec7b3586f467d66b1be16c057f7ff71bd5f6600d8da22f60fe9c043a5530041470a071155e16c18a771eef4d506beea4ff72416c53a72013a1ad6fb61c47b19af574b0546731a4de6191f52e1262dc2640473e45c027eb88422507ad36752464600957c45163c43f49f9dc7d9bbb2a3c7d7d07e4790013f80f983e1a2deb296d13c8f7884f61eba3d0f6203146d44c6bd01321fefa3f7bbdf90a5c6cf62de56eafd9a6a994c19e85b7c18518683cead5e767d11cf4e2cf9fcc03bfff51f40fd8c9ab981958e566f41019e5a50ba8ae350c9cbfff65ae0c05319d38a0c62c3a4e29d8e83c909d9689a06559fd86c8020dc0d141838316f5b2fa74088e", 0x6a9}], 0x5) 36.672778ms ago: executing program 4 (id=9606): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00') getdents64(r0, &(0x7f0000003540)=""/4091, 0xffb) 29.682039ms ago: executing program 1 (id=9607): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in=@local, 0x4e20, 0x3, 0x0, 0x0, 0xa, 0x20}, {0x3, 0x0, 0x0, 0x0, 0x190, 0x7, 0x800000000000000, 0x10000000}, {0x0, 0x6, 0x0, 0xf}, 0x0, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0xd}, 0x0, 0x2b}, 0x0, @in=@broadcast, 0x0, 0x3, 0x0, 0x0, 0x200, 0x3ff}}, 0x2f) 0s ago: executing program 5 (id=9608): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000180), 0x4) kernel console output (not intermixed with test programs): =4961 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 248.035475][T11523] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5302'. [ 248.044694][T11523] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5302'. [ 248.063043][T11523] device xfrm0 entered promiscuous mode [ 248.072323][T11523] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5302'. [ 248.159762][T11544] SELinux: policydb version 0 does not match my version range 15-33 [ 248.179276][T11544] SELinux: failed to load policy [ 248.218921][T11558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5317'. [ 248.258438][T11564] overlayfs: overlapping lowerdir path [ 248.393967][T11592] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5338'. [ 248.524934][T11631] netlink: 'syz.0.5348': attribute type 17 has an invalid length. [ 248.605900][T11652] loop3: detected capacity change from 0 to 512 [ 248.671840][T11652] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.5356: inode #1: comm syz.3.5356: iget: illegal inode # [ 248.710594][T11652] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.5356: error while reading EA inode 1 err=-117 [ 248.740935][T11652] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.5356: inode #1: comm syz.3.5356: iget: illegal inode # [ 248.759883][T11652] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.5356: error while reading EA inode 1 err=-117 [ 248.772545][T11652] EXT4-fs (loop3): 1 orphan inode deleted [ 248.778654][T11652] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,journal_dev=0x0000000000000dcc,,errors=continue. Quota mode: writeback. [ 248.900067][T11690] device bridge1 entered promiscuous mode [ 249.079909][T11736] xt_CT: You must specify a L4 protocol and not use inversions on it [ 249.174714][T11760] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.191075][T11760] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 249.322654][T11784] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 249.368690][T11789] xt_CT: You must specify a L4 protocol and not use inversions on it [ 249.382283][T11797] xt_ecn: cannot match TCP bits for non-tcp packets [ 249.399915][ T289] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 249.562312][T11836] device vlan0 entered promiscuous mode [ 249.573594][T11838] xt_CT: No such helper "snmp_trap" [ 249.710558][T11867] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 249.800873][ T289] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 249.823259][ T289] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 249.846392][ T289] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 4, skipping [ 249.876160][ T289] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 249.995846][ T289] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 250.004938][ T289] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 250.039337][ T289] usb 1-1: SerialNumber: syz [ 250.265893][T11982] netlink: 'syz.3.5524': attribute type 15 has an invalid length. [ 250.354003][ T289] usb 1-1: 0:2 : does not exist [ 250.358950][ T289] usb 1-1: unit 5 not found! [ 250.385985][ T289] usb 1-1: USB disconnect, device number 91 [ 250.530461][T12030] Zero length message leads to an empty skb [ 250.614500][T12045] loop3: detected capacity change from 0 to 256 [ 250.635576][ T336] udevd[336]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 250.690833][T12045] FAT-fs (loop3): Directory bread(block 64) failed [ 250.705365][T12045] FAT-fs (loop3): Directory bread(block 65) failed [ 250.731344][T12045] FAT-fs (loop3): Directory bread(block 66) failed [ 250.739863][T12045] FAT-fs (loop3): Directory bread(block 67) failed [ 250.760669][T12045] FAT-fs (loop3): Directory bread(block 68) failed [ 250.767399][T12045] FAT-fs (loop3): Directory bread(block 69) failed [ 250.790382][T12045] FAT-fs (loop3): Directory bread(block 70) failed [ 250.797056][T12045] FAT-fs (loop3): Directory bread(block 71) failed [ 250.803892][T12045] FAT-fs (loop3): Directory bread(block 72) failed [ 250.818994][T12045] FAT-fs (loop3): Directory bread(block 73) failed [ 251.025139][T12107] overlayfs: bad mount option "redirect_dir=on:/" [ 251.084251][T12077] loop5: detected capacity change from 0 to 40427 [ 251.129963][T12077] F2FS-fs (loop5): Invalid Fs Meta Ino: node(1) meta(1) root(3) [ 251.151288][T12077] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 251.163112][T12077] F2FS-fs (loop5): invalid crc value [ 251.200877][T12077] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 251.215576][T12139] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 251.243590][T12143] loop0: detected capacity change from 0 to 1024 [ 251.264927][T12077] F2FS-fs (loop5): Start checkpoint disabled! [ 251.280700][T12143] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 251.290989][T12077] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 251.301861][T12143] EXT4-fs (loop0): orphan cleanup on readonly fs [ 251.309298][T12143] EXT4-fs error (device loop0): __ext4_get_inode_loc:4358: comm syz.0.5603: Invalid inode table block 0 in block_group 0 [ 251.322216][T12143] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5880: Corrupt filesystem [ 251.331733][T12143] EXT4-fs error (device loop0): ext4_quota_write:6613: inode #3: comm syz.0.5603: mark_inode_dirty error [ 251.332490][T12077] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 251.350655][T12143] EXT4-fs error (device loop0): ext4_acquire_dquot:6201: comm syz.0.5603: Failed to acquire dquot type 0 [ 251.365945][T12143] EXT4-fs error (device loop0): __ext4_get_inode_loc:4358: comm syz.0.5603: Invalid inode table block 0 in block_group 0 [ 251.388466][T12143] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5880: Corrupt filesystem [ 251.411661][T12143] EXT4-fs error (device loop0): ext4_ext_truncate:4456: inode #15: comm syz.0.5603: mark_inode_dirty error [ 251.426036][T12143] EXT4-fs error (device loop0): __ext4_get_inode_loc:4358: comm syz.0.5603: Invalid inode table block 0 in block_group 0 [ 251.466523][T12143] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5880: Corrupt filesystem [ 251.476126][T12143] EXT4-fs error (device loop0) in ext4_orphan_del:303: Corrupt filesystem [ 251.490951][T12143] EXT4-fs error (device loop0): __ext4_get_inode_loc:4358: comm syz.0.5603: Invalid inode table block 0 in block_group 0 [ 251.533141][T12143] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5880: Corrupt filesystem [ 251.566908][T12143] EXT4-fs error (device loop0): ext4_truncate:4310: inode #15: comm syz.0.5603: mark_inode_dirty error [ 251.585469][T12182] netlink: 'syz.1.5622': attribute type 16 has an invalid length. [ 251.606188][T12182] netlink: 'syz.1.5622': attribute type 17 has an invalid length. [ 251.614498][T12143] EXT4-fs error (device loop0) in ext4_process_orphan:345: Corrupt filesystem [ 251.628665][T12182] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.636235][T12143] EXT4-fs (loop0): 1 truncate cleaned up [ 251.641980][T12143] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000019,journal_ioprio=0x0000000000000001,user_xattr,grpjquota=,data_err=ignore,noblock_validity,minixdf,noquota,,errors=continue. Quota mode: writeback. [ 251.675833][T12182] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.964874][T12242] xt_CT: You must specify a L4 protocol and not use inversions on it [ 252.033617][ T30] kauditd_printk_skb: 87 callbacks suppressed [ 252.033631][ T30] audit: type=1326 audit(2000002618.476:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12256 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23af37beb9 code=0x7ffc0000 [ 252.096935][ T30] audit: type=1326 audit(2000002618.476:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12256 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7f23af37beb9 code=0x7ffc0000 [ 252.124533][ T30] audit: type=1326 audit(2000002618.476:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12256 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23af37beb9 code=0x7ffc0000 [ 252.159698][T12272] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 252.178260][ T30] audit: type=1326 audit(2000002618.476:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12256 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23af37beb9 code=0x7ffc0000 [ 252.241379][T12282] xt_TPROXY: Can be used only with -p tcp or -p udp [ 252.264587][ T30] audit: type=1326 audit(2000002618.633:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12275 comm="syz.0.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce40554eb9 code=0x7ffc0000 [ 252.293851][ T30] audit: type=1326 audit(2000002618.643:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12275 comm="syz.0.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fce40554eb9 code=0x7ffc0000 [ 252.350112][T12296] cgroup: name respecified [ 252.412634][ T30] audit: type=1326 audit(2000002618.643:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12275 comm="syz.0.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce40554eb9 code=0x7ffc0000 [ 252.446403][ T30] audit: type=1326 audit(2000002618.643:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12275 comm="syz.0.5669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce40554eb9 code=0x7ffc0000 [ 252.489583][ T30] audit: type=1400 audit(2000002618.643:485): avc: denied { write } for pid=12277 comm="syz.1.5670" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 252.562465][ T30] audit: type=1326 audit(2000002618.799:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12302 comm="syz.5.5684" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ca0f1eb9 code=0x7ffc0000 [ 252.706244][T12340] __nla_validate_parse: 17 callbacks suppressed [ 252.706263][T12340] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5701'. [ 252.726790][T12340] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5701'. [ 252.813970][T12362] xt_ecn: cannot match TCP bits for non-tcp packets [ 252.835620][T12365] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5713'. [ 252.929381][T12387] block device autoloading is deprecated and will be removed. [ 252.971802][T12396] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5728'. [ 253.094390][ T1464] usb 1-1: new high-speed USB device number 92 using dummy_hcd [ 253.163289][T12441] loop3: detected capacity change from 0 to 512 [ 253.205013][T12447] loop5: detected capacity change from 0 to 512 [ 253.220017][T12441] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 253.231319][T12441] ext4 filesystem being mounted at /1162/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 253.254174][T12441] EXT4-fs error (device loop3): ext4_acquire_dquot:6201: comm syz.3.5751: Failed to acquire dquot type 1 [ 253.257821][T12447] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 253.285334][T12447] ext4 filesystem being mounted at /190/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 253.370824][T12447] EXT4-fs error (device loop5): ext4_xattr_block_get:546: inode #15: comm syz.5.5755: corrupted xattr block 33 [ 253.403431][T12447] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop5 ino=15 [ 253.419471][ T1464] usb 1-1: Using ep0 maxpacket: 32 [ 253.429783][T12447] EXT4-fs error (device loop5): ext4_xattr_block_get:546: inode #15: comm syz.5.5755: corrupted xattr block 33 [ 253.441984][T12447] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop5 ino=15 [ 253.451132][T12447] EXT4-fs error (device loop5): ext4_xattr_block_get:546: inode #15: comm syz.5.5755: corrupted xattr block 33 [ 253.463616][T12447] EXT4-fs error (device loop5): ext4_xattr_block_get:546: inode #15: comm syz.5.5755: corrupted xattr block 33 [ 253.475803][T12447] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop5 ino=15 [ 253.485148][T12447] EXT4-fs error (device loop5): ext4_acquire_dquot:6201: comm syz.5.5755: Failed to acquire dquot type 0 [ 253.501204][T12473] netlink: 'syz.3.5764': attribute type 16 has an invalid length. [ 253.509318][T12473] netlink: 'syz.3.5764': attribute type 17 has an invalid length. [ 253.527667][T12473] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.536754][T12473] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.552043][T12474] netlink: 'syz.4.5765': attribute type 29 has an invalid length. [ 253.571131][ T1464] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 253.584446][ T1464] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 253.669857][T12497] x_tables: unsorted underflow at hook 3 [ 253.715528][T12505] IPv6: NLM_F_CREATE should be specified when creating new route [ 253.732853][T12505] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 253.740096][T12505] IPv6: NLM_F_CREATE should be set when creating new route [ 253.747336][T12505] IPv6: NLM_F_CREATE should be set when creating new route [ 253.754850][ T1464] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 253.764446][ T1464] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 253.773903][T12507] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 253.789559][ T1464] usb 1-1: Product: syz [ 253.793939][ T1464] usb 1-1: Manufacturer: syz [ 253.813264][T12511] netlink: 656 bytes leftover after parsing attributes in process `syz.5.5783'. [ 253.842466][ T1464] hub 1-1:4.0: USB hub found [ 253.909834][T12523] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 253.927119][T12525] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5790'. [ 254.014292][T12545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5800'. [ 254.023943][T12545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5800'. [ 254.033355][T12545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5800'. [ 254.043120][T12545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5800'. [ 254.080349][ T1464] hub 1-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 254.213962][T12578] loop4: detected capacity change from 0 to 4096 [ 254.224137][T12578] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 254.237708][T12578] EXT4-fs (loop4): Test dummy encryption mode enabled [ 254.248667][T12578] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,mblk_io_submit,nodioread_nolock,test_dummy_encryption,nombcache,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 254.251837][T12583] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 254.291342][T12578] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 