last executing test programs: 33.45762826s ago: executing program 0 (id=5651): r0 = syz_open_dev$usbfs(&(0x7f0000002000), 0xd, 0x20041) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x2}, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550d, 0x0) 33.42359901s ago: executing program 0 (id=5652): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000000400007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70400000000000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0xfffffffffffffdf3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 33.396598321s ago: executing program 0 (id=5654): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000003000000140001800d0001007566703a73"], 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x0) 33.307698742s ago: executing program 0 (id=5659): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10) getpriority(0x2, 0x0) 33.307281552s ago: executing program 0 (id=5662): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) 33.244977892s ago: executing program 0 (id=5666): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = add_key$user(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000380)="a7f4f9deb64f", 0x6, 0xfffffffffffffffc) keyctl$chown(0x4, r0, 0x0, 0x0) 33.233733493s ago: executing program 2 (id=5669): r0 = perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x40006, 0x4770, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0x3, 0xffffffffffffffff}, 0xc58, 0x80af, 0x2, 0x6, 0x7, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0xb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r0, 0x0) unshare(0x64000600) 32.912183997s ago: executing program 2 (id=5685): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10) getpriority(0x2, 0x0) 32.885729257s ago: executing program 2 (id=5687): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x30410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30c3a0e4, 0x1, @perf_config_ext={0x20000000000000, 0x1}, 0x11d08, 0x2, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="60000000020603000000000000830000000000000900020073797a31000000000500010007000000050005000a00000014000780080013400000000008001240ffffffff12000300686173683a6e65742c706f7274000000050004"], 0x60}, 0x1, 0x0, 0x0, 0xc0c0}, 0x0) 32.764038329s ago: executing program 2 (id=5694): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x5}, @NFTA_REJECT_TYPE={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 32.723532619s ago: executing program 2 (id=5705): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) 32.65857289s ago: executing program 2 (id=5710): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000080)={0x110003, 0x100076, 0x6, 0x9e9f, 0x8, "0982aa400000000000e6ffffab5b00", 0x7, 0x2}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xff) 18.14754224s ago: executing program 32 (id=5666): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = add_key$user(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000380)="a7f4f9deb64f", 0x6, 0xfffffffffffffffc) keyctl$chown(0x4, r0, 0x0, 0x0) 18.103594391s ago: executing program 33 (id=5710): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000080)={0x110003, 0x100076, 0x6, 0x9e9f, 0x8, "0982aa400000000000e6ffffab5b00", 0x7, 0x2}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xff) 991.725386ms ago: executing program 4 (id=6594): syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x1, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/FH50/9GTqJCAqqp7ypiIPbdaAjNKKBUS4sITjmWY2dtrEzVpNwCwJvuuimf9cVRAhCdBEEYhddhRLeddGdd15kV0lEJ+Y0N5tapk7y/brYHvZ8P4fv+bPD9h1s+vjda9GwY4TNlFTXV0l1u+RktkqapVoW5OTI9ZH3+85duHg6EAx2nFXtDHT7/KradGC09+bwobHUjvMvm17XyXjzpekZ/9T47vE909+7r0YcjTgai6fU1L54PGX22Zb233eihuoZ2zIdSyMxx0qW9MN2PJHIqBnrb2xIJC3HUTOW0aiV0VRcU8mMmlfMSEwNw9DGBsHKhtOPAst3Q89nXVdmUu9cty4nruvmX6zfxOmhwubOv+sWnf87lZ4SNlHRTb1exB5Kh9KhwnOhHwhLRGyxpFW88k3y14j7eMSdu1Tyjzf8I8HJo2/fqGqzDNrZ+Xw2HfKU5n3idT2FTEGh7jwV7PBpQWn+P2kozvvFK7vK5/1l87VyuKUob4hXJi9LXGyZGD34Zapr6MFCftCneqIruCT/v/QvHqZnnyt0fgAAAAAAAAAAWAtDfyq7fm/kB9weUNXGJf1CvtzvA0vX51vLrs/XyN6ayu47AAAAAADbhZMZiJq2bSX/ssh/lV+P7fx7xZNbvz94f+fKY1raPBPtH3KJrbBff1B87dkS0ygtZH71abXBnnV+pywWn9ZlO1Xz81t+zMnejy9W3U7tL8dnOWMbf1cCAAAAsBEWP/S3STb8Kp3tOXav0nMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGC7WcNfjk08LNfSfLHzablWpfcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgJT8CAAD//wva0Pw=") r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) sendfile(r0, r0, 0x0, 0x800000009) 909.156968ms ago: executing program 4 (id=6598): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10) ioperm(0x0, 0x2, 0x2) 899.442317ms ago: executing program 4 (id=6600): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 729.04849ms ago: executing program 4 (id=6605): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000002e00)={0xc, 0x17, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x17}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 665.638451ms ago: executing program 4 (id=6612): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) write$UHID_DESTROY(0xffffffffffffffff, &(0x7f0000000040), 0x4) add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180), &(0x7f0000000040), 0x1d4, r0) 623.500961ms ago: executing program 4 (id=6616): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) exit(0xe0) 478.392753ms ago: executing program 5 (id=6630): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000080)=0x8, 0x4) sendmmsg$inet(r0, &(0x7f0000003040)=[{{&(0x7f0000000680)={0x2, 0x4e1f, @empty}, 0x10, 0x0}}], 0x1, 0xc044) 449.209563ms ago: executing program 5 (id=6633): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000017, 0x4031, 0xffffffffffffffff, 0xb9654000) iopl(0x3) mremap(&(0x7f0000dae000/0x4000)=nil, 0x4000, 0x1000, 0x2, &(0x7f00000b9000/0x1000)=nil) 420.884004ms ago: executing program 5 (id=6635): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x1c, &(0x7f00000006c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x17}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 419.068594ms ago: executing program 5 (id=6637): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @loopback, @loopback, [], "1e520b4c951ee12e"}}}}}}}, 0x0) 341.095825ms ago: executing program 5 (id=6640): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0xf00, &(0x7f0000000040)=[{&(0x7f00000000c0)="5c00000014006b02c84e21100af32c6e0a0675f8d34460400000000000005c1e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d493803792684b71bdd70000b6c0504bb9183132be471b93c91b5d7870743719b4b53cf2", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg(r0, &(0x7f0000000500)={0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0xa00}, 0x10000) 340.741115ms ago: executing program 3 (id=6643): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000080)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[], 0x1, 0x368, &(0x7f0000000180)="$eJzs3U9oI9UfAPBvOmnSXfj9tjdREKI3Qct2b3qxRbqw2ItK8M9BDG5XJa1Ci8X2sG09KB4Fj3rypqAHD+JRBEW8efDqCrIqHrS3BRefTCaTTJu02y5WKX4+0PTlvfed73cmQzINyetzc9G9PBlXdnevx9RULepzj8zFjVpMRxal7RjVGNMHAJwON1KK31PhiCG1Ey4JADhhvdf/FyKiFdNFz+tfHjY/efUHgFOv//f/mcPmTB008MqJlAQAnLCR9//v3TPc6P3Uy7v1yqcCAIDT6omnn3l0fjHi8VZrKmLlzfX2ejseGo7PX4mXYjmW4nyci5sRxYVCflPr3V68tLhwvtVqbcVP09GOiIl+YLu4UpjPevHNmB2MDK42UkrZxU8WF2ZbPRGxvdXLHyu19fZknO3n//5sLA0vPKbLIqJ3c2lx4UKrv4H2Shm/FbEzfN8ir38mzsW3zw82k1L5CcbFhauzE/07w/j1djMuD47Cge+AAAAAAAAAAAAAAAAAAAAAAADAbZlpDUwP1s9J+e9ipZyZmTHjvfVxivj++kA7xfpAqZkipd9ee6D9VhZ71gfavz7PuoUEAQAAAAAAAAAAAAAAAAAAYGBtoxGd5eWl1bWNzW61sbW6tjEREXnPy19/9MWZGJ1zi0a9SNGMGKRo9dNudjspKyenLGI0PMuTlz0ffDqouDqnOdiLsWU0xw/tRt743z0/vjscujsrt/zncHIW43cwq5Tx8L6kK/8vSjrOgRo0LlR7mqPZr6WUKj1vVMOvPju6wahF1I//wG12J+LgOSlvfHX9xTvLo9/5PBXuu//ck9feef+Xbmc5zxy9R7CxunYzdTu1cvLxDkt+qMueWhSNWvVMqB8WvrO3p5N99+tTd739zdGyp2rPq/n5vG9OVuzOx/vDG0UjLzNvNIZny5lh+GR/J5aXJsec/Ldq3MZjesd7n32Y0g8/HzlFIa9+YuRpo/b3PQMBAAAAAAAAAAAAAAAAAAClynfF+/pf9p08LOrBx06+MgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD45wz//3+lsbMd+3qO0vhja0xUc2l1LaLxb+8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/cX8FAAD//zbhVeI=") r0 = open(&(0x7f00000000c0)='.\x00', 0x400, 0xc0) getdents(r0, &(0x7f0000000500)=""/173, 0xad) 324.812885ms ago: executing program 5 (id=6645): r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x1f}, {}], 0x2, 0x0) semctl$GETPID(r0, 0x3, 0xb, 0x0) 251.655486ms ago: executing program 6 (id=6649): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) listen(r0, 0x80000001) connect$phonet_pipe(r0, &(0x7f00000003c0)={0x23, 0x6, 0xff, 0x9}, 0x10) 231.692136ms ago: executing program 1 (id=6650): r0 = syz_io_uring_setup(0x3bc1, &(0x7f0000000780)={0x0, 0x942e, 0x10100, 0x2, 0x289}, &(0x7f0000000540)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x8, 0x6b1cf25ab33b00b2, @fd_index=0x5, 0x9, 0x0, 0x0, 0x0, 0x1, {0x8}}) io_uring_enter(r0, 0x567, 0x72, 0x0, 0x0, 0x0) 177.147077ms ago: executing program 6 (id=6651): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="98000000", @ANYRES16=r1, @ANYBLOB="01002cbd7000fcdbdf25100000"], 0x98}, 0x1, 0x0, 0x0, 0x40010}, 0x8800) 176.482668ms ago: executing program 1 (id=6652): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r0) sendmsg$NFC_CMD_DEP_LINK_UP(r0, &(0x7f0000000600)={0x0, 0xffffffffffffff24, &(0x7f00000005c0)={&(0x7f0000000700)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fbdbdf250400000005000a0000000200080001"], 0x3c}, 0x1, 0x0, 0x0, 0x26040041}, 0x40) 176.378877ms ago: executing program 6 (id=6653): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x800000000000}, 0x1100, 0x5dd8, 0x0, 0x5, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r0, 0x0, 0x0) 176.311757ms ago: executing program 3 (id=6654): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0) sendmsg$NLBL_UNLABEL_C_ACCEPT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24008851}, 0x40040) 176.228068ms ago: executing program 1 (id=6655): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000100)='./file2\x00', 0x88, &(0x7f0000000080)={[{@debug}, {@errors_remount}, {@norecovery}, {@nobarrier}, {@nodiscard}, {@quota}]}, 0x1, 0x438, &(0x7f0000000d80)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.events\x00', 0x275a, 0x0) fadvise64(r0, 0x7df9, 0x4, 0x7dfd) 129.594018ms ago: executing program 3 (id=6656): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_buf(r0, 0x0, 0x4, 0x0, 0x0) getsockopt$inet_opts(r0, 0x0, 0x4, 0x0, &(0x7f0000000000)) 112.444138ms ago: executing program 3 (id=6657): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0xfffffffc, 0x0, 0x20000001, 0x1000000}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x6b}]}, {0x4}, {0xc}, {0x57, 0x4, {0x2}}}}]}]}, 0x70}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000508000a40000000000900020073797a31000000000900010073797a300000000008000540000000213c0000001e0a05010000000000000000070000070900020073797a31000000000900010073797a3000000000100003800c000080080003"], 0xc0}}, 0x0) 112.180058ms ago: executing program 1 (id=6658): r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd\x00') fchdir(r0) creat(&(0x7f0000000000)='./bus\x00', 0x0) 91.819378ms ago: executing program 3 (id=6659): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000008000000850000008600000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc) 91.669838ms ago: executing program 6 (id=6660): unshare(0x2a020400) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x120) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x13, 0xf, &(0x7f0000000840)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6741, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) 78.815949ms ago: executing program 1 (id=6661): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x41, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1100, 0x5dd8, 0x0, 0x3, 0x0, 0x7, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000540)={0x2, 0x3, 0x0, 0x2, 0x4, 0x0, 0xfffffffd, 0x25dfdbff, [@sadb_sa={0x2, 0x1, 0x0, 0x7, 0x0, 0xfb, 0x3, 0x60000000}]}, 0x20}, 0x1, 0x7}, 0x0) 70.007679ms ago: executing program 3 (id=6662): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x8080, &(0x7f0000000500)={[{@norecovery}, {@grpquota}, {@sysvgroups}, {@lazytime}]}, 0xee, 0x49b, &(0x7f0000000a40)="$eJzs3EtsG0UYAOB/HefVBw2lPFpaCJRHBTRp0gc9cAGBxAEkJDgUcQppWpWmDWqCRKsICodyRJW4I45I3JE4wQUBB4TEFe6oUoVyaeG0aO1d10ls5+XGLf4+yc7M7joz/85OdjJjO4CuNZw9JRHbIuKPiNhRzS4+YLj64+bC/OQ/C/OTSaTpm38nleNuLMxPFocWr9tazaRpRH+W7G9Q7pV3Iiamp6cu5PnRuXPvj85evHTwzLmJ01Onp86PHz9+5PC+vmPjRyv70yb1710hvlL+M4vrxp6PZvbufvXtq69Pnrj67s/fZPXdlu+vj2Nd0uU1HK6e3aUezZ6e3FBhd5Rfs6ftdRuScvODRzahQqxeT0SUa/0oiZ4YrO3bEa982sGqAbdZmqZpo/tz1N23U+B/KtG/oUsV9/rs/9/isTkjjzvD9Rcj4mCeWZifvFmLv1ybO+hd8v9tOw1HxInL/36ZPaId8xAAACv4Phv/PNdo/FeKB+qOuydfQxmKiHsjYmdE3BcRuyLi/ojKsQ9GnHtojeUvXSFZPv4pXVtXYKuUjf9eyNe2bi4a/xWjvxjqyXPbK/H3JqfOTE8dys/Jgejtz/JjLcr44eXfPy/SA0v21Y//skdWfjEWzOtxrbxkgu7kxNxEJZGm6ccbCz+ufxKxp9wo/iSKZZwkInZHxJ51lnHmma/3Ntu3cvwttFhnWq30q4inq+1/efH4/1ZTJfXrk4MRUVufHHv+2PjR0YGYnjo0WlwVy/3y25U3mpW/ofjbIGv/LQ2v/9oq8FAyEDF78dLZynrt7NrLuPLnZ3V9etHqchZ/6duINV//fclblXRfvu3Dibm5C2MRfclry7eP33ptkS+Oz+I/sL9x/99ZV+OHIyK7iPdFxCP5Im7Wdo9FxOMRsb9F/D+99MR7zfY1b/9ms/LtdT0/US3bP+rbf+2JnrM/ftes/OF8DTLy89C4/Y9UUgfyLbW/fy2stoLrOmkAAABwlylV3gOflEZq6VJpZKT6Hv5dsaU0PTM79+ypmQ/On6y+V34oekvFTNeOuvnQsXxuuMiPL8kfzueNv+gZrORHJmemT3Y6eOhyW5v0/8xfPZ2uHXDbtWEdDbhL6f/QvfR/6F76P3Qv/R+6V6P+v9EPFgB3B/d/6F6V/v/U5U5XA+gA93/oXvo/dKWmn40vbegj/00TSbt/YcNE8d0Jm1HWyoniuyg2vfTBdb98YOVTF6XOntWuSZSXtUWU21pEf8NdHfyjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Eb/BQAA///i5tKw") setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) 45.479289ms ago: executing program 6 (id=6663): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bond0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89b1, &(0x7f0000000080)) 21.881739ms ago: executing program 6 (id=6664): syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./bus\x00', 0x0, &(0x7f0000002480)=ANY=[], 0x1, 