last executing test programs: 3m35.295603888s ago: executing program 2 (id=414): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'wg0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b03feff4f12021202004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 3m34.323891373s ago: executing program 2 (id=421): epoll_create1(0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r1, 0x0, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) 3m34.139936752s ago: executing program 2 (id=424): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e1f, @empty}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007006e6174"], 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x0) 3m33.684852659s ago: executing program 3 (id=428): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) shutdown(r0, 0x1) ppoll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) 3m33.483985878s ago: executing program 2 (id=430): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000006080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x10000000) 3m33.419997588s ago: executing program 2 (id=431): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) mknodat$null(r0, &(0x7f0000000040)='./file1/file0\x00', 0x0, 0x103) creat(&(0x7f00000002c0)='./file0\x00', 0x1) 3m33.187895687s ago: executing program 2 (id=433): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000000c0)={0xb4c, 0x2, 0x45, 0x3f, 0x1, "03000000000000010000ebff00000002000b0e", 0x4008, 0x80006}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xff) 3m32.623852854s ago: executing program 3 (id=436): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000700)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 3m32.467037593s ago: executing program 3 (id=437): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_XSAVE(r2, 0x9000aea4, &(0x7f0000000080)) 3m32.103916631s ago: executing program 3 (id=439): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00') r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmmsg$inet6(r1, &(0x7f0000019680)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141414}}, 0x1c, 0x0}}], 0x1, 0x20004855) preadv(r0, &(0x7f0000000340)=[{&(0x7f0000002140)=""/4096, 0x1000}], 0x1, 0x100013c, 0x20000000) 3m31.91225301s ago: executing program 3 (id=441): write$qrtrtun(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x36, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f00000001c0)="b805000000b9fa0000000f01d9660f78c4020a1bf7b805000000b90000c0fe0fae41d901000000b87f8b7f26ba000000000f30660fc775022e0fba600c980f320f3566b857000f00d0", 0x49}], 0xaaaaaaaaaaaab26, 0x10, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3m23.535183047s ago: executing program 3 (id=448): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r1) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000019100)={&(0x7f00000002c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0x4, 0xa}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_TARGET={0x8, 0x8, 0x7}]}}]}, 0x3c}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48050}, 0x40004) 3m17.482988506s ago: executing program 32 (id=433): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000000c0)={0xb4c, 0x2, 0x45, 0x3f, 0x1, "03000000000000010000ebff00000002000b0e", 0x4008, 0x80006}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xff) 3m7.965327898s ago: executing program 33 (id=448): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r1) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000019100)={&(0x7f00000002c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0x4, 0xa}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_TARGET={0x8, 0x8, 0x7}]}}]}, 0x3c}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48050}, 0x40004) 5.474991599s ago: executing program 4 (id=2130): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000080000000000000003000000180600000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0xfd45}}, 0x0) close(0x4) 5.097760077s ago: executing program 4 (id=2133): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x41, &(0x7f0000000000)=0xff, 0x4) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x38}, 0x1, 0x300}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) socket(0x2, 0x80805, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000770000000e000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) recvmmsg(r0, &(0x7f0000004200)=[{{0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000680)=""/183, 0xb7}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000003b40)=""/175, 0xaf}, 0x4}, {{&(0x7f0000003c00)=@xdp, 0x80, 0x0}, 0x321}, {{0x0, 0x0, 0x0}, 0x6}], 0x4, 0x101, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4fed0) open(0x0, 0x145142, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x1, &(0x7f0000000140)=@raw=[@exit], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2, 0x0, 0x1}, 0x18) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_io_uring_complete(0x0) close_range(0xffffffffffffffff, r3, 0x2) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NETID(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r5, 0x1, 0x70bd25, 0x25dfdbfb, {{}, {}, {0x8, 0x2, 0x6}}}, 0x24}}, 0x40000) 2.381228813s ago: executing program 1 (id=2159): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000040)=0x3a) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x44, 0x0, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0xbd, 0x0, 0xffff, 0x2, 0x2, '\x00', 0x654}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.006484471s ago: executing program 1 (id=2164): open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', 0x0, 0x9d, &(0x7f0000000300)='trans=rdma,') 1.951888091s ago: executing program 4 (id=2165): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtaction={0x14, 0x30, 0x1}, 0x14}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x8, 0xf9, 0x7ffc1ffb}]}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="070000000400"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5c399000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4000054) 1.951746511s ago: executing program 0 (id=2166): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) creat(&(0x7f00000000c0)='./file0\x00', 0xc22cddfde31e1cc9) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd']) 1.636213649s ago: executing program 0 (id=2168): mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[]) 1.555946819s ago: executing program 1 (id=2169): bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304, 0x36}, "1a88ef816c4b42ed", "a5fdeb69a751e94df50ad7e9fb434d1665e9298b01e49419567b443803cf578f", "6d02cd81", "066580001e00"}, 0x38) write$tun(r0, &(0x7f0000000cc0)={@val={0x0, 0x16}, @void, @x25={0x2, 0x3, 0x27}}, 0x7) 1.206308477s ago: executing program 5 (id=2170): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000004c0)) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x2, 0xa, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r0], 0x38}}, 0x10) 858.190535ms ago: executing program 4 (id=2171): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001700)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x30bd27, 0x4000000, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x0, 0x101, 0x3, 0xc, 0x13}, {0x7, 0x1, 0x8, 0x200, 0x2, 0x7}, 0x7, 0x947, 0xe03}}, @TCA_TBF_RTAB={0x404, 0x2, [0x6, 0x6, 0x6b16, 0x9, 0xfffffffd, 0x8, 0x8, 0x3, 0x7, 0x40, 0x5, 0x0, 0x80, 0x9, 0x30, 0x4, 0x81, 0x9, 0x2, 0x8, 0x40, 0xe80c, 0x7fffffff, 0x80, 0x400, 0x7a2, 0x5, 0x400, 0x3, 0xfffffffa, 0x6, 0x6, 0xaf8, 0x1, 0x3, 0x3ff, 0x9, 0x200, 0x3, 0x10001, 0x1, 0x5, 0x10001, 0x3, 0x59, 0x3, 0xd54e, 0x40, 0x6, 0xd, 0x0, 0x28, 0x9, 0xa4800000, 0x1, 0xa0, 0x1, 0x7, 0x4, 0x5, 0x7, 0x4, 0xff, 0x5, 0x7, 0x3ff, 0x3, 0x3, 0x80000001, 0x8, 0x2, 0xcff, 0xfffffacf, 0x0, 0x4, 0x10001, 0xa, 0x800, 0x5, 0x2, 0x5, 0x9, 0x5, 0xfffffffb, 0x5, 0x0, 0x4, 0x4edcaeea, 0x2, 0xe, 0xe, 0xfff, 0x4, 0x496c01fc, 0x4, 0x7fffffff, 0xf, 0x8, 0x12, 0x9, 0x80000001, 0x325b, 0x8, 0x0, 0x6, 0x0, 0x3, 0x5, 0x1, 0x8001, 0x5, 0x94, 0x2, 0x9, 0x7, 0x3, 0x5, 0x80, 0x1, 0xffffffff, 0x4, 0x0, 0x4, 0x3, 0x4, 0x5, 0xa993, 0x200, 0x6847adf1, 0x6, 0x9, 0x81, 0x7, 0x5, 0x5, 0x7fffffff, 0x8, 0xc, 0xd, 0x6, 0x1, 0x7fffffff, 0x8, 0x0, 0x800, 0x8, 0x91e, 0x4, 0xe, 0xdd, 0x8, 0x40000, 0x0, 0x9, 0xd, 0x6, 0x8, 0x8, 0x8, 0x0, 0xd, 0x2, 0x9, 0x4, 0x3ff, 0x5, 0x1, 0xf682, 0x40, 0x6, 0x8, 0x3, 0x20000, 0xfffffffe, 0x5, 0x1, 0xfffffff8, 0xa608, 0x23972b48, 0x9, 0x2, 0x20c, 0xd, 0x4, 0xa, 0xfff, 0x6, 0x10, 0x7, 0x5, 0x10, 0x41, 0x2, 0x76, 0x3, 0xfffffffa, 0x7, 0x2, 0x4, 0x40, 0x5, 0x6, 0x2ed, 0xfffffffb, 0xcf30, 0x7, 0x4, 0xffffff8a, 0x0, 0x4, 0x80000000, 0x4, 0x2, 0x0, 0x2, 0x6, 0xfff, 0x4, 0x1, 0x40, 0x5, 0x9, 0x5, 0x8, 0x80000000, 0x3, 0x3, 0xeff, 0x6, 0x2, 0x8, 0xc, 0xd, 0x1, 0x0, 0x3, 0x8, 0x6c67, 0x800, 0xffffff59, 0x9, 0x0, 0x303, 0x7, 0x1, 0x2, 0x6, 0x6565, 0x7, 0x4, 0xc, 0x42, 0x3c04, 0x5f, 0x5fa, 0x1]}]}}]}, 0x45c}}, 0x0) 815.950965ms ago: executing program 0 (id=2172): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000040)=0x3a) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x44, 0x0, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0xbd, 0x0, 0xffff, 0x2, 0x2, '\x00', 0x654}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 783.739205ms ago: executing program 1 (id=2173): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18, r1, {0x3}}, './file0\x00'}) syz_genetlink_get_family_id$gtp(&(0x7f0000000540), 0xffffffffffffffff) symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000380)=@filename='./file0\x00', 0x0, 0x0) sendmsg$unix(r0, &(0x7f0000000a00)={&(0x7f0000000880)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40488d1}, 0x8000) 758.313695ms ago: executing program 5 (id=2174): r0 = getpid() r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000000c0)=r0, 0x12) name_to_handle_at(0xffffffffffffffff, &(0x7f0000000200)='./cgroup/cgroup.procs\x00', &(0x7f0000000240)=@reiserfs_4={0x10, 0x4, {0x8, 0xe3ff, 0x0, 0x9}}, 0x0, 0x400) 652.021134ms ago: executing program 4 (id=2175): getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r0, @ANYRES32=r1], 0x3c}}, 0x0) 636.144674ms ago: executing program 1 (id=2176): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000480)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4048081) 603.103274ms ago: executing program 5 (id=2177): r0 = open(0x0, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, 0x0) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x10a00, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@uname={'uname', 0x3d, '/dev/ppp\x00'}}, {@cache_readahead}], [{@obj_role={'obj_role', 0x3d, 'audit'}}, {@smackfsroot={'smackfsroot', 0x3d, '*\xf6'}}, {@audit}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@func={'func', 0x3d, 'PATH_CHECK'}}]}}) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000000)=0x2) ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000140)={0x2, &(0x7f00000001c0)=[{0x48, 0x25, 0x29, 0x4}, {0x6, 0xf8}]}) ioctl$PPPIOCSDEBUG(r2, 0x40047440, &(0x7f0000000240)=0x10001) write(r2, &(0x7f0000000280)="4591", 0x2) 495.827443ms ago: executing program 1 (id=2178): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x104, 0x3}) r2 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9bX\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2) fallocate(r2, 0x0, 0x0, 0x509a) ioctl$TCSETS2(r1, 0x402c542b, &(0x7f0000000040)={0x5, 0x2, 0xf, 0xfe74, 0x8, "2c277bd72c6157ca4381fbdd4a7c9d6a6f0da7", 0xffffffff, 0x91}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000980)='mm_page_free\x00', 0xffffffffffffffff, 0x0, 0x6}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$key(0xf, 0x3, 0x2) close(r3) getpeername$l2tp(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @empty}, &(0x7f00000003c0)=0x10) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r4 = syz_clone(0x80200, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r4, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="070000000400000000010000010000", @ANYRES32, @ANYBLOB="0090789ec08099f7da7788c006035de35c7ff5ecefc26dc1ed8e4becc9ff16d2ffff0968a372a4210b2949a94cfef73dec7ed54eb65a4cc79d69314fb6ac31dd0497ad41419f0891c1144e690307ccedb1a7611f14136ec1ddbd6f985bcc5bae2976f55a7e62", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) time(0x0) r5 = semget$private(0x0, 0x4000000009, 0x0) semop(r5, &(0x7f0000000140)=[{0x0, 0xffff}], 0x1) semtimedop(r5, &(0x7f0000000000)=[{0x4, 0x2}, {0x2, 0xfb7d, 0x1000}], 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) 495.730533ms ago: executing program 4 (id=2179): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001000)=ANY=[@ANYBLOB="70010000100033060000000000000000fc000000000000000000000000000000ffffffff00000000000000000000000000004000000080040000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414000000000000000000000000000000000032000000fe80000000000000000000000000001a27030000000000000000000000000000fdffffffffffffff0000000000000000ff0f000000000000fcffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008f000000000000000000000029bd7000000000000a00040000000000000000001c00200000004e2200000000ac1414bb00000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00040002"], 0x170}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r1 = socket$inet6(0x10, 0x2, 0x6) sendto$inet6(r1, &(0x7f00000002c0)="100000001200050f0c1000000049b23e", 0x10, 0x0, 0x0, 0x0) 394.706043ms ago: executing program 0 (id=2180): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x10, &(0x7f0000002e00), 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r2, 0x10a, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x42, 0x0}}, 0x10) 275.137702ms ago: executing program 5 (id=2181): bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304, 0x36}, "1a88ef816c4b42ed", "a5fdeb69a751e94df50ad7e9fb434d1665e9298b01e49419567b443803cf578f", "6d02cd81", "066580001e00"}, 0x38) write$tun(r0, &(0x7f0000000cc0)={@val={0x0, 0x16}, @void, @x25={0x2, 0x3, 0x27}}, 0x7) 179.984852ms ago: executing program 0 (id=2182): syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000200)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@stripe={'stripe', 0x3d, 0x12}}]}, 0x1, 0x599, &(0x7f0000001280)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=") openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18) r2 = socket$inet(0x2, 0x5, 0x0) setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="89", 0x1) 173.462752ms ago: executing program 5 (id=2183): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x890) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="0b00000005000000020000000200000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r2}, 0x18) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x0, 0x400, 0xb7, 0xc20022, r5}) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r6}, 0x18) pipe2$9p(0x0, 0x80000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)) gettid() bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendto$packet(r3, 0x0, 0x0, 0x4c001, &(0x7f00000002c0)={0x11, 0x9, r5, 0x1, 0xd, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x14) 83.646412ms ago: executing program 0 (id=2184): creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe935"], 0x7c8) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="09000000040000000800000010"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 0s ago: executing program 5 (id=2185): creat(&(0x7f00000000c0)='./file0\x00', 0x48) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[]) kernel console output (not intermixed with test programs): "/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 178.265274][ T27] audit: type=1326 audit(1757855255.789:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.0.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 178.301928][ T27] audit: type=1326 audit(1757855255.789:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.0.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 178.384303][ T27] audit: type=1326 audit(1757855255.789:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.0.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 178.509793][ T27] audit: type=1326 audit(1757855255.789:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.0.