254.300167][T12578] EXT4-fs error (device loop4): ext4_append:79: inode #2: comm syz.4.5816: Logical block already allocated [ 254.414009][T12604] kernel profiling enabled (shift: 63) [ 254.419582][T12604] profiling shift: 63 too large [ 254.437942][ T1464] usb 1-1: USB disconnect, device number 92 [ 254.455712][T12609] bridge0: port 3(veth1_macvtap) entered blocking state [ 254.462864][T12609] bridge0: port 3(veth1_macvtap) entered disabled state [ 254.509643][T12616] netlink: 'syz.1.5833': attribute type 47 has an invalid length. [ 254.517537][T12616] netlink: 'syz.1.5833': attribute type 47 has an invalid length. [ 254.601750][T12634] xt_nat: multiple ranges no longer supported [ 254.705533][T12652] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 254.826725][T12674] loop3: detected capacity change from 0 to 256 [ 254.846356][T12674] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 254.947205][T12694] loop5: detected capacity change from 0 to 512 [ 254.979948][T12700] loop0: detected capacity change from 0 to 128 [ 255.027509][T12700] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 255.043977][T12700] ext4 filesystem being mounted at /1100/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 255.064339][T12694] EXT4-fs (loop5): mounted filesystem without journal. Opts: usrquota,max_batch_time=0x0000000000000006,nodelalloc,,errors=continue. Quota mode: writeback. [ 255.080823][T12694] ext4 filesystem being mounted at /202/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 255.100183][T12694] EXT4-fs error (device loop5): ext4_append:79: inode #2: comm syz.5.5873: Logical block already allocated [ 255.173044][T12702] loop3: detected capacity change from 0 to 40427 [ 255.186888][T12702] F2FS-fs (loop3): invalid crc value [ 255.203339][T12702] F2FS-fs (loop3): Found nat_bits in checkpoint [ 255.212074][T12719] erofs: dax options not supported [ 255.264416][T12725] x_tables: duplicate entry at hook 2 [ 255.270640][T12702] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1 [ 255.302614][T12702] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 255.356870][T12702] F2FS-fs (loop3): switch extent_cache option is not allowed [ 255.414270][T12752] netlink: 'syz.0.5897': attribute type 4 has an invalid length. [ 255.466707][T12759] loop0: detected capacity change from 0 to 512 [ 255.551077][T12759] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 255.607424][T12759] ext4 filesystem being mounted at /1108/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 255.653310][T12781] loop3: detected capacity change from 0 to 256 [ 255.689671][T12759] EXT4-fs error (device loop0): ext4_acquire_dquot:6201: comm syz.0.5901: Failed to acquire dquot type 1 [ 255.800526][T12799] netlink: 'syz.4.5919': attribute type 1 has an invalid length. [ 255.801078][T12781] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 255.852164][T12781] exFAT-fs (loop3): error, invalid access to FAT free cluster (entry 0x00000008) [ 255.886958][T12781] exFAT-fs (loop3): Filesystem has been set read-only [ 257.117151][T12825] loop4: detected capacity change from 0 to 256 [ 258.120932][T12825] FAT-fs (loop4): Directory bread(block 64) failed [ 258.139110][T12825] FAT-fs (loop4): Directory bread(block 65) failed [ 258.146605][T12825] FAT-fs (loop4): Directory bread(block 66) failed [ 258.153386][T12825] FAT-fs (loop4): Directory bread(block 67) failed [ 258.161921][T12825] FAT-fs (loop4): Directory bread(block 68) failed [ 258.170991][T12825] FAT-fs (loop4): Directory bread(block 69) failed [ 258.177831][T12825] FAT-fs (loop4): Directory bread(block 70) failed [ 258.184399][T12825] FAT-fs (loop4): Directory bread(block 71) failed [ 258.191116][T12825] FAT-fs (loop4): Directory bread(block 72) failed [ 258.197796][T12825] FAT-fs (loop4): Directory bread(block 73) failed [ 258.208598][ T30] kauditd_printk_skb: 80 callbacks suppressed [ 258.208612][ T30] audit: type=1400 audit(2000002631.164:561): avc: denied { mount } for pid=12824 comm="syz.4.5933" name="/" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 258.245554][ T30] audit: type=1400 audit(2000002631.211:562): avc: denied { unmount } for pid=285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 258.311425][T12839] overlayfs: missing 'lowerdir' [ 258.326962][T12843] netlink: 'syz.4.5937': attribute type 3 has an invalid length. [ 258.389541][T12852] __nla_validate_parse: 57 callbacks suppressed [ 258.389559][T12852] netlink: 193 bytes leftover after parsing attributes in process `syz.4.5946'. [ 258.415215][ T30] audit: type=1400 audit(2000002631.367:563): avc: denied { name_bind } for pid=12854 comm="syz.3.5947" src=24098 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 258.479750][ T30] audit: type=1400 audit(2000002631.386:564): avc: denied { node_bind } for pid=12854 comm="syz.3.5947" saddr=ff02::1 src=24098 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 258.605814][ T30] audit: type=1326 audit(2000002631.534:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12875 comm="syz.5.5958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ca0f1eb9 code=0x7ffc0000 [ 258.679502][ T30] audit: type=1326 audit(2000002631.534:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12875 comm="syz.5.5958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f73ca0f1eb9 code=0x7ffc0000 [ 258.726764][ T30] audit: type=1326 audit(2000002631.534:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12875 comm="syz.5.5958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ca0f1eb9 code=0x7ffc0000 [ 258.788841][T12898] xt_l2tp: v2 doesn't support IP mode [ 258.817977][ T30] audit: type=1326 audit(2000002631.534:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12875 comm="syz.5.5958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73ca0f1eb9 code=0x7ffc0000 [ 258.891122][T12910] netlink: 'syz.5.5974': attribute type 13 has an invalid length. [ 258.904253][ T30] audit: type=1400 audit(2000002631.589:569): avc: denied { create } for pid=12885 comm="syz.3.5962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 258.936885][ T30] audit: type=1400 audit(2000002631.598:570): avc: denied { setopt } for pid=12885 comm="syz.3.5962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 258.973192][T12910] gretap0: refused to change device tx_queue_len [ 258.980375][T12910] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 259.120271][T12933] loop3: detected capacity change from 0 to 256 [ 259.138144][T12936] ------------[ cut here ]------------ [ 259.158710][T12936] trace type BPF program uses run-time allocation [ 259.169689][T12936] WARNING: CPU: 0 PID: 12936 at kernel/bpf/verifier.c:11722 check_map_prog_compatibility+0x6cd/0x870 [ 259.194067][T12936] Modules linked in: [ 259.205185][T12936] CPU: 0 PID: 12936 Comm: syz.1.5987 Tainted: G W syzkaller #0 [ 259.226550][T12936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 259.240325][T12949] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5992'. [ 259.260417][T12936] RIP: 0010:check_map_prog_compatibility+0x6cd/0x870 [ 259.278476][T12936] Code: ee ff 48 c7 c6 20 42 48 85 4c 8b 65 d0 e9 fd fc ff ff e8 a6 1c ee ff c6 05 34 75 6a 05 01 48 c7 c7 80 3e 48 85 e8 a3 f1 2e 03 <0f> 0b e9 88 fb ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ac f9 ff [ 259.299273][T12951] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 259.306529][T12951] IPv6: NLM_F_CREATE should be set when creating new route [ 259.313761][T12951] IPv6: NLM_F_CREATE should be set when creating new route [ 259.345696][T12936] RSP: 0018:ffffc90000d87428 EFLAGS: 00010246 [ 259.351924][T12936] RAX: bc6fdd6733b40e00 RBX: 0000000000000001 RCX: 0000000000080000 [ 259.383533][T12936] RDX: ffffc9000173c000 RSI: 0000000000002c32 RDI: 0000000000002c33 [ 259.426698][T12936] RBP: ffffc90000d87470 R08: ffff8881f7027493 R09: 1ffff1103ee04e92 [ 259.461743][T12936] R10: dffffc0000000000 R11: ffffed103ee04e93 R12: ffff88810b36c000 [ 259.488725][T12936] R13: 0000000000000002 R14: dffffc0000000000 R15: ffff88813e350000 [ 259.499019][T12975] device wireguard0 entered promiscuous mode [ 259.505499][T12936] FS: 00007f23addd86c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 259.512564][T12978] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6005'. [ 259.525557][T12936] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 259.534057][T12936] CR2: 00002000000002c0 CR3: 0000000126e02000 CR4: 00000000003506a0 [ 259.545742][T12936] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 259.554584][T12936] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 259.562672][T12936] Call Trace: [ 259.566026][T12936] [ 259.570184][T12936] resolve_pseudo_ldimm64+0x656/0x1180 [ 259.575810][T12936] ? check_attach_btf_id+0xd70/0xd70 [ 259.581166][T12936] ? __mark_reg_known+0x1b0/0x1b0 [ 259.586292][T12936] ? security_capable+0x87/0xb0 [ 259.591228][T12936] bpf_check+0x32c7/0xf370 [ 259.596004][T12936] ? 0xffffffffa002c000 [ 259.600217][T12936] ? is_bpf_text_address+0x177/0x190 [ 259.605589][T12936] ? bpf_get_btf_vmlinux+0x60/0x60 [ 259.610781][T12936] ? unwind_get_return_address+0x4d/0x90 [ 259.616548][T12936] ? stack_trace_save+0xf0/0xf0 [ 259.622565][T12936] ? arch_stack_walk+0xee/0x140 [ 259.627530][T12936] ? stack_trace_save+0xa6/0xf0 [ 259.632433][T12936] ? __stack_depot_save+0x34/0x480 [ 259.637588][T12936] ? __kasan_slab_alloc+0x69/0xf0 [ 259.642722][T12936] ? __kasan_kmalloc+0xec/0x110 [ 259.647633][T12936] ? __kasan_kmalloc+0xda/0x110 [ 259.652583][T12936] ? kmem_cache_alloc_trace+0x119/0x270 [ 259.658215][T12936] ? selinux_bpf_prog_alloc+0x51/0x140 [ 259.663961][T12936] ? security_bpf_prog_alloc+0x62/0x90 [ 259.669526][T12936] ? bpf_prog_load+0x9f4/0x1640 [ 259.674610][T12936] ? __sys_bpf+0x51d/0x7d0 [ 259.679105][T12936] ? __x64_sys_bpf+0x7c/0x90 [ 259.683933][T12936] ? x64_sys_call+0x4b9/0x9a0 [ 259.688664][T12936] ? do_syscall_64+0x4c/0xa0 [ 259.693438][T12936] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 259.717418][T12936] ? check_stack_object+0x81/0x140 [ 259.722865][T12936] ? memset+0x35/0x40 [ 259.727150][T12936] ? bpf_obj_name_cpy+0x193/0x1e0 [ 259.732258][T12936] bpf_prog_load+0x10c4/0x1640 [ 259.739381][T12990] loop5: detected capacity change from 0 to 256 [ 259.745789][T12936] ? __anon_inode_getfd+0x35c/0x3d0 [ 259.751670][T12936] ? map_freeze+0x360/0x360 [ 259.756247][T12936] ? selinux_bpf+0xc7/0xf0 [ 259.760896][T12936] ? security_bpf+0x82/0xa0 [ 259.769343][T12936] __sys_bpf+0x51d/0x7d0 [ 259.773771][T12936] ? bpf_link_show_fdinfo+0x330/0x330 [ 259.780355][T12936] ? __kasan_check_write+0x14/0x20 [ 259.780380][T12936] ? switch_fpu_return+0x15d/0x2c0 [ 259.780403][T12936] __x64_sys_bpf+0x7c/0x90 [ 259.780421][T12936] x64_sys_call+0x4b9/0x9a0 [ 259.805254][T12936] do_syscall_64+0x4c/0xa0 [ 259.809872][T12936] ? clear_bhb_loop+0x50/0xa0 [ 259.822804][T12936] ? clear_bhb_loop+0x50/0xa0 [ 259.846135][T12936] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 259.852073][T12936] RIP: 0033:0x7f23af37beb9 [ 259.858038][T12999] loop0: detected capacity change from 0 to 256 [ 259.860706][T13003] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6019'. [ 259.876275][T12936] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 259.896955][T13004] netlink: 'syz.3.6020': attribute type 1 has an invalid length. [ 259.933967][T13010] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6023'. [ 259.959404][T12936] RSP: 002b:00007f23addd8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 259.970002][T13014] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6025'. [ 259.987311][T12936] RAX: ffffffffffffffda RBX: 00007f23af5f6fa0 RCX: 00007f23af37beb9 [ 259.996670][T13016] loop0: detected capacity change from 0 to 256 [ 260.003542][T12936] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005 [ 260.016612][T12936] RBP: 00007f23af3e9c1f R08: 0000000000000000 R09: 0000000000000000 [ 260.025498][T13016] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 260.037405][T12936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.048744][T12936] R13: 00007f23af5f7038 R14: 00007f23af5f6fa0 R15: 00007ffcf9de7b78 [ 260.064898][T13016] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 260.081373][T12936] [ 260.086798][T12936] ---[ end trace 53ec26ba2e4b8c77 ]--- [ 260.128397][T13030] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6034'. [ 260.169140][T13030] tc_dump_action: action bad kind [ 260.284808][T13064] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 260.305174][T13064] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 260.363061][T13078] mmap: syz.5.6056 (13078): VmData 167485440 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 260.417919][T13084] netlink: 11 bytes leftover after parsing attributes in process `syz.1.6061'. [ 260.488563][T13100] netlink: 'syz.4.6068': attribute type 2 has an invalid length. [ 260.502535][T13100] netlink: 1 bytes leftover after parsing attributes in process `syz.4.6068'. [ 260.593858][T13118] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6076'. [ 260.733593][T13156] A link change request failed with some changes committed already. Interface bond_slave_1 may have been left with an inconsistent configuration, please check. [ 260.959103][T13210] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 261.111984][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 261.145075][T13251] netlink: 'syz.4.6143': attribute type 3 has an invalid length. [ 261.160163][T13257] binfmt_misc: register: failed to install interpreter file ./file1 [ 261.170251][T13251] netlink: 'syz.4.6143': attribute type 3 has an invalid length. [ 261.364501][T13301] ------------[ cut here ]------------ [ 261.370085][T13301] WARNING: CPU: 1 PID: 13301 at mm/page_alloc.c:5783 __alloc_pages+0x392/0x460 [ 261.411455][T13301] Modules linked in: [ 261.415775][T13309] netlink: 'syz.5.6171': attribute type 1 has an invalid length. [ 261.423569][T13301] CPU: 1 PID: 13301 Comm: syz.1.6168 Tainted: G W syzkaller #0 [ 261.451565][T13301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 261.471954][T13316] cgroup: name respecified [ 261.494675][T13301] RIP: 0010:__alloc_pages+0x392/0x460 [ 261.513287][T13301] Code: ff e8 52 26 0a 03 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 6c fd ff ff 41 89 ff 4c 89 e7 e8 c6 cc 04 00 44 89 ff e9 59 fd ff ff <0f> 0b e9 16 ff ff ff 65 8b 05 38 ea 5d 7e 89 44 24 08 c1 e8 06 48 [ 261.599321][T13301] RSP: 0018:ffffc90000bb78e0 EFLAGS: 00010246 [ 261.620636][T13301] RAX: ffffc90000bb7940 RBX: 0000000000000020 RCX: 0000000000000000 [ 261.649163][T13301] RDX: 0000000000000018 RSI: 0000000000000000 RDI: ffffc90000bb7958 [ 261.688724][T13301] RBP: ffffc90000bb79c8 R08: ffffc90000bb7957 R09: ffffc90000bb7940 [ 261.714001][T13301] R10: dffffc0000000000 R11: fffff52000176f2b R12: ffffc90000bb7920 [ 261.742186][T13301] R13: dffffc0000000000 R14: 1ffff92000176f20 R15: 0000000000000000 [ 261.770723][T13301] FS: 00007f23addd86c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 261.793333][T13372] x_tables: duplicate underflow at hook 2 [ 261.804307][T13301] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 261.823106][T13301] CR2: 0000200000000040 CR3: 00000001295b8000 CR4: 00000000003506a0 [ 261.852630][T13380] xt_bpf: check failed: parse error [ 261.858031][T13301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 261.873814][T13301] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 261.894736][T13301] Call Trace: [ 261.909073][T13301] [ 261.910340][T13393] netlink: 'syz.0.6214': attribute type 12 has an