0x11f4, &(0x7f0000001280)="$eJzs3M+LG2UYB/DHbWvr1v2h1moL0he96GXo7sGLgiyyBWlAaRuhFYSpO9GQMQmZsBARV09e/TvEozdBvOllL/4N3vbisQdxxMTapsRDqXTa8Plc8pD3/cLzkjDwDvPO0ZvffNrrVFknH8fKE2/FyjAi3UqRYiVu+zJee+PnX166ev3G5Z1Wa/dKSpd2rm29nlJav/DjB59/9/JP49Pvf7/+w8k43Pzw6Pft3w7PHp47+vPaJ90qdavUH4xTnm4OBuP8ZlmkvW7Vy1J6ryzyqkjdflWM5sY75WA4nKS8v7e2OhwVVZXy/iT1ikkaD9J4NEn5x3m3n7IsS2urwYNof3urruuIuj4RT0Zd1/VTsRqn4+lYi/XYiM14Jp6N5+JMPB9n44V4Mc5NZzXdNwAAAAAAAAAAAAAAAAAAACyXBzr/f6Hh5gEAAAAAAAAAAAAAAAAAAGBJXL1+4/JOq7V7JaVTEeXX++399uxzNr7TiW6UUcTF2Ig/Ynr6f2ZWX3qntXsxTW3GV+XBP/mD/fax+fzW9HUCC/Nbs3yaz5+M1bvz27ERZxbntxfmT8Wrr9yVz2Ijfv0oBlHGXvydvZP/Yiult99t3ZM/P50HAAAAyyBL/1q4f8+y/xqf5e/j/sA9++vjcf54s2snopp81svLshg1XtzuaPbNQUQ8Io0tcXHi0Wjj/y2Ozf2Rmu/nMS2auybx8Nz50ZvuBAAAAAAAAAAAgPvxMB4nbHqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MUOHAsAAAAACPO3TqNjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//86R81g") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchown(r0, 0x0, 0xee01) 0s ago: executing program 1 (id=6665): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000240), 0xfe, 0x55b, &(0x7f0000000980)="$eJzs3c9vFFUcAPDvbFt+FaUkhKgH04SDGGRLW39g4gGPRokkesdNOzSkW5Z0t4RWEuEgFy+GmBgjifEP8O6R+A/4V5AoCTGk0YOXNbOdhaXdH6UsdGU/n2TgvXmzvHkz8328t283G8DQmsz+KES8GhHfJhGHWspGIy+c3Dhu/cG1uWxLol7/7K8kknxf8/gk/3s8z7wSEb99HXGisLXe6uraYqlcTpfz/FRt6fJUdXXt5MWl0kK6kF6amZ09/c7szPvvvbv1xXt31tY3z/3zw6d3Pjr9zbH173+5d/hWEmfiYF7W2o6ncL01MxmT+TUZizObDpzuQ2WDJNntE2BHRvI4H4usDzgUI3nUAy++ryKiDgypRPzDkGqOA5pz+67z4PqLN8u7/+HGBGhr+5ON90ZiX2NudGA9eWxmlF2JiT7Un9Xx65+3b2Vb9O99CICert+IiFOjo4/1fy9HS/+3c6e2cczmOvR/8PzcycY/b+1tM/4pPBz/RJvxz3ib2N2J3vFfuNeHajrKxn8ftB3/Ply0mhjJcy81xnxjyYWL5TTr27Ju8niM7c3y3dZzTq/frXcqax3/ZVtWf3MsmJ/HvdFN613zpVrpadrc6v6NiNd6jH+TNvc/ux7ntlnH0fT2653Kerf/2ar/HPFG2/v/aK6TdF+fnGo8D1PNp2Krv28e/b1T/bvd/uz+H+je/omkdb22+uR1/LTv37RT2WSSL5o+4fO/J/m8kd6T77taqtWWpyP2JJ9s3T/z6LXNfPP4rP3Hj7WP/27P//6I+GKb7b955GbHQwfh/s8/0f3vkKgnHYvufvzlj53q317/93YjdTzfs53+r8uZPpZ4mmsHAAAAAAAAg6YQEQcjKRQfpguFYnHj8x1H4kChXKnWTlyorFyaj8Z3ZSdirNBc6R5v+TzEdP552GZ+ZlN+NiIOR8R3I/sb+eJcpTy/240HAAAAAAAAAAAAAAAAAACAATHe4fv/mT9GdvvsgGfOT37D8OoZ//34pSdgIPn/H4aX+IfhJf5heIl/GF7iH4aX+IfhJf5heIl/AAAAAAAAAAAAAAAAAAAAAAAAAAAA6KtzZ89mW339wbW5LD9/ZXVlsXLl5HxaXSwurcwV5yrLl4sLlcpCOS3OVZZ6/XvlSuXy9EysXJ2qpUltqrq6dn6psnKpdv7iUmkhPZ+OPZdWAQAAAAAAAAAAAAAAAAAAwP9LdXVtsVQup8sSEjtKjA7GaUj0ObHbPRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPPJfAAAA//9j0zaD") rmdir(&(0x7f00000000c0)='./file1\x00') kernel console output (not intermixed with test programs): : free_dqentry: Can't write quota data block 5 [ 114.779505][T11358] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3592'. [ 114.789102][T11358] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (255) [ 114.866538][T11370] netlink: 14596 bytes leftover after parsing attributes in process `syz.4.3608'. [ 114.960341][T11384] loop4: detected capacity change from 0 to 512 [ 114.975804][T11384] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.993130][T11384] ext4 filesystem being mounted at /778/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.024324][T11384] EXT4-fs error (device loop4): ext4_empty_dir:3077: inode #12: comm syz.4.3601: invalid size [ 115.038125][T11384] EXT4-fs (loop4): Remounting filesystem read-only [ 115.056163][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.067375][ T61] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 115.078175][ T61] Quota error (device loop4): write_blk: dquota write failed [ 115.078789][ T29] audit: type=1326 audit(2000000002.372:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11392 comm="syz.0.3617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08edb7e969 code=0x7ffc0000 [ 115.085834][ T61] Quota error (device loop4): free_dqentry: Can't write quota data block 5 [ 115.135756][ T61] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 115.176598][T11399] syz.0.3606: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 115.191768][T11399] CPU: 0 UID: 0 PID: 11399 Comm: syz.0.3606 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(voluntary) [ 115.191874][T11399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 115.191890][T11399] Call Trace: [ 115.191898][T11399] [ 115.191921][T11399] __dump_stack+0x1d/0x30 [ 115.191947][T11399] dump_stack_lvl+0xe8/0x140 [ 115.191968][T11399] dump_stack+0x15/0x1b [ 115.192002][T11399] warn_alloc+0x12b/0x1a0 [ 115.192032][T11399] __vmalloc_node_range_noprof+0x9c/0xdf0 [ 115.192066][T11399] ? __rcu_read_unlock+0x4f/0x70 [ 115.192227][T11399] ? avc_has_perm_noaudit+0x1b1/0x200 [ 115.192272][T11399] ? should_fail_ex+0x30/0x280 [ 115.192386][T11399] ? xskq_create+0x36/0xe0 [ 115.192420][T11399] ? should_failslab+0x8c/0xb0 [ 115.192457][T11399] vmalloc_user_noprof+0x59/0x70 [ 115.192486][T11399] ? xskq_create+0x80/0xe0 [ 115.192546][T11399] xskq_create+0x80/0xe0 [ 115.192581][T11399] xsk_init_queue+0x95/0xf0 [ 115.192614][T11399] xsk_setsockopt+0x35c/0x510 [ 115.192645][T11399] ? __pfx_xsk_setsockopt+0x10/0x10 [ 115.192723][T11399] __sys_setsockopt+0x181/0x200 [ 115.192772][T11399] ? fpregs_restore_userregs+0xbb/0x190 [ 115.192803][T11399] __x64_sys_setsockopt+0x64/0x80 [ 115.192922][T11399] x64_sys_call+0x2bd5/0x2fb0 [ 115.192952][T11399] do_syscall_64+0xd0/0x1a0 [ 115.192978][T11399] ? clear_bhb_loop+0x25/0x80 [ 115.192999][T11399] ? clear_bhb_loop+0x25/0x80 [ 115.193020][T11399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.193077][T11399] RIP: 0033:0x7f08edb7e969 [ 115.193096][T11399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.193120][T11399] RSP: 002b:00007f08ec1e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 115.193151][T11399] RAX: ffffffffffffffda RBX: 00007f08edda5fa0 RCX: 00007f08edb7e969 [ 115.193226][T11399] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000004 [ 115.193242][T11399] RBP: 00007f08edc00ab1 R08: 0000000000000004 R09: 0000000000000000 [ 115.193258][T11399] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.193273][T11399] R13: 0000000000000000 R14: 00007f08edda5fa0 R15: 00007ffef581ee78 [ 115.193291][T11399] [ 115.193298][T11399] Mem-Info: [ 115.439938][T11399] active_anon:7869 inactive_anon:0 isolated_anon:0 [ 115.439938][T11399] active_file:19619 inactive_file:2226 isolated_file:0 [ 115.439938][T11399] unevictable:0 dirty:299 writeback:0 [ 115.439938][T11399] slab_reclaimable:3030 slab_unreclaimable:14647 [ 115.439938][T11399] mapped:28107 shmem:4331 pagetables:1181 [ 115.439938][T11399] sec_pagetables:0 bounce:0 [ 115.439938][T11399] kernel_misc_reclaimable:0 [ 115.439938][T11399] free:1884356 free_pcp:7335 free_cma:0 [ 115.496949][T11399] Node 0 active_anon:31476kB inactive_anon:0kB active_file:78476kB inactive_file:8904kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:112428kB dirty:1196kB writeback:0kB shmem:17324kB writeback_tmp:0kB kernel_stack:3088kB pagetables:4724kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 115.531665][T11399] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 115.560834][T11399] lowmem_reserve[]: 0 2884 7863 7863 [ 115.566838][T11399] Node 0 DMA32 free:2949936kB boost:0kB min:4132kB low:7064kB high:9996kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2953568kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:100kB free_cma:0kB [ 115.597748][T11399] lowmem_reserve[]: 0 0 4978 4978 [ 115.602967][T11399] Node 0 Normal free:4572128kB boost:0kB min:7184kB low:12280kB high:17376kB reserved_highatomic:0KB active_anon:22080kB inactive_anon:0kB active_file:78476kB inactive_file:8904kB unevictable:0kB writepending:1196kB present:5242880kB managed:5098244kB mlocked:0kB bounce:0kB free_pcp:34980kB local_pcp:19764kB free_cma:0kB [ 115.635734][T11399] lowmem_reserve[]: 0 0 0 0 [ 115.640423][T11399] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 115.654159][T11399] Node 0 DMA32: 4*4kB (M) 2*8kB (M) 1*16kB (M) 4*32kB (M) 2*64kB (M) 2*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (M) 3*2048kB (M) 717*4096kB (M) = 2949936kB [ 115.654561][T11399] Node 0 Normal: 625*4kB (UM) 646*8kB (UME) 1004*16kB (UM) 698*32kB (UM) 223*64kB (UM) 73*128kB (UM) 36*256kB (UME) 30*512kB (UM) 15*1024kB (UME) 3*2048kB (ME) 1088*4096kB (UM) = 4572212kB [ 115.692041][T11399] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 115.701514][T11399] 22198 total pagecache pages [ 115.706367][T11399] 0 pages in swap cache [ 115.706378][T11399] Free swap = 124996kB [ 115.706386][T11399] Total swap = 124996kB [ 115.706457][T11399] 2097051 pages RAM [ 115.706464][T11399] 0 pages HighMem/MovableOnly [ 115.706472][T11399] 80258 pages reserved [ 115.755357][T11413] vlan0: entered promiscuous mode [ 115.755379][T11413] bridge0: entered promiscuous mode [ 115.809206][T11421] netlink: 'syz.2.3619': attribute type 3 has an invalid length. [ 115.820489][ T47] I/O error, dev loop3, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0 [ 115.867799][T11430] loop0: detected capacity change from 0 to 1764 [ 115.874699][T11430] iso9660: Unknown parameter 'obj_type' [ 115.927136][T11439] netlink: 'syz.1.3637': attribute type 3 has an invalid length. [ 116.044151][T11460] team_slave_0: entered promiscuous mode [ 116.049955][T11460] team_slave_1: entered promiscuous mode [ 116.050088][T11464] loop4: detected capacity change from 0 to 1024 [ 116.060838][T11460] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 116.079013][T11464] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 116.089331][T11464] EXT4-fs (loop4): group descriptors corrupted! [ 116.155865][T11473] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3641'. [ 116.165290][T11473] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 116.245368][T11487] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3649'. [ 116.352962][T11501] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3656'. [ 116.861340][T11549] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3676'. [ 117.041702][T11562] loop4: detected capacity change from 0 to 1024 [ 117.130665][T11562] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 117.279532][T11562] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 117.300491][T11562] EXT4-fs (loop4): orphan cleanup on readonly fs [ 117.470292][T11562] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5899: Corrupt filesystem [ 117.484727][T11586] loop0: detected capacity change from 0 to 128 [ 117.549499][T11562] EXT4-fs error (device loop4): ext4_dirty_inode:6103: inode #3: comm syz.4.3681: mark_inode_dirty error [ 117.601571][T11562] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.3681: Invalid block bitmap block 3 in block_group 0 [ 117.649392][T11588] loop2: detected capacity change from 0 to 1764 [ 117.658462][T11562] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.3681: Invalid block bitmap block 3 in block_group 0 [ 117.686149][T11588] iso9660: Corrupted directory entry in block 0 of inode 1792 [ 117.714362][T11562] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.3681: Invalid block bitmap block 3 in block_group 0 [ 117.804464][T11606] loop0: detected capacity change from 0 to 512 [ 117.813869][T11562] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5899: Corrupt filesystem [ 117.813986][T11562] EXT4-fs error (device loop4): ext4_dirty_inode:6103: inode #3: comm syz.4.3681: mark_inode_dirty error [ 117.814121][T11562] __quota_error: 7 callbacks suppressed [ 117.814134][T11562] Quota error (device loop4): write_blk: dquota write failed [ 117.814153][T11562] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #3: block 1: comm syz.4.3681: lblock 6 mapped to illegal pblock 1 (length 1) [ 117.814395][T11562] Quota error (device loop4): write_blk: dquota write failed [ 117.814414][T11562] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota [ 117.814442][T11562] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #3: block 48: comm syz.4.3681: lblock 0 mapped to illegal pblock 48 (length 1) [ 117.818034][T11562] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 117.818060][T11562] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.3681: Failed to acquire dquot type 0 [ 117.818462][T11562] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #3: block 49: comm syz.4.3681: lblock 1 mapped to illegal pblock 49 (length 1) [ 117.818668][T11562] Quota error (device loop4): do_insert_tree: Can't read tree quota block 1 [ 117.818716][T11562] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 117.818740][T11562] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.3681: Failed to acquire dquot type 0 [ 117.818913][T11562] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5899: Corrupt filesystem [ 117.819012][T11562] EXT4-fs error (device loop4): ext4_evict_inode:259: inode #15: comm syz.4.3681: mark_inode_dirty error [ 117.819164][T11562] EXT4-fs warning (device loop4): ext4_evict_inode:262: couldn't mark inode dirty (err -117) [ 117.819203][T11562] EXT4-fs (loop4): 1 orphan inode deleted [ 117.819766][T11562] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 117.888881][T11606] EXT4-fs error (device loop0): ext4_iget_extra_inode:4693: inode #15: comm syz.0.3704: corrupted in-inode xattr: invalid ea_ino [ 117.889184][T11562] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 117.889397][T11562] EXT4-fs error (device loop4): __ext4_remount:6738: comm syz.4.3681: Abort forced by user [ 117.889462][T11606] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.3704: couldn't read orphan inode 15 (err -117) [ 117.889629][T11562] EXT4-fs (loop4): Remounting filesystem read-only [ 117.889718][T11562] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 117.890908][T11606] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.002904][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.013266][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.154982][T11623] loop1: detected capacity change from 0 to 128 [ 118.719896][T11642] loop1: detected capacity change from 0 to 2048 [ 118.840099][T11642] loop1: p1 < > p3 [ 118.854144][T11642] loop1: p3 size 134217728 extends beyond EOD, truncated [ 118.868979][T11654] loop0: detected capacity change from 0 to 128 [ 118.973748][T11660] tipc: Enabling of bearer rejected, already enabled [ 119.250448][T11682] __nla_validate_parse: 2 callbacks suppressed [ 119.250468][T11682] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3748'. [ 119.266091][T11682] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3748'. [ 119.338613][T11675] loop4: detected capacity change from 0 to 8192 [ 119.352554][T11689] loop3: detected capacity change from 0 to 2048 [ 119.464869][T11689] loop3: p1 < > p3 [ 119.477702][T11689] loop3: p3 size 134217728 extends beyond EOD, truncated [ 119.543649][T11700] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3746'. [ 119.643554][T11710] loop1: detected capacity change from 0 to 512 [ 119.706566][T11710] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 119.757560][T11710] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.3749: invalid indirect mapped block 4294967295 (level 0) [ 119.790848][T11721] loop0: detected capacity change from 0 to 8192 [ 119.808925][T11710] EXT4-fs (loop1): Remounting filesystem read-only [ 119.835251][T11710] EXT4-fs (loop1): 1 orphan inode deleted [ 119.841439][T11710] EXT4-fs (loop1): 1 truncate cleaned up [ 119.892058][T11710] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.923401][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.971260][T11748] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3769'. [ 120.010232][T11752] IPVS: set_ctl: invalid protocol: 60 224.0.0.1:20003 [ 120.067369][T11764] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3777'. [ 120.077399][T11764] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3777'. [ 120.131267][T11769] loop4: detected capacity change from 0 to 512 [ 120.153947][T11769] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 120.174398][T11775] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3783'. [ 120.184887][T11775] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3783'. [ 120.196851][T11769] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.3781: invalid indirect mapped block 4294967295 (level 0) [ 120.230531][T11769] EXT4-fs (loop4): Remounting filesystem read-only [ 120.241188][T11769] EXT4-fs (loop4): 1 orphan inode deleted [ 120.247179][T11769] EXT4-fs (loop4): 1 truncate cleaned up [ 120.252177][T11779] netlink: 14601 bytes leftover after parsing attributes in process `syz.0.3784'. [ 120.260044][T11785] IPVS: set_ctl: invalid protocol: 60 224.0.0.1:20003 [ 120.274327][T11769] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.360573][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.420512][T11810] loop1: detected capacity change from 0 to 164 [ 120.493994][T11817] netlink: 14601 bytes leftover after parsing attributes in process `syz.2.3800'. [ 120.545073][T11819] loop3: detected capacity change from 0 to 128 [ 120.712524][T11846] loop3: detected capacity change from 0 to 2048 [ 120.730812][ T29] audit: type=1400 audit(2000000008.293:1244): avc: denied { listen } for pid=11849 comm="syz.0.3828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 120.748656][T11856] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 120.750736][ T29] audit: type=1400 audit(2000000008.293:1245): avc: denied { ioctl } for pid=11849 comm="syz.0.3828" path="socket:[31234]" dev="sockfs" ino=31234 ioctlcmd=0x8905 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 120.813263][T11846] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.829879][T11863] loop1: detected capacity change from 0 to 128 [ 120.845661][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.865419][ T29] audit: type=1326 audit(2000000008.440:1246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11868 comm="syz.2.3826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa04f3e969 code=0x7ffc0000 [ 120.889974][ T29] audit: type=1326 audit(2000000008.440:1247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11868 comm="syz.2.3826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa04f3e969 code=0x7ffc0000 [ 120.988063][T11883] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20001 - 0 [ 120.997757][T11883] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20001 - 0 [ 121.007316][T11883] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20001 - 0 [ 121.017688][T11883] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20001 - 0 [ 121.022022][T11887] loop1: detected capacity change from 0 to 2048 [ 121.054828][T11887] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.122273][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.171511][T11906] loop1: detected capacity change from 0 to 512 [ 121.189495][T11906] EXT4-fs: Ignoring removed nobh option [ 121.205295][T11906] EXT4-fs warning (device loop1): dx_probe:848: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 121.217185][T11906] EXT4-fs warning (device loop1): dx_probe:851: Enable large directory feature to access it [ 121.227441][T11906] EXT4-fs warning (device loop1): dx_probe:936: inode #2: comm syz.1.3844: Corrupt directory, running e2fsck is recommended [ 121.244011][T11906] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 121.253139][T11906] EXT4-fs error (device loop1): ext4_iget_extra_inode:4693: inode #15: comm syz.1.3844: corrupted in-inode xattr: invalid ea_ino [ 121.271445][T11915] loop3: detected capacity change from 0 to 128 [ 121.277982][T11906] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.3844: couldn't read orphan inode 15 (err -117) [ 121.291069][T11915] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 121.304381][T11906] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.318867][T11915] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 121.349226][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.381221][T11927] loop0: detected capacity change from 0 to 2048 [ 121.412475][T11927] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.478214][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.517334][T11951] team0: entered promiscuous mode [ 121.525121][T11950] team0: left promiscuous mode [ 121.553019][T11959] loop2: detected capacity change from 0 to 512 [ 121.572533][T11959] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 121.610444][T11959] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ee01c, mo2=0002] [ 121.628081][T11959] System zones: 1-12 [ 121.636751][T11959] EXT4-fs (loop2): orphan cleanup on readonly fs [ 121.651262][T11959] EXT4-fs (loop2): 1 truncate cleaned up [ 121.661766][T11959] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 121.661960][T11975] loop4: detected capacity change from 0 to 2048 [ 121.708545][T11975] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.815879][T12002] loop3: detected capacity change from 0 to 512 [ 121.823973][T12002] EXT4-fs: Ignoring removed nobh option [ 121.831302][T12002] EXT4-fs warning (device loop3): dx_probe:848: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 121.843168][T12002] EXT4-fs warning (device loop3): dx_probe:851: Enable large directory feature to access it [ 121.853631][T12002] EXT4-fs warning (device loop3): dx_probe:936: inode #2: comm syz.3.3887: Corrupt directory, running e2fsck is recommended [ 121.870244][T12002] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 121.880497][T12002] EXT4-fs error (device loop3): ext4_iget_extra_inode:4693: inode #15: comm syz.3.3887: corrupted in-inode xattr: invalid ea_ino [ 121.895515][T12002] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.3887: couldn't read orphan inode 15 (err -117) [ 122.010732][T12023] loop1: detected capacity change from 0 to 128 [ 122.039340][T12025] loop2: detected capacity change from 0 to 2048 [ 122.236828][T12064] loop1: detected capacity change from 0 to 128 [ 122.247138][T12064] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 122.263814][T12064] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 122.296060][T12070] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20001 - 0 [ 122.305213][T12070] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20001 - 0 [ 122.314104][T12070] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20001 - 0 [ 122.323111][T12070] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20001 - 0 [ 122.474061][T12090] loop1: detected capacity change from 0 to 1024 [ 122.487534][T12103] loop3: detected capacity change from 0 to 512 [ 122.498067][T12103] EXT4-fs: Ignoring removed orlov option [ 122.517089][T12103] ext4 filesystem being mounted at /752/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.549454][T12090] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 122.739043][T12149] loop1: detected capacity change from 0 to 512 [ 122.754671][T12149] EXT4-fs: Ignoring removed oldalloc option [ 122.779811][T12149] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.3956: Parent and EA inode have the same ino 15 [ 122.799844][T12149] EXT4-fs (loop1): Remounting filesystem read-only [ 122.808800][T12149] EXT4-fs warning (device loop1): ext4_evict_inode:262: couldn't mark inode dirty (err -30) [ 122.823818][T12149] EXT4-fs (loop1): 1 orphan inode deleted [ 123.399920][ T29] kauditd_printk_skb: 37 callbacks suppressed [ 123.399936][ T29] audit: type=1400 audit(2000000011.096:1285): avc: denied { getattr } for pid=12248 comm="syz.1.4014" name="/" dev="iomem" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 123.650228][T12297] syz.2.4029 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 123.709335][T12307] devpts: Bad value for 'gid' [ 123.714601][T12307] devpts: Bad value for 'gid' [ 123.907963][T12342] devpts: Bad value for 'gid' [ 123.912967][T12342] devpts: Bad value for 'gid' [ 123.985893][ T29] audit: type=1400 audit(2000000011.715:1286): avc: denied { ioctl } for pid=12353 comm="syz.2.4056" path="socket:[32217]" dev="sockfs" ino=32217 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 124.110252][T12372] devpts: Bad value for 'gid' [ 124.116171][T12372] devpts: Bad value for 'gid' [ 124.238290][T12395] rtc_cmos 00:00: Alarms can be up to one day in the future [ 124.491325][T12442] loop4: detected capacity change from 0 to 1024 [ 124.500736][T12442] EXT4-fs: Ignoring removed nobh option [ 124.508682][T12443] rtc_cmos 00:00: Alarms can be up to one day in the future [ 124.525822][T12442] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 124.571955][T12442] EXT4-fs error (device loop4): ext4_ext_check_inode:524: inode #11: comm syz.4.4101: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 124.602209][T12442] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.4101: couldn't read orphan inode 11 (err -117) [ 124.662132][T12442] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.4101: bg 0: block 10: padding at end of block bitmap is not set [ 125.166359][ T10] rtc_cmos 00:00: Alarms can be up to one day in the future [ 125.174234][ T10] rtc_cmos 00:00: Alarms can be up to one day in the future [ 125.182031][ T10] rtc_cmos 00:00: Alarms can be up to one day in the future [ 125.189818][ T10] rtc_cmos 00:00: Alarms can be up to one day in the future [ 125.197430][ T10] rtc rtc0: __rtc_set_alarm: err=-22 [ 125.568302][T12489] loop4: detected capacity change from 0 to 512 [ 125.574961][T12489] EXT4-fs: Ignoring removed nobh option [ 125.585792][T12489] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #16: comm syz.4.4123: corrupted inode contents [ 125.598295][T12489] EXT4-fs error (device loop4): ext4_dirty_inode:6103: inode #16: comm syz.4.4123: mark_inode_dirty error [ 125.623612][T12489] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #16: comm syz.4.4123: corrupted inode contents [ 125.623617][ T29] audit: type=1400 audit(2000000013.427:1287): avc: denied { append } for pid=12493 comm="syz.1.4124" name="mISDNtimer" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 125.665690][T12489] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #16: comm syz.4.4123: mark_inode_dirty error [ 125.683008][T12489] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #16: comm syz.4.4123: corrupted inode contents [ 125.716512][T12489] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 125.737628][T12489] EXT4-fs error (device loop4): ext4_do_update_inode:5211: inode #16: comm syz.4.4123: corrupted inode contents [ 125.756853][ T3384] kernel write not supported for file /1736/comm (pid: 3384 comm: kworker/1:4) [ 125.793177][T12489] EXT4-fs error (device loop4): ext4_truncate:4255: inode #16: comm syz.4.4123: mark_inode_dirty error [ 125.807447][T12489] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 125.819176][T12489] EXT4-fs (loop4): 1 truncate cleaned up [ 125.831509][ T37] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 125.842667][ T37] EXT4-fs error (device loop4): ext4_release_dquot:6971: comm kworker/u8:2: Failed to release dquot type 1 [ 125.855409][T12489] ext4 filesystem being mounted at /868/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.874018][ T29] audit: type=1326 audit(2000000013.668:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12515 comm="syz.2.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa04f3e969 code=0x7ffc0000 [ 125.900948][ T29] audit: type=1326 audit(2000000013.668:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12515 comm="syz.2.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa04f3e969 code=0x7ffc0000 [ 125.926126][ T29] audit: type=1326 audit(2000000013.668:1290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12515 comm="syz.2.