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 178.585337][ T27] audit: type=1326 audit(1757855255.789:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.0.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 178.605156][ T7964] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 178.635685][ T27] audit: type=1326 audit(1757855255.789:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7943 comm="syz.0.676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 179.483479][ T8014] overlayfs: failed to resolve './file0': -2 [ 179.695439][ T8024] netlink: 28 bytes leftover after parsing attributes in process `syz.1.701'. [ 179.734853][ T8024] netlink: 28 bytes leftover after parsing attributes in process `syz.1.701'. [ 179.764698][ T8028] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0 [ 179.968647][ T8033] capability: warning: `syz.1.705' uses 32-bit capabilities (legacy support in use) [ 180.145962][ T8044] overlayfs: failed to resolve './file0': -2 [ 180.829124][ T8080] overlayfs: failed to resolve './file0': -2 [ 180.837313][ T8068] loop5: detected capacity change from 0 to 8192 [ 181.558129][ T8109] netlink: 36 bytes leftover after parsing attributes in process `syz.4.731'. [ 181.769063][ T8114] syzkaller1: entered promiscuous mode [ 181.781276][ T8114] syzkaller1: entered allmulticast mode [ 182.129894][ T8127] loop4: detected capacity change from 0 to 1024 [ 182.181496][ T8129] netlink: 8 bytes leftover after parsing attributes in process `syz.1.738'. [ 182.212577][ T8127] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.262764][ T8139] loop5: detected capacity change from 0 to 256 [ 182.520807][ T8145] loop1: detected capacity change from 0 to 1024 [ 182.533900][ T7097] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.666551][ T8145] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.013407][ T27] kauditd_printk_skb: 108 callbacks suppressed [ 183.013420][ T27] audit: type=1326 audit(1757855260.809:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.4.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 183.052934][ T27] audit: type=1326 audit(1757855260.809:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.4.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 183.073265][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.136052][ T27] audit: type=1326 audit(1757855260.809:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.4.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 183.213359][ T27] audit: type=1326 audit(1757855260.809:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.4.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 183.266627][ T27] audit: type=1326 audit(1757855260.809:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.4.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 183.343311][ T27] audit: type=1326 audit(1757855260.819:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.4.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 183.402285][ T27] audit: type=1326 audit(1757855260.819:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.4.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 183.426008][ T27] audit: type=1326 audit(1757855260.819:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.4.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 183.505137][ T27] audit: type=1326 audit(1757855260.819:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.4.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 183.574641][ T27] audit: type=1326 audit(1757855260.819:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8162 comm="syz.4.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 183.628808][ T8184] netlink: 20 bytes leftover after parsing attributes in process `syz.0.753'. [ 184.280153][ T8207] netlink: 20 bytes leftover after parsing attributes in process `syz.1.761'. [ 184.406567][ T8211] binder: BINDER_SET_CONTEXT_MGR already set [ 184.412596][ T8211] binder: 8210:8211 ioctl 4018620d 200000000040 returned -16 [ 185.205131][ T8249] binder: BINDER_SET_CONTEXT_MGR already set [ 185.241803][ T8249] binder: 8247:8249 ioctl 4018620d 200000000040 returned -16 [ 185.913369][ T8284] binder: BINDER_SET_CONTEXT_MGR already set [ 185.935124][ T8284] binder: 8283:8284 ioctl 4018620d 200000000040 returned -16 [ 186.643233][ T8319] binder: 8318:8319 unknown command 0 [ 186.648800][ T8319] binder: 8318:8319 ioctl c0306201 200000000080 returned -22 [ 187.174523][ T8332] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 187.516733][ T8347] binder: 8346:8347 unknown command 0 [ 187.522163][ T8347] binder: 8346:8347 ioctl c0306201 200000000080 returned -22 [ 188.064063][ T8362] netlink: 60 bytes leftover after parsing attributes in process `syz.1.814'. [ 188.093560][ T8359] wireguard0: entered promiscuous mode [ 188.133314][ T8359] wireguard0: entered allmulticast mode [ 188.431131][ T8368] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 188.844783][ T8381] binder: 8380:8381 unknown command 0 [ 188.850624][ T8381] binder: 8380:8381 ioctl c0306201 200000000080 returned -22 [ 189.043552][ T8386] loop1: detected capacity change from 0 to 512 [ 189.078774][ T8386] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 189.352236][ T27] kauditd_printk_skb: 32 callbacks suppressed [ 189.352249][ T27] audit: type=1326 audit(1757855267.149:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8387 comm="syz.1.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 189.425182][ T27] audit: type=1326 audit(1757855267.189:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8387 comm="syz.1.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 189.481168][ T27] audit: type=1326 audit(1757855267.189:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8387 comm="syz.1.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 189.522008][ T27] audit: type=1326 audit(1757855267.189:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8387 comm="syz.1.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 189.553394][ T27] audit: type=1326 audit(1757855267.189:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8387 comm="syz.1.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 189.580465][ T27] audit: type=1326 audit(1757855267.189:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8387 comm="syz.1.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 189.607443][ T27] audit: type=1326 audit(1757855267.189:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8387 comm="syz.1.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 189.636388][ T27] audit: type=1326 audit(1757855267.189:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8387 comm="syz.1.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 189.662850][ T27] audit: type=1326 audit(1757855267.189:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8387 comm="syz.1.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 189.685365][ T27] audit: type=1326 audit(1757855267.189:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8387 comm="syz.1.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 190.323646][ T8403] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 190.625072][ T8414] binder: 8412:8414 unknown command 0 [ 190.630566][ T8414] binder: 8412:8414 ioctl c0306201 200000000080 returned -22 [ 190.725565][ T8420] netlink: 4 bytes leftover after parsing attributes in process `syz.5.833'. [ 190.793770][ T8418] netlink: 12 bytes leftover after parsing attributes in process `syz.0.832'. [ 191.352627][ T8438] loop1: detected capacity change from 0 to 512 [ 191.438558][ T8438] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.479432][ T8438] ext4 filesystem being mounted at /209/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 191.541760][ T8438] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.839: bg 0: block 328: padding at end of block bitmap is not set [ 191.624488][ T8453] netlink: 'syz.0.845': attribute type 11 has an invalid length. [ 191.643763][ T8453] netlink: 36 bytes leftover after parsing attributes in process `syz.0.845'. [ 191.701230][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.318635][ T8481] (null): rxe_set_mtu: Set mtu to 1024 [ 192.393594][ T8483] macvlan1: entered promiscuous mode [ 192.420689][ T8483] ipvlan0: entered promiscuous mode [ 192.438149][ T8483] ipvlan0: left promiscuous mode [ 192.450185][ T8483] macvlan1: left promiscuous mode [ 192.689260][ T8481] infiniband syz!: set active [ 192.697480][ T8481] infiniband syz!: added team_slave_0 [ 192.732539][ T8495] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 192.819176][ T8481] RDS/IB: syz!: added [ 192.831603][ T8500] overlayfs: failed to clone upperpath [ 192.842953][ T8481] smc: adding ib device syz! with port count 1 [ 192.866967][ T8481] smc: ib device syz! port 1 has pnetid [ 193.072980][ T8506] netlink: 28 bytes leftover after parsing attributes in process `syz.0.865'. [ 193.131728][ T8508] loop1: detected capacity change from 0 to 512 [ 193.168561][ T8508] EXT4-fs error (device loop1): ext4_xattr_inode_iget:445: comm syz.1.866: error while reading EA inode 32 err=-116 [ 193.204276][ T8508] EXT4-fs (loop1): Remounting filesystem read-only [ 193.215478][ T8508] EXT4-fs warning (device loop1): ext4_evict_inode:255: couldn't mark inode dirty (err -5) [ 193.246278][ T8508] EXT4-fs (loop1): 1 orphan inode deleted [ 193.253268][ T8508] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.325656][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.465175][ T8517] binder: 8516:8517 unknown command 0 [ 193.480850][ T8517] binder: 8516:8517 ioctl c0306201 200000000080 returned -22 [ 194.147361][ T8538] loop1: detected capacity change from 0 to 512 [ 194.176123][ T8538] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 194.211429][ T8538] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 194.253599][ T8538] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.874: bad orphan inode 131083 [ 194.276291][ T8538] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.417561][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.427240][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.433563][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.627803][ T27] kauditd_printk_skb: 19 callbacks suppressed [ 194.627816][ T27] audit: type=1326 audit(1757855272.429:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.1.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 194.745338][ T27] audit: type=1326 audit(1757855272.459:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.1.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 194.774440][ T27] audit: type=1326 audit(1757855272.459:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.1.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 194.812171][ T27] audit: type=1326 audit(1757855272.459:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.1.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 194.888346][ T27] audit: type=1326 audit(1757855272.469:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.1.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 194.971852][ T27] audit: type=1326 audit(1757855272.469:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.1.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 195.059772][ T27] audit: type=1326 audit(1757855272.469:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.1.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 195.125083][ T27] audit: type=1326 audit(1757855272.469:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.1.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 195.301302][ T8574] syz.5.881[8574] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 195.301489][ T8574] syz.5.881[8574] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 196.195648][ T27] audit: type=1326 audit(1757855272.479:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.1.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 196.424511][ T27] audit: type=1326 audit(1757855272.479:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8550 comm="syz.1.876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 196.562121][ T8584] loop1: detected capacity change from 0 to 2048 [ 197.024980][ C0] sched: RT throttling activated [ 197.246751][ T8598] overlayfs: failed to clone upperpath [ 197.350946][ T8601] loop4: detected capacity change from 0 to 512 [ 197.535664][ T8601] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.592767][ T8601] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 197.874128][ T7097] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.877258][ T8616] loop1: detected capacity change from 0 to 512 [ 197.968217][ T7137] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 199.572096][ T8652] syz.4.902 (8652) used greatest stack depth: 17104 bytes left [ 200.740277][ T8690] openvswitch: netlink: Flow actions attr not present in new flow. [ 200.934664][ T8698] binder: BINDER_SET_CONTEXT_MGR already set [ 200.942952][ T8698] binder: 8697:8698 ioctl 4018620d 200000000040 returned -16 [ 201.064007][ T8702] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 201.268791][ T8711] netlink: 'syz.4.921': attribute type 32 has an invalid length. [ 201.287079][ T8711] netlink: 28 bytes leftover after parsing attributes in process `syz.4.921'. [ 201.529384][ T8722] netlink: 8 bytes leftover after parsing attributes in process `syz.4.925'. [ 202.132556][ T8743] loop5: detected capacity change from 0 to 2048 [ 202.455351][ T8757] netlink: 28 bytes leftover after parsing attributes in process `syz.1.936'. [ 202.500844][ T8757] netlink: 32 bytes leftover after parsing attributes in process `syz.1.936'. [ 202.523065][ T8757] netlink: 28 bytes leftover after parsing attributes in process `syz.1.936'. [ 202.560918][ T8757] netlink: 32 bytes leftover after parsing attributes in process `syz.1.936'. [ 202.793713][ T8766] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 202.801206][ T8766] IPv6: NLM_F_CREATE should be set when creating new route [ 202.808477][ T8766] IPv6: NLM_F_CREATE should be set when creating new route [ 202.845285][ T8766] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 202.963490][ T8775] binder: 8773:8775 ioctl c0306201 0 returned -14 [ 203.254843][ T27] kauditd_printk_skb: 23 callbacks suppressed [ 203.254856][ T27] audit: type=1326 audit(1757855281.049:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8783 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 203.357955][ T27] audit: type=1326 audit(1757855281.089:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8783 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 203.462704][ T27] audit: type=1326 audit(1757855281.099:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8783 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 203.510130][ T8794] overlayfs: failed to clone upperpath [ 203.552558][ T27] audit: type=1326 audit(1757855281.099:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8783 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 203.845610][ T8807] binder: 8805:8807 ioctl c0306201 0 returned -14 [ 204.316795][ T8828] netlink: 'syz.0.957': attribute type 30 has an invalid length. [ 204.655474][ T8844] loop5: detected capacity change from 0 to 512 [ 204.667143][ T8844] EXT4-fs: Ignoring removed bh option [ 204.717354][ T8844] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 204.764710][ T8844] EXT4-fs (loop5): 1 truncate cleaned up [ 204.778693][ T8844] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 204.937964][ T27] audit: type=1326 audit(1757855282.739:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8855 comm="syz.0.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 205.015401][ T27] audit: type=1326 audit(1757855282.769:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8855 comm="syz.0.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 205.077442][ T7140] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.107874][ T8861] IPVS: stopping master sync thread 8028 ... [ 205.115531][ T27] audit: type=1326 audit(1757855282.769:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8855 comm="syz.0.