invalid length. [ 261.912083][T13301] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 261.945289][T13301] ? prep_new_page+0x110/0x110 [ 261.962333][T13301] kmalloc_order+0x4c/0x160 [ 261.978799][T13301] kmalloc_order_trace+0x18/0xb0 [ 261.996200][T13408] xt_TCPMSS: Only works on TCP SYN packets [ 262.002233][T13301] __kmalloc+0x199/0x2c0 [ 262.006697][T13301] incfs_realloc_mount_info+0x99/0x440 [ 262.018101][T13301] incfs_alloc_mount_info+0x476/0x540 [ 262.038320][T13301] incfs_mount_fs+0x3c6/0x890 [ 262.048778][T13301] ? incfs_unlink+0x90/0x90 [ 262.065438][T13301] ? selinux_sb_eat_lsm_opts+0xa72/0xbf0 [ 262.082377][T13301] legacy_get_tree+0xed/0x190 [ 262.095766][T13301] ? incfs_unlink+0x90/0x90 [ 262.119883][T13301] vfs_get_tree+0x89/0x260 [ 262.129322][T13301] do_new_mount+0x25a/0xa20 [ 262.134520][T13301] path_mount+0x659/0xff0 [ 262.141245][T13301] ? user_path_at_empty+0x161/0x1c0 [ 262.148804][T13301] __se_sys_mount+0x320/0x390 [ 262.158017][T13301] ? __x64_sys_mount+0xd0/0xd0 [ 262.201165][T13301] ? __kasan_check_write+0x14/0x20 [ 262.214231][T13301] __x64_sys_mount+0xbf/0xd0 [ 262.224126][T13301] x64_sys_call+0x6bf/0x9a0 [ 262.254547][T13301] do_syscall_64+0x4c/0xa0 [ 262.262186][T13301] ? clear_bhb_loop+0x50/0xa0 [ 262.267176][T13301] ? clear_bhb_loop+0x50/0xa0 [ 262.275052][T13450] loop3: detected capacity change from 0 to 256 [ 262.279368][T13301] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 262.290257][T13301] RIP: 0033:0x7f23af37beb9 [ 262.298268][T13301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 262.332614][T13452] loop4: detected capacity change from 0 to 512 [ 262.360037][T13301] RSP: 002b:00007f23addd8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 262.370546][T13452] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 262.396162][T13301] RAX: ffffffffffffffda RBX: 00007f23af5f6fa0 RCX: 00007f23af37beb9 [ 262.405048][T13450] FAT-fs (loop3): Directory bread(block 64) failed [ 262.417004][T13450] FAT-fs (loop3): Directory bread(block 65) failed [ 262.424368][T13301] RDX: 0000200000000100 RSI: 0000200000000200 RDI: 0000200000000180 [ 262.425091][T13452] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 262.432365][T13301] RBP: 00007f23af3e9c1f R08: 0000200000000000 R09: 0000000000000000 [ 262.432381][T13301] R10: 0000000000200004 R11: 0000000000000246 R12: 0000000000000000 [ 262.457289][T13301] R13: 00007f23af5f7038 R14: 00007f23af5f6fa0 R15: 00007ffcf9de7b78 [ 262.465298][T13301] [ 262.468459][T13301] ---[ end trace 53ec26ba2e4b8c78 ]--- [ 262.474436][T13450] FAT-fs (loop3): Directory bread(block 66) failed [ 262.478715][T13301] incfs: Error allocating mount info. -12 [ 262.487852][T13450] FAT-fs (loop3): Directory bread(block 67) failed [ 262.488406][T13301] incfs: mount failed -12 [ 262.494427][T13450] FAT-fs (loop3): Directory bread(block 68) failed [ 262.494448][T13450] FAT-fs (loop3): Directory bread(block 69) failed [ 262.494516][T13450] FAT-fs (loop3): Directory bread(block 70) failed [ 262.518531][T13450] FAT-fs (loop3): Directory bread(block 71) failed [ 262.522000][T13452] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.6243: attempt to clear invalid blocks 2 len 1 [ 262.525558][T13450] FAT-fs (loop3): Directory bread(block 72) failed [ 262.544579][T13450] FAT-fs (loop3): Directory bread(block 73) failed [ 262.648596][T13452] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 262.690109][T13452] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.6243: invalid indirect mapped block 1819239214 (level 0) [ 262.716819][T13492] netlink: 'syz.3.6259': attribute type 1 has an invalid length. [ 262.757704][T13500] loop0: detected capacity change from 0 to 1024 [ 262.765383][T13452] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.6243: invalid indirect mapped block 1819239214 (level 1) [ 262.785464][T13500] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 262.812706][T13500] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 262.829383][T13452] EXT4-fs (loop4): 1 truncate cleaned up [ 262.844427][T13500] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e015c01c, mo2=0003] [ 262.852724][T13500] System zones: 0-1, 3-36 [ 262.857903][T13452] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=..,errors=continue. Quota mode: writeback. [ 262.885187][T13500] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,delalloc,nodelalloc,debug,nomblk_io_submit,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 262.923121][T13500] EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2760: inode #2: comm syz.0.6267: corrupted in-inode xattr [ 263.095248][T13553] IPv6: NLM_F_CREATE should be specified when creating new route [ 263.114152][T13553] IPv6: Can't replace route, no match found [ 263.123276][T13561] tc_dump_action: action bad kind [ 263.188730][T13573] IPv6: Can't replace route, no match found [ 263.195446][T13575] netlink: 'syz.1.6304': attribute type 12 has an invalid length. [ 263.295509][T13595] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 263.334611][T13601] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 263.370947][T13601] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 263.390450][T13601] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 263.399045][T13601] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 263.419637][T13615] xt_hashlimit: overflow, try lower: 17592186044416/9 [ 263.438766][T13601] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 263.480762][T13601] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 263.513141][T13632] loop5: detected capacity change from 0 to 256 [ 263.534870][T13636] device gre1 entered promiscuous mode [ 263.597408][T13632] FAT-fs (loop5): Directory bread(block 64) failed [ 263.625282][T13632] FAT-fs (loop5): Directory bread(block 65) failed [ 263.631850][T13632] FAT-fs (loop5): Directory bread(block 66) failed [ 263.663278][T13632] FAT-fs (loop5): Directory bread(block 67) failed [ 263.690799][T13632] FAT-fs (loop5): Directory bread(block 68) failed [ 263.695119][ T30] kauditd_printk_skb: 115 callbacks suppressed [ 263.695149][ T30] audit: type=1400 audit(2000002636.241:686): avc: denied { setcheckreqprot } for pid=13661 comm="syz.1.6346" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 263.697446][T13632] FAT-fs (loop5): Directory bread(block 69) failed [ 263.755291][T13632] FAT-fs (loop5): Directory bread(block 70) failed [ 263.780924][T13632] FAT-fs (loop5): Directory bread(block 71) failed [ 263.802131][T13632] FAT-fs (loop5): Directory bread(block 72) failed [ 263.808684][T13632] FAT-fs (loop5): Directory bread(block 73) failed [ 263.858985][T13632] FAT-fs (loop5): error, invalid access to FAT (entry 0x00006c61) [ 263.870566][T13632] FAT-fs (loop5): Filesystem has been set read-only [ 263.889675][ T30] audit: type=1400 audit(2000002636.416:687): avc: denied { read } for pid=13683 comm="syz.4.6354" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 263.956825][ T30] audit: type=1400 audit(2000002636.416:688): avc: denied { open } for pid=13683 comm="syz.4.6354" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 264.014703][T13694] loop5: detected capacity change from 0 to 4096 [ 264.037058][ T30] audit: type=1400 audit(2000002636.444:689): avc: denied { ioctl } for pid=13683 comm="syz.4.6354" path="/dev/snapshot" dev="devtmpfs" ino=90 ioctlcmd=0x3314 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 264.105181][ T30] audit: type=1400 audit(2000002636.619:690): avc: denied { read write } for pid=13701 comm="syz.1.6363" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 264.129996][T13694] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 264.172744][ T30] audit: type=1400 audit(2000002636.619:691): avc: denied { open } for pid=13701 comm="syz.1.6363" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 264.197977][ T30] audit: type=1400 audit(2000002636.647:692): avc: denied { ioctl } for pid=13701 comm="syz.1.6363" path="/dev/kvm" dev="devtmpfs" ino=82 ioctlcmd=0xae00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 264.254379][ T30] audit: type=1326 audit(2000002636.749:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13715 comm="syz.1.6369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23af37beb9 code=0x7ffc0000 [ 264.283602][T13718] __nla_validate_parse: 12 callbacks suppressed [ 264.283623][T13718] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6368'. [ 264.306719][T13724] xt_socket: unknown flags 0x40 [ 264.311716][ T30] audit: type=1326 audit(2000002636.749:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13715 comm="syz.1.6369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f23af37beb9 code=0x7ffc0000 [ 264.349063][ T30] audit: type=1326 audit(2000002636.749:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13715 comm="syz.1.6369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23af37beb9 code=0x7ffc0000 [ 264.413980][T13735] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6376'. [ 264.592794][T13770] netlink: 'syz.0.6396': attribute type 16 has an invalid length. [ 264.611185][T13770] netlink: 'syz.0.6396': attribute type 17 has an invalid length. [ 264.630881][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 264.639300][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 264.653927][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 264.661433][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 264.670969][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 264.682929][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 264.692481][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 264.700226][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 264.707809][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 264.715602][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 264.723419][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 264.733325][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 264.752301][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 264.759913][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 264.769989][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 264.792260][T13770] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 264.809952][T13782] netlink: 14 bytes leftover after parsing attributes in process `syz.5.6401'. [ 264.831434][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 264.851835][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 264.871818][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 264.898436][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 264.931327][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 264.968231][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 264.976588][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 264.993507][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 265.002208][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 265.010552][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready [ 265.022279][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready [ 265.039652][T13804] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 265.205662][T13847] loop0: detected capacity change from 0 to 256 [ 265.216828][T13852] SELinux: Context system_u:object_r:klogd_var_run_t:s0 is not valid (left unmapped). [ 265.227269][T13849] netlink: 196 bytes leftover after parsing attributes in process `syz.1.6434'. [ 265.261199][ T760] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 265.273956][T13847] FAT-fs (loop0): Directory bread(block 64) failed [ 265.280501][T13847] FAT-fs (loop0): Directory bread(block 65) failed [ 265.305775][T13863] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6440'. [ 265.314899][T13847] FAT-fs (loop0): Directory bread(block 66) failed [ 265.328554][T13847] FAT-fs (loop0): Directory bread(block 67) failed [ 265.339814][T13847] FAT-fs (loop0): Directory bread(block 68) failed [ 265.347955][T13847] FAT-fs (loop0): Directory bread(block 69) failed [ 265.368692][T13847] FAT-fs (loop0): Directory bread(block 70) failed [ 265.386206][T13847] FAT-fs (loop0): Directory bread(block 71) failed [ 265.395341][T13875] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.6446'. [ 265.397307][T13847] FAT-fs (loop0): Directory bread(block 72) failed [ 265.432719][T13847] FAT-fs (loop0): Directory bread(block 73) failed [ 265.521219][ T760] usb 6-1: Using ep0 maxpacket: 16 [ 265.651301][ T760] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 265.667551][ T760] usb 6-1: config 0 has no interfaces? [ 265.703673][T13914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6466'. [ 265.728223][T13914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6466'. [ 265.746664][T13922] validate_nla: 1 callbacks suppressed [ 265.746678][T13922] netlink: 'syz.3.6469': attribute type 30 has an invalid length. [ 265.857160][ T760] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 265.876135][ T760] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.884968][ T760] usb 6-1: Product: syz [ 265.889401][ T760] usb 6-1: Manufacturer: syz [ 265.902850][ T760] usb 6-1: SerialNumber: syz [ 265.910006][ T760] usb 6-1: config 0 descriptor?? [ 265.956386][T13962] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6489'. [ 265.967829][T13962] netlink: 30 bytes leftover after parsing attributes in process `syz.1.6489'. [ 265.991691][T13966] device vlan0 entered promiscuous mode [ 266.012605][T13968] netlink: 'syz.1.6493': attribute type 3 has an invalid length. [ 266.079674][T13982] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.089272][T13982] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 266.158047][T13996] virtiofs: Unknown parameter 'always' [ 266.164042][T13994] xt_hashlimit: max too large, truncated to 1048576 [ 266.191103][ T1464] usb 6-1: USB disconnect, device number 2 [ 266.230888][T14008] cgroup: noprefix used incorrectly [ 266.468591][T14043] mip6: mip6_rthdr_init_state: spi is not 0: 133 [ 266.528050][T14053] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=26 sclass=netlink_tcpdiag_socket pid=14053 comm=syz.1.6534 [ 266.636631][T14069] IPv6: sit3: Disabled Multicast RS [ 266.836068][T14105] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.853595][T14105] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 266.968353][T14128] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 267.053166][T14142] netlink: 'syz.1.6577': attribute type 15 has an invalid length. [ 267.141996][T14157] netlink: 'syz.3.6585': attribute type 16 has an invalid length. [ 267.170531][T14157] netlink: 'syz.3.6585': attribute type 17 has an invalid length. [ 267.200796][T14157] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 267.245495][T14157] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.252558][T14157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 267.328615][T14157] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 267.376324][T14157] IPv6: ADDRCONF(NETDEV_CHANGE): ip6gre1: link becomes ready [ 267.396201][T14157] IPv6: ADDRCONF(NETDEV_CHANGE): sit1: link becomes ready [ 267.412087][T14157] IPv6: ADDRCONF(NETDEV_CHANGE): bridge1: link becomes ready [ 267.420443][T14157] IPv6: ADDRCONF(NETDEV_CHANGE): erspan1: link becomes ready [ 267.428846][T14157] IPv6: ADDRCONF(NETDEV_CHANGE): bridge2: link becomes ready [ 267.438520][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 267.446922][T10379] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.453994][T10379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 