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ffa04f3e969 code=0x7ffc0000 [ 125.953006][ T29] audit: type=1326 audit(2000000013.679:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12515 comm="syz.2.4135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa04f3e969 code=0x7ffc0000 [ 126.013958][ T29] audit: type=1400 audit(2000000013.763:1292): avc: denied { read } for pid=12527 comm="syz.1.4142" name="cgroup.procs" dev="cgroup" ino=151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:net_conf_t:s0" [ 126.043537][ T29] audit: type=1400 audit(2000000013.763:1293): avc: denied { open } for pid=12527 comm="syz.1.4142" path="/syzcgroup/cpu/syz1/cgroup.procs" dev="cgroup" ino=151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:net_conf_t:s0" [ 126.620217][T12635] batadv0: entered promiscuous mode [ 126.644662][T12634] batadv0: left promiscuous mode [ 126.705913][ T3381] kernel write not supported for file /1805/comm (pid: 3381 comm: kworker/0:3) [ 126.839332][T12679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 126.848467][T12679] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 126.883315][T12683] __nla_validate_parse: 26 callbacks suppressed [ 126.883338][T12683] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4218'. [ 126.926136][T12692] loop4: detected capacity change from 0 to 128 [ 126.991082][T12702] loop4: detected capacity change from 0 to 256 [ 127.056730][T12714] batadv0: entered promiscuous mode [ 127.072458][T12713] batadv0: left promiscuous mode [ 127.330167][T12767] netlink: 'syz.1.4255': attribute type 2 has an invalid length. [ 127.387213][T12773] Invalid logical block size (4128) [ 127.501629][T12799] netlink: 'syz.4.4272': attribute type 2 has an invalid length. [ 127.556042][T12810] 9pnet_fd: Insufficient options for proto=fd [ 127.659143][T12829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4286'. [ 127.745565][T12842] Invalid logical block size (4128) [ 128.355386][T12860] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4307'. [ 128.357470][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 128.357488][ T29] audit: type=1400 audit(2000000016.303:1328): avc: denied { create } for pid=12855 comm="syz.4.4294" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=rds_socket permissive=1 [ 128.410128][ T29] audit: type=1326 audit(2000000016.324:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.4295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 128.434247][ T29] audit: type=1326 audit(2000000016.324:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.4295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 128.461566][ T29] audit: type=1326 audit(2000000016.324:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.4295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 128.461605][ T29] audit: type=1326 audit(2000000016.324:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.4295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 128.461633][ T29] audit: type=1326 audit(2000000016.324:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.4295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 128.461666][ T29] audit: type=1326 audit(2000000016.324:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.4295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 128.563157][ T29] audit: type=1326 audit(2000000016.324:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.4295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 128.563186][ T29] audit: type=1326 audit(2000000016.324:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.1.4295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 128.606959][T12875] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4308'. [ 128.615627][ T29] audit: type=1400 audit(2000000016.566:1337): avc: denied { nlmsg_read } for pid=12874 comm="syz.2.4308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 128.707889][T12889] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4315'. [ 128.720574][T12891] tipc: Enabling of bearer rejected, failed to enable media [ 128.831137][T12910] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 128.855139][T12918] tmpfs: Bad value for 'nr_inodes' [ 128.931422][T12930] netlink: 'syz.3.4337': attribute type 2 has an invalid length. [ 128.939873][T12930] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4337'. [ 129.130214][T12967] netlink: 'syz.2.4353': attribute type 2 has an invalid length. [ 129.138192][T12967] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4353'. [ 129.281584][T12999] netlink: 'syz.4.4369': attribute type 2 has an invalid length. [ 129.289603][T12999] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4369'. [ 129.442258][T13031] SELinux: syz.3.4383 (13031) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 129.446894][T13032] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4382'. [ 129.553756][T13036] IPv6: NLM_F_CREATE should be specified when creating new route [ 129.796639][T13087] IPv6: NLM_F_CREATE should be specified when creating new route [ 129.907987][T13107] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4432'. [ 130.006894][T13126] IPv6: NLM_F_CREATE should be specified when creating new route [ 130.119456][T13139] loop4: detected capacity change from 0 to 2048 [ 130.140062][T13139] ext4 filesystem being mounted at /936/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.229579][T13160] tipc: Enabling of bearer rejected, failed to enable media [ 130.762149][T13253] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 808 [ 131.156735][T13328] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 808 [ 131.245530][T13339] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 808 [ 131.296126][T13347] loop4: detected capacity change from 0 to 256 [ 131.314566][T13347] FAT-fs (loop4): Directory bread(block 1285) failed [ 131.327292][T13353] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 131.364008][T13347] FAT-fs (loop4): FAT read failed (blocknr 1281) [ 131.551006][T13396] loop4: detected capacity change from 0 to 512 [ 131.570948][T13396] EXT4-fs: Ignoring removed nobh option [ 131.576908][T13396] EXT4-fs: Ignoring removed mblk_io_submit option [ 131.596110][T13396] EXT4-fs error (device loop4): ext4_iget_extra_inode:4693: inode #15: comm syz.4.4560: corrupted in-inode xattr: overlapping e_value [ 131.610693][T13396] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.4560: couldn't read orphan inode 15 (err -117) [ 131.628222][T13396] EXT4-fs mount: 18 callbacks suppressed [ 131.628245][T13396] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.711737][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.402821][T13481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 132.412004][T13481] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 132.597772][T13508] __nla_validate_parse: 6 callbacks suppressed [ 132.597793][T13508] netlink: 71 bytes leftover after parsing attributes in process `syz.0.4614'. [ 132.946305][T13546] netlink: zone id is out of range [ 132.951976][T13546] netlink: zone id is out of range [ 132.957348][T13546] netlink: zone id is out of range [ 132.962645][T13546] netlink: zone id is out of range [ 132.968380][T13546] netlink: zone id is out of range [ 132.973799][T13546] netlink: zone id is out of range [ 132.979298][T13546] netlink: zone id is out of range [ 132.990300][T13552] netlink: 71 bytes leftover after parsing attributes in process `syz.1.4633'. [ 133.019445][T13551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.028430][T13551] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.123167][T13574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4645'. [ 133.496729][T13603] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4659'. [ 133.543550][T13612] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4661'. [ 133.573856][ T29] kauditd_printk_skb: 21 callbacks suppressed [ 133.573876][ T29] audit: type=1400 audit(2000000021.841:1359): avc: denied { connect } for pid=13615 comm="syz.2.4664" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 133.638783][T13624] bridge0: port 3(macvlan0) entered blocking state [ 133.645661][T13624] bridge0: port 3(macvlan0) entered disabled state [ 133.655717][T13624] macvlan0: entered allmulticast mode [ 133.661303][T13624] bridge0: entered allmulticast mode [ 133.672490][T13624] macvlan0: left allmulticast mode [ 133.677743][T13624] bridge0: left allmulticast mode [ 133.687659][T13632] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4673'. [ 133.706429][T13636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.716275][T13636] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.749942][T13641] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4677'. [ 133.835978][ T29] audit: type=1326 audit(2000000022.114:1360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13659 comm="syz.1.4684" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffbe856e969 code=0x0 [ 133.884221][ T29] audit: type=1326 audit(2000000022.167:1361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13666 comm="syz.0.4688" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f08edb7e969 code=0x0 [ 133.917297][T13671] bridge0: entered promiscuous mode [ 133.924952][T13671] bridge0: port 4(macvlan0) entered blocking state [ 133.931785][T13671] bridge0: port 4(macvlan0) entered disabled state [ 133.938756][T13671] macvlan0: entered allmulticast mode [ 133.944215][T13671] bridge0: entered allmulticast mode [ 133.949905][T13671] macvlan0: left allmulticast mode [ 133.955039][T13671] bridge0: left allmulticast mode [ 133.960652][T13671] bridge0: left promiscuous mode [ 134.026000][ T29] audit: type=1400 audit(2000000022.314:1362): avc: denied { mount } for pid=13673 comm="syz.3.4690" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 134.049049][ T29] audit: type=1400 audit(2000000022.314:1363): avc: denied { read } for pid=13673 comm="syz.3.4690" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 134.071210][ T29] audit: type=1400 audit(2000000022.314:1364): avc: denied { open } for pid=13673 comm="syz.3.4690" path="/909/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 134.094653][ T29] audit: type=1400 audit(2000000022.345:1365): avc: denied { unmount } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 134.121163][T13676] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4691'. [ 134.554055][T13714] loop4: detected capacity change from 0 to 8192 [ 134.563083][T13714] syz.4.4711: attempt to access beyond end of device [ 134.563083][T13714] loop4: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 134.577260][T13714] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1) [ 134.585585][T13714] FAT-fs (loop4): Filesystem has been set read-only [ 134.597537][T13714] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1) [ 134.606728][T13714] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1) [ 134.758997][ T29] audit: type=1326 audit(2000000023.090:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13746 comm="syz.0.4726" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f08edb7e969 code=0x0 [ 134.789089][T13749] pim6reg9: entered allmulticast mode [ 134.824891][ T29] audit: type=1326 audit(2000000023.153:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13756 comm="syz.2.4731" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffa04f3e969 code=0x0 [ 134.938275][T13777] loop4: detected capacity change from 0 to 164 [ 134.945790][T13777] Unable to read rock-ridge attributes [ 134.956024][T13777] Unable to read rock-ridge attributes [ 134.961785][T13777] iso9660: Corrupted directory entry in block 1 of inode 1792 [ 135.037473][T13795] IPv6: NLM_F_CREATE should be specified when creating new route [ 135.187817][T13822] loop4: detected capacity change from 0 to 512 [ 135.203115][T13822] EXT4-fs (loop4): external journal device major/minor numbers have changed [ 135.248376][T13822] EXT4-fs (loop4): failed to open journal device unknown-block(0,3) -6 [ 135.254353][ T29] audit: type=1400 audit(2000000023.605:1368): avc: denied { setopt } for pid=13830 comm="syz.3.4765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 135.442030][T13855] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4777'. [ 135.451525][T13853] loop4: detected capacity change from 0 to 4096 [ 135.459645][T13853] EXT4-fs: Ignoring removed orlov option [ 135.465612][T13853] EXT4-fs: Ignoring removed nobh option [ 135.483163][T13853] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.497737][T13853] EXT4-fs error (device loop4): ext4_acquire_dquot:6935: comm syz.4.4775: Failed to acquire dquot type 1 [ 135.531818][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.702419][T13881] loop4: detected capacity change from 0 to 512 [ 135.716700][T13881] EXT4-fs: Ignoring removed nomblk_io_submit option [ 135.736974][T13881] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 135.770512][T13881] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.803581][T13890] pim6reg9: entered allmulticast mode [ 135.832573][T13881] ext4 filesystem being mounted at /1011/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.849752][T13881] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 135.866149][T13881] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 7 with max blocks 1 with error 28 [ 135.878388][T13881] EXT4-fs (loop4): This should not happen!! Data will be lost [ 135.878388][T13881] [ 135.888118][T13881] EXT4-fs (loop4): Total free blocks count 0 [ 135.894259][T13881] EXT4-fs (loop4): Free/Dirty block details [ 135.900222][T13881] EXT4-fs (loop4): free_blocks=39626 [ 135.905539][T13881] EXT4-fs (loop4): dirty_blocks=1 [ 135.910616][T13881] EXT4-fs (loop4): Block reservation details [ 135.916641][T13881] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 135.940479][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.084906][T13910] IPv6: NLM_F_CREATE should be specified when creating new route [ 136.571162][T13948] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 136.571162][T13948] program syz.3.4828 not setting count and/or reply_len properly [ 136.606073][T13951] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4817'. [ 137.013903][ C0] hrtimer: interrupt took 38082 ns [ 137.179137][T14016] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 137.179137][T14016] program syz.2.4846 not setting count and/or reply_len properly [ 137.309171][T14031] netlink: 