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 205.228141][ T27] audit: type=1326 audit(1757855282.769:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8855 comm="syz.0.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 205.297857][ T27] audit: type=1326 audit(1757855282.769:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8855 comm="syz.0.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 205.335945][ T27] audit: type=1326 audit(1757855282.769:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8855 comm="syz.0.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 205.391380][ T8876] overlayfs: failed to clone upperpath [ 207.044279][ T8916] loop5: detected capacity change from 0 to 2048 [ 207.375780][ T8935] netlink: 4 bytes leftover after parsing attributes in process `syz.0.987'. [ 208.669582][ T8974] loop1: detected capacity change from 0 to 512 [ 208.731989][ T8974] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 208.801456][ T8974] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.814271][ T8974] ext4 filesystem being mounted at /250/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 208.828610][ T8974] EXT4-fs (loop1): shut down requested (1) [ 209.039435][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.239875][ T27] kauditd_printk_skb: 46 callbacks suppressed [ 209.239890][ T27] audit: type=1326 audit(1757855287.039:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 209.293264][ T27] audit: type=1326 audit(1757855287.069:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 209.316595][ T9002] syz.4.1011[9002] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 209.316713][ T9002] syz.4.1011[9002] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 209.380708][ T27] audit: type=1326 audit(1757855287.089:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 209.505422][ T27] audit: type=1326 audit(1757855287.089:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 209.605995][ T27] audit: type=1326 audit(1757855287.089:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 209.696508][ T9019] ieee802154 phy0 wpan0: encryption failed: -22 [ 209.713275][ T27] audit: type=1326 audit(1757855287.089:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 209.819407][ T27] audit: type=1326 audit(1757855287.089:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 209.942141][ T27] audit: type=1326 audit(1757855287.089:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 210.067422][ T27] audit: type=1326 audit(1757855287.089:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm=FFFFFF7F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 210.145090][ T27] audit: type=1326 audit(1757855287.089:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm=FFFFFF7F exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa01b98d510 code=0x7ffc0000 [ 210.290755][ T9029] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 210.560806][ T9036] netlink: 'syz.0.1023': attribute type 10 has an invalid length. [ 210.619155][ T9036] team0: Port device dummy0 added [ 210.632209][ T9038] netlink: 'syz.0.1023': attribute type 10 has an invalid length. [ 210.726689][ T9038] team0: Port device dummy0 removed [ 210.746375][ T9038] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 210.988987][ T9057] binder: 9053:9057 unknown command 0 [ 211.011873][ T9057] binder: 9053:9057 ioctl c0306201 200000000080 returned -22 [ 211.363034][ T9078] netlink: 100 bytes leftover after parsing attributes in process `syz.5.1035'. [ 211.616253][ T9083] overlayfs: failed to clone upperpath [ 211.878108][ T9094] binder: 9093:9094 unknown command 0 [ 211.909295][ T9094] binder: 9093:9094 ioctl c0306201 200000000080 returned -22 [ 212.063627][ T9108] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.1043'. [ 212.098181][ T9103] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.1043'. [ 212.245421][ T9114] tipc: Enabling of bearer rejected, failed to enable media [ 212.702912][ T9137] loop5: detected capacity change from 0 to 512 [ 212.741148][ T9137] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 212.780879][ T9137] EXT4-fs error (device loop5): ext4_validate_block_bitmap:430: comm syz.5.1052: bg 0: block 5: invalid block bitmap [ 212.803796][ T9137] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6637: Corrupt filesystem [ 212.815187][ T9137] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.1052: invalid indirect mapped block 3 (level 2) [ 212.847024][ T9137] EXT4-fs (loop5): 2 truncates cleaned up [ 212.882219][ T9137] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.070774][ T7140] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.059230][ T9171] syz.4.1061[9171] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.059426][ T9171] syz.4.1061[9171] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.235833][ T9194] binder: 9193:9194 unknown command 0 [ 214.303636][ T9194] binder: 9193:9194 ioctl c0306201 200000000080 returned -22 [ 214.343190][ T9194] binder: 9193:9194 ioctl 4018620d 0 returned -22 [ 214.687304][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 214.687318][ T27] audit: type=1326 audit(1757855292.489:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 214.777875][ T27] audit: type=1326 audit(1757855292.519:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 214.823516][ T27] audit: type=1326 audit(1757855292.519:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.1.1068" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 214.872092][ T9218] netlink: 'syz.1.1071': attribute type 10 has an invalid length. [ 214.942966][ T9218] team0: Port device dummy0 added [ 214.949711][ T9220] netlink: 'syz.1.1071': attribute type 10 has an invalid length. [ 214.985319][ T9220] team0: Port device dummy0 removed [ 215.053126][ T9220] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 215.282487][ T9228] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1072'. [ 215.308980][ T9228] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1072'. [ 215.460686][ T9228] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1072'. [ 215.469931][ T9228] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1072'. [ 215.500573][ T9235] binder: 9234:9235 unknown command 0 [ 215.516223][ T9235] binder: 9234:9235 ioctl c0306201 200000000080 returned -22 [ 215.544202][ T9235] binder: 9234:9235 ioctl 4018620d 0 returned -22 [ 215.760630][ T9228] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1072'. [ 215.772864][ T9228] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1072'. [ 216.878750][ T9253] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1079'. [ 217.513964][ T27] audit: type=1326 audit(1757855295.309:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 217.562418][ T27] audit: type=1326 audit(1757855295.339:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 217.613966][ T27] audit: type=1326 audit(1757855295.399:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 217.692371][ T27] audit: type=1326 audit(1757855295.399:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 217.790019][ T27] audit: type=1326 audit(1757855295.399:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 217.839258][ T27] audit: type=1326 audit(1757855295.439:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 217.910694][ T27] audit: type=1326 audit(1757855295.439:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9272 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 217.945481][ T9283] random: crng reseeded on system resumption [ 218.007644][ T9287] binder: 9286:9287 unknown command 0 [ 218.023349][ T9287] binder: 9286:9287 ioctl c0306201 200000000080 returned -22 [ 218.039600][ T9287] binder: 9286:9287 ioctl c0306201 0 returned -14 [ 218.748042][ T5835] hid-generic 0000:0003:0000.0004: unknown main item tag 0x0 [ 218.771929][ T5835] hid-generic 0000:0003:0000.0004: unknown main item tag 0x0 [ 218.795513][ T5835] hid-generic 0000:0003:0000.0004: hidraw0: HID v0.03 Device [syz0] on syz0 [ 218.921748][ T9301] fido_id[9301]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 219.414787][ T9315] binder: 9308:9315 unknown command 0 [ 219.443826][ T9315] binder: 9308:9315 ioctl c0306201 200000000080 returned -22 [ 219.454943][ T9309] binder: 9308:9309 ioctl c0306201 0 returned -14 [ 220.702306][ T9343] IPv6: Can't replace route, no match found [ 220.720672][ T9344] loop4: detected capacity change from 0 to 512 [ 220.794090][ T9344] EXT4-fs (loop4): too many log groups per flexible block group [ 220.816541][ T9344] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 220.823467][ T9344] EXT4-fs (loop4): mount failed [ 220.884222][ T9351] binder: 9349:9351 unknown command 0 [ 220.891333][ T9351] binder: 9349:9351 ioctl c0306201 200000000080 returned -22 [ 220.912132][ T9351] binder: 9349:9351 ioctl c0306201 0 returned -14 [ 221.105194][ T9354] ªªªªªª: renamed from vlan0 (while UP) [ 221.595445][ T9372] tmpfs: Unknown parameter 'usrquota_inode_har' [ 221.614720][ T9372] overlayfs: failed to clone upperpath [ 221.621478][ T9374] binder: 9373:9374 unknown command 0 [ 221.627975][ T9374] binder: 9373:9374 ioctl c0306201 200000000080 returned -22 [ 221.979397][ T5872] hid-generic 0000:0003:0000.0005: unknown main item tag 0x0 [ 222.000969][ T5872] hid-generic 0000:0003:0000.0005: unknown main item tag 0x0 [ 222.047867][ T5872] hid-generic 0000:0003:0000.0005: hidraw0: HID v0.03 Device [syz0] on syz0 [ 222.269403][ T28] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 222.425604][ T28] usb 6-1: device descriptor read/64, error -71 [ 222.765075][ T28] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 222.847410][ T27] kauditd_printk_skb: 29 callbacks suppressed [ 222.847423][ T27] audit: type=1326 audit(1757855300.649:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9393 comm="syz.4.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 222.925118][ T28] usb 6-1: device descriptor read/64, error -71 [ 222.939506][ T27] audit: type=1326 audit(1757855300.649:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9393 comm="syz.4.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 223.003386][ T27] audit: type=1326 audit(1757855300.659:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9393 comm="syz.4.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 223.030013][ T27] audit: type=1326 audit(1757855300.659:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9393 comm="syz.4.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 223.046871][ T28] usb usb6-port1: attempt power cycle [ 223.156831][ T9404] tmpfs: Unknown parameter 'usrquota_inode_har' [ 223.166498][ T9405] binder: 9403:9405 unknown command 0 [ 223.171907][ T9405] binder: 9403:9405 ioctl c0306201 200000000080 returned -22 [ 223.200099][ T9407] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1142'. [ 223.377990][ T9412] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1143'. [ 223.393750][ T9412] IPVS: Error connecting to the multicast addr [ 223.486831][ T28] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 223.526086][ T28] usb 6-1: device descriptor read/8, error -71 [ 223.795190][ T28] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 223.825953][ T28] usb 6-1: device descriptor read/8, error -71 [ 223.948771][ T28] usb usb6-port1: unable to enumerate USB device [ 224.851974][ T27] audit: type=1326 audit(1757855302.649:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9440 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 224.903596][ T9443] netlink: 596 bytes leftover after parsing attributes in process `syz.0.1155'. [ 224.907354][ T27] audit: type=1326 audit(1757855302.649:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9440 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 224.967949][ T27] audit: type=1326 audit(1757855302.649:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9440 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 225.030525][ T27] audit: type=1326 audit(1757855302.649:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9440 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 225.104566][ T27] audit: type=1326 audit(1757855302.649:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9440 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 225.172814][ T27] audit: type=1326 audit(1757855302.649:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9440 comm="syz.1.1156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 225.703766][ T9456] loop1: detected capacity change from 0 to 512 [ 225.722905][ T9456] EXT4-fs: Ignoring removed bh option [ 225.750738][ T9456] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 225.794690][ T9456] EXT4-fs (loop1): 1 truncate cleaned up [ 225.816509][ T9460] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1162'. [ 225.861278][ T9456] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 226.031741][ T9466] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1165'. [ 226.137245][ T5784] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.393875][ T9475] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1170'. [ 226.436308][ T9475] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1170'. [ 226.704802][ T9485] binder: 9482:9485 unknown command 0 [ 226.719804][ T9485] binder: 9482:9485 ioctl c0306201 200000000080 returned -22 [ 226.880070][ T9489] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1177'. [ 227.251140][ T9502] atomic_op ffff88807e71d198 conn xmit_atomic 0000000000000000 [ 227.649793][ T9511] binder: 9510:9511 unknown command 0 [ 227.655864][ T9511] binder: 9510:9511 ioctl c0306201 200000000080 returned -22 [ 227.731927][ T9514] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 227.805716][ T9516] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1188'. [ 227.827245][ T9500] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 227.841235][ T9500] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.992922][ T9500] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 228.029014][ T9500] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.054762][ T27] kauditd_printk_skb: 31 callbacks suppressed [ 228.054774][ T27] audit: type=1326 audit(1757855305.849:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9523 comm="syz.4.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 228.129219][ T27] audit: type=1326 audit(1757855305.899:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9523 comm="syz.4.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 228.194486][ T27] audit: type=1326 audit(1757855305.899:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9523 comm="syz.4.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 228.231968][ T27] audit: type=1326 audit(1757855305.899:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9523 comm="syz.4.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 228.284625][ T9500] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 228.365656][ T9500] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.407514][ T27] audit: type=1326 audit(1757855305.899:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9523 comm="syz.4.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 228.439569][ T27] audit: type=1326 audit(1757855305.899:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9523 comm="syz.4.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 228.462811][ T27] audit: type=1326 audit(1757855305.899:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9523 comm="syz.4.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 228.494679][ T27] audit: type=1326 audit(1757855306.139:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9523 comm="syz.4.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 228.517113][ T27] audit: type=1326 audit(1757855306.159:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9523 comm="syz.4.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 229.278369][ T27] audit: type=1326 audit(1757855307.069:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9537 comm="syz.1.