267.471824][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 267.482780][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 267.496630][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 267.509585][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 267.520277][T14157] syz.3.6585 (14157) used greatest stack depth: 20128 bytes left [ 267.526331][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 267.545540][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 267.558450][T10379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 267.574506][T14185] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.585592][T14185] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 267.625755][T14191] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 267.677672][T14205] netlink: 'syz.1.6609': attribute type 2 has an invalid length. [ 267.706071][T14211] loop3: detected capacity change from 0 to 256 [ 267.761165][T14219] overlayfs: missing 'lowerdir' [ 267.812449][T14211] FAT-fs (loop3): Directory bread(block 64) failed [ 267.845283][T14211] FAT-fs (loop3): Directory bread(block 65) failed [ 267.861933][T14211] FAT-fs (loop3): Directory bread(block 66) failed [ 267.877928][T14211] FAT-fs (loop3): Directory bread(block 67) failed [ 267.903679][T14211] FAT-fs (loop3): Directory bread(block 68) failed [ 267.930657][T14211] FAT-fs (loop3): Directory bread(block 69) failed [ 267.957296][T14211] FAT-fs (loop3): Directory bread(block 70) failed [ 267.977985][T14211] FAT-fs (loop3): Directory bread(block 71) failed [ 267.992142][T14211] FAT-fs (loop3): Directory bread(block 72) failed [ 268.025567][T14211] FAT-fs (loop3): Directory bread(block 73) failed [ 268.056460][T14258] netlink: 'syz.0.6635': attribute type 32 has an invalid length. [ 268.150719][T14274] xt_l2tp: v2 tid > 0xffff: 134217728 [ 268.166072][T14161] loop5: detected capacity change from 0 to 131072 [ 268.219102][T14161] F2FS-fs (loop5): invalid crc value [ 268.242054][T14161] F2FS-fs (loop5): Found nat_bits in checkpoint [ 268.311605][T14310] netlink: 'syz.0.6660': attribute type 21 has an invalid length. [ 268.344857][T14161] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 268.411948][T14326] xt_l2tp: unknown flags: 10 [ 268.484838][T14340] xt_l2tp: wrong L2TP version: 0 [ 268.736328][T14384] sock: sock_timestamping_bind_phc: sock not bind to device [ 268.800750][T14395] ip6t_REJECT: ECHOREPLY is not supported [ 268.931075][T14422] device macsec0 entered promiscuous mode [ 269.072714][T14449] IPv6: sit3: Disabled Multicast RS [ 269.136282][T14467] loop4: detected capacity change from 0 to 1024 [ 269.161814][T14467] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 269.208942][T14467] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,noquota,dioread_nolock,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000070,max_dir_size_kb=0x00000000000007b1,stripe=0x0000000000000020,auto_da_alloc,max_batch_time=0x00000000000003fe,inlinecrypt,noinit_itable,,errors=continue. Quota mode: none. [ 269.276402][ T30] kauditd_printk_skb: 42 callbacks suppressed [ 269.276416][ T30] audit: type=1400 audit(2000002641.391:738): avc: denied { remove_name } for pid=14465 comm="syz.4.6737" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 269.292663][T14467] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 269.305525][ T30] audit: type=1400 audit(2000002641.400:739): avc: denied { rename } for pid=14465 comm="syz.4.6737" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 269.342107][ T30] audit: type=1400 audit(2000002641.400:740): avc: denied { unlink } for pid=14465 comm="syz.4.6737" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 269.440565][ T30] audit: type=1400 audit(2000002641.539:741): avc: denied { append } for pid=14518 comm="syz.5.6761" name="loop4" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 269.477913][T14521] xt_SECMARK: invalid security context 'unconfined' [ 269.596132][ T30] audit: type=1400 audit(2000002641.687:742): avc: denied { ioctl } for pid=14545 comm="syz.0.6774" path="socket:[58717]" dev="sockfs" ino=58717 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 269.645101][ T30] audit: type=1400 audit(2000002641.687:743): avc: denied { ioctl } for pid=14548 comm="syz.1.6776" path="socket:[59525]" dev="sockfs" ino=59525 ioctlcmd=0x48de scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 269.936181][ T30] audit: type=1400 audit(2000002641.994:744): avc: denied { write } for pid=14603 comm="syz.0.6813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 269.965032][T14608] netlink: 'syz.4.6804': attribute type 16 has an invalid length. [ 269.974981][T14533] loop5: detected capacity change from 0 to 40427 [ 269.987841][T14608] netlink: 'syz.4.6804': attribute type 17 has an invalid length. [ 270.007135][T14608] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 270.018220][T14533] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 270.024586][T14533] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 270.057027][T14533] F2FS-fs (loop5): invalid crc value [ 270.074258][ T30] audit: type=1400 audit(2000002642.123:745): avc: denied { getopt } for pid=14621 comm="syz.1.6812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 270.094030][T14608] IPv6: ADDRCONF(NETDEV_CHANGE): wg2: link becomes ready [ 270.116509][T14608] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.123577][T14608] bridge0: port 2(bridge_slave_1) entered forwarding state [ 270.137194][T14533] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 270.150969][T14608] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 270.181452][T14608] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 270.192591][T14608] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 270.209420][T14533] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 270.220464][T14533] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 270.228910][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 270.241566][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.248643][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 270.282709][T14533] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 270.298120][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 270.323757][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 270.370555][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 270.391987][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 270.412666][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 270.424895][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 270.454230][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 270.472819][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 270.505949][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 270.523337][ T1464] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 270.539720][T14676] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 270.686050][ T30] audit: type=1400 audit(2000002642.686:746): avc: denied { read } for pid=14707 comm="syz.1.6853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 270.832425][ T30] audit: type=1400 audit(2000002642.824:747): avc: denied { accept } for pid=14733 comm="syz.5.6866" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 271.156582][T14806] device xfrm0 left promiscuous mode [ 271.188019][T14811] __nla_validate_parse: 51 callbacks suppressed [ 271.188033][T14811] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6905'. [ 271.407507][T14854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 271.416469][T14854] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 271.425881][ T5232] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 271.446151][T14854] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 271.454141][T14854] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 271.465961][T14854] device wireguard0 left promiscuous mode [ 271.665444][T14896] validate_nla: 4 callbacks suppressed [ 271.665459][T14896] netlink: 'syz.1.6945': attribute type 5 has an invalid length. [ 271.679694][ T1464] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 271.691227][ T1464] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 271.710324][ T760] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 271.758991][T14908] SELinux: Context * is not valid (left unmapped). [ 271.815953][ T5232] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 271.833276][ T5232] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 271.844430][ T5232] usb 4-1: config 220 has no interface number 2 [ 271.856739][ T5232] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 271.869974][ T5232] usb 4-1: config 220 interface 0 has no altsetting 0 [ 271.896055][ T5232] usb 4-1: config 220 interface 76 has no altsetting 0 [ 271.919081][ T5232] usb 4-1: config 220 interface 1 has no altsetting 0 [ 271.969792][T14941] SELinux: syz.1.6968 (14941) set checkreqprot to 1. This is deprecated and will be rejected in a future kernel release. [ 272.097687][ T5232] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 272.119359][ T5232] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.139265][ T5232] usb 4-1: Product: syz [ 272.153517][ T5232] usb 4-1: Manufacturer: syz [ 272.164077][ T5232] usb 4-1: SerialNumber: syz [ 272.183217][T14962] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6978'. [ 272.197785][T14962] netlink: 164 bytes leftover after parsing attributes in process `syz.1.6978'. [ 272.307298][T14978] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6986'. [ 272.328369][ T760] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 272.455482][ T60] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 272.470962][T14998] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6996'. [ 272.519599][T15004] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7000'. [ 272.535332][T15004] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7000'. [ 272.563656][ T5232] usb 4-1: selecting invalid altsetting 0 [ 272.576426][ T5232] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 272.593319][ T5232] usb 4-1: No valid video chain found. [ 272.663181][ T5232] usb 4-1: USB disconnect, device number 89 [ 272.755244][T15036] loop4: detected capacity change from 0 to 1024 [ 272.851602][T15056] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 272.859053][T15056] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 272.866314][T15056] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 272.874487][T15036] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 272.886716][T15056] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 272.908064][T15036] EXT4-fs (loop4): Encoding requested by superblock is unknown [ 272.920556][T15056] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 272.930414][T15036] SELinux: security_context_str_to_sid(000000000ee01,data_err=ignore,jqfmt=vfsv0,lazytime,user_xattr,journal_ioprio=0x0000000000000002,dioread_nolock,) failed for (dev ?, type ?) errno=-22 [ 272.949125][T15056] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 272.963499][T15056] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 273.025618][T15071] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 273.145555][T15096] netlink: 'syz.3.7045': attribute type 16 has an invalid length. [ 273.232035][T15116] netlink: 'syz.1.7055': attribute type 4 has an invalid length. [ 273.266670][T15124] xt_TPROXY: Can be used only with -p tcp or -p udp [ 273.405209][T15148] netlink: 88 bytes leftover after parsing attributes in process `syz.4.7070'. [ 273.682968][T15208] loop5: detected capacity change from 0 to 256 [ 273.790342][T15233] rtc_cmos 00:00: Alarms can be up to one day in the future [ 273.883313][T15252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 273.896787][T15256] incfs: Options parsing error. -22 [ 273.900699][T15252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 273.912873][T15256] incfs: mount failed -22 [ 273.916416][T15252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 273.926173][T15252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 273.949090][T15252] device vlan0 left promiscuous mode [ 273.960346][T15252] device macsec0 left promiscuous mode [ 273.968938][T15252] device sit1 left promiscuous mode [ 273.982039][T15252] device gre1 left promiscuous mode [ 274.069142][T15284] xt_hashlimit: overflow, rate too high: 0 [ 274.416656][T15361] netlink: 'syz.3.7174': attribute type 1 has an invalid length. [ 274.611229][T15404] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 274.658690][T15412] loop5: detected capacity change from 0 to 2048 [ 274.703806][T15412] loop5: p1 < > p4 [ 274.712868][T15412] loop5: p4 start 42180 is beyond EOD, truncated [ 274.737640][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 274.737654][ T30] audit: type=1326 audit(2000002646.424:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15425 comm="syz.4.7208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871475feb9 code=0x7ffc0000 [ 274.788268][ T30] audit: type=1326 audit(2000002646.461:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15425 comm="syz.4.7208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871475feb9 code=0x7ffc0000 [ 274.789538][ T101] loop5: p1 < > p4 [ 274.819674][ T30] audit: type=1326 audit(2000002646.461:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15425 comm="syz.4.7208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f871475feb9 code=0x7ffc0000 [ 274.843181][ T30] audit: type=1326 audit(2000002646.461:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15425 comm="syz.4.7208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871475feb9 code=0x7ffc0000 [ 274.871383][ T30] audit: type=1326 audit(2000002646.461:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15425 comm="syz.4.7208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871475feb9 code=0x7ffc0000 [ 274.909473][ T101] loop5: p4 start 42180 is beyond EOD, truncated [ 274.930004][ T30] audit: type=1400 audit(2000002646.599:810): avc: denied { getopt } for pid=15446 comm="syz.3.7219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 274.951814][T15452] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.021709][T15466] loop3: detected capacity change from 0 to 2048 [ 275.028975][T15471] loop4: detected capacity change from 0 to 1024 [ 275.036952][T15476] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7232'. [ 275.067251][T15466] EXT4-fs (loop3): Ignoring removed bh option [ 275.103158][T15466] EXT4-fs (loop3): mounted filesystem without journal. Opts: discard,bh,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 275.120595][T15471] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 275.154081][T15466] SELinux: Context system_u:object_r:bin_t:s0 is not valid (left unmapped). [ 275.168647][T15503] netlink: 'syz.5.7243': attribute type 5 has an invalid length. [ 275.168656][T15471] EXT4-fs error (device loop4): ext4_ext_check_inode:501: inode #11: comm syz.4.7230: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 275.177350][ T30] audit: type=1400 audit(2000002646.839:811): avc: denied { relabelto } for pid=15465 comm="syz.3.7228" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:bin_t:s0" [ 275.221130][T15466] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 275.224947][T15471] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.7230: couldn't read orphan inode 11 (err -117) [ 275.250683][T15471] EXT4-fs (loop4): mounted filesystem without journal. Opts: sysvgroups,noload,mblk_io_submit,noload,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 