'syz.0.4854': attribute type 29 has an invalid length. [ 137.327646][T14031] netlink: 'syz.0.4854': attribute type 29 has an invalid length. [ 137.466422][T14056] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 137.466422][T14056] program syz.0.4865 not setting count and/or reply_len properly [ 137.547012][T14068] netlink: 'syz.2.4871': attribute type 29 has an invalid length. [ 137.572604][T14068] netlink: 'syz.2.4871': attribute type 29 has an invalid length. [ 137.893725][T14118] netlink: 'syz.4.4894': attribute type 29 has an invalid length. [ 137.959360][T14118] netlink: 'syz.4.4894': attribute type 29 has an invalid length. [ 138.210671][T14162] netlink: 'syz.3.4913': attribute type 29 has an invalid length. [ 138.254166][T14162] netlink: 'syz.3.4913': attribute type 29 has an invalid length. [ 138.447855][T14178] usb usb6: usbfs: process 14178 (syz.0.4922) did not claim interface 0 before use [ 138.660852][T14199] __nla_validate_parse: 1 callbacks suppressed [ 138.660946][T14199] netlink: 202920 bytes leftover after parsing attributes in process `syz.1.4934'. [ 138.731758][T14207] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4933'. [ 138.871303][T14225] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in; [ 138.871303][T14225] program syz.0.4955 not setting count and/or reply_len properly [ 138.994323][T14241] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4951'. [ 139.055077][T14257] netlink: 202920 bytes leftover after parsing attributes in process `syz.2.4960'. [ 139.114433][T14259] usb usb6: usbfs: process 14259 (syz.2.4962) did not claim interface 0 before use [ 139.185831][T14275] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4971'. [ 139.254646][T14289] futex_wake_op: syz.1.4977 tries to shift op by -1; fix this program [ 139.272701][T14292] loop4: detected capacity change from 0 to 1024 [ 139.286500][T14292] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.302344][T14299] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in; [ 139.302344][T14299] program syz.1.4979 not setting count and/or reply_len properly [ 139.320660][T14292] ext4 filesystem being mounted at /1048/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.374910][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.485512][T14331] futex_wake_op: syz.4.4997 tries to shift op by -1; fix this program [ 139.588940][ T29] kauditd_printk_skb: 17 callbacks suppressed [ 139.588959][ T29] audit: type=1326 audit(2000000028.161:1384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14352 comm="syz.0.5009" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f08edb7e969 code=0x0 [ 139.626835][T14351] loop4: detected capacity change from 0 to 8192 [ 139.648273][T14351] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 139.663545][T14362] futex_wake_op: syz.3.5013 tries to shift op by -1; fix this program [ 139.673865][T14351] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001) [ 139.682017][T14351] FAT-fs (loop4): Filesystem has been set read-only [ 139.974772][T14412] loop4: detected capacity change from 0 to 1024 [ 139.985677][T14412] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 139.996649][T14412] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 140.007741][T14412] JBD2: no valid journal superblock found [ 140.013520][T14412] EXT4-fs (loop4): Could not load journal inode [ 140.069938][T14420] lo: entered promiscuous mode [ 140.248024][T14446] tipc: Started in network mode [ 140.252977][T14446] tipc: Node identity , cluster identity 4711 [ 140.348097][T14462] lo: entered promiscuous mode [ 140.360532][T14462] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 140.370498][T14464] netlink: 180 bytes leftover after parsing attributes in process `syz.3.5059'. [ 140.379683][T14464] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5059'. [ 140.388697][T14464] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5059'. [ 140.693063][T14495] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5077'. [ 140.702181][T14495] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5077'. [ 140.725700][ T29] audit: type=1326 audit(2000000029.347:1385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14502 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 140.758616][ T29] audit: type=1326 audit(2000000029.379:1386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14502 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 140.782744][ T29] audit: type=1326 audit(2000000029.379:1387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14502 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 140.806284][ T29] audit: type=1326 audit(2000000029.379:1388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14502 comm="syz.1.5090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 140.879091][ T29] audit: type=1326 audit(2000000029.505:1389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14512 comm="syz.3.5096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 140.902766][ T29] audit: type=1326 audit(2000000029.505:1390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14512 comm="syz.3.5096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 140.926389][ T29] audit: type=1326 audit(2000000029.505:1391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14512 comm="syz.3.5096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 140.950043][ T29] audit: type=1326 audit(2000000029.505:1392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14512 comm="syz.3.5096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 140.973753][ T29] audit: type=1326 audit(2000000029.536:1393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14512 comm="syz.3.5096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 141.470617][T14554] tipc: MTU too low for tipc bearer [ 141.736327][T14586] tipc: MTU too low for tipc bearer [ 141.940930][T14614] tipc: MTU too low for tipc bearer [ 142.012096][T14624] net_ratelimit: 197 callbacks suppressed [ 142.012118][T14624] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 144.587556][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 144.587573][ T29] audit: type=1326 audit(2000000033.400:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14908 comm="syz.3.5276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 144.618525][ T29] audit: type=1326 audit(2000000033.400:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14908 comm="syz.3.5276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 144.642136][ T29] audit: type=1326 audit(2000000033.400:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14908 comm="syz.3.5276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 144.666998][ T29] audit: type=1326 audit(2000000033.400:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14908 comm="syz.3.5276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 144.690627][ T29] audit: type=1326 audit(2000000033.400:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14908 comm="syz.3.5276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 144.741344][T14921] openvswitch: netlink: Message has 6 unknown bytes. [ 144.760602][T14924] __nla_validate_parse: 19 callbacks suppressed [ 144.760621][T14924] netlink: 72 bytes leftover after parsing attributes in process `syz.3.5291'. [ 144.789068][T14924] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5291'. [ 144.798144][T14924] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5291'. [ 144.819576][T14930] loop4: detected capacity change from 0 to 512 [ 144.863587][T14930] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.880465][ T29] audit: type=1400 audit(2000000033.715:1408): avc: denied { getopt } for pid=14942 comm="syz.0.5289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 144.897112][T14930] ext4 filesystem being mounted at /1108/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.950226][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.962427][T14951] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5294'. [ 144.971675][T14951] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5294'. [ 145.007525][T14951] bond2: entered promiscuous mode [ 145.012651][T14951] bond2: entered allmulticast mode [ 145.025258][T14951] 8021q: adding VLAN 0 to HW filter on device bond2 [ 145.045828][T14963] netlink: 72 bytes leftover after parsing attributes in process `syz.1.5299'. [ 145.064154][T14963] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5299'. [ 145.074053][T14963] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5299'. [ 145.101398][T14968] loop4: detected capacity change from 0 to 512 [ 145.108220][T14968] EXT4-fs: Ignoring removed oldalloc option [ 145.181379][T14968] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.5300: Parent and EA inode have the same ino 15 [ 145.215314][T14968] EXT4-fs (loop4): Remounting filesystem read-only [ 145.221919][T14968] EXT4-fs warning (device loop4): ext4_evict_inode:262: couldn't mark inode dirty (err -30) [ 145.303334][T14968] EXT4-fs (loop4): 1 orphan inode deleted [ 145.359269][T14968] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.387886][T14968] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.423095][T14995] netlink: 72 bytes leftover after parsing attributes in process `syz.0.5314'. [ 145.452281][T14995] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5314'. [ 145.708180][T15041] bpf: Bad value for 'uid' [ 145.778429][T15056] tipc: New replicast peer: 255.255.255.255 [ 145.784922][T15056] tipc: Enabled bearer , priority 10 [ 145.797777][T15060] 9pnet_fd: Insufficient options for proto=fd [ 146.320148][T15073] loop4: detected capacity change from 0 to 512 [ 146.334198][T15073] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 146.345531][T15073] EXT4-fs (loop4): 1 truncate cleaned up [ 146.351815][T15073] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 146.371584][T15073] EXT4-fs error (device loop4): ext4_generic_delete_entry:2670: inode #2: block 13: comm syz.4.5346: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 146.393782][ T29] audit: type=1400 audit(2000000035.279:1409): avc: denied { rename } for pid=15072 comm="syz.4.5346" name="file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 146.420370][T15085] openvswitch: netlink: Message has 6 unknown bytes. [ 146.427597][T15073] EXT4-fs (loop4): Remounting filesystem read-only [ 146.434157][T15073] EXT4-fs warning (device loop4): ext4_rename_delete:3728: inode #2: comm syz.4.5346: Deleting old file: nlink 4, error=-117 [ 146.457208][T15089] 9pnet_fd: Insufficient options for proto=fd [ 146.466231][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.517209][T15098] loop4: detected capacity change from 0 to 512 [ 146.525971][T15098] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 146.526513][ T29] audit: type=1400 audit(2000000035.436:1410): avc: denied { mounton } for pid=15096 comm="syz.4.5362" path="/1116/file0" dev="tmpfs" ino=5731 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 146.572385][T15101] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.598264][T15098] EXT4-fs (loop4): 1 truncate cleaned up [ 146.600321][T15101] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.604437][T15098] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.627791][T15098] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.759509][ T29] audit: type=1400 audit(2000000035.688:1411): avc: denied { bind } for pid=15133 comm="syz.4.5378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 146.840978][T15146] openvswitch: netlink: Message has 6 unknown bytes. [ 147.251174][T15218] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 147.259390][T15218] tipc: Enabled bearer , priority 10 [ 147.501906][T15259] tipc: Bearer : already 2 bearers with priority 10 [ 147.509754][T15259] tipc: Bearer : trying with adjusted priority [ 147.534226][T15265] loop4: detected capacity change from 0 to 512 [ 147.544772][T15264] block device autoloading is deprecated and will be removed. [ 147.555351][ T29] audit: type=1400 audit(2000000036.518:1412): avc: denied { ioctl } for pid=15263 comm="syz.1.5441" path="/1103/file0" dev="tmpfs" ino=5664 ioctlcmd=0x1272 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 147.559761][T15259] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 147.589551][T15259] tipc: Enabled bearer , priority 9 [ 147.612369][T15265] EXT4-fs (loop4): too many log groups per flexible block group [ 147.620913][T15265] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 147.631574][T15265] EXT4-fs (loop4): mount failed [ 147.690005][T15286] loop4: detected capacity change from 0 to 512 [ 147.700453][T15286] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 147.716437][T15286] EXT4-fs (loop4): 1 truncate cleaned up [ 147.723844][T15286] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.738673][T15286] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.088098][T15351] loop3: detected capacity change from 0 to 512 [ 148.098933][T15354] SELinux: security policydb version 18 (MLS) not backwards compatible [ 148.107567][T15354] SELinux: failed to load policy [ 148.123395][T15351] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.136879][T15360] tipc: Enabling of bearer rejected, failed to enable media [ 148.147237][T15351] ext4 filesystem being mounted at /1099/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.195270][T15366] loop4: detected capacity change from 0 to 1024 [ 148.211014][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.239230][T15366] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.263123][T15366] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 148.300336][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.434761][T15405] 9pnet: Could not find request transport: r [ 148.516133][T15421] SELinux: security policydb version 18 (MLS) not backwards compatible [ 148.557403][T15421] SELinux: failed to load policy [ 