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 229.278421][ T9536] program syz.4.1194 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 229.335256][ T9500] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 229.362727][ T9500] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.540045][ T9543] binder: 9542:9543 unknown command 0 [ 229.549494][ T9543] binder: 9542:9543 ioctl c0306201 200000000080 returned -22 [ 229.568536][ T9543] binder: 9542:9543 ioctl c0306201 0 returned -14 [ 229.743098][ T9500] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 229.778630][ T9548] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 229.783608][ T9500] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.844028][ T9500] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 229.870776][ T9500] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.910393][ T9500] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 229.936021][ T9500] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.980912][ T9500] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 229.999621][ T9500] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.291771][ T9556] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1202'. [ 230.552599][ T9564] netlink: 'syz.1.1205': attribute type 3 has an invalid length. [ 230.593940][ T9565] binder: 9563:9565 unknown command 0 [ 230.617716][ T9565] binder: 9563:9565 ioctl c0306201 200000000080 returned -22 [ 230.655706][ T9565] binder: 9563:9565 ioctl c0306201 0 returned -14 [ 230.781700][ T9569] syz_tun: refused to change device tx_queue_len [ 232.407506][ T9596] loop4: detected capacity change from 0 to 1024 [ 232.487435][ T9596] EXT4-fs (loop4): can't mount with data_err=abort, fs mounted w/o journal [ 232.673055][ T9596] smc: net device bond0 applied user defined pnetid SYZ0 [ 232.687212][ T9605] smc: net device bond0 erased user defined pnetid SYZ0 [ 233.085155][ T27] kauditd_printk_skb: 23 callbacks suppressed [ 233.085174][ T27] audit: type=1326 audit(1757855310.879:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9619 comm="syz.5.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 233.185185][ T27] audit: type=1326 audit(1757855310.929:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9619 comm="syz.5.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 233.260857][ T27] audit: type=1326 audit(1757855310.939:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9619 comm="syz.5.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 233.339662][ T27] audit: type=1326 audit(1757855310.939:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9619 comm="syz.5.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 233.420885][ T27] audit: type=1326 audit(1757855310.939:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9619 comm="syz.5.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 233.423475][ T9624] loop4: detected capacity change from 0 to 8192 [ 233.474643][ T27] audit: type=1326 audit(1757855310.939:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9619 comm="syz.5.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 233.579346][ T27] audit: type=1326 audit(1757855310.939:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9619 comm="syz.5.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 233.615174][ T9624] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1225'. [ 233.646741][ T27] audit: type=1326 audit(1757855310.939:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9619 comm="syz.5.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 233.675226][ T27] audit: type=1326 audit(1757855311.219:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9619 comm="syz.5.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 233.765381][ T27] audit: type=1326 audit(1757855311.219:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9619 comm="syz.5.1224" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 233.885820][ T9636] binder: 9635:9636 unknown command 0 [ 233.891608][ T9636] binder: 9635:9636 ioctl c0306201 200000000080 returned -22 [ 234.918129][ T9677] binder: 9675:9677 unknown command 0 [ 234.945864][ T9677] binder: 9675:9677 ioctl c0306201 200000000080 returned -22 [ 235.148731][ T9686] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1245'. [ 236.328150][ T9703] netlink: 'syz.5.1251': attribute type 11 has an invalid length. [ 236.717076][ T9715] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1255'. [ 240.498449][ T9804] binder: 9802:9804 unknown command 0 [ 240.506384][ T9804] binder: 9802:9804 ioctl c0306201 200000000080 returned -22 [ 241.186443][ T9821] loop9: detected capacity change from 0 to 7 [ 241.231813][ T9821] Dev loop9: unable to read RDB block 7 [ 241.249855][ T9821] loop9: unable to read partition table [ 241.265326][ T9821] loop9: partition table beyond EOD, truncated [ 241.279724][ T9821] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ â·û [ 241.279724][ T9821] ) failed (rc=-5) [ 242.996165][ T9857] binder: 9856:9857 unknown command 0 [ 243.001594][ T9857] binder: 9856:9857 ioctl c0306201 200000000080 returned -22 [ 243.644625][ T9871] netlink: 'syz.4.1313': attribute type 13 has an invalid length. [ 243.670480][ T9871] gretap0: refused to change device tx_queue_len [ 243.687527][ T9871] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 244.730424][ T9871] warn_alloc: 1 callbacks suppressed [ 244.730439][ T9871] syz.4.1313: vmalloc error: size 85630976, failed to allocated page array size 167248, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 244.808337][ T9871] CPU: 1 PID: 9871 Comm: syz.4.1313 Not tainted syzkaller #0 [ 244.815750][ T9871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 244.825818][ T9871] Call Trace: [ 244.829109][ T9871] [ 244.832048][ T9871] dump_stack_lvl+0x16c/0x230 [ 244.836749][ T9871] ? show_regs_print_info+0x20/0x20 [ 244.841966][ T9871] ? load_image+0x3b0/0x3b0 [ 244.846489][ T9871] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 244.852927][ T9871] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 244.859442][ T9871] warn_alloc+0x210/0x300 [ 244.863798][ T9871] ? zone_watermark_ok_safe+0x230/0x230 [ 244.869371][ T9871] ? _raw_spin_unlock+0x28/0x40 [ 244.874245][ T9871] __vmalloc_node_range+0x662/0x1320 [ 244.879574][ T9871] ? free_vm_area+0x50/0x50 [ 244.884091][ T9871] ? ima_read_file+0x79/0x170 [ 244.888789][ T9871] ? ima_post_path_mknod+0x160/0x160 [ 244.894094][ T9871] ? kernel_read_file+0x3ea/0x680 [ 244.899131][ T9871] vmalloc+0x79/0x90 [ 244.903024][ T9871] ? kernel_read_file+0x3ea/0x680 [ 244.908046][ T9871] kernel_read_file+0x3ea/0x680 [ 244.912898][ T9871] ? vfs_cmd_create+0x230/0x230 [ 244.917746][ T9871] __se_sys_finit_module+0x3b7/0x650 [ 244.923031][ T9871] ? __x64_sys_finit_module+0x80/0x80 [ 244.928421][ T9871] ? lockdep_hardirqs_on+0x98/0x150 [ 244.933611][ T9871] do_syscall_64+0x55/0xb0 [ 244.938015][ T9871] ? clear_bhb_loop+0x40/0x90 [ 244.942677][ T9871] ? clear_bhb_loop+0x40/0x90 [ 244.947340][ T9871] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 244.953224][ T9871] RIP: 0033:0x7fb4c8d8eba9 [ 244.957625][ T9871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 244.977216][ T9871] RSP: 002b:00007fb4c9c55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 244.985619][ T9871] RAX: ffffffffffffffda RBX: 00007fb4c8fd5fa0 RCX: 00007fb4c8d8eba9 [ 244.993577][ T9871] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 245.001534][ T9871] RBP: 00007fb4c8e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 245.009497][ T9871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 245.017453][ T9871] R13: 00007fb4c8fd6038 R14: 00007fb4c8fd5fa0 R15: 00007ffd1bdd8e18 [ 245.025421][ T9871] [ 245.037453][ T9871] Mem-Info: [ 245.040636][ T9871] active_anon:6620 inactive_anon:0 isolated_anon:0 [ 245.040636][ T9871] active_file:12418 inactive_file:40371 isolated_file:0 [ 245.040636][ T9871] unevictable:768 dirty:86 writeback:0 [ 245.040636][ T9871] slab_reclaimable:10569 slab_unreclaimable:97194 [ 245.040636][ T9871] mapped:24321 shmem:1391 pagetables:729 [ 245.040636][ T9871] sec_pagetables:0 bounce:0 [ 245.040636][ T9871] kernel_misc_reclaimable:0 [ 245.040636][ T9871] free:1331015 free_pcp:11731 free_cma:0 [ 245.094384][ T9884] binder: 9882:9884 unknown command 0 [ 245.102211][ T9884] binder: 9882:9884 ioctl c0306201 200000000080 returned -22 [ 245.125244][ T9871] Node 0 active_anon:26588kB inactive_anon:0kB active_file:49672kB inactive_file:161268kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97252kB dirty:348kB writeback:0kB shmem:4008kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11932kB pagetables:2900kB sec_pagetables:0kB all_unreclaimable? no [ 245.195096][ T9871] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:216kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:8kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 245.269020][ T9871] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 245.333065][ T9871] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 245.345017][ T9871] Node 0 DMA32 free:1414832kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:29740kB inactive_anon:0kB active_file:49672kB inactive_file:159956kB unevictable:1536kB writepending:348kB present:3129332kB managed:2589592kB mlocked:0kB bounce:0kB free_pcp:20904kB local_pcp:2008kB free_cma:0kB [ 245.430561][ T9871] lowmem_reserve[]: 0 0 1 1 1 [ 245.439404][ T9871] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 245.474250][ T9871] lowmem_reserve[]: 0 0 0 0 0 [ 245.479449][ T9871] Node 1 Normal free:3891032kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:216kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:25772kB local_pcp:12120kB free_cma:0kB [ 245.509402][ T9871] lowmem_reserve[]: 0 0 0 0 0 [ 245.516212][ T9871] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 245.549336][ T9871] Node 0 DMA32: 419*4kB (UME) 775*8kB (UME) 570*16kB (UME) 611*32kB (UME) 525*64kB (UME) 247*128kB (UME) 62*256kB (UM) 42*512kB (UM) 15*1024kB (UME) 8*2048kB (UM) 309*4096kB (UM) = 1436548kB [ 245.591616][ T9871] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 245.622038][ T9871] Node 1 Normal: 191*4kB (UM) 58*8kB (UME) 28*16kB (UME) 70*32kB (UME) 25*64kB (UME) 8*128kB (UME) 2*256kB (UM) 2*512kB (ME) 2*1024kB (ME) 3*2048kB (UME) 946*4096kB (M) = 3891084kB [ 245.647595][ T9871] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 245.659536][ T9871] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 245.669800][ T9871] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 245.680318][ T9871] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 245.728226][ T9871] 54748 total pagecache pages [ 245.732944][ T9871] 0 pages in swap cache [ 245.742303][ T9871] Free swap = 124456kB [ 245.750870][ T9871] Total swap = 124996kB [ 245.756485][ T9871] 2097051 pages RAM [ 245.760310][ T9871] 0 pages HighMem/MovableOnly [ 245.776562][ T9871] 416139 pages reserved [ 245.783644][ T9871] 0 pages cma reserved [ 246.896168][ T9910] binder: 9909:9910 unknown command 0 [ 246.901602][ T9910] binder: 9909:9910 ioctl c0306201 200000000080 returned -22 [ 246.903625][ T27] kauditd_printk_skb: 33 callbacks suppressed [ 246.903637][ T27] audit: type=1326 audit(1757855324.699:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.4.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 246.972086][ T27] audit: type=1326 audit(1757855324.739:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.4.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 246.999350][ T27] audit: type=1326 audit(1757855324.739:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.4.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 247.059402][ T27] audit: type=1326 audit(1757855324.739:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.4.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 247.263640][ T27] audit: type=1326 audit(1757855324.739:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.4.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 247.644751][ T27] audit: type=1326 audit(1757855324.739:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.4.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 247.773280][ T27] audit: type=1326 audit(1757855324.739:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.4.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 247.862068][ T27] audit: type=1326 audit(1757855324.749:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.4.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 247.925082][ T27] audit: type=1326 audit(1757855324.749:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.4.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 247.988967][ T27] audit: type=1326 audit(1757855324.749:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.4.1329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 248.307832][ T9942] syzkaller0: entered allmulticast mode [ 248.323884][ T9942] syzkaller0: entered promiscuous mode [ 248.355298][ T9942] syzkaller0: left promiscuous mode [ 248.360784][ T9942] syzkaller0: left allmulticast mode [ 248.395717][ T9942] loop4: detected capacity change from 0 to 736 [ 248.460014][ T7137] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 248.473745][ T9942] netlink: 'syz.4.1340': attribute type 27 has an invalid length. [ 249.957355][ T9987] netlink: 'syz.0.1359': attribute type 3 has an invalid length. [ 250.219998][ T9981] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1356'. [ 255.005181][ T787] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 255.178157][ T787] usb 2-1: device descriptor read/64, error -71 [ 255.451746][ T787] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 256.878852][T10063] (null): rxe_set_mtu: Set mtu to 4096 [ 256.879110][T10063] lo speed is unknown, defaulting to 1000 [ 256.880489][T10063] lo speed is unknown, defaulting to 1000 [ 256.881156][T10063] lo speed is unknown, defaulting to 1000 [ 257.149390][T10063] infiniband sz1: set active [ 257.149554][T10063] infiniband sz1: added lo [ 257.198046][T10061] tty tty29: ldisc open failed (-12), clearing slot 28 [ 257.483359][T10063] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 257.489709][T10063] infiniband sz1: Couldn't open port 1 [ 257.510315][ T5772] lo speed is unknown, defaulting to 1000 [ 257.517419][ T787] usb 2-1: device descriptor read/64, error -71 [ 257.559077][T10063] RDS/IB: sz1: added [ 257.563151][T10063] smc: adding ib device sz1 with port count 1 [ 257.569371][T10063] smc: ib device sz1 port 1 has pnetid [ 257.576265][T10063] lo speed is unknown, defaulting to 1000 [ 257.731655][T10063] lo speed is unknown, defaulting to 1000 [ 257.765519][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 257.771839][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.785616][ T5772] lo speed is unknown, defaulting to 1000 [ 257.795846][ T787] usb usb2-port1: attempt power cycle [ 258.086993][T10063] lo speed is unknown, defaulting to 1000 [ 258.845634][T10063] lo speed is unknown, defaulting to 1000 [ 258.867036][ T27] kauditd_printk_skb: 16 callbacks suppressed [ 258.867050][ T27] audit: type=1326 audit(1757855336.659:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 258.950488][ T27] audit: type=1326 audit(1757855336.659:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 259.010168][T10063] lo speed is unknown, defaulting to 1000 [ 259.050930][ T27] audit: type=1326 audit(1757855336.659:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 259.097179][ T27] audit: type=1326 audit(1757855336.719:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 259.119704][ T27] audit: type=1326 audit(1757855336.719:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 259.142410][ T27] audit: type=1326 audit(1757855336.719:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 259.172562][ T27] audit: type=1326 audit(1757855336.719:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 259.280299][T10063] lo speed is unknown, defaulting to 1000 [ 