275.308864][T15515] loop5: detected capacity change from 0 to 512 [ 275.317788][ T30] audit: type=1400 audit(2000002646.969:812): avc: denied { write } for pid=15516 comm="syz.1.7252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 275.372421][T15515] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 275.388416][ T336] udevd[336]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 275.400936][T15515] ext4 filesystem being mounted at /435/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 275.414427][T15535] x_tables: duplicate underflow at hook 4 [ 275.429008][ T30] audit: type=1400 audit(2000002647.070:813): avc: denied { setattr } for pid=15514 comm="syz.5.7251" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 275.469423][ T30] audit: type=1326 audit(2000002647.098:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15530 comm="syz.4.7257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f871475feb9 code=0x7ffc0000 [ 275.560974][T15560] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7271'. [ 275.619601][T15576] incfs: Options parsing error. -22 [ 275.635805][T15576] incfs: mount failed -22 [ 275.653181][T15584] syz.0.7279 (15584): /proc/15577/oom_adj is deprecated, please use /proc/15577/oom_score_adj instead. [ 275.664282][T15582] loop5: detected capacity change from 0 to 256 [ 275.904450][T15637] @ÿ: renamed from bond_slave_0 [ 276.114425][T15666] netlink: 'syz.5.7321': attribute type 3 has an invalid length. [ 276.167331][T15672] netlink: 'syz.1.7325': attribute type 32 has an invalid length. [ 276.309152][T15622] loop0: detected capacity change from 0 to 40427 [ 276.366726][ C0] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 276.395208][T15708] loop3: detected capacity change from 0 to 128 [ 276.406345][T15622] F2FS-fs (loop0): Mismatch start address, segment0(512) cp_blkaddr(918016) [ 276.420750][T15622] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 276.450893][T15622] F2FS-fs (loop0): invalid crc value [ 276.478515][T15622] F2FS-fs (loop0): Found nat_bits in checkpoint [ 276.544483][T15622] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 276.551645][T15622] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 276.652730][T15762] loop5: detected capacity change from 0 to 1024 [ 276.665420][T15766] __nla_validate_parse: 2 callbacks suppressed [ 276.665435][T15766] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7368'. [ 276.753038][T15762] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 276.801510][T15762] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 276.863815][T15762] EXT4-fs (loop5): mounted filesystem without journal. Opts: noauto_da_alloc,grpquota,grpjquota=,barrier,dioread_nolock,usrquota,nomblk_io_submit,nodiscard,,errors=continue. Quota mode: writeback. [ 276.899748][T15762] VFS: Lookup of 'file0' in ext4 loop5 would have caused loop [ 276.991408][T15815] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7395'. [ 277.017047][T15815] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7395'. [ 277.041913][T15815] netlink: 32 bytes leftover after parsing attributes in process `syz.4.7395'. [ 277.250193][T15872] netlink: 'syz.0.7422': attribute type 16 has an invalid length. [ 277.260451][T15872] netlink: 64138 bytes leftover after parsing attributes in process `syz.0.7422'. [ 277.321905][T15885] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=1014 sclass=netlink_tcpdiag_socket pid=15885 comm=syz.1.7427 [ 277.372339][T15885] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=1003 sclass=netlink_tcpdiag_socket pid=15885 comm=syz.1.7427 [ 277.426905][T15901] 8021q: VLANs not supported on gre0 [ 277.463787][T15910] xt_hashlimit: size too large, truncated to 1048576 [ 277.478440][T15910] xt_hashlimit: max too large, truncated to 1048576 [ 277.568580][T15932] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 277.691097][T15957] netlink: 68 bytes leftover after parsing attributes in process `syz.0.7463'. [ 277.744132][T15971] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7470'. [ 277.820576][T15990] x_tables: duplicate underflow at hook 1 [ 277.900238][T16009] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7489'. [ 278.085472][T16054] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7510'. [ 278.209595][T16076] EXT4-fs (loop5): Ignoring removed bh option [ 278.254214][T16076] EXT4-fs (loop5): mounted filesystem without journal. Opts: discard,bh,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 278.312443][T16076] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 278.346305][T16106] netlink: 'syz.0.7535': attribute type 3 has an invalid length. [ 278.359811][ T60] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 278.405907][T16118] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 278.641480][ T60] usb 5-1: Using ep0 maxpacket: 16 [ 278.771535][ T60] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 278.779845][ T60] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 278.803991][ T60] usb 5-1: config 0 has no interface number 0 [ 278.858182][ T1464] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 278.988596][ T60] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 278.998307][ T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.006987][ T60] usb 5-1: Product: syz [ 279.011760][ T60] usb 5-1: Manufacturer: syz [ 279.016528][ T60] usb 5-1: SerialNumber: syz [ 279.023407][ T60] usb 5-1: config 0 descriptor?? [ 279.071664][ T60] usb 5-1: Found UVC 0.00 device syz (046d:08f3) [ 279.085751][ T60] usb 5-1: No valid video chain found. [ 279.125684][T16188] netlink: 'syz.3.7574': attribute type 13 has an invalid length. [ 279.259184][ T1464] usb 2-1: config 0 has an invalid interface number: 64 but max is 0 [ 279.271920][ T1464] usb 2-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 279.298672][ T1464] usb 2-1: config 0 has no interface number 0 [ 279.298716][T16196] x_tables: unsorted underflow at hook 1 [ 279.305692][ T60] usb 5-1: USB disconnect, device number 91 [ 279.488120][ T1464] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 279.502571][ T1464] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.529496][ T1464] usb 2-1: Product: syz [ 279.535417][ T1464] usb 2-1: Manufacturer: syz [ 279.540222][ T1464] usb 2-1: SerialNumber: syz [ 279.540606][T16204] netlink: 148 bytes leftover after parsing attributes in process `syz.3.7582'. [ 279.556883][ T1464] usb 2-1: config 0 descriptor?? [ 279.638139][T16210] x_tables: unsorted underflow at hook 3 [ 279.835093][T16227] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 279.862258][T16229] netlink: 'syz.5.7593': attribute type 12 has an invalid length. [ 280.050853][T16270] set_capacity_and_notify: 1 callbacks suppressed [ 280.050871][T16270] loop5: detected capacity change from 0 to 128 [ 280.082528][ T1464] usb 2-1: Found UVC 0.00 device syz (046d:0823) [ 280.090549][ T1464] usb 2-1: No valid video chain found. [ 280.110865][ T1464] usb 2-1: USB disconnect, device number 95 [ 281.965587][T16288] netlink: 'syz.4.7624': attribute type 5 has an invalid length. [ 281.973372][T16288] netlink: 'syz.4.7624': attribute type 11 has an invalid length. [ 282.041734][T16309] IPv6: Can't replace route, no match found [ 282.166362][T16333] loop3: detected capacity change from 0 to 16 [ 282.183413][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 282.183425][ T30] audit: type=1400 audit(2000002653.300:849): avc: denied { setopt } for pid=16334 comm="syz.0.7647" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 282.231244][T16333] erofs: (device loop3): mounted with root inode @ nid 36. [ 282.270931][ T30] audit: type=1400 audit(2000002653.374:850): avc: denied { read write } for pid=16352 comm="syz.4.7655" name="vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 282.291857][T16333] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=46 [ 282.307537][T16333] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=46 [ 282.334196][ T30] audit: type=1400 audit(2000002653.420:851): avc: denied { open } for pid=16352 comm="syz.4.7655" path="/dev/vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 282.375727][T16361] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 282.454161][T16376] __nla_validate_parse: 2 callbacks suppressed [ 282.454177][T16376] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7665'. [ 282.469401][ T30] audit: type=1400 audit(2000002653.559:852): avc: denied { read write } for pid=16378 comm="syz.0.7669" name="uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 282.505367][T16376] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7665'. [ 282.517566][ T30] audit: type=1400 audit(2000002653.559:853): avc: denied { open } for pid=16378 comm="syz.0.7669" path="/dev/uhid" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 282.580243][T16395] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7676'. [ 282.604002][T16399] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7678'. [ 282.637056][T16403] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 282.644299][T16403] IPv6: NLM_F_CREATE should be set when creating new route [ 282.651537][T16403] IPv6: NLM_F_CREATE should be set when creating new route [ 282.672388][T16409] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7683'. [ 282.726639][T16417] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7687'. [ 282.836388][T16442] binder: 16438:16442 ioctl c0046209 0 returned -22 [ 282.846237][T16441] netlink: 164 bytes leftover after parsing attributes in process `syz.1.7699'. [ 282.863209][ T30] audit: type=1326 audit(2000002653.928:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16445 comm="syz.3.7701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde54094eb9 code=0x7ffc0000 [ 282.891679][ T30] audit: type=1326 audit(2000002653.937:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16445 comm="syz.3.7701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7fde54094eb9 code=0x7ffc0000 [ 282.929435][ T30] audit: type=1326 audit(2000002653.937:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16445 comm="syz.3.7701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde54094eb9 code=0x7ffc0000 [ 282.963583][T16441] netlink: 164 bytes leftover after parsing attributes in process `syz.1.7699'. [ 282.982249][ T30] audit: type=1326 audit(2000002653.937:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16445 comm="syz.3.7701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde54094eb9 code=0x7ffc0000 [ 282.996785][T16441] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7699'. [ 283.053718][T16466] netlink: 72 bytes leftover after parsing attributes in process `syz.3.7709'. [ 283.139110][ T30] audit: type=1400 audit(2000002654.186:858): avc: denied { create } for pid=16479 comm="syz.4.7719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 283.338117][T16526] ipt_REJECT: TCP_RESET invalid for non-tcp [ 283.514422][T16568] netlink: 'syz.4.7762': attribute type 30 has an invalid length. [ 283.552204][T16579] xt_hashlimit: overflow, try lower: 3/0 [ 283.558091][T16580] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 283.686649][T16601] device bridge2 entered promiscuous mode [ 283.973482][T16667] loop3: detected capacity change from 0 to 256 [ 284.042902][T16685] loop0: detected capacity change from 0 to 256 [ 284.107090][T16685] FAT-fs (loop0): Directory bread(block 64) failed [ 284.117387][T16685] FAT-fs (loop0): Directory bread(block 65) failed [ 284.145827][T16685] FAT-fs (loop0): Directory bread(block 66) failed [ 284.152370][T16685] FAT-fs (loop0): Directory bread(block 67) failed [ 284.193180][T16685] FAT-fs (loop0): Directory bread(block 68) failed [ 284.237673][T16685] FAT-fs (loop0): Directory bread(block 69) failed [ 284.279168][T16685] FAT-fs (loop0): Directory bread(block 70) failed [ 284.285728][T16685] FAT-fs (loop0): Directory bread(block 71) failed [ 284.312969][T16685] FAT-fs (loop0): Directory bread(block 72) failed [ 284.323888][T16685] FAT-fs (loop0): Directory bread(block 73) failed [ 284.345345][T16727] loop4: detected capacity change from 0 to 4096 [ 284.379273][T16739] device veth1_macvtap left promiscuous mode [ 284.387799][T16739] device macsec0 entered promiscuous mode [ 284.459496][T16727] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 284.566444][T16775] loop3: detected capacity change from 0 to 256 [ 284.610656][T16781] loop4: detected capacity change from 0 to 256 [ 284.625527][T16785] loop5: detected capacity change from 0 to 256 [ 284.714409][T16785] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d) [ 284.763831][T16811] xt_NFQUEUE: number of total queues is 0 [ 284.768962][T16813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 284.777862][T16813] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 284.963106][T16849] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 284.996992][T16854] device macsec0 left promiscuous mode [ 285.003516][T16854] device bridge1 left promiscuous mode [ 285.017361][T16857] xt_NFQUEUE: number of queues (8) out of range (got 65537) [ 285.077291][T16869] overlayfs: unrecognized mount option "\" or missing value [ 285.233570][T16905] xt_TCPMSS: Only works on TCP SYN packets [ 285.741566][T17040] overlayfs: conflicting options: userxattr,redirect_dir=off [ 285.833552][T17059] loop0: detected capacity change from 0 to 512 [ 285.889720][ C0] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 285.905068][T17076] loop3: detected capacity change from 0 to 128 [ 285.920115][T17059] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 285.935337][T17059] ext4 filesystem being mounted at /1539/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 285.962347][T17059] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.8003: corrupted xattr block 33 [ 285.966866][T17093] device sit0 entered promiscuous mode [ 285.986442][T17059] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop0 ino=15 [ 286.008850][T17059] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.8003: corrupted xattr block 33 [ 286.030634][T17059] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop0 ino=15 [ 286.040331][T17059] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.8003: corrupted xattr block 33 [ 286.060606][T17059] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop0 ino=15 [ 286.078360][T17059] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.8003: corrupted xattr block 33 [ 286.106772][T17059] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.8003: corrupted xattr block 33 [ 286.147230][T17059] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop0 ino=15 [ 286.510702][T17202] loop3: detected capacity change from 0 to 512 [ 286.635090][T17202] EXT4-fs (loop3): mounted filesystem without journal. Opts: lazytime,errors=remount-ro,. Quota mode: writeback. [ 286.673464][T17202] ext4 filesystem being mounted at /1608/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 286.684974][T17245] IPv6: NLM_F_REPLACE set, but no existing node found! [ 286.723425][T17202] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #12: comm syz.3.8073: invalid size [ 286.735569][T17202] EXT4-fs (loop3): Remounting filesystem read-only [ 286.940535][ T5232] usb 2-1: new full-speed USB device number 96 using dummy_hcd [ 287.181803][T17355] loop4: detected capacity change from 0 to 256 [ 287.322737][T17384] loop5: detected capacity change from 0 to 256 [ 287.341409][ T5232] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 287.355787][ T5232] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 287.366820][T17380] loop3: detected capacity change from 0 to 8192 [ 287.452376][T17402] netlink: 'syz.3.8173': attribute type 12 has an invalid length. [ 287.536470][ T5232] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 287.547213][ T333] usb 5-1: new low-speed USB device number 92 using dummy_hcd [ 287.557655][ T5232] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.572784][ T5232] usb 2-1: Product: syz [ 287.578116][T17426] loop5: detected capacity change from 0 to 512 [ 287.585319][ T5232] usb 2-1: Manufacturer: syz [ 287.590081][ T5232] usb 2-1: SerialNumber: syz [ 287.646005][T17426] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 287.657873][T17426] ext4 filesystem being mounted at /628/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 287.758756][T17446] IPv6: NLM_F_CREATE should be specified when creating new route [ 287.766956][T17446] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 287.774194][T17446] IPv6: NLM_F_CREATE should be set when creating new route [ 287.892482][T17442] loop5: detected capacity change from 0 to 40427 [ 287.907493][T17442] F2FS-fs (loop5): Fix alignment : internally, start(4096) end(16896) block(12288) [ 287.926761][T17442] F2FS-fs (loop5): invalid crc value [ 287.933351][T17442] F2FS-fs (loop5): Found nat_bits in checkpoint [ 287.948142][ T5232] usb 2-1: 0:2 : does not exist [ 287.957419][ T5232] usb 2-1: USB disconnect, device number 96 [ 287.993827][T17442] F2FS-fs (loop5): recover fsync data on readonly fs [ 288.000851][T17442] F2FS-fs (loop5): Cannot turn on quotas: -2 on 1 [ 288.007550][T17442] F2FS-fs (loop5): Cannot turn on quotas: -2 on 2 [ 288.014867][T17442] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 288.061637][T17475] loop3: detected capacity change from 0 to 128 [ 288.126874][T17479] __nla_validate_parse: 18 callbacks suppressed [ 288.126892][T17479] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8211'. [ 288.142405][T17479] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8211'. [ 288.151682][T17479] netlink: 31 bytes leftover after parsing attributes in process `syz.3.8211'. [ 288.154195][ T333] usb 5-1: config 7 has an invalid interface number: 112 but max is 1 [ 288.160844][T17479] netlink: 'syz.3.8211': attribute type 2 has an invalid length. [ 288.176713][T17479] netlink: 31 bytes leftover after parsing attributes in process `syz.3.8211'. [ 288.182578][ T333] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 288.198504][ T333] usb 5-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 288.208353][ T333] usb 5-1: config 7 has no interface number 0 [ 288.216875][ T333] usb 5-1: config 7 interface 112 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 288.244861][ T333] usb 5-1: config 7 interface 112 has no altsetting 0 [ 288.267571][T17489] device gre1 entered promiscuous mode [ 288.390937][T17509] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check. [ 288.406861][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 288.406874][ T30] audit: type=1400 audit(2000002659.051:918): avc: denied { setattr } for pid=17510 comm="syz.0.8226" path="socket:[68510]" dev="sockfs" ino=68510 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 288.466513][T17516] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8228'. [ 288.475805][T17516] tc_dump_action: action bad kind [ 288.487447][ T30] audit: type=1400 audit(2000002659.115:919): avc: denied { setattr } for pid=17518 comm="syz.0.8230" name="vcsu" dev="devtmpfs" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1 [ 288.547404][T17525] device bridge4 entered promiscuous mode [ 288.587396][ T333] usb 5-1: string descriptor 0 read error: -22 [ 288.594489][ T333] usb 5-1: New USB device found, idVendor=046d, idProduct=089b, bcdDevice=ff.2b [ 288.609278][ T333] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.647186][T17538] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8240'. [ 288.685501][ T333] usb 5-1: Found UVC 0.00 device (046d:089b) [ 288.701419][T17551] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8246'. [ 288.710757][T17549] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8245'. [ 288.719652][ T333] usb 5-1: No valid video chain found. [ 288.736415][ T30] audit: type=1400 audit(2000002659.346:920): avc: denied { read } for pid=17556 comm="syz.1.8248" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 288.760346][ T30] audit: type=1400 audit(2000002659.374:921): avc: denied { open } for pid=17556 comm="syz.1.8248" path="/dev/cpu/1/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 288.806689][ T30] audit: type=1400 audit(2000002659.411:922): avc: denied { ioctl } for pid=17556 comm="syz.1.8248" path="/dev/cpu/1/msr" dev="devtmpfs" ino=87 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 288.904975][ T60] usb 5-1: USB disconnect, device number 92 [ 288.913505][ T30] audit: type=1400 audit(2000002659.521:923): avc: denied { accept } for pid=17580 comm="syz.1.8260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 288.942231][T17586] netlink: 260 bytes leftover after parsing attributes in process `syz.3.8263'. [ 288.975704][T17586] netlink: 104 bytes leftover after parsing attributes in process `syz.3.8263'. [ 289.081858][T17605] loop3: detected capacity change from 0 to 1024 [ 289.130766][ T30] audit: type=1326 audit(2000002659.715:924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17615 comm="syz.1.8278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23af37beb9 code=0x7ffc0000 [ 289.178819][ T30] audit: type=1326 audit(2000002659.734:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17615 comm="syz.1.8278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23af37beb9 code=0x7ffc0000 [ 289.205675][T17605] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv1,stripe=0x0000000000000003,abort,,errors=continue. Quota mode: none. [ 289.224222][ T30] audit: type=1326 audit(2000002659.734:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17615 comm="syz.1.8278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7f23af37beb9 code=0x7ffc0000 [ 289.249162][ T30] audit: type=1326 audit(2000002659.734:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17615 comm="syz.1.8278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23af37beb9 code=0x7ffc0000 [ 289.268432][T17605] EXT4-fs error (device loop3): __ext4_new_inode:1076: comm syz.3.8273: reserved inode found cleared - inode=2 [ 289.288811][T17626] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.304294][T17626] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 289.601918][T17694] x_tables: unsorted underflow at hook 2 [ 289.667302][T17708] xt_CT: You must specify a L4 protocol and not use inversions on it [ 289.709057][T17718] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 289.746608][T17718] overlayfs: missing 'lowerdir' [ 289.757937][T17723] futex_wake_op: syz.1.8330 tries to shift op by 32; fix this program [ 289.833561][T17729] erofs: (device loop3): mounted with root inode @ nid 36. [ 292.910295][T17772] device batadv_slave_0 entered promiscuous mode [ 292.923935][T17789] IPv6: Can't replace route, no match found [ 292.965875][T17797] netlink: 'syz.1.8368': attribute type 6 has an invalid length. [ 293.017939][T17808] xt_TCPMSS: Only works on TCP SYN packets [ 293.075952][T17816] set_capacity_and_notify: 1 callbacks suppressed [ 293.075972][T17816] loop3: detected capacity change from 0 to 256 [ 293.132212][T17816] FAT-fs (loop3): Directory bread(block 64) failed [ 293.154975][T17816] FAT-fs (loop3): Directory bread(block 65) failed [ 293.179796][T17816] FAT-fs (loop3): Directory bread(block 66) failed [ 293.186546][T17816] FAT-fs (loop3): Directory bread(block 67) failed [ 293.204781][T17816] FAT-fs (loop3): Directory bread(block 68) failed [ 293.218028][T17816] FAT-fs (loop3): Directory bread(block 69) failed [ 293.224941][T17816] FAT-fs (loop3): Directory bread(block 70) failed [ 293.248415][T17816] FAT-fs (loop3): Directory bread(block 71) failed [ 293.255964][T17816] FAT-fs (loop3): Directory bread(block 72) failed [ 293.264010][T17816] FAT-fs (loop3): Directory bread(block 73) failed [ 293.539297][T17908] netlink: 'syz.0.8424': attribute type 3 has an invalid length. [ 293.591417][T17919] __nla_validate_parse: 5 callbacks suppressed [ 293.591435][T17919] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8428'. [ 293.640692][T17919] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8428'. [ 293.692684][T17933] device vti0 entered promiscuous mode [ 293.743117][T17942] netlink: 'syz.4.8438': attribute type 15 has an invalid length. [ 293.773779][T17942] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8438'. [ 293.818194][T17951] netlink: 'syz.4.8444': attribute type 5 has an invalid length. [ 293.842182][T17954] kernel profiling enabled (shift: 9) [ 293.897772][T17969] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8451'. [ 293.915558][T17970] SELinux: Context is not valid (left unmapped). [ 293.928663][T17969] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8451'. [ 293.939262][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 293.939274][ T30] audit: type=1400 audit(2000002664.146:947): avc: denied { relabelto } for pid=17967 comm="syz.0.8452" name="blkio.bfq.io_serviced" dev="tmpfs" ino=8336 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="" [ 293.975048][ T30] audit: type=1400 audit(2000002664.164:948): avc: denied { prog_load } for pid=17976 comm="syz.3.8455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 294.018202][ T30] audit: type=1400 audit(2000002664.164:949): avc: denied { bpf } for pid=17976 comm="syz.3.8455" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 294.069866][ T30] audit: type=1400 audit(2000002664.164:950): avc: denied { perfmon } for pid=17976 comm="syz.3.8455" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 294.092263][T17981] SELinux: Context system_u:object_r:systemd_logind_sessions_t:s0 is not valid (left unmapped). [ 294.106250][ T30] audit: type=1400 audit(2000002664.173:951): avc: denied { prog_run } for pid=17976 comm="syz.3.8455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 294.177761][ T30] audit: type=1400 audit(2000002664.182:952): avc: denied { associate } for pid=17967 comm="syz.0.8452" name="blkio.bfq.io_serviced" dev="tmpfs" ino=8336 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="" [ 294.181317][T17999] loop3: detected capacity change from 0 to 512 [ 294.286147][ T30] audit: type=1400 audit(2000002664.219:953): avc: denied { read write } for pid=281 comm="syz-executor" name="loop1" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 294.318020][ T281] audit: audit_backlog=65 > audit_backlog_limit=64 [ 294.329359][T18019] audit: audit_backlog=65 > audit_backlog_limit=64 [ 294.332890][ T281] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 294.382187][T17999] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 294.449021][T17999] EXT4-fs error (device loop3): ext4_validate_block_bitmap:420: comm syz.3.8463: bg 0: bad block bitmap checksum [ 294.491407][T17999] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6194: Filesystem failed CRC [ 294.634660][T18054] device ip6erspan0 entered promiscuous mode [ 294.774743][T18068] netlink: 'syz.5.8501': attribute type 4 has an invalid length. [ 294.782593][T18068] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.8501'. [ 294.791173][T18073] printk: syz.0.8502 (18073): Attempt to access syslog with CAP_SYS_ADMIN but no CAP_SYSLOG (deprecated). [ 295.192693][T18105] netlink: 'syz.0.8518': attribute type 1 has an invalid length. [ 295.197936][T18043] loop4: detected capacity change from 0 to 40427 [ 295.235486][T18043] F2FS-fs (loop4): fault_type options not supported [ 295.259997][T18043] F2FS-fs (loop4): invalid crc value [ 295.280296][T18118] netlink: 'syz.3.8524': attribute type 3 has an invalid length. [ 295.289893][T18043] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 295.379434][T18130] xt_CONNSECMARK: invalid mode: 66 [ 295.416395][T18043] F2FS-fs (loop4): recover fsync data on readonly fs [ 295.444891][T18137] loop3: detected capacity change from 0 to 512 [ 295.456324][T18043] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 295.521774][T18137] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 295.554544][T18137] ext4 filesystem being mounted at /1710/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 295.604794][T18137] EXT4-fs error (device loop3): ext4_acquire_dquot:6201: comm syz.3.8533: Failed to acquire dquot type 0 [ 295.909748][T18177] netlink: 'syz.0.8552': attribute type 5 has an invalid length. [ 295.931568][T18177] device ip6erspan0 entered promiscuous mode [ 296.084598][ T60] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 296.383938][T18220] device veth1_to_team entered promiscuous mode [ 296.388171][ T60] usb 4-1: Using ep0 maxpacket: 32 [ 296.400943][T18220] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check. [ 296.540495][ T60] usb 4-1: config 0 has an invalid descriptor of length 39, skipping remainder of the config [ 296.693122][T18247] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8584'. [ 296.734890][ T60] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 296.754442][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.774913][T18256] IPv6: Can't replace route, no match found [ 296.797094][ T60] usb 4-1: Product: syz [ 296.801840][T18258] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 296.818006][ T60] usb 4-1: Manufacturer: syz [ 296.828732][ T60] usb 4-1: SerialNumber: syz [ 296.841286][ T60] usb 4-1: config 0 descriptor?? [ 296.886867][ T60] usb 4-1: bad CDC descriptors [ 296.893655][ T60] usb 4-1: unsupported MDLM descriptors [ 297.068143][T18285] bridge3: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 297.133112][ T5232] usb 4-1: USB disconnect, device number 90 [ 297.323718][T18288] loop0: detected capacity change from 0 to 512 [ 297.365533][T18288] EXT4-fs (loop0): Test dummy encryption mode enabled [ 297.372840][T18288] EXT4-fs (loop0): Test dummy encryption mode enabled [ 297.410438][T18288] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable=0x0000000000000000,minixdf,jqfmt=vfsv1,prjquota,inode_readahead_blks=0x0000000000000100,barrier=0x000000000000000b,errors=remount-ro,auto_da_alloc,test_dummy_encryption,min_batch_time=0x0000. Quota mode: writeback. [ 297.729534][T18360] netlink: 'syz.5.8641': attribute type 1 has an invalid length. [ 297.859300][T18375] loop0: detected capacity change from 0 to 2048 [ 297.880147][T18379] device sit0 entered promiscuous mode [ 297.916533][T18379] netlink: 'syz.3.8651': attribute type 1 has an invalid length. [ 297.993716][T18379] netlink: 9 bytes leftover after parsing attributes in process `syz.3.8651'. [ 298.011610][T18391] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 298.066602][T18397] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.139849][T18397] device vti0 left promiscuous mode [ 298.236128][T18418] SELinux: security_context_str_to_sid(defcontext) failed for (dev ?, type ?) errno=-22 [ 298.584308][T18470] netlink: 'syz.3.8695': attribute type 3 has an invalid length. [ 298.654167][T18485] netlink: 'syz.0.8702': attribute type 21 has an invalid length. [ 298.706234][T18491] SELinux: failed to load policy [ 298.736471][T18495] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8708'. [ 298.770962][T18503] loop5: detected capacity change from 0 to 256 [ 298.812020][T18503] exfat: Deprecated parameter 'utf8' [ 