148.566335][T15430] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge0, syncid = 0, id = 0 [ 148.643771][T15439] loop3: detected capacity change from 0 to 1024 [ 148.682525][T15439] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.699721][T15439] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 148.734303][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.174378][T15499] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 149.203696][T15505] tmpfs: Bad value for 'mpol' [ 149.258529][T15513] SELinux: security policydb version 18 (MLS) not backwards compatible [ 149.270064][T15513] SELinux: failed to load policy [ 149.296781][T15517] 9pnet: Could not find request transport: r [ 149.369579][T15537] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 149.421381][T15545] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge0, syncid = 0, id = 0 [ 149.478328][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 149.478345][ T29] audit: type=1326 audit(2000000038.533:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15550 comm="syz.3.5576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 149.517222][ T29] audit: type=1326 audit(2000000038.533:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15550 comm="syz.3.5576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 149.572852][ T29] audit: type=1326 audit(2000000038.607:1418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15550 comm="syz.3.5576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 149.596469][ T29] audit: type=1326 audit(2000000038.607:1419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15550 comm="syz.3.5576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 149.620203][ T29] audit: type=1326 audit(2000000038.607:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15550 comm="syz.3.5576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 149.643887][ T29] audit: type=1326 audit(2000000038.607:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15550 comm="syz.3.5576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 149.667738][ T29] audit: type=1326 audit(2000000038.607:1422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15550 comm="syz.3.5576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c7c95e969 code=0x7ffc0000 [ 149.803530][T15575] __nla_validate_parse: 9 callbacks suppressed [ 149.803551][T15575] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5587'. [ 150.130479][T15628] tipc: Enabling of bearer rejected, media not registered [ 150.173487][T15634] program syz.2.5617 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 150.264557][ T29] audit: type=1400 audit(2000000295.369:1423): avc: denied { listen } for pid=15651 comm="syz.4.5626" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 150.351477][ T29] audit: type=1326 audit(2000000295.453:1424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.0.5630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f08edb7e969 code=0x7ffc0000 [ 150.375899][ T29] audit: type=1326 audit(2000000295.453:1425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15663 comm="syz.0.5630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f08edb7e969 code=0x7ffc0000 [ 150.476904][T15681] tipc: Enabling of bearer rejected, media not registered [ 150.619878][T15702] dummy0: entered promiscuous mode [ 150.638846][T15702] dummy0: left promiscuous mode [ 150.698232][T15712] tipc: Enabling of bearer rejected, media not registered [ 150.711314][T15715] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5657'. [ 151.024647][T15757] netlink: 236 bytes leftover after parsing attributes in process `syz.4.5678'. [ 151.077050][T15759] dummy0: entered promiscuous mode [ 151.084079][T15759] dummy0: left promiscuous mode [ 151.465954][T15800] dummy0: entered promiscuous mode [ 151.484240][T15800] dummy0: left promiscuous mode [ 151.532658][T15804] wireguard0: entered promiscuous mode [ 151.538229][T15804] wireguard0: entered allmulticast mode [ 152.071350][T15835] dummy0: entered promiscuous mode [ 152.085368][T15835] dummy0: left promiscuous mode [ 152.107129][T15837] loop4: detected capacity change from 0 to 1024 [ 152.132145][T15837] EXT4-fs: Ignoring removed nobh option [ 152.137944][T15837] EXT4-fs: Ignoring removed bh option [ 152.191864][T15837] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.269850][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.396322][T15857] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5725'. [ 152.547707][T15863] wireguard0: entered promiscuous mode [ 152.553286][T15863] wireguard0: entered allmulticast mode [ 152.582966][T15866] loop4: detected capacity change from 0 to 2048 [ 152.606505][T15866] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.661492][T15871] loop3: detected capacity change from 0 to 1024 [ 152.668707][T15871] EXT4-fs: Ignoring removed nobh option [ 152.674350][T15871] EXT4-fs: Ignoring removed bh option [ 152.689573][T15871] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.716946][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.792765][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.944232][T15891] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5740'. [ 166.026456][ T29] kauditd_printk_skb: 28 callbacks suppressed [ 166.026472][ T29] audit: type=1400 audit(2000000823.913:1454): avc: denied { mounton } for pid=15924 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 166.227760][ T61] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.290839][ T61] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.316430][ T61] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.373731][ T61] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.412069][T15927] chnl_net:caif_netlink_parms(): no params data found [ 166.436821][T15963] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5766'. [ 166.547786][T15924] chnl_net:caif_netlink_parms(): no params data found [ 166.630139][T15927] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.637276][T15927] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.644956][T15927] bridge_slave_0: entered allmulticast mode [ 166.651677][T15927] bridge_slave_0: entered promiscuous mode [ 166.658407][ T61] team0: left allmulticast mode [ 166.663557][ T61] team_slave_0: left allmulticast mode [ 166.669432][ T61] team_slave_1: left allmulticast mode [ 166.675149][ T61] bridge0: port 3(team0) entered disabled state [ 166.683999][ T61] bridge_slave_1: left allmulticast mode [ 166.689818][ T61] bridge_slave_1: left promiscuous mode [ 166.695483][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.707415][ T61] bridge_slave_0: left allmulticast mode [ 166.713128][ T61] bridge_slave_0: left promiscuous mode [ 166.718990][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.916937][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 166.929578][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 166.940240][ T61] bond0 (unregistering): Released all slaves [ 166.961922][T15927] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.969102][T15927] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.982958][T15927] bridge_slave_1: entered allmulticast mode [ 166.990142][T15927] bridge_slave_1: entered promiscuous mode [ 167.018999][ T61] tipc: Disabling bearer [ 167.035298][ T61] tipc: Disabling bearer [ 167.040644][ T61] tipc: Left network mode [ 167.042074][T15927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.074383][ T61] hsr_slave_0: left promiscuous mode [ 167.086244][ T61] hsr_slave_1: left promiscuous mode [ 167.091973][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.099837][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.110730][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.118280][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.213789][ T61] team_slave_1 (unregistering): left promiscuous mode [ 167.236012][ T61] team0 (unregistering): Port device team_slave_1 removed [ 167.252517][ T61] team_slave_0 (unregistering): left promiscuous mode [ 167.269622][ T61] team0 (unregistering): Port device team_slave_0 removed [ 167.345549][T15924] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.345589][T15924] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.345673][T15924] bridge_slave_0: entered allmulticast mode [ 167.346320][T15924] bridge_slave_0: entered promiscuous mode [ 167.347129][T15924] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.347165][T15924] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.347299][T15924] bridge_slave_1: entered allmulticast mode [ 167.347918][T15924] bridge_slave_1: entered promiscuous mode [ 167.362355][T15927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.390442][T15924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.410164][T15927] team0: Port device team_slave_0 added [ 167.411091][T15927] team0: Port device team_slave_1 added [ 167.437005][T15924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.468657][T15927] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.468694][T15927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.468728][T15927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.469445][T15927] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.469458][T15927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.469488][T15927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.469653][T16003] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5783'. [ 167.516870][T15924] team0: Port device team_slave_0 added [ 167.621992][T15927] hsr_slave_0: entered promiscuous mode [ 167.635585][T15927] hsr_slave_1: entered promiscuous mode [ 167.641748][T15927] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.649556][T15927] Cannot create hsr debugfs directory [ 167.656100][T15924] team0: Port device team_slave_1 added [ 167.662265][T16010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5788'. [ 167.721074][T15924] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.721091][T15924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.721165][T15924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.791830][T15924] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.798920][T15924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.825142][T15924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.871372][T15924] hsr_slave_0: entered promiscuous mode [ 167.880056][T15924] hsr_slave_1: entered promiscuous mode [ 167.886056][T15924] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.893771][T15924] Cannot create hsr debugfs directory [ 167.916170][ T61] IPVS: stop unused estimator thread 0... [ 167.925481][T15927] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 167.936365][T15927] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 167.955850][T15927] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 167.974617][T15927] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 168.022288][ T61] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.032792][ T61] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 168.053720][T15924] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 168.075066][T15924] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 168.088922][ T61] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.099504][ T61] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 168.113634][T15924] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 168.125419][T15927] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.145988][T15927] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.153983][T15924] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 168.165834][ T61] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.176200][ T61] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 168.194333][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.201655][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.221950][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.229238][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.253926][ T61] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.264422][ T61] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0 [ 168.343610][T15924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.361254][ T61] bridge_slave_1: left allmulticast mode [ 168.367034][ T61] bridge_slave_1: left promiscuous mode [ 168.372828][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.381170][ T61] bridge_slave_0: left allmulticast mode [ 168.387108][ T61] bridge_slave_0: left promiscuous mode [ 168.392932][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.471333][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 168.483857][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 168.494866][ T61] bond0 (unregistering): Released all slaves [ 168.505708][ T61] bond1 (unregistering): Released all slaves [ 168.520099][T15924] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.530160][T15927] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.539729][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.546912][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.573147][ T61] tipc: Disabling bearer [ 168.578939][ T61] tipc: Left network mode [ 168.586559][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.593670][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.617385][ T61] IPVS: stopping master sync thread 15499 ... [ 168.636709][ T61] hsr_slave_0: left promiscuous mode [ 168.650686][ T61] hsr_slave_1: left promiscuous mode [ 168.656532][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.664201][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.679339][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 168.686913][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 168.703540][ T61] veth1_macvtap: left promiscuous mode [ 168.710073][ T61] veth0_macvtap: left promiscuous mode [ 168.872937][T15924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 168.931280][T15927] veth0_vlan: entered promiscuous mode [ 168.947421][T15927] veth1_vlan: entered promiscuous mode [ 168.973389][T15927] veth0_macvtap: entered promiscuous mode [ 168.983205][T15927] veth1_macvtap: entered promiscuous mode [ 168.996825][T15927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.007413][T15927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.017431][T15927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.027894][T15927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.037742][T15927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.048204][T15927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.058953][T15927] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 169.068265][T15927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.078783][T15927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.088736][T15927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.099277][T15927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.109274][T15927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.119818][T15927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.133619][T15927] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 169.158597][T15927] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.167599][T15927] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.176748][T15927] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.185578][T15927] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.227286][ T29] audit: type=1400 audit(2000000827.262:1455): avc: denied { mounton } for pid=15927 comm="syz-executor" path="/root/syzkaller.UXpX7s/syz-tmp" dev="sda1" ino=1951 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 169.252087][ T29] audit: type=1400 audit(2000000827.262:1456): avc: denied { mount } for pid=15927 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 169.274174][ T29] audit: type=1400 audit(2000000827.262:1457): avc: denied { mounton } for pid=15927 comm="syz-executor" path="/root/syzkaller.UXpX7s/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 169.302329][ T29] audit: type=1400 audit(2000000827.262:1458): avc: denied { mounton } for pid=15927 comm="syz-executor" path="/root/syzkaller.UXpX7s/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=45014 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 169.330337][ T29] audit: type=1400 audit(2000000827.273:1459): avc: denied { mounton } for pid=15927 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=502 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 169.353523][ T29] audit: type=1400 audit(2000000827.273:1460): avc: denied { mount } for pid=15927 comm="syz-executor" name="/" dev="gadgetfs" ino=4171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 169.385703][ T61] IPVS: stop unused estimator thread 0... [ 169.442414][T15924] veth0_vlan: entered promiscuous mode [ 169.459441][T15924] veth1_vlan: entered promiscuous mode [ 169.485537][T15924] veth0_macvtap: entered promiscuous mode [ 169.493281][T15924] veth1_macvtap: entered promiscuous mode [ 169.523923][T15924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.534569][T15924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.544570][T15924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.555206][T15924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.565070][T15924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.575570][T15924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.585580][T15924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.596100][T15924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.609252][T16090] loop4: detected capacity change from 0 to 512 [ 169.618679][T16090] EXT4-fs (loop4): failed to initialize system zone (-117) [ 169.626398][T16090] EXT4-fs (loop4): mount failed [ 169.633807][T15924] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 169.663075][T16102] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5815'. [ 169.673308][T15924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.684236][T15924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.694188][T15924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.704867][T15924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.714976][T15924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.725445][T15924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.735494][T15924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.746017][T15924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.756661][T16109] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5818'. [ 169.775712][T15924] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 169.797286][T15924] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.806223][T15924] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.815014][T15924] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.823795][T15924] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.887074][T16122] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5820'. [ 169.908012][T16120] loop6: detected capacity change from 0 to 2048 [ 169.935023][T16125] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5824'. [ 169.944128][T16125] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5824'. [ 169.970267][T16120] Alternate GPT is invalid, using primary GPT. [ 169.976739][T16120] loop6: p2 p3 p7 [ 170.010789][T16135] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 0, id = 0 [ 170.108461][T16143] loop6: detected capacity change from 0 to 512 [ 170.120341][T16143] EXT4-fs (loop6): failed to initialize system zone (-117) [ 170.134901][T16143] EXT4-fs (loop6): mount failed [ 170.244709][T16165] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 0, id = 0 [ 170.337788][T16177] loop3: detected capacity change from 0 to 512 [ 170.360320][T16177] EXT4-fs (loop3): failed to initialize system zone (-117) [ 170.374488][T16177] EXT4-fs (loop3): mount failed [ 170.499145][T16202] netlink: 132 bytes leftover after parsing attributes in process `syz.4.5858'. [ 170.542897][T16213] loop3: detected capacity change from 0 to 128 [ 170.551857][T16213] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 170.554131][T16215] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5860'. [ 170.599495][T16213] syz.3.5874: attempt to access beyond end of device [ 170.599495][T16213] loop3: rw=3, sector=33518, nr_sectors = 2 limit=128 [ 170.621263][T16213] syz.3.5874: attempt to access beyond end of device [ 170.621263][T16213] loop3: rw=2051, sector=33520, nr_sectors = 32742 limit=128 [ 170.859637][T16249] vhci_hcd: invalid port number 65 [ 170.864825][T16249] vhci_hcd: invalid port number 65 [ 170.933144][T16259] loop3: detected capacity change from 0 to 512 [ 170.954392][T16259] journal_path: Non-blockdev passed as './bus' [ 170.960697][T16259] EXT4-fs: error: could not find journal device path [ 170.969071][T16269] loop6: detected capacity change from 0 to 1024 [ 170.992380][T16269] EXT4-fs: Ignoring removed bh option [ 171.005777][T16269] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.121851][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.175478][T16289] vhci_hcd: invalid port number 65 [ 171.180655][T16289] vhci_hcd: invalid port number 65 [ 171.255593][ T29] audit: type=1326 audit(2000000829.393:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16294 comm="syz.1.5904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 171.279382][ T29] audit: type=1326 audit(2000000829.393:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16294 comm="syz.1.5904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 171.351093][T16302] loop4: detected capacity change from 0 to 512 [ 171.377967][ T29] audit: type=1326 audit(2000000829.456:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16294 comm="syz.1.5904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 171.401722][ T29] audit: type=1326 audit(2000000829.456:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16294 comm="syz.1.5904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 171.403371][T16302] journal_path: Non-blockdev passed as './bus' [ 171.425359][ T29] audit: type=1326 audit(2000000829.456:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16294 comm="syz.1.5904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 171.431565][T16302] EXT4-fs: error: could not find journal device path [ 171.495802][T16315] __nla_validate_parse: 4 callbacks suppressed [ 171.495825][T16315] netlink: 132 bytes leftover after parsing attributes in process `syz.6.5912'. [ 171.608937][T16320] vhci_hcd: invalid port number 65 [ 171.614177][T16320] vhci_hcd: invalid port number 65 [ 171.680990][ T29] audit: type=1326 audit(2000000829.824:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16329 comm="syz.4.5919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 171.704584][ T29] audit: type=1326 audit(2000000829.824:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16329 comm="syz.4.5919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 171.728322][ T29] audit: type=1326 audit(2000000829.834:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16329 comm="syz.4.5919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 171.751997][ T29] audit: type=1326 audit(2000000829.834:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16329 comm="syz.4.5919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 171.851341][T16345] loop4: detected capacity change from 0 to 128 [ 171.902310][T16345] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 172.003073][T16345] syz.4.5928: attempt to access beyond end of device [ 172.003073][T16345] loop4: rw=3, sector=33518, nr_sectors = 2 limit=128 [ 172.058656][T16345] syz.4.5928: attempt to access beyond end of device [ 172.058656][T16345] loop4: rw=2051, sector=33520, nr_sectors = 32742 limit=128 [ 172.342048][T16365] netlink: 4268 bytes leftover after parsing attributes in process `syz.4.5939'. [ 172.382827][T16365] netlink: 4268 bytes leftover after parsing attributes in process `syz.4.5939'. [ 172.568276][T16383] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5945'. [ 172.823394][T16416] bridge0: port 3(bond0) entered blocking state [ 172.829930][T16416] bridge0: port 3(bond0) entered disabled state [ 172.858512][T16416] bond0: entered allmulticast mode [ 172.863829][T16416] bond_slave_0: entered allmulticast mode [ 172.869922][T16416] bond_slave_1: entered allmulticast mode [ 172.885891][T16416] bond0: entered promiscuous mode [ 172.891010][T16416] bond_slave_0: entered promiscuous mode [ 172.896829][T16416] bond_slave_1: entered promiscuous mode [ 172.915966][T16416] bridge0: port 3(bond0) entered blocking state [ 172.922354][T16416] bridge0: port 3(bond0) entered forwarding state [ 172.929271][T16423] netlink: 32 bytes leftover after parsing attributes in process `syz.6.5974'. [ 173.004796][T16432] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.5965'. [ 173.030414][T16432] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.5965'. [ 173.091227][ T29] audit: type=1400 audit(2000000831.325:1470): avc: granted { setsecparam } for pid=16442 comm="syz.1.5973" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 173.357116][ T1040] kernel write not supported for file /input/event0 (pid: 1040 comm: kworker/0:2) [ 173.400667][T16499] loop4: detected capacity change from 0 to 128 [ 173.419740][T16503] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6005'. [ 173.440108][T16499] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0002] [ 173.458235][T16499] System zones: 1-3, 19-19, 35-36 [ 173.480476][T16512] loop6: detected capacity change from 0 to 2048 [ 173.495841][T16499] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 173.514234][T16499] ext4 filesystem being mounted at /1267/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 173.558183][T16499] EXT4-fs warning (device loop4): ext4_group_extend:1862: can't shrink FS - resize aborted [ 173.570648][T16512] loop6: p1 < > p4 [ 173.584645][T16512] loop6: p4 size 8388608 extends beyond EOD, truncated [ 173.597858][T16521] loop5: detected capacity change from 0 to 1024 [ 173.614892][ T3308] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 173.636882][T16521] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.655777][ T36] kernel write not supported for file /input/event0 (pid: 36 comm: kworker/1:1) [ 173.666931][T16521] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 173.720153][T15924] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.845750][ T3384] kernel write not supported for file /input/event0 (pid: 3384 comm: kworker/1:4) [ 173.983772][T16595] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6057'. [ 174.002758][T16593] bridge0: port 3(bond0) entered blocking state [ 174.009091][T16593] bridge0: port 3(bond0) entered disabled state [ 174.020013][T16593] bond0: entered allmulticast mode [ 174.025366][T16593] bond_slave_0: entered allmulticast mode [ 174.031332][T16593] bond_slave_1: entered allmulticast mode [ 174.041081][T16593] bond0: entered promiscuous mode [ 174.046166][T16593] bond_slave_0: entered promiscuous mode [ 174.052104][T16593] bond_slave_1: entered promiscuous mode [ 174.066978][T16593] bridge0: port 3(bond0) entered blocking state [ 174.073406][T16593] bridge0: port 3(bond0) entered forwarding state [ 174.207881][T16634] loop4: detected capacity change from 0 to 512 [ 174.244821][T16634] EXT4-fs warning (device loop4): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 174.247149][T16639] bridge0: port 4(bond0) entered blocking state [ 174.266057][T16639] bridge0: port 4(bond0) entered disabled state [ 174.272728][T16639] bond0: entered allmulticast mode [ 174.277948][T16639] bond_slave_0: entered allmulticast mode [ 174.283880][T16639] bond_slave_1: entered allmulticast mode [ 174.291283][T16639] bond0: entered promiscuous mode [ 174.294793][T16634] EXT4-fs (loop4): mount failed [ 174.296362][T16639] bond_slave_0: entered promiscuous mode [ 174.296536][T16639] bond_slave_1: entered promiscuous