259.289356][ T27] audit: type=1326 audit(1757855336.719:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 259.319974][ T27] audit: type=1326 audit(1757855336.719:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 259.370046][ T27] audit: type=1326 audit(1757855336.719:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10071 comm="syz.0.1387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda3258eba9 code=0x7ffc0000 [ 259.805583][T10072] lo speed is unknown, defaulting to 1000 [ 259.865629][T10095] loop5: detected capacity change from 0 to 1024 [ 259.909948][T10095] EXT4-fs (loop5): can't mount with data_err=abort, fs mounted w/o journal [ 262.653945][T10126] (null): rxe_set_mtu: Set mtu to 4096 [ 262.663987][T10126] rdma_rxe: rxe_newlink: failed to add lo [ 264.694407][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 264.694421][ T27] audit: type=1326 audit(1757855342.489:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10141 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 264.737705][ T27] audit: type=1326 audit(1757855342.529:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10141 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 264.760510][T10142] loop4: detected capacity change from 0 to 128 [ 264.773424][T10142] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 264.798337][T10142] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 264.819665][ T27] audit: type=1326 audit(1757855342.529:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10141 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 264.890087][ T27] audit: type=1326 audit(1757855342.529:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10141 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 264.924496][ T11] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 264.965586][ T27] audit: type=1326 audit(1757855342.529:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10141 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb4c8d8ebe3 code=0x7ffc0000 [ 265.046690][ T27] audit: type=1326 audit(1757855342.529:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10141 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb4c8d8d65f code=0x7ffc0000 [ 265.083105][ T27] audit: type=1326 audit(1757855342.529:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10141 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fb4c8d8ec37 code=0x7ffc0000 [ 265.116078][ T27] audit: type=1326 audit(1757855342.529:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10141 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb4c8d8d510 code=0x7ffc0000 [ 265.139849][ T27] audit: type=1326 audit(1757855342.529:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10141 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb4c8d8e7ab code=0x7ffc0000 [ 265.164352][ T27] audit: type=1326 audit(1757855342.569:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10141 comm="syz.4.1411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb4c8d8d80a code=0x7ffc0000 [ 265.531790][T10168] overlayfs: missing 'lowerdir' [ 265.602851][T10170] (null): rxe_set_mtu: Set mtu to 4096 [ 265.612913][T10170] rdma_rxe: rxe_newlink: failed to add lo [ 266.756749][T10192] loop5: detected capacity change from 0 to 512 [ 266.789522][T10192] EXT4-fs error (device loop5): ext4_xattr_inode_iget:445: comm syz.5.1430: error while reading EA inode 32 err=-116 [ 266.795440][T10192] EXT4-fs (loop5): Remounting filesystem read-only [ 266.795520][T10192] EXT4-fs warning (device loop5): ext4_evict_inode:255: couldn't mark inode dirty (err -5) [ 266.795621][T10192] EXT4-fs (loop5): 1 orphan inode deleted [ 266.797933][T10192] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 266.802287][T10192] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.879369][ T7137] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 267.126995][T10204] overlayfs: missing 'lowerdir' [ 267.216969][T10208] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1436'. [ 267.511479][T10220] loop4: detected capacity change from 0 to 164 [ 267.585143][T10220] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 267.624339][T10220] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 267.665562][T10220] rock: directory entry would overflow storage [ 267.677184][T10220] rock: sig=0x4f50, size=4, remaining=3 [ 267.695578][T10220] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 267.806613][T10229] overlayfs: missing 'lowerdir' [ 268.354256][T10252] loop4: detected capacity change from 0 to 512 [ 268.413497][T10252] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 268.464360][T10252] EXT4-fs (loop4): 1 orphan inode deleted [ 268.474357][T10252] EXT4-fs (loop4): 1 truncate cleaned up [ 268.501040][T10252] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 268.532931][T10258] overlayfs: missing 'lowerdir' [ 268.593623][T10252] EXT4-fs error (device loop4): ext4_inlinedir_to_tree:1412: inode #12: block 7: comm syz.4.1453: path /217/file0/file0: bad entry in directory: directory entry overrun - offset=788, inode=13, rec_len=784, size=60 fake=0 [ 268.619300][T10252] EXT4-fs (loop4): Remounting filesystem read-only [ 269.360516][ T7097] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 269.959776][T10287] overlayfs: missing 'lowerdir' [ 270.132617][T10293] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1470'. [ 270.208849][T10293] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1470'. [ 270.511049][T10309] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1477'. [ 270.530248][T10309] IPVS: Unknown mcast interface: vet [ 270.860340][T10319] loop4: detected capacity change from 0 to 512 [ 270.923829][T10319] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 270.986594][T10319] ext4 filesystem being mounted at /222/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 271.163389][T10315] netlink: 'syz.0.1479': attribute type 2 has an invalid length. [ 271.185800][T10312] lo speed is unknown, defaulting to 1000 [ 271.421673][ T7097] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.712248][T10329] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1485'. [ 271.858047][T10335] tmpfs: Unknown parameter 'nr' [ 271.919309][T10335] syz_tun: entered allmulticast mode [ 272.017953][T10339] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1489'. [ 272.036261][T10339] IPVS: Unknown mcast interface: vetN1_macvtap [ 272.091089][T10343] loop5: detected capacity change from 0 to 512 [ 272.125789][T10343] EXT4-fs: Ignoring removed bh option [ 272.159855][T10343] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 272.211612][T10343] EXT4-fs (loop5): 1 truncate cleaned up [ 272.229899][T10343] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 272.311783][T10343] syz.5.1491[10343] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 272.311905][T10343] syz.5.1491[10343] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 272.435035][T10331] lo speed is unknown, defaulting to 1000 [ 272.472227][ T7140] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 272.642202][T10330] syz_tun: left allmulticast mode [ 272.648444][T10355] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 272.672207][T10355] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 273.051164][T10364] loop5: detected capacity change from 0 to 512 [ 273.171523][T10364] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 273.188872][T10364] ext4 filesystem being mounted at /232/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 273.275383][ T5786] Bluetooth: hci4: command 0x0406 tx timeout [ 273.351447][ T7140] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.584085][T10378] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1501'. [ 273.594156][T10378] IPVS: Unknown mcast interface: vetN1_macvtap [ 273.672249][T10380] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 273.683899][T10380] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 273.784510][T10386] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1506'. [ 273.794548][T10386] x_tables: ip_tables: udp match: only valid for protocol 17 [ 274.304210][T10395] netlink: 'syz.4.1508': attribute type 30 has an invalid length. [ 274.329893][T10395] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 274.338874][T10395] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 274.347703][T10395] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 274.356672][T10395] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 274.388354][T10395] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 274.397480][T10395] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 274.406422][T10395] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 274.416092][T10395] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 274.471893][T10402] netlink: 'syz.0.1511': attribute type 30 has an invalid length. [ 274.721741][T10407] overlayfs: missing 'lowerdir' [ 274.883937][ T27] kauditd_printk_skb: 13 callbacks suppressed [ 274.883951][ T27] audit: type=1326 audit(1757855352.679:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10414 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 274.901059][T10417] random: crng reseeded on system resumption [ 274.956895][ T27] audit: type=1326 audit(1757855352.679:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10414 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 274.996239][ T27] audit: type=1326 audit(1757855352.729:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10414 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 275.027769][ T27] audit: type=1326 audit(1757855352.729:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10414 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 275.072296][ T27] audit: type=1326 audit(1757855352.729:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10414 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 275.145589][ T27] audit: type=1326 audit(1757855352.729:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10414 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 275.204468][ T27] audit: type=1326 audit(1757855352.729:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10414 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 275.289867][ T27] audit: type=1326 audit(1757855352.729:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10414 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 275.359868][ T27] audit: type=1326 audit(1757855352.729:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10414 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 275.405064][ T27] audit: type=1326 audit(1757855352.729:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10414 comm="syz.4.1517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 275.552211][T10431] overlayfs: missing 'lowerdir' [ 275.607304][T10433] syz_tun: refused to change device tx_queue_len [ 275.646379][T10435] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1527'. [ 275.732011][T10437] loop5: detected capacity change from 0 to 512 [ 275.765281][T10439] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1529'. [ 275.793390][T10439] bridge0: entered promiscuous mode [ 275.799821][T10439] macvtap1: entered promiscuous mode [ 275.806064][T10439] macvtap1: entered allmulticast mode [ 275.808080][T10437] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 275.811451][T10439] bridge0: entered allmulticast mode [ 275.830217][T10437] ext4 filesystem being mounted at /238/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 275.844394][T10439] bridge0: left allmulticast mode [ 275.861444][T10439] bridge0: left promiscuous mode [ 275.984136][T10448] netlink: 'syz.1.1532': attribute type 10 has an invalid length. [ 276.057634][ T7140] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.150923][T10452] overlayfs: missing 'lowerdir' [ 276.194472][T10454] loop5: detected capacity change from 0 to 2048 [ 276.385386][T10458] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1537'. [ 276.404124][T10458] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1537'. [ 276.562115][T10464] syz.5.1542[10464] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 276.562237][T10464] syz.5.1542[10464] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 276.678982][T10464] ALSA: seq fatal error: cannot create timer (-19) [ 276.703688][T10472] loop5: detected capacity change from 0 to 1024 [ 276.726874][T10471] IPVS: stopping master sync thread 7780 ... [ 276.769288][T10472] EXT4-fs: Ignoring removed orlov option [ 276.812093][T10472] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 276.907979][T10476] overlayfs: missing 'workdir' [ 277.082528][ T7140] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.597238][T10500] overlayfs: missing 'workdir' [ 277.654277][T10502] loop5: detected capacity change from 0 to 512 [ 277.667776][T10502] EXT4-fs: Ignoring removed mblk_io_submit option [ 277.705501][T10502] ext4: Unknown parameter 'seclabel' [ 277.843599][T10504] loop4: detected capacity change from 0 to 512 [ 277.899568][T10504] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 277.920850][T10504] ext4 filesystem being mounted at /239/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 278.008103][ T7097] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.263510][T10512] $Hÿ: renamed from bond0 (while UP) [ 278.337090][T10512] $Hÿ: entered promiscuous mode [ 278.355245][T10512] dummy0: entered promiscuous mode [ 279.295943][T10525] overlayfs: missing 'workdir' [ 279.502544][T10535] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 279.523448][T10533] netlink: 'syz.4.1568': attribute type 1 has an invalid length. [ 279.599435][T10533] 8021q: adding VLAN 0 to HW filter on device bond1 [ 279.620604][T10538] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1568'. [ 279.962543][T10538] bond1 (unregistering): Released all slaves [ 280.602043][ T27] kauditd_printk_skb: 103 callbacks suppressed [ 280.602058][ T27] audit: type=1326 audit(1757855358.399:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10562 comm="syz.1.1581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 280.669261][ T27] audit: type=1326 audit(1757855358.429:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10562 comm="syz.1.1581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 280.692379][ T27] audit: type=1326 audit(1757855358.429:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10562 comm="syz.1.1581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 280.716343][ T27] audit: type=1326 audit(1757855358.429:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10562 comm="syz.1.1581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 280.776757][ T27] audit: type=1326 audit(1757855358.429:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10562 comm="syz.1.1581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 280.818066][ T27] audit: type=1326 audit(1757855358.429:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10562 comm="syz.1.1581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 280.875001][ T27] audit: type=1326 audit(1757855358.429:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10562 comm="syz.1.1581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 280.917505][ T27] audit: type=1326 audit(1757855358.429:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10562 comm="syz.1.1581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 280.971807][ T27] audit: type=1326 audit(1757855358.429:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10562 comm="syz.1.1581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 281.019914][ T27] audit: type=1326 audit(1757855358.429:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10562 comm="syz.1.1581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 281.580984][ T55] IPVS: starting estimator thread 0... [ 281.699430][T10571] IPVS: using max 17 ests per chain, 40800 per kthread [ 282.309560][T10596] tipc: Started in network mode [ 282.316589][T10596] tipc: Node identity aa3e6ee69c1f, cluster identity 4711 [ 282.364806][T10596] tipc: Enabled bearer , priority 0 [ 282.393642][T10599] syzkaller0: entered promiscuous mode [ 282.410315][T10599] syzkaller0: entered allmulticast mode [ 282.654621][T10602] tipc: Resetting bearer [ 282.715898][T10595] tipc: Resetting bearer [ 282.787198][T10595] tipc: Disabling bearer [ 283.362152][T10626] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1603'. [ 283.588010][T10608] lo speed is unknown, defaulting to 1000 [ 284.679081][T10649] syz.0.1612[10649] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 284.679210][T10649] syz.0.1612[10649] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 284.710389][T10644] lo speed is unknown, defaulting to 1000 [ 285.872821][T10671] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1619'. [ 286.012041][T10678] overlayfs: failed to clone upperpath [ 286.266800][ T5894] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 286.455541][ T5894] usb 6-1: Using ep0 maxpacket: 8 [ 286.486432][ T5894] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 286.515179][ T5894] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 286.524186][ T5894] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 286.571938][ T5894] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 286.602024][ T5894] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 286.613478][ T5894] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.660498][ T5894] hub 6-1:1.0: bad descriptor, ignoring hub [ 286.670258][ T5894] hub: probe of 6-1:1.0 failed with error -5 [ 286.687535][ T5894] cdc_wdm 6-1:1.0: skipping garbage [ 286.694829][ T5894] cdc_wdm 6-1:1.0: skipping garbage [ 286.712710][ T5894] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 286.735203][ T5894] cdc_wdm 6-1:1.0: Unknown control protocol [ 287.278527][T10708] loop4: detected capacity change from 0 to 512 [ 287.288743][ T5772] usb 6-1: USB disconnect, device number 6 [ 287.337298][T10708] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 287.368544][T10708] ext4 filesystem being mounted at /253/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 287.454396][ T7097] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.722407][T10721] loop4: detected capacity change from 0 to 764 [ 288.176141][T10734] overlayfs: failed to clone upperpath [ 288.229675][T10727] pim6reg1: entered promiscuous mode [ 288.235561][T10727] pim6reg1: entered allmulticast mode [ 288.641217][ T5786] Bluetooth: hci5: command 0x0406 tx timeout [ 289.183485][T10741] loop4: detected capacity change from 0 to 8192 [ 289.245038][ T5872] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 289.438517][ T5872] usb 6-1: no configurations [ 289.443246][ T5872] usb 6-1: can't read configurations, error -22 [ 289.615890][ T5872] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 289.795981][ T5872] usb 6-1: no configurations [ 289.800611][ T5872] usb 6-1: can't read configurations, error -22 [ 289.808305][ T5872] usb usb6-port1: attempt power cycle [ 290.215171][ T5872] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 290.248877][ T5872] usb 6-1: no configurations [ 290.253483][ T5872] usb 6-1: can't read configurations, error -22 [ 290.405111][ T5872] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 290.437756][ T5872] usb 6-1: no configurations [ 290.442380][ T5872] usb 6-1: can't read configurations, error -22 [ 290.448941][ T5872] usb usb6-port1: unable to enumerate USB device [ 291.154240][T10760] netlink: 'syz.0.1658': attribute type 2 has an invalid length. [ 291.263437][T10765] loop4: detected capacity change from 0 to 512 [ 291.302480][T10765] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 291.366120][T10765] EXT4-fs (loop4): 1 truncate cleaned up [ 291.396233][T10765] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 291.436301][T10765] EXT4-fs error (device loop4): ext4_ext_precache:627: inode #15: comm syz.4.1653: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 291.593609][T10773] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1656'. [ 291.610124][ T27] kauditd_printk_skb: 60 callbacks suppressed [ 291.610137][ T27] audit: type=1326 audit(1757855369.409:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.5.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 291.671996][ T27] audit: type=1326 audit(1757855369.409:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.5.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 291.707384][ T27] audit: type=1326 audit(1757855369.409:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.5.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 291.796284][ T27] audit: type=1326 audit(1757855369.409:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.5.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 291.860632][ T27] audit: type=1326 audit(1757855369.409:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.5.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 291.913419][ T27] audit: type=1326 audit(1757855369.439:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.5.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 291.939808][ T27] audit: type=1326 audit(1757855369.739:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.5.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 291.966656][T10775] lo speed is unknown, defaulting to 1000 [ 291.974796][T10775] lo speed is unknown, defaulting to 1000 [ 291.983823][T10775] lo speed is unknown, defaulting to 1000 [ 291.987144][ T7097] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.000142][T10775] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 292.022193][T10775] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 292.193287][ T27] audit: type=1326 audit(1757855369.739:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.5.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 292.456137][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 292.596821][ T27] audit: type=1326 audit(1757855369.739:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.5.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 292.619496][ T27] audit: type=1326 audit(1757855369.739:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10774 comm="syz.5.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 292.715018][T10775] lo speed is unknown, defaulting to 1000 [ 292.729073][T10775] lo speed is unknown, defaulting to 1000 [ 292.746659][T10775] lo speed is unknown, defaulting to 1000 [ 292.772947][T10775] lo speed is unknown, defaulting to 1000 [ 292.777301][T10787] loop4: detected capacity change from 0 to 764 [ 292.790699][ T9] usb 2-1: no configurations [ 292.795385][ T9] usb 2-1: can't read configurations, error -22 [ 292.965145][ T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 293.167644][ T9] usb 2-1: no configurations [ 293.179415][ T9] usb 2-1: can't read configurations, error -22 [ 293.195660][ T9] usb usb2-port1: attempt power cycle [ 293.607449][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 293.660926][ T9] usb 2-1: no configurations [ 293.684191][ T9] usb 2-1: can't read configurations, error -22 [ 293.832410][T10812] loop4: detected capacity change from 0 to 1024 [ 293.845096][ T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 293.856017][T10812] EXT4-fs: Ignoring removed orlov option [ 293.891598][ T9] usb 2-1: no configurations [ 293.909867][T10812] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.932749][ T9] usb 2-1: can't read configurations, error -22 [ 293.959218][ T9] usb usb2-port1: unable to enumerate USB device [ 294.126313][ T7097] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.236880][T10822] overlayfs: failed to clone upperpath [ 294.803802][T10842] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1684'. [ 296.815230][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 296.995164][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 297.007949][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 297.031065][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 297.051058][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 297.074735][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 297.098591][ T9] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 297.108305][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.143266][ T9] hub 2-1:1.0: bad descriptor, ignoring hub [ 297.158109][ T9] hub: probe of 2-1:1.0 failed with error -5 [ 297.171412][ T9] cdc_wdm 2-1:1.0: skipping garbage [ 297.182671][ T9] cdc_wdm 2-1:1.0: skipping garbage [ 297.197183][ T9] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 297.209992][ T9] cdc_wdm 2-1:1.0: Unknown control protocol [ 297.796438][ T5894] usb 2-1: USB disconnect, device number 10 [ 298.738755][T10951] hub 9-0:1.0: USB hub found [ 298.744159][T10951] hub 9-0:1.0: 1 port detected [ 299.449593][T10952] lo speed is unknown, defaulting to 1000 [ 299.463709][T10955] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1731'. [ 299.610181][T10952] lo speed is unknown, defaulting to 1000 [ 299.713992][T10960] program syz.4.1733 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 301.738535][T11002] infiniband sz1: set active [ 301.842279][ T5894] lo speed is unknown, defaulting to 1000 [ 302.398036][ T27] kauditd_printk_skb: 53 callbacks suppressed [ 302.398051][ T27] audit: type=1326 audit(1757855380.199:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11021 comm="syz.1.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 302.442100][ T27] audit: type=1326 audit(1757855380.199:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11021 comm="syz.1.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 302.483915][ T27] audit: type=1326 audit(1757855380.209:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11021 comm="syz.1.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 302.515532][ T27] audit: type=1326 audit(1757855380.209:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11021 comm="syz.1.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 302.543108][ T27] audit: type=1326 audit(1757855380.209:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11021 comm="syz.1.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 302.590760][T11026] tipc: Enabling of bearer rejected, failed to enable media [ 302.609748][ T27] audit: type=1326 audit(1757855380.209:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11021 comm="syz.1.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 302.640919][ T27] audit: type=1326 audit(1757855380.209:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11021 comm="syz.1.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 302.697273][ T27] audit: type=1326 audit(1757855380.209:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11021 comm="syz.1.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 302.722592][ T27] audit: type=1326 audit(1757855380.209:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11021 comm="syz.1.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 302.815444][ T27] audit: type=1326 audit(1757855380.209:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11021 comm="syz.1.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01b98eba9 code=0x7ffc0000 [ 303.303585][T11054] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1771'. [ 303.568481][T11063] loop5: detected capacity change from 0 to 512 [ 303.607787][T11063] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 303.664802][T11063] EXT4-fs (loop5): 1 orphan inode deleted [ 303.691842][T11063] EXT4-fs (loop5): 1 truncate cleaned up [ 303.728189][T11063] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 303.860723][T11063] EXT4-fs error (device loop5): ext4_lookup:1858: inode #15: comm syz.5.1774: iget: bad extra_isize 46 (inode size 256) [ 303.911467][T11063] EXT4-fs (loop5): Remounting filesystem read-only [ 304.057197][ T7140] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 304.346786][T11080] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1782'. [ 304.432647][T11080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 304.669646][T11085] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 305.203047][T11112] dccp_invalid_packet: P.Data Offset(4) too small [ 306.275064][T11158] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1817'. [ 306.300220][T11158] bridge0: entered promiscuous mode [ 306.708053][T11170] netlink: 'syz.1.1822': attribute type 13 has an invalid length. [ 307.512591][T11170] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.522562][T11170] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.531958][T11170] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.543137][T11170] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.660312][T11183] netlink: 'syz.5.1828': attribute type 9 has an invalid length. [ 308.011460][T11209] macvlan1: entered promiscuous mode [ 308.029573][T11209] ipvlan0: entered promiscuous mode [ 308.056448][T11209] ipvlan0: left promiscuous mode [ 308.086151][T11209] macvlan1: left promiscuous mode [ 308.371225][T11224] netlink: 830 bytes leftover after parsing attributes in process `syz.4.1840'. [ 309.767057][T11264] loop4: detected capacity change from 0 to 512 [ 309.778202][T11264] EXT4-fs: Invalid want_extra_isize 1 [ 310.263699][ T27] kauditd_printk_skb: 114 callbacks suppressed [ 310.263713][ T27] audit: type=1326 audit(1757855388.059:1246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11283 comm="syz.4.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 310.358010][ T27] audit: type=1326 audit(1757855388.059:1247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11283 comm="syz.4.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 310.450802][ T27] audit: type=1326 audit(1757855388.109:1248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11283 comm="syz.4.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 310.533908][ T27] audit: type=1326 audit(1757855388.109:1249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11283 comm="syz.4.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 310.601712][ T27] audit: type=1326 audit(1757855388.109:1250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11283 comm="syz.4.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 310.684066][ T27] audit: type=1326 audit(1757855388.119:1251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11283 comm="syz.4.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 310.746311][ T27] audit: type=1326 audit(1757855388.119:1252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11283 comm="syz.4.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 310.825202][ T27] audit: type=1326 audit(1757855388.129:1253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11283 comm="syz.4.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 310.868095][ T27] audit: type=1326 audit(1757855388.129:1254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11283 comm="syz.4.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 310.935014][ T27] audit: type=1326 audit(1757855388.129:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11283 comm="syz.4.