298.824512][T18503] exfat: Deprecated parameter 'utf8' [ 298.860545][T18503] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xd67973f8, utbl_chksum : 0xe619d30d) [ 299.232736][T18567] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8743'. [ 299.359158][ T30] kauditd_printk_skb: 1072 callbacks suppressed [ 299.359175][ T30] audit: type=1400 audit(2000002669.157:2021): avc: denied { ioctl } for pid=18573 comm="syz.1.8747" path="/dev/kvm" dev="devtmpfs" ino=82 ioctlcmd=0xae05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 299.421306][T18578] overlayfs: missing 'lowerdir' [ 299.484067][ T30] audit: type=1400 audit(2000002669.185:2022): avc: denied { read write } for pid=281 comm="syz-executor" name="loop1" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 299.599780][ T30] audit: type=1400 audit(2000002669.185:2023): avc: denied { open } for pid=281 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 299.703043][ T30] audit: type=1400 audit(2000002669.185:2024): avc: denied { ioctl } for pid=281 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=117 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 299.738852][T10560] audit: audit_backlog=65 > audit_backlog_limit=64 [ 299.746761][ T281] audit: audit_backlog=65 > audit_backlog_limit=64 [ 299.756068][T10560] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64 [ 299.768886][ T281] audit: audit_lost=4 audit_rate_limit=0 audit_backlog_limit=64 [ 299.774493][T10560] audit: backlog limit exceeded [ 299.776546][ T281] audit: backlog limit exceeded [ 299.819363][T18610] loop4: detected capacity change from 0 to 512 [ 299.878292][T18625] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 299.920453][T18610] EXT4-fs (loop4): Ignoring removed nobh option [ 299.947377][T18610] EXT4-fs error (device loop4): ext4_do_update_inode:5248: inode #16: comm syz.4.8768: corrupted inode contents [ 299.959880][T18610] EXT4-fs (loop4): Remounting filesystem read-only [ 299.966476][T18610] EXT4-fs error (device loop4): ext4_dirty_inode:6084: inode #16: comm syz.4.8768: mark_inode_dirty error [ 299.978774][T18610] EXT4-fs (loop4): Remounting filesystem read-only [ 299.985442][T18610] EXT4-fs error (device loop4): ext4_do_update_inode:5248: inode #16: comm syz.4.8768: corrupted inode contents [ 299.998226][T18610] EXT4-fs (loop4): Remounting filesystem read-only [ 300.004771][T18610] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.8768: mark_inode_dirty error [ 300.016753][T18610] EXT4-fs (loop4): Remounting filesystem read-only [ 300.023338][T18610] EXT4-fs error (device loop4): ext4_do_update_inode:5248: inode #16: comm syz.4.8768: corrupted inode contents [ 300.038527][T18610] EXT4-fs (loop4): Remounting filesystem read-only [ 300.045140][T18610] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 300.057175][T18610] EXT4-fs (loop4): Remounting filesystem read-only [ 300.063752][T18610] EXT4-fs error (device loop4): ext4_do_update_inode:5248: inode #16: comm syz.4.8768: corrupted inode contents [ 300.081870][T18610] EXT4-fs (loop4): Remounting filesystem read-only [ 300.088554][T18610] EXT4-fs error (device loop4): ext4_truncate:4310: inode #16: comm syz.4.8768: mark_inode_dirty error [ 300.101768][T18610] EXT4-fs (loop4): Remounting filesystem read-only [ 300.108470][T18610] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 300.117891][T18610] EXT4-fs (loop4): Remounting filesystem read-only [ 300.124813][T18610] EXT4-fs (loop4): 1 truncate cleaned up [ 300.130502][T18610] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nobh,. Quota mode: writeback. [ 300.142547][T18610] ext4 filesystem being mounted at /1778/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 300.200312][T18610] EXT4-fs error (device loop4): ext4_empty_dir:3177: inode #12: block 13: comm syz.4.8768: bad entry in directory: inode out of bounds - offset=24, inode=33554445, rec_len=16, size=4096 fake=0 [ 300.261223][T18610] EXT4-fs (loop4): Remounting filesystem read-only [ 300.508377][T18694] loop4: detected capacity change from 0 to 256 [ 300.584042][T18694] FAT-fs (loop4): Directory bread(block 64) failed [ 300.590711][T18694] FAT-fs (loop4): Directory bread(block 65) failed [ 300.646767][T18694] FAT-fs (loop4): Directory bread(block 66) failed [ 300.653424][T18694] FAT-fs (loop4): Directory bread(block 67) failed [ 300.693449][T18694] FAT-fs (loop4): Directory bread(block 68) failed [ 300.721377][T18694] FAT-fs (loop4): Directory bread(block 69) failed [ 300.733718][T18694] FAT-fs (loop4): Directory bread(block 70) failed [ 300.740328][T18694] FAT-fs (loop4): Directory bread(block 71) failed [ 300.747321][T18694] FAT-fs (loop4): Directory bread(block 72) failed [ 300.753916][T18694] FAT-fs (loop4): Directory bread(block 73) failed [ 300.993103][T18734] netlink: 288 bytes leftover after parsing attributes in process `syz.3.8825'. [ 301.481605][T18791] loop4: detected capacity change from 0 to 256 [ 301.547651][T18799] netlink: 'syz.5.8857': attribute type 13 has an invalid length. [ 301.615530][T18809] netlink: 'syz.0.8863': attribute type 32 has an invalid length. [ 301.769521][T18828] device vlan0 entered promiscuous mode [ 301.805918][T18829] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8872'. [ 302.353892][T18889] netlink: 96 bytes leftover after parsing attributes in process `syz.0.8902'. [ 302.611413][T18919] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 302.944033][T18956] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8936'. [ 303.213831][T18999] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8957'. [ 303.254769][T19001] ip6gretap5: default qdisc (pfifo_fast) fail, fallback to noqueue [ 303.307833][T19013] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8961'. [ 303.478847][T19032] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 303.604196][T19049] xt_socket: unknown flags 0x4c [ 304.299449][T19105] loop5: detected capacity change from 0 to 40427 [ 304.342119][T19105] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 304.358059][T19105] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 304.385780][T19135] loop3: detected capacity change from 0 to 1024 [ 304.399709][T19105] F2FS-fs (loop5): invalid crc value [ 304.441374][T19105] F2FS-fs (loop5): Found nat_bits in checkpoint [ 304.480660][T19135] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodiscard,,errors=continue. Quota mode: none. [ 304.519844][T19135] EXT4-fs error (device loop3): ext4_free_inode:355: comm syz.3.9023: bit already cleared for inode 13 [ 304.579863][T19105] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 304.591516][T19105] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 304.714936][T19165] device vlan0 left promiscuous mode [ 304.748898][T19165] device macsec0 left promiscuous mode [ 304.775239][T19165] device bridge2 left promiscuous mode [ 304.784907][ T30] kauditd_printk_skb: 1075 callbacks suppressed [ 304.784919][ T30] audit: type=1400 audit(2000002674.169:3076): avc: denied { read open } for pid=19176 comm="syz.3.9041" path="net:[4026532379]" dev="nsfs" ino=4026532379 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 304.907429][ T30] audit: type=1326 audit(2000002674.169:3077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19172 comm="syz.0.9039" exe="/root/syz-executor" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7fce40554eb9 code=0x0 [ 304.977903][ T30] audit: type=1400 audit(2000002674.197:3078): avc: denied { create } for pid=19176 comm="syz.3.9041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 305.074181][ T30] audit: type=1400 audit(2000002674.197:3079): avc: denied { read write } for pid=285 comm="syz-executor" name="loop4" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 305.173789][ T30] audit: type=1400 audit(2000002674.197:3080): avc: denied { open } for pid=285 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 305.231337][T19210] audit: audit_backlog=65 > audit_backlog_limit=64 [ 305.243231][T19212] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9057'. [ 305.254674][ T282] audit: audit_backlog=65 > audit_backlog_limit=64 [ 305.263192][T19210] audit: audit_lost=13 audit_rate_limit=0 audit_backlog_limit=64 [ 305.272616][ T282] audit: audit_lost=14 audit_rate_limit=0 audit_backlog_limit=64 [ 305.280373][ T282] audit: backlog limit exceeded [ 305.304699][ C0] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 305.411455][T19227] 8021q: VLANs not supported on lo [ 305.786720][T19271] netlink: 288 bytes leftover after parsing attributes in process `syz.5.9088'. [ 306.197024][T19329] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9114'. [ 306.241521][T19332] netlink: 'syz.1.9117': attribute type 6 has an invalid length. [ 306.266022][T19332] IPv6: NLM_F_CREATE should be specified when creating new route [ 306.527671][T19364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 306.745793][T19387] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 306.976199][T19414] loop4: detected capacity change from 0 to 256 [ 307.049393][T19424] netlink: 'syz.3.9164': attribute type 30 has an invalid length. [ 307.094744][T19430] netlink: 'syz.1.9166': attribute type 4 has an invalid length. [ 307.115247][T19434] mip6: mip6_destopt_init_state: state's mode is not 2: 4 [ 307.185767][T19441] xt_TCPMSS: Only works on TCP SYN packets [ 307.237132][T19444] netlink: 40 bytes leftover after parsing attributes in process `syz.4.9172'. [ 307.395751][T19465] netlink: 'syz.5.9182': attribute type 3 has an invalid length. [ 307.398590][T19467] netlink: 'syz.3.9183': attribute type 3 has an invalid length. [ 307.531023][T19487] netlink: 'syz.1.9192': attribute type 13 has an invalid length. [ 307.558630][T19487] gretap0: refused to change device tx_queue_len [ 307.567295][T19490] loop5: detected capacity change from 0 to 256 [ 307.582078][T19487] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 307.609258][T19495] netlink: 92 bytes leftover after parsing attributes in process `syz.0.9198'. [ 307.620777][T19495] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 307.642144][T19490] FAT-fs (loop5): Directory bread(block 64) failed [ 307.666482][T19490] FAT-fs (loop5): Directory bread(block 65) failed [ 307.682126][T19490] FAT-fs (loop5): Directory bread(block 66) failed [ 307.714261][T19490] FAT-fs (loop5): Directory bread(block 67) failed [ 307.736072][T19490] FAT-fs (loop5): Directory bread(block 68) failed [ 307.774391][T19490] FAT-fs (loop5): Directory bread(block 69) failed [ 307.800587][T19490] FAT-fs (loop5): Directory bread(block 70) failed [ 307.847448][T19490] FAT-fs (loop5): Directory bread(block 71) failed [ 307.875404][T19490] FAT-fs (loop5): Directory bread(block 72) failed [ 307.882032][T19490] FAT-fs (loop5): Directory bread(block 73) failed [ 308.099006][T19532] IPv6: NLM_F_CREATE should be specified when creating new route [ 308.121833][T19532] IPv6: Can't replace route, no match found [ 308.235549][T19544] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9222'. [ 308.364722][T19560] netlink: 'syz.1.9232': attribute type 3 has an invalid length. [ 308.676046][T19598] netlink: 'syz.0.9249': attribute type 7 has an invalid length. [ 308.706518][T19598] netlink: 'syz.0.9249': attribute type 5 has an invalid length. [ 308.714369][T19598] netlink: 17 bytes leftover after parsing attributes in process `syz.0.9249'. [ 308.961084][T19484] loop4: detected capacity change from 0 to 131072 [ 309.019372][T19484] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0) [ 309.047946][T19484] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 309.075701][T19484] F2FS-fs (loop4): invalid crc value [ 309.146610][T19484] F2FS-fs (loop4): Found nat_bits in checkpoint [ 309.153941][T19656] x_tables: ip_tables: CT.1 target: invalid size 72 (kernel) != (user) 0 [ 309.272201][T19484] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 309.279362][T19484] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 309.541893][T19696] device sit0 left promiscuous mode [ 309.593942][T19696] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.601219][T19696] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.784013][T19696] device ip6erspan0 left promiscuous mode [ 310.059441][T19747] loop0: detected capacity change from 0 to 512 [ 310.154720][T19766] sock: sock_timestamping_bind_phc: sock not bind to device [ 310.185028][T19769] netlink: 'syz.1.9333': attribute type 3 has an invalid length. [ 310.192905][T19747] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 310.200097][T19747] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 310.215025][ T30] kauditd_printk_skb: 1064 callbacks suppressed [ 310.215038][ T30] audit: type=1400 audit(2000002679.149:4132): avc: denied { ioctl } for pid=285 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=120 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.263579][T19747] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=885ec129, mo2=0006] [ 310.286157][ T30] audit: type=1400 audit(2000002679.158:4133): avc: denied { read write } for pid=10560 comm="syz-executor" name="loop5" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.286186][ T30] audit: type=1400 audit(2000002679.158:4134): avc: denied { read write open } for pid=10560 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.286211][ T30] audit: type=1400 audit(2000002679.158:4135): avc: denied { ioctl } for pid=10560 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=121 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.286238][ T30] audit: type=1400 audit(2000002679.213:4136): avc: denied { read write } for pid=281 comm="syz-executor" name="loop1" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.286261][ T30] audit: type=1400 audit(2000002679.213:4137): avc: denied { read write open } for pid=281 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.286286][ T30] audit: type=1400 audit(2000002679.213:4138): avc: denied { ioctl } for pid=281 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=117 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.286309][ T30] audit: type=1400 audit(2000002679.213:4139): avc: denied { read write } for pid=285 comm="syz-executor" name="loop4" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.286332][ T30] audit: type=1400 audit(2000002679.213:4140): avc: denied { open } for pid=285 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.286356][ T30] audit: type=1400 audit(2000002679.213:4141): avc: denied { ioctl } for pid=285 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=120 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.298822][T19747] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.9323: Invalid inode bitmap blk 4 in block_group 0 [ 310.303781][T19747] EXT4-fs (loop0): Remounting filesystem read-only [ 310.545157][T19747] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,norecovery,mblk_io_submit,quota,nobarrier,grpquota,nombcache,barrier=0x000000000000000c,dioread_nolock,noblock_validity,data_err=ignore,errors=remount-ro,. Quota mode: writeback. [ 310.603137][T19747] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters [ 310.608346][T19747] EXT4-fs (loop0): Remounting filesystem read-only [ 310.608411][T19747] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.9323: Invalid inode bitmap blk 4 in block_group 0 [ 310.623541][T19747] EXT4-fs (loop0): Remounting filesystem read-only [ 310.623579][T19747] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem [ 310.624048][T19747] EXT4-fs (loop0): Remounting filesystem