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 311.266003][T11316] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1878'. [ 311.287728][T11316] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1878'. [ 311.310290][T11319] netlink: 40 bytes leftover after parsing attributes in process `'. [ 311.318536][T11316] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1878'. [ 311.328845][T11316] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1878'. [ 311.387589][T11321] loop5: detected capacity change from 0 to 512 [ 311.445330][T11321] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 311.500574][T11321] EXT4-fs error (device loop5): ext4_acquire_dquot:6940: comm syz.5.1879: Failed to acquire dquot type 1 [ 311.543471][T11321] EXT4-fs (loop5): 1 truncate cleaned up [ 311.550762][T11321] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 312.059044][ T7140] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.306834][T11384] syz.4.1904[11384] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 313.306957][T11384] syz.4.1904[11384] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 313.533781][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1907'. [ 313.744348][T11394] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1909'. [ 313.780183][T11394] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1909'. [ 313.915530][T11399] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1909'. [ 313.935532][T11399] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1909'. [ 315.345420][T11440] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1923'. [ 315.357962][T11440] bridge_slave_1: left allmulticast mode [ 315.364018][T11440] bridge_slave_1: left promiscuous mode [ 315.388805][T11440] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.415848][T11440] bridge_slave_0: left allmulticast mode [ 315.427699][T11440] bridge_slave_0: left promiscuous mode [ 315.455832][T11440] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.489960][ T27] kauditd_printk_skb: 15 callbacks suppressed [ 315.489972][ T27] audit: type=1326 audit(1757855393.289:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11443 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 315.553251][ T27] audit: type=1326 audit(1757855393.319:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11443 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 315.587786][ T27] audit: type=1326 audit(1757855393.319:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11443 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 316.388292][T11462] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1935'. [ 316.398606][T11462] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1935'. [ 316.422695][T11463] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1935'. [ 316.432130][T11463] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1935'. [ 316.839309][T11476] syz.1.1942 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 317.280029][ T1284] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.286705][ T1284] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.539247][ T5786] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 317.549013][ T5786] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 317.560425][ T5786] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 317.578943][ T5786] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 317.592571][ T5786] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 317.601244][ T5786] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 317.673233][T11489] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1948'. [ 317.687785][T11489] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1948'. [ 317.699787][T11490] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1948'. [ 317.735629][T11490] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1948'. [ 318.124602][T11491] lo speed is unknown, defaulting to 1000 [ 318.198733][T11506] loop4: detected capacity change from 0 to 1764 [ 318.399905][T11514] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1959'. [ 318.420531][T11514] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1959'. [ 318.552314][T11491] lo speed is unknown, defaulting to 1000 [ 318.634406][T11519] loop5: detected capacity change from 0 to 512 [ 318.686548][T11519] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 318.738671][T11519] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.1960: bad orphan inode 131083 [ 318.791559][T11519] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 318.922542][ T7140] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.052905][T11491] chnl_net:caif_netlink_parms(): no params data found [ 319.312481][T11491] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.325120][T11491] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.342595][T11491] bridge_slave_0: entered allmulticast mode [ 319.352262][T11491] bridge_slave_0: entered promiscuous mode [ 319.371087][T11491] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.388043][T11491] bridge0: port 2(bridge_slave_1) entered disabled state [ 319.403242][T11491] bridge_slave_1: entered allmulticast mode [ 319.422151][T11491] bridge_slave_1: entered promiscuous mode [ 319.561717][T11491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 319.622148][T11491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 319.676079][ T5788] Bluetooth: hci0: command tx timeout [ 319.791332][T11491] team0: Port device team_slave_0 added [ 319.803951][T11491] team0: Port device team_slave_1 added [ 319.940258][T11491] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 319.963641][T11491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 320.006448][T11491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 320.019686][T11491] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 320.027016][T11491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 320.056234][T11491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 320.174412][T11491] hsr_slave_0: entered promiscuous mode [ 320.181095][T11491] hsr_slave_1: entered promiscuous mode [ 320.611192][T11491] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 320.645075][T11491] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.793239][T11491] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 320.809766][T11590] netlink: 'syz.5.1984': attribute type 1 has an invalid length. [ 320.825048][T11491] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.933704][T11491] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 320.952698][T11491] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.020378][ T27] audit: type=1326 audit(1757855398.809:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11595 comm="syz.4.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 321.080654][ T27] audit: type=1326 audit(1757855398.809:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11595 comm="syz.4.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 321.110899][T11600] loop4: detected capacity change from 0 to 256 [ 321.131673][T11600] FAT-fs (loop4): Unrecognized mount option "u_xlate=0" or missing value [ 321.148071][T11491] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 321.165024][ T27] audit: type=1326 audit(1757855398.809:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11595 comm="syz.4.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 321.197817][T11491] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.223012][ T27] audit: type=1326 audit(1757855398.819:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11595 comm="syz.4.1987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 321.334023][T11600] loop4: detected capacity change from 0 to 1024 [ 321.346879][T11600] EXT4-fs: Ignoring removed orlov option [ 321.366048][T11600] EXT4-fs (loop4): VFS: Can't find ext4 filesystem [ 321.466126][T10198] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 321.621775][T11491] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 321.644375][T11491] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 321.700350][T11491] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 321.730007][T11491] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 321.755282][ T5788] Bluetooth: hci0: command tx timeout [ 322.001359][T11628] loop5: detected capacity change from 0 to 512 [ 322.012403][T11491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 322.043854][T11491] 8021q: adding VLAN 0 to HW filter on device team0 [ 322.052499][T11628] EXT4-fs error (device loop5): ext4_xattr_inode_iget:445: comm syz.5.1997: error while reading EA inode 32 err=-116 [ 322.068548][T11628] EXT4-fs (loop5): Remounting filesystem read-only [ 322.076252][T11628] EXT4-fs warning (device loop5): ext4_evict_inode:255: couldn't mark inode dirty (err -5) [ 322.087748][ T2957] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.094876][ T2957] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.103528][T11628] EXT4-fs (loop5): 1 orphan inode deleted [ 322.110604][T11628] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 322.134652][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.141840][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 322.149630][T11628] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 322.280042][T11491] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 322.534244][ T27] audit: type=1326 audit(1757855400.329:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11643 comm="syz.4.2002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 322.694044][ T27] audit: type=1326 audit(1757855400.329:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11643 comm="syz.4.2002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 322.761699][ T27] audit: type=1326 audit(1757855400.329:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11643 comm="syz.4.2002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 322.795692][ T27] audit: type=1326 audit(1757855400.329:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11643 comm="syz.4.2002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 322.850764][ T27] audit: type=1326 audit(1757855400.329:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11643 comm="syz.4.2002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 323.376285][ T27] audit: type=1326 audit(1757855400.359:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11643 comm="syz.4.2002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4c8d8eba9 code=0x7ffc0000 [ 323.574765][T11491] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 323.722550][T11491] veth0_vlan: entered promiscuous mode [ 323.810213][T11491] veth1_vlan: entered promiscuous mode [ 323.835601][ T5788] Bluetooth: hci0: command tx timeout [ 323.942269][T11491] veth0_macvtap: entered promiscuous mode [ 323.984522][T11491] veth1_macvtap: entered promiscuous mode [ 324.040929][T11491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 324.082583][T11491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 324.103800][T11491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 324.116758][T11491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 324.131408][T11491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 324.148171][T11491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 324.164276][T11491] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 324.194400][T11491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 324.219653][T11491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 324.236763][T11491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 324.255093][T11491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 324.277669][T11491] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 324.290220][T11491] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 324.306700][T11491] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 324.330399][T11491] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.340669][T11491] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.350779][T11491] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.359599][T11491] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.474301][T11673] __nla_validate_parse: 7 callbacks suppressed [ 324.474318][T11673] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2009'. [ 324.509099][T11673] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2009'. [ 324.551412][T11676] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2009'. [ 324.579138][T11676] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2009'. [ 324.702501][ T2957] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 324.747635][ T2957] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.825928][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 324.840428][T11684] loop4: detected capacity change from 0 to 512 [ 324.843943][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.873306][T11684] EXT4-fs: Ignoring removed nobh option [ 324.908757][T11684] EXT4-fs (loop4): failed to initialize system zone (-117) [ 324.919411][T11684] EXT4-fs (loop4): mount failed [ 325.563623][T11708] syzkaller0: entered promiscuous mode [ 325.595941][T11708] syzkaller0: entered allmulticast mode [ 325.661516][T11708] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2023'. [ 325.835299][T11720] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2027'. [ 325.899488][T11722] ÿÿÿÿÿÿ: renamed from vlan1 (while UP) [ 325.915929][ T5788] Bluetooth: hci0: command tx timeout [ 326.467378][T11740] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2036'. [ 326.721943][T11746] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2038'. [ 326.793136][ T27] kauditd_printk_skb: 21 callbacks suppressed [ 326.794335][ T27] audit: type=1326 audit(1757855404.589:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.5.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 326.830997][ T27] audit: type=1326 audit(1757855404.609:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.5.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 326.857748][ T27] audit: type=1326 audit(1757855404.609:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.5.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 326.880778][ T27] audit: type=1326 audit(1757855404.609:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.5.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 326.903576][ T27] audit: type=1326 audit(1757855404.609:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.5.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 326.932687][ T27] audit: type=1326 audit(1757855404.609:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.5.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 326.967463][ T27] audit: type=1326 audit(1757855404.609:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.5.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 327.024610][ T27] audit: type=1326 audit(1757855404.619:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.5.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 327.088475][ T27] audit: type=1326 audit(1757855404.619:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.5.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 327.122274][ T27] audit: type=1326 audit(1757855404.619:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.5.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 327.160682][T11754] loop4: detected capacity change from 0 to 8192 [ 327.188923][T11756] netlink: 6308 bytes leftover after parsing attributes in process `syz.0.2043'. [ 327.317601][T11760] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2045'. [ 327.537225][T11748] 9pnet_fd: p9_fd_create_tcp (11748): problem connecting socket to 127.0.0.1 [ 328.088195][T11798] netlink: 'syz.5.2064': attribute type 3 has an invalid length. [ 329.067444][T11813] lo speed is unknown, defaulting to 1000 [ 329.230606][ T5851] Process accounting resumed [ 329.248329][T11828] netlink: 'syz.1.2075': attribute type 10 has an invalid length. [ 329.376342][T11829] netlink: 'syz.1.2075': attribute type 10 has an invalid length. [ 329.443886][T11813] lo speed is unknown, defaulting to 1000 [ 329.533661][T11839] tipc: Started in network mode [ 329.543068][T11839] tipc: Node identity 5ed7d1b59535, cluster identity 4711 [ 329.557137][T11839] tipc: Enabled bearer , priority 0 [ 329.608273][T11839] tipc: Disabling bearer [ 329.903070][T11849] __nla_validate_parse: 7 callbacks suppressed [ 329.903085][T11849] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2092'. [ 330.090497][T11854] 9pnet: Could not find request transport: f [ 330.285533][T11859] dccp_invalid_packet: P.Data Offset(4) too small [ 331.577415][T11897] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2105'. [ 331.578465][T11899] syz.1.2106[11899] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 331.593859][T11899] syz.1.2106[11899] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 331.606873][T11897] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2105'. [ 331.665569][T11900] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2105'. [ 331.688927][T11900] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2105'. [ 332.406868][T11926] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2117'. [ 332.418125][T11926] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2117'. [ 332.441463][T11926] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2117'. [ 332.459357][T11926] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2117'. [ 332.690601][T11932] netlink: 'syz.1.2121': attribute type 11 has an invalid length. [ 333.052830][T11943] macvlan1: entered promiscuous mode [ 333.105660][T11943] ipvlan0: entered promiscuous mode [ 333.112011][T11943] ipvlan0: left promiscuous mode [ 333.132974][T11943] macvlan1: left promiscuous mode [ 333.152850][T11945] netlink: 272 bytes leftover after parsing attributes in process `syz.5.2126'. [ 333.374430][T11951] loop5: detected capacity change from 0 to 1024 [ 333.438108][T11951] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 333.513092][T11951] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4031: comm syz.5.2129: Allocating blocks 385-513 which overlap fs metadata [ 333.579452][T11963] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4031: comm syz.5.2129: Allocating blocks 385-513 which overlap fs metadata [ 333.625828][T11963] EXT4-fs (loop5): pa ffff88805ff82bc8: logic 16, phys. 129, len 24 [ 333.634224][T11963] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 8 [ 333.714212][ T7140] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 334.331328][T11987] syz.5.2141[11987] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 334.331452][T11987] syz.5.2141[11987] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 335.163123][T12007] lo speed is unknown, defaulting to 1000 [ 335.319323][T12007] lo speed is unknown, defaulting to 1000 [ 336.224663][ T27] kauditd_printk_skb: 54 callbacks suppressed [ 336.224678][ T27] audit: type=1326 audit(1757855414.019:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 336.265272][T12024] __nla_validate_parse: 13 callbacks suppressed [ 336.265287][T12024] netlink: 408 bytes leftover after parsing attributes in process `syz.1.2156'. [ 336.291832][ T27] audit: type=1326 audit(1757855414.019:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 336.316336][ T27] audit: type=1326 audit(1757855414.029:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 336.339856][ T27] audit: type=1326 audit(1757855414.029:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 336.369940][ T27] audit: type=1326 audit(1757855414.029:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 336.393048][T12027] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2158'. [ 336.402988][T12027] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2158'. [ 336.414141][T12027] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2158'. [ 336.423242][T12027] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2158'. [ 336.433967][ T27] audit: type=1326 audit(1757855414.029:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 336.476222][ T27] audit: type=1326 audit(1757855414.029:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 336.504705][ T27] audit: type=1326 audit(1757855414.029:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 336.561047][ T27] audit: type=1326 audit(1757855414.049:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 336.587894][ T27] audit: type=1326 audit(1757855414.059:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12022 comm="syz.5.2157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7f351c58eba9 code=0x7ffc0000 [ 336.878323][T12047] 9pnet_fd: Insufficient options for proto=fd [ 337.987949][T12060] sch_tbf: peakrate 7 is lower than or equals to rate 19 ! [ 338.124772][T12068] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2175'. [ 338.584771][T12076] netlink: 'syz.4.2179': attribute type 32 has an invalid length. [ 338.785951][T12076] ================================================================== [ 338.794064][T12076] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6b2/0x8d0 [ 338.802155][T12076] Read of size 2 at addr ffff888064610d22 by task syz.4.2179/12076 [ 338.810227][T12076] [ 338.812555][T12076] CPU: 0 PID: 12076 Comm: syz.4.2179 Not tainted syzkaller #0 [ 338.820016][T12076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 338.830087][T12076] Call Trace: [ 338.833377][T12076] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 338.836318][T12076] dump_stack_lvl+0x16c/0x230 [ 338.841025][T12076] ? __lock_acquire+0x7c80/0x7c80 [ 338.846076][T12076] ? show_regs_print_info+0x20/0x20 [ 338.851295][T12076] ? load_image+0x3b0/0x3b0 [ 338.855794][T12076] ? __virt_addr_valid+0x469/0x540 [ 338.860899][T12076] print_report+0xac/0x220 [ 338.865306][T12076] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 338.870581][T12076] kasan_report+0x117/0x150 [ 338.875073][T12076] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 338.880347][T12076] __xfrm_state_lookup+0x6b2/0x8d0 [ 338.885452][T12076] ? xfrm_state_lookup+0x1a0/0x1a0 [ 338.890585][T12076] ? xfrm_state_add+0xf6/0xe20 [ 338.895340][T12076] xfrm_state_add+0x25e/0xe20 [ 338.900011][T12076] ? xfrm_init_replay+0xdc/0x2a0 [ 338.904945][T12076] xfrm_add_sa+0x26f7/0x30a0 [ 338.909526][T12076] ? xfrm_user_rcv_msg+0x870/0x870 [ 338.914622][T12076] ? __nla_parse+0x40/0x50 [ 338.919036][T12076] xfrm_user_rcv_msg+0x596/0x870 [ 338.923959][T12076] ? lockdep_hardirqs_on+0x98/0x150 [ 338.929153][T12076] ? xfrm_netlink_rcv+0x90/0x90 [ 338.933989][T12076] ? __local_bh_enable_ip+0x12e/0x1c0 [ 338.939370][T12076] ? __dev_queue_xmit+0x245/0x35a0 [ 338.944475][T12076] ? __mutex_trylock_common+0x153/0x250 [ 338.950015][T12076] netlink_rcv_skb+0x216/0x480 [ 338.954767][T12076] ? xfrm_netlink_rcv+0x90/0x90 [ 338.959603][T12076] ? netlink_ack+0x1110/0x1110 [ 338.964360][T12076] ? netlink_deliver_tap+0x2e/0x1b0 [ 338.969547][T12076] ? __lock_acquire+0x7c80/0x7c80 [ 338.974566][T12076] xfrm_netlink_rcv+0x79/0x90 [ 338.979227][T12076] netlink_unicast+0x751/0x8d0 [ 338.983981][T12076] netlink_sendmsg+0x8c1/0xbe0 [ 338.988736][T12076] ? netlink_getsockopt+0x580/0x580 [ 338.993925][T12076] ? aa_sock_msg_perm+0x94/0x150 [ 338.998853][T12076] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 339.004130][T12076] ? security_socket_sendmsg+0x80/0xa0 [ 339.009577][T12076] ? netlink_getsockopt+0x580/0x580 [ 339.014764][T12076] ____sys_sendmsg+0x5bf/0x950 [ 339.019523][T12076] ? __asan_memset+0x22/0x40 [ 339.024101][T12076] ? __sys_sendmsg_sock+0x30/0x30 [ 339.029113][T12076] ? __import_iovec+0x5f2/0x860 [ 339.033958][T12076] ? import_iovec+0x73/0xa0 [ 339.038449][T12076] ___sys_sendmsg+0x220/0x290 [ 339.043118][T12076] ? __sys_sendmsg+0x270/0x270 [ 339.047895][T12076] __se_sys_sendmsg+0x1a5/0x270 [ 339.052740][T12076] ? __x64_sys_sendmsg+0x80/0x80 [ 339.057698][T12076] ? lockdep_hardirqs_on+0x98/0x150 [ 339.062901][T12076] do_syscall_64+0x55/0xb0 [ 339.067306][T12076] ? clear_bhb_loop+0x40/0x90 [ 339.071973][T12076] ? clear_bhb_loop+0x40/0x90 [ 339.076639][T12076] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 339.082525][T12076] RIP: 0033:0x7fb4c8d8eba9 [ 339.086926][T12076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 339.106522][T12076] RSP: 002b:00007fb4c9c55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 339.114923][T12076] RAX: ffffffffffffffda RBX: 00007fb4c8fd5fa0 RCX: 00007fb4c8d8eba9 [ 339.122886][T12076] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 339.130847][T12076] RBP: 00007fb4c8e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 339.138803][T12076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 339.146758][T12076] R13: 00007fb4c8fd6038 R14: 00007fb4c8fd5fa0 R15: 00007ffd1bdd8e18 [ 339.154724][T12076] [ 339.157728][T12076] [ 339.160042][T12076] Allocated by task 10199: [ 339.164438][T12076] kasan_set_track+0x4e/0x70 [ 339.169013][T12076] __kasan_slab_alloc+0x6c/0x80 [ 339.173846][T12076] slab_post_alloc_hook+0x6e/0x4d0 [ 339.178942][T12076] kmem_cache_alloc+0x11e/0x2e0 [ 339.183780][T12076] xfrm_state_alloc+0x22/0x2a0 [ 339.188527][T12076] __find_acq_core+0x7d8/0x19d0 [ 339.193379][T12076] xfrm_find_acq+0x6a/0x90 [ 339.197781][T12076] xfrm_alloc_userspi+0x57a/0xa90 [ 339.202790][T12076] xfrm_user_rcv_msg+0x596/0x870 [ 339.207710][T12076] netlink_rcv_skb+0x216/0x480 [ 339.212458][T12076] xfrm_netlink_rcv+0x79/0x90 [ 339.217116][T12076] netlink_unicast+0x751/0x8d0 [ 339.221865][T12076] netlink_sendmsg+0x8c1/0xbe0 [ 339.226631][T12076] ____sys_sendmsg+0x5bf/0x950 [ 339.231388][T12076] ___sys_sendmsg+0x220/0x290 [ 339.236063][T12076] __se_sys_sendmsg+0x1a5/0x270 [ 339.240905][T12076] do_syscall_64+0x55/0xb0 [ 339.245307][T12076] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 339.251190][T12076] [ 339.253497][T12076] The buggy address belongs to the object at ffff888064610c00 [ 339.253497][T12076] which belongs to the cache xfrm_state of size 848 [ 339.267445][T12076] The buggy address is located 290 bytes inside of [ 339.267445][T12076] freed 848-byte region [ffff888064610c00, ffff888064610f50) [ 339.281221][T12076] [ 339.283531][T12076] The buggy address belongs to the physical page: [ 339.289931][T12076] page:ffffea0001918400 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888064610c00 pfn:0x64610 [ 339.301371][T12076] head:ffffea0001918400 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 339.310291][T12076] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 339.318250][T12076] page_type: 0xffffffff() [ 339.322573][T12076] raw: 00fff00000000840 ffff888145e4bc80 dead000000000122 0000000000000000 [ 339.331144][T12076] raw: ffff888064610c00 000000008010000f 00000001ffffffff 0000000000000000 [ 339.339708][T12076] page dumped because: kasan: bad access detected [ 339.346109][T12076] page_owner tracks the page as allocated [ 339.351808][T12076] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 9161, tgid 9156 (syz.0.1059), ts 214204168591, free_ts 173020472856 [ 339.372456][T12076] post_alloc_hook+0x1cd/0x210 [ 339.377211][T12076] get_page_from_freelist+0x195c/0x19f0 [ 339.382743][T12076] __alloc_pages+0x1e3/0x460 [ 339.387317][T12076] alloc_slab_page+0x5d/0x170 [ 339.391991][T12076] new_slab+0x87/0x2e0 [ 339.396049][T12076] ___slab_alloc+0xc6d/0x1300 [ 339.400713][T12076] kmem_cache_alloc+0x1b7/0x2e0 [ 339.405549][T12076] xfrm_state_alloc+0x22/0x2a0 [ 339.410296][T12076] xfrm_state_find+0x2944/0x4510 [ 339.415218][T12076] xfrm_resolve_and_create_bundle+0x727/0x2c20 [ 339.421357][T12076] xfrm_lookup_with_ifid+0x261/0x19c0 [ 339.426711][T12076] xfrm_lookup_route+0x3c/0x1b0 [ 339.431543][T12076] udp_sendmsg+0x15cf/0x2380 [ 339.436119][T12076] ____sys_sendmsg+0x5bf/0x950 [ 339.440880][T12076] ___sys_sendmsg+0x220/0x290 [ 339.445546][T12076] __sys_sendmmsg+0x275/0x4a0 [ 339.450445][T12076] page last free stack trace: [ 339.455097][T12076] free_unref_page_prepare+0x7ce/0x8e0 [ 339.460545][T12076] free_unref_page+0x32/0x2e0 [ 339.465210][T12076] skb_release_data+0x49a/0x800 [ 339.470047][T12076] skb_attempt_defer_free+0x12f/0x530 [ 339.475404][T12076] tcp_recvmsg_locked+0x1194/0x2300 [ 339.480592][T12076] tcp_recvmsg+0x216/0x810 [ 339.484992][T12076] inet_recvmsg+0x130/0x1e0 [ 339.489476][T12076] __sys_recvfrom+0x30f/0x4a0 [ 339.494137][T12076] __x64_sys_recvfrom+0xde/0xf0 [ 339.498976][T12076] do_syscall_64+0x55/0xb0 [ 339.503378][T12076] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 339.509262][T12076] [ 339.511588][T12076] Memory state around the buggy address: [ 339.517216][T12076] ffff888064610c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 339.525265][T12076] ffff888064610c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 339.533333][T12076] >ffff888064610d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 339.541378][T12076] ^ [ 339.546472][T12076] ffff888064610d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 339.554515][T12076] ffff888064610e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 339.562558][T12076] ================================================================== [ 339.570711][T12076] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 339.577905][T12076] CPU: 0 PID: 12076 Comm: syz.4.2179 Not tainted syzkaller #0 [ 339.585362][T12076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 339.595417][T12076] Call Trace: [ 339.598697][T12076] [ 339.601631][T12076] dump_stack_lvl+0x16c/0x230 [ 339.606324][T12076] ? show_regs_print_info+0x20/0x20 [ 339.611532][T12076] ? load_image+0x3b0/0x3b0 [ 339.616047][T12076] panic+0x2c0/0x710 [ 339.619961][T12076] ? bpf_jit_dump+0xd0/0xd0 [ 339.624480][T12076] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 339.630377][T12076] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 339.636274][T12076] ? _raw_spin_unlock+0x40/0x40 [ 339.641135][T12076] ? print_memory_metadata+0x314/0x400 [ 339.646606][T12076] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 339.651900][T12076] check_panic_on_warn+0x84/0xa0 [ 339.656854][T12076] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 339.662149][T12076] end_report+0x6f/0x140 [ 339.666397][T12076] kasan_report+0x128/0x150 [ 339.670904][T12076] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 339.676198][T12076] __xfrm_state_lookup+0x6b2/0x8d0 [ 339.681325][T12076] ? xfrm_state_lookup+0x1a0/0x1a0 [ 339.686444][T12076] ? xfrm_state_add+0xf6/0xe20 [ 339.691211][T12076] xfrm_state_add+0x25e/0xe20 [ 339.695893][T12076] ? xfrm_init_replay+0xdc/0x2a0 [ 339.700845][T12076] xfrm_add_sa+0x26f7/0x30a0 [ 339.705450][T12076] ? xfrm_user_rcv_msg+0x870/0x870 [ 339.710577][T12076] ? __nla_parse+0x40/0x50 [ 339.715018][T12076] xfrm_user_rcv_msg+0x596/0x870 [ 339.719966][T12076] ? lockdep_hardirqs_on+0x98/0x150 [ 339.725175][T12076] ? xfrm_netlink_rcv+0x90/0x90 [ 339.730026][T12076] ? __local_bh_enable_ip+0x12e/0x1c0 [ 339.735420][T12076] ? __dev_queue_xmit+0x245/0x35a0 [ 339.740549][T12076] ? __mutex_trylock_common+0x153/0x250 [ 339.746111][T12076] netlink_rcv_skb+0x216/0x480 [ 339.750883][T12076] ? xfrm_netlink_rcv+0x90/0x90 [ 339.755739][T12076] ? netlink_ack+0x1110/0x1110 [ 339.760513][T12076] ? netlink_deliver_tap+0x2e/0x1b0 [ 339.765725][T12076] ? __lock_acquire+0x7c80/0x7c80 [ 339.770761][T12076] xfrm_netlink_rcv+0x79/0x90 [ 339.775441][T12076] netlink_unicast+0x751/0x8d0 [ 339.780215][T12076] netlink_sendmsg+0x8c1/0xbe0 [ 339.784990][T12076] ? netlink_getsockopt+0x580/0x580 [ 339.790195][T12076] ? aa_sock_msg_perm+0x94/0x150 [ 339.795138][T12076] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 339.800432][T12076] ? security_socket_sendmsg+0x80/0xa0 [ 339.805898][T12076] ? netlink_getsockopt+0x580/0x580 [ 339.811115][T12076] ____sys_sendmsg+0x5bf/0x950 [ 339.815893][T12076] ? __asan_memset+0x22/0x40 [ 339.820489][T12076] ? __sys_sendmsg_sock+0x30/0x30 [ 339.825525][T12076] ? __import_iovec+0x5f2/0x860 [ 339.830394][T12076] ? import_iovec+0x73/0xa0 [ 339.834905][T12076] ___sys_sendmsg+0x220/0x290 [ 339.839582][T12076] ? __sys_sendmsg+0x270/0x270 [ 339.844352][T12076] __se_sys_sendmsg+0x1a5/0x270 [ 339.849199][T12076] ? __x64_sys_sendmsg+0x80/0x80 [ 339.854142][T12076] ? lockdep_hardirqs_on+0x98/0x150 [ 339.859343][T12076] do_syscall_64+0x55/0xb0 [ 339.863753][T12076] ? clear_bhb_loop+0x40/0x90 [ 339.868419][T12076] ? clear_bhb_loop+0x40/0x90 [ 339.873081][T12076] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 339.878967][T12076] RIP: 0033:0x7fb4c8d8eba9 [ 339.883368][T12076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 339.902958][T12076] RSP: 002b:00007fb4c9c55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 339.911358][T12076] RAX: ffffffffffffffda RBX: 00007fb4c8fd5fa0 RCX: 00007fb4c8d8eba9 [ 339.919312][T12076] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 339.927268][T12076] RBP: 00007fb4c8e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 339.935224][T12076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 339.943180][T12076] R13: 00007fb4c8fd6038 R14: 00007fb4c8fd5fa0 R15: 00007ffd1bdd8e18 [ 339.951141][T12076] [ 339.954369][T12076] Kernel Offset: disabled [ 339.958679][T12076] Rebooting in 86400 seconds..