read-only [ 310.709596][T19801] xt_TPROXY: Can be used only with -p tcp or -p udp [ 310.854032][T19823] device bridge5 entered promiscuous mode [ 310.884195][T19824] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9358'. [ 311.035941][T19837] TCP: TCP_TX_DELAY enabled [ 311.300907][T19818] loop5: detected capacity change from 0 to 40427 [ 311.371338][T19818] F2FS-fs (loop5): Corrupted extension count (64 + 1 > 64) [ 311.378717][T19818] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 311.410128][T19818] F2FS-fs (loop5): fault_type options not supported [ 311.444559][T19818] F2FS-fs (loop5): invalid crc value [ 311.472921][T19818] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 311.557822][T19818] F2FS-fs (loop5): Start checkpoint disabled! [ 311.577021][T19818] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 311.594535][T19818] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 311.630676][T19903] xt_hashlimit: max too large, truncated to 1048576 [ 311.780432][T19923] netlink: 'syz.3.9406': attribute type 5 has an invalid length. [ 311.814730][T19923] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.9406'. [ 311.847098][T19926] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9408'. [ 311.856005][T19926] device bridge_slave_1 left promiscuous mode [ 311.874456][T19926] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.896586][T19926] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.303161][T19990] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9440'. [ 312.312075][T19990] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9440'. [ 312.472618][T20004] netlink: 'syz.4.9448': attribute type 12 has an invalid length. [ 312.507278][T20011] netlink: 'syz.0.9451': attribute type 19 has an invalid length. [ 312.531687][T20011] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9451'. [ 312.551539][T20014] netlink: 10 bytes leftover after parsing attributes in process `syz.5.9452'. [ 312.586630][T20018] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9455'. [ 312.630572][T20023] netlink: 'syz.5.9458': attribute type 3 has an invalid length. [ 313.122128][T20099] IPv6: sit4: Disabled Multicast RS [ 313.565845][T20161] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9523'. [ 313.666373][T20173] netlink: 'syz.5.9529': attribute type 7 has an invalid length. [ 313.752399][T20184] loop3: detected capacity change from 0 to 512 [ 313.778057][T20184] EXT4-fs (loop3): Ignoring removed oldalloc option [ 313.814161][T20184] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.9535: inode #1: comm syz.3.9535: iget: illegal inode # [ 313.834624][T20184] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.9535: error while reading EA inode 1 err=-117 [ 313.851293][T20184] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.9535: inode #1: comm syz.3.9535: iget: illegal inode # [ 313.909571][T20184] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.9535: error while reading EA inode 1 err=-117 [ 313.977632][T20184] EXT4-fs (loop3): 1 orphan inode deleted [ 314.028967][T20184] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,oldalloc,,errors=continue. Quota mode: writeback. [ 314.044298][T20206] netlink: 'syz.0.9544': attribute type 9 has an invalid length. [ 314.091926][T20206] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9544'. [ 314.122037][T20184] SELinux: security_context_str_to_sid(soéÿµ'*Çø®Sý·ÖÿòÔDñHþùw·ÚÀ;yï) failed for (dev ?, type ?) errno=-22 [ 314.545048][T20257] netlink: 'syz.3.9569': attribute type 3 has an invalid length. [ 314.553000][T20257] netlink: 'syz.3.9569': attribute type 3 has an invalid length. [ 314.761745][T20281] loop5: detected capacity change from 0 to 256 [ 314.820967][T20281] FAT-fs (loop5): Directory bread(block 64) failed [ 314.867007][T20281] FAT-fs (loop5): Directory bread(block 65) failed [ 314.892148][T20281] FAT-fs (loop5): Directory bread(block 66) failed [ 314.911399][T20281] FAT-fs (loop5): Directory bread(block 67) failed [ 314.944120][T20281] FAT-fs (loop5): Directory bread(block 68) failed [ 314.950681][T20281] FAT-fs (loop5): Directory bread(block 69) failed [ 314.965541][T20281] FAT-fs (loop5): Directory bread(block 70) failed [ 314.972115][T20281] FAT-fs (loop5): Directory bread(block 71) failed [ 315.007887][T20281] FAT-fs (loop5): Directory bread(block 72) failed [ 315.025290][T20281] FAT-fs (loop5): Directory bread(block 73) failed [ 315.071024][T20311] netlink: 'syz.4.9597': attribute type 13 has an invalid length. [ 315.154137][T20324] xt_TCPMSS: Only works on TCP SYN packets [ 315.166364][T20325] loop3: detected capacity change from 0 to 512 [ 315.240521][T20325] ================================================================== [ 315.248636][T20325] BUG: KASAN: use-after-free in __ext4_iget+0x2bb/0x3e50 [ 315.255700][T20325] Read of size 8 at addr ffff88810d091d48 by task syz.3.9603/20325 [ 315.263605][T20325] [ 315.265937][T20325] CPU: 1 PID: 20325 Comm: syz.3.9603 Tainted: G W syzkaller #0 [ 315.274797][T20325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 315.284867][T20325] Call Trace: [ 315.288153][T20325] [ 315.291094][T20325] __dump_stack+0x21/0x30 [ 315.295459][T20325] dump_stack_lvl+0x110/0x170 [ 315.300155][T20325] ? show_regs_print_info+0x20/0x20 [ 315.305377][T20325] ? load_image+0x3e0/0x3e0 [ 315.309915][T20325] ? _raw_spin_lock+0x94/0xf0 [ 315.314625][T20325] print_address_description+0x7f/0x2c0 [ 315.320214][T20325] ? __ext4_iget+0x2bb/0x3e50 [ 315.324909][T20325] kasan_report+0xf1/0x140 [ 315.329354][T20325] ? __ext4_iget+0x2bb/0x3e50 [ 315.334057][T20325] __asan_report_load8_noabort+0x14/0x20 [ 315.339716][T20325] __ext4_iget+0x2bb/0x3e50 [ 315.344248][T20325] ? ext4_init_orphan_info+0x162/0x11e0 [ 315.349806][T20325] ? __kasan_check_write+0x14/0x20 [ 315.354933][T20325] ? _raw_write_trylock+0x150/0x150 [ 315.360154][T20325] ? __proc_create+0x570/0x8e0 [ 315.364942][T20325] ? ext4_get_projid+0x140/0x140 [ 315.369894][T20325] ? _raw_write_unlock+0x2b/0x60 [ 315.374851][T20325] ? ext4_orphan_file_block_trigger+0x460/0x460 [ 315.381106][T20325] ext4_enable_quotas+0x33c/0x6d0 [ 315.386153][T20325] ext4_fill_super+0x87a6/0x9080 [ 315.391116][T20325] ? ext4_mount+0x40/0x40 [ 315.395459][T20325] ? set_blocksize+0x1eb/0x370 [ 315.400246][T20325] ? sb_set_blocksize+0xaa/0xf0 [ 315.405103][T20325] ? ext4_mount+0x40/0x40 [ 315.409444][T20325] mount_bdev+0x2ae/0x3e0 [ 315.413797][T20325] ? ext4_mount+0x40/0x40 [ 315.418140][T20325] ext4_mount+0x34/0x40 [ 315.422344][T20325] legacy_get_tree+0xed/0x190 [ 315.427033][T20325] ? ext4_errno_to_code+0x160/0x160 [ 315.432244][T20325] vfs_get_tree+0x89/0x260 [ 315.436671][T20325] do_new_mount+0x25a/0xa20 [ 315.441190][T20325] path_mount+0x659/0xff0 [ 315.445538][T20325] ? user_path_at_empty+0x161/0x1c0 [ 315.450750][T20325] __se_sys_mount+0x320/0x390 [ 315.455441][T20325] ? __x64_sys_mount+0xd0/0xd0 [ 315.460227][T20325] __x64_sys_mount+0xbf/0xd0 [ 315.464832][T20325] x64_sys_call+0x6bf/0x9a0 [ 315.469464][T20325] do_syscall_64+0x4c/0xa0 [ 315.473928][T20325] ? clear_bhb_loop+0x50/0xa0 [ 315.478630][T20325] ? clear_bhb_loop+0x50/0xa0 [ 315.483327][T20325] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 315.489259][T20325] RIP: 0033:0x7fde5409614a [ 315.493703][T20325] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 315.513323][T20325] RSP: 002b:00007fde52af0e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 315.521757][T20325] RAX: ffffffffffffffda RBX: 00007fde52af0ee0 RCX: 00007fde5409614a [ 315.529757][T20325] RDX: 0000200000000340 RSI: 0000200000000100 RDI: 00007fde52af0ea0 [ 315.537761][T20325] RBP: 0000200000000340 R08: 00007fde52af0ee0 R09: 0000000002014c00 [ 315.545747][T20325] R10: 0000000002014c00 R11: 0000000000000246 R12: 0000200000000100 [ 315.553732][T20325] R13: 00007fde52af0ea0 R14: 00000000000004ec R15: 000000000000002c [ 315.561726][T20325] [ 315.564767][T20325] [ 315.567097][T20325] Allocated by task 19484: [ 315.571521][T20325] __kasan_slab_alloc+0xbd/0xf0 [ 315.576395][T20325] slab_post_alloc_hook+0x4f/0x2b0 [ 315.581523][T20325] kmem_cache_alloc+0xf7/0x260 [ 315.586307][T20325] f2fs_alloc_inode+0x26/0x330 [ 315.591087][T20325] iget_locked+0x16c/0x7e0 [ 315.595522][T20325] f2fs_iget+0x55/0x5060 [ 315.599785][T20325] f2fs_fill_super+0x4a20/0x6d70 [ 315.604746][T20325] mount_bdev+0x2ae/0x3e0 [ 315.609094][T20325] f2fs_mount+0x34/0x40 [ 315.613283][T20325] legacy_get_tree+0xed/0x190 [ 315.617975][T20325] vfs_get_tree+0x89/0x260 [ 315.622420][T20325] do_new_mount+0x25a/0xa20 [ 315.626939][T20325] path_mount+0x659/0xff0 [ 315.631329][T20325] __se_sys_mount+0x320/0x390 [ 315.636021][T20325] __x64_sys_mount+0xbf/0xd0 [ 315.640624][T20325] x64_sys_call+0x6bf/0x9a0 [ 315.645140][T20325] do_syscall_64+0x4c/0xa0 [ 315.649576][T20325] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 315.655499][T20325] [ 315.657835][T20325] Last potentially related work creation: [ 315.663554][T20325] kasan_save_stack+0x3a/0x60 [ 315.668283][T20325] __kasan_record_aux_stack+0xd2/0x100 [ 315.673770][T20325] kasan_record_aux_stack_noalloc+0xb/0x10 [ 315.679599][T20325] call_rcu+0x10b/0xf80 [ 315.683779][T20325] evict+0x834/0x8d0 [ 315.687689][T20325] iput+0x635/0x7c0 [ 315.691509][T20325] f2fs_put_super+0x661/0xc20 [ 315.696202][T20325] generic_shutdown_super+0x151/0x330 [ 315.701589][T20325] kill_block_super+0x7f/0xf0 [ 315.706295][T20325] kill_f2fs_super+0x303/0x3b0 [ 315.711087][T20325] deactivate_locked_super+0xa0/0x100 [ 315.716501][T20325] deactivate_super+0xaf/0xe0 [ 315.721243][T20325] cleanup_mnt+0x45b/0x510 [ 315.725685][T20325] __cleanup_mnt+0x19/0x20 [ 315.730117][T20325] task_work_run+0x127/0x190 [ 315.734721][T20325] exit_to_user_mode_loop+0xd0/0xe0 [ 315.739930][T20325] exit_to_user_mode_prepare+0x87/0xd0 [ 315.745402][T20325] syscall_exit_to_user_mode+0x1a/0x30 [ 315.750879][T20325] do_syscall_64+0x58/0xa0 [ 315.755336][T20325] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 315.761247][T20325] [ 315.763583][T20325] Second to last potentially related work creation: [ 315.770169][T20325] kasan_save_stack+0x3a/0x60 [ 315.774862][T20325] __kasan_record_aux_stack+0xd2/0x100 [ 315.780337][T20325] kasan_record_aux_stack_noalloc+0xb/0x10 [ 315.786158][T20325] call_rcu+0x10b/0xf80 [ 315.790337][T20325] evict+0x834/0x8d0 [ 315.794250][T20325] evict_inodes+0x5e6/0x660 [ 315.798777][T20325] generic_shutdown_super+0x96/0x330 [ 315.804083][T20325] kill_block_super+0x7f/0xf0 [ 315.808825][T20325] kill_f2fs_super+0x303/0x3b0 [ 315.813607][T20325] deactivate_locked_super+0xa0/0x100 [ 315.818994][T20325] deactivate_super+0xaf/0xe0 [ 315.823825][T20325] cleanup_mnt+0x45b/0x510 [ 315.828256][T20325] __cleanup_mnt+0x19/0x20 [ 315.832077][ T30] kauditd_printk_skb: 851 callbacks suppressed [ 315.832104][ T30] audit: type=1400 audit(2000002684.329:4993): avc: denied { read write } for pid=284 comm="syz-executor" name="loop0" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 315.832678][T20325] task_work_run+0x127/0x190 [ 315.848378][ T30] audit: type=1400 audit(2000002684.329:4994): avc: denied { open } for pid=284 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 315.862860][T20325] exit_to_user_mode_loop+0xd0/0xe0 [ 315.862881][T20325] exit_to_user_mode_prepare+0x87/0xd0 [ 315.902062][T20325] syscall_exit_to_user_mode+0x1a/0x30 [ 315.903599][ T30] audit: type=1400 audit(2000002684.329:4995): avc: denied { ioctl } for pid=284 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=116 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 315.907535][T20325] do_syscall_64+0x58/0xa0 [ 315.907557][T20325] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 315.943268][T20325] [ 315.945600][T20325] The buggy address belongs to the object at ffff88810d091840 [ 315.945600][T20325] which belongs to the cache f2fs_inode_cache of size 1424 [ 315.958143][ T30] audit: type=1400 audit(2000002684.431:4996): avc: denied { read write } for pid=10560 comm="syz-executor" name="loop5" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 315.960178][T20325] The buggy address is located 1288 bytes inside of [ 315.960178][T20325] 1424-byte region [ffff88810d091840, ffff88810d091dd0) [ 315.997859][T20325] The buggy address belongs to the page: [ 316.003507][T20325] page:ffffea0004342400 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810d090000 pfn:0x10d090 [ 316.015055][T20325] head:ffffea0004342400 order:3 compound_mapcount:0 compound_pincount:0 [ 316.023392][T20325] flags: 0x4000000000010200(slab|head|zone=1) [ 316.028325][ T30] audit: type=1400 audit(2000002684.505:4997): avc: denied { read write open } for pid=10560 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 316.029520][T20325] raw: 4000000000010200 0000000000000000 dead000000000122 ffff8881081f7800 [ 316.057385][ T30] audit: type=1400 audit(2000002684.505:4998): avc: denied { ioctl } for pid=10560 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=121 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 316.063170][T20325] raw: ffff88810d090000 0000000080150005 00000001ffffffff 0000000000000000 [ 316.063181][T20325] page dumped because: kasan: bad access detected [ 316.103762][T20325] page_owner tracks the page as allocated [ 316.109513][ T30] audit: type=1400 audit(2000002684.570:4999): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 316.109529][T20325] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 783, ts 39933191558, free_ts 0 [ 316.137813][ T30] audit: type=1400 audit(2000002684.570:5000): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 316.151875][T20325] post_alloc_hook+0x192/0x1b0 [ 316.151903][T20325] prep_new_page+0x1c/0x110 [ 316.175241][ T30] audit: type=1400 audit(2000002684.570:5001): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 316.178008][T20325] get_page_from_freelist+0x2d3a/0x2dc0 [ 316.182972][ T30] audit: type=1400 audit(2000002684.570:5002): avc: denied { add_name } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 316.203761][T20325] __alloc_pages+0x1a2/0x460 [ 316.203783][T20325] new_slab+0xa1/0x4d0 [ 316.203802][T20325] ___slab_alloc+0x381/0x810 [ 316.243124][T20325] __slab_alloc+0x49/0x90 [ 316.247446][T20325] kmem_cache_alloc+0x138/0x260 [ 316.252285][T20325] f2fs_alloc_inode+0x26/0x330 [ 316.257033][T20325] iget_locked+0x16c/0x7e0 [ 316.261436][T20325] f2fs_iget+0x55/0x5060 [ 316.265666][T20325] f2fs_fill_super+0x3cbc/0x6d70 [ 316.270612][T20325] mount_bdev+0x2ae/0x3e0 [ 316.274941][T20325] f2fs_mount+0x34/0x40 [ 316.279095][T20325] legacy_get_tree+0xed/0x190 [ 316.283761][T20325] vfs_get_tree+0x89/0x260 [ 316.288172][T20325] page_owner free stack trace missing [ 316.293522][T20325] [ 316.295834][T20325] Memory state around the buggy address: [ 316.301480][T20325] ffff88810d091c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 316.309528][T20325] ffff88810d091c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 316.317575][T20325] >ffff88810d091d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 316.325646][T20325] ^ [ 316.332046][T20325] ffff88810d091d80: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 316.340109][T20325] ffff88810d091e00: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 [ 316.348154][T20325] ================================================================== [ 316.356224][T20325] Disabling lock debugging due to kernel taint [ 316.363509][T20325] EXT4-fs warning (device loop3): ext4_enable_quotas:6453: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 316.378671][T20325] EXT4-fs (loop3): mount failed