mode [ 174.313846][T16639] bridge0: port 4(bond0) entered blocking state [ 174.320347][T16639] bridge0: port 4(bond0) entered forwarding state [ 174.479762][T16673] loop6: detected capacity change from 0 to 1024 [ 174.494732][T16673] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 174.546126][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.577140][T16693] bridge0: port 3(bond0) entered blocking state [ 174.583664][T16693] bridge0: port 3(bond0) entered disabled state [ 174.591916][T16693] bond0: entered allmulticast mode [ 174.597193][T16693] bond_slave_0: entered allmulticast mode [ 174.603127][T16693] bond_slave_1: entered allmulticast mode [ 174.613811][T16693] bond0: entered promiscuous mode [ 174.618896][T16693] bond_slave_0: entered promiscuous mode [ 174.624880][T16693] bond_slave_1: entered promiscuous mode [ 174.653584][T16703] loop3: detected capacity change from 0 to 1024 [ 174.661034][T16693] bridge0: port 3(bond0) entered blocking state [ 174.667394][T16693] bridge0: port 3(bond0) entered forwarding state [ 174.703373][T16703] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 174.717995][T16703] ext4 filesystem being mounted at /1237/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 174.744483][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.781197][T16721] loop4: detected capacity change from 0 to 1024 [ 174.794784][T16716] loop5: detected capacity change from 0 to 2048 [ 174.835187][T16721] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 174.848147][T16716] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002] [ 174.856565][T16732] loop3: detected capacity change from 0 to 512 [ 174.863064][T16716] System zones: 0-4 [ 174.881466][T16732] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 174.889826][T16732] EXT4-fs (loop3): orphan cleanup on readonly fs [ 174.896639][T16732] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.6108: invalid indirect mapped block 256 (level 2) [ 174.897392][T16716] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 174.922802][T16716] ext4 filesystem being mounted at /50/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 174.935728][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.947494][T16732] EXT4-fs (loop3): 2 truncates cleaned up [ 174.953780][T16732] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 174.983554][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.994426][T15924] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.233335][T16773] loop5: detected capacity change from 0 to 512 [ 175.256325][T16779] netlink: 72 bytes leftover after parsing attributes in process `syz.6.6130'. [ 175.278468][T16773] EXT4-fs warning (device loop5): ext4_enable_quotas:7170: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 175.306922][T16773] EXT4-fs (loop5): mount failed [ 175.619195][T16833] loop6: detected capacity change from 0 to 1024 [ 175.689564][T16833] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.796540][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.003755][T16883] loop5: detected capacity change from 0 to 1024 [ 176.021849][ T29] kauditd_printk_skb: 22 callbacks suppressed [ 176.021863][ T29] audit: type=1326 audit(2000000834.411:1491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16884 comm="syz.4.6179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 176.079994][T16883] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.093727][ T29] audit: type=1326 audit(2000000834.443:1492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16884 comm="syz.4.6179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 176.117390][ T29] audit: type=1326 audit(2000000834.443:1493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16884 comm="syz.4.6179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=75 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 176.141020][ T29] audit: type=1326 audit(2000000834.443:1494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16884 comm="syz.4.6179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 176.164811][ T29] audit: type=1326 audit(2000000834.443:1495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16884 comm="syz.4.6179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 176.266283][T15924] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.358490][T16917] __nla_validate_parse: 6 callbacks suppressed [ 176.358512][T16917] netlink: 80 bytes leftover after parsing attributes in process `syz.6.6196'. [ 176.395869][T16924] loop3: detected capacity change from 0 to 128 [ 176.454214][T16929] loop4: detected capacity change from 0 to 1024 [ 176.488979][T16929] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.547777][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.017055][ T29] audit: type=1326 audit(2000000835.451:1496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17002 comm="syz.5.6235" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6dc1f9e969 code=0x0 [ 177.507324][T17050] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6268'. [ 177.617280][T17070] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6269'. [ 177.718022][T17090] loop4: detected capacity change from 0 to 164 [ 177.725706][T17090] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 177.908445][T17122] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6294'. [ 178.020867][T17141] netlink: 48 bytes leftover after parsing attributes in process `syz.5.6302'. [ 178.062372][T17150] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 178.188815][T17171] loop5: detected capacity change from 0 to 164 [ 178.200450][T17171] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 178.405789][T17213] netlink: 5064 bytes leftover after parsing attributes in process `syz.3.6337'. [ 178.472394][T17222] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 178.498588][ T29] audit: type=1326 audit(2000000836.994:1497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17224 comm="syz.4.6341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 178.522393][ T29] audit: type=1326 audit(2000000836.994:1498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17224 comm="syz.4.6341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 178.546220][ T29] audit: type=1326 audit(2000000836.994:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17224 comm="syz.4.6341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 178.548694][T17230] netlink: 'syz.3.6345': attribute type 29 has an invalid length. [ 178.570182][ T29] audit: type=1326 audit(2000000836.994:1500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17224 comm="syz.4.6341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5227ae969 code=0x7ffc0000 [ 178.626337][T17234] loop6: detected capacity change from 0 to 512 [ 178.640317][T17230] netlink: 'syz.3.6345': attribute type 29 has an invalid length. [ 178.695358][T17234] EXT4-fs error (device loop6): ext4_map_blocks:675: inode #2: block 3: comm syz.6.6347: lblock 0 mapped to illegal pblock 3 (length 1) [ 178.720007][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4 [ 178.728672][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2 [ 178.740118][T17255] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6356'. [ 178.749111][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.749142][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.749170][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.756881][T17234] EXT4-fs (loop6): Remounting filesystem read-only [ 178.764641][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.772306][T17234] EXT4-fs warning (device loop6): dx_probe:793: inode #2: lblock 0: comm syz.6.6347: error -117 reading directory block [ 178.778889][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.786607][T17234] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117 [ 178.799256][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.799287][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.799313][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.799337][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.807662][T17234] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.815233][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.866456][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.874163][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.882159][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.890075][ T3384] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 178.908598][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.923275][ T3384] hid-generic 0000:3000000:0000.0003: hidraw0: HID v0.00 Device [sy] on syz0 [ 178.977299][T17267] netlink: 'syz.4.6363': attribute type 29 has an invalid length. [ 178.993632][T17267] netlink: 'syz.4.6363': attribute type 29 has an invalid length. [ 179.021190][T17274] loop3: detected capacity change from 0 to 512 [ 179.040661][T17274] EXT4-fs (loop3): orphan cleanup on readonly fs [ 179.047445][T17274] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.6366: bad orphan inode 13 [ 179.058249][T17274] ext4_test_bit(bit=12, block=18) = 1 [ 179.063832][T17274] is_bad_inode(inode)=0 [ 179.068078][T17274] NEXT_ORPHAN(inode)=2130706432 [ 179.073018][T17274] max_ino=32 [ 179.076233][T17274] i_nlink=1 [ 179.082628][T17274] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 179.114872][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.167131][T17287] loop4: detected capacity change from 0 to 2048 [ 179.202772][T17287] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.258446][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.276412][T17310] loop5: detected capacity change from 0 to 512 [ 179.304018][T17310] EXT4-fs (loop5): orphan cleanup on readonly fs [ 179.327544][T17310] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.6383: bad orphan inode 13 [ 179.339858][T17322] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6387'. [ 179.349525][T17310] ext4_test_bit(bit=12, block=18) = 1 [ 179.355015][T17310] is_bad_inode(inode)=0 [ 179.359240][T17310] NEXT_ORPHAN(inode)=2130706432 [ 179.364269][T17310] max_ino=32 [ 179.367547][T17310] i_nlink=1 [ 179.379344][T17310] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 179.409050][T15924] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.453982][T17335] netlink: 'syz.3.6391': attribute type 298 has an invalid length. [ 179.472486][T17336] loop5: detected capacity change from 0 to 2048 [ 179.500415][T17336] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.504005][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4 [ 179.520468][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2 [ 179.528207][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.535910][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.543712][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.551460][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.559241][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.566994][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.574760][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.582509][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.590214][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.597960][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.605846][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.613517][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.621299][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.629078][ T1040] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 179.637260][ T1040] hid-generic 0000:3000000:0000.0004: hidraw0: HID v0.00 Device [sy] on syz0 [ 179.637966][T15924] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.733998][T17355] loop6: detected capacity change from 0 to 512 [ 179.747528][T17355] EXT4-fs (loop6): orphan cleanup on readonly fs [ 179.757532][T17355] EXT4-fs error (device loop6): ext4_orphan_get:1417: comm syz.6.6401: bad orphan inode 13 [ 179.769499][T17355] ext4_test_bit(bit=12, block=18) = 1 [ 179.775059][T17355] is_bad_inode(inode)=0 [ 179.779387][T17355] NEXT_ORPHAN(inode)=2130706432 [ 179.784342][T17355] max_ino=32 [ 179.787669][T17355] i_nlink=1 [ 179.792705][T17355] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 179.831272][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.856537][T17362] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6402'. [ 179.906689][T17370] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6405'. [ 179.920495][T17372] loop3: detected capacity change from 0 to 512 [ 179.938223][T17372] EXT4-fs error (device loop3): ext4_map_blocks:675: inode #2: block 3: comm syz.3.6406: lblock 0 mapped to illegal pblock 3 (length 1) [ 179.955713][T17372] EXT4-fs (loop3): Remounting filesystem read-only [ 179.962461][T17372] EXT4-fs warning (device loop3): dx_probe:793: inode #2: lblock 0: comm syz.3.6406: error -117 reading directory block [ 179.975874][T17372] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 179.978105][T17375] loop6: detected capacity change from 0 to 2048 [ 179.984493][T17372] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.014679][T17375] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.029892][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.057247][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.090888][T17390] loop1: detected capacity change from 0 to 1024 [ 180.099310][T17392] netlink: 'syz.5.6415': attribute type 26 has an invalid length. [ 180.124598][T17390] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.138741][T17398] loop3: detected capacity change from 0 to 256 [ 180.149117][T17390] ext4 filesystem being mounted at /1310/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.196880][T17407] loop5: detected capacity change from 0 to 512 [ 180.204207][T17408] loop3: detected capacity change from 0 to 2048 [ 180.220399][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.230681][T17407] EXT4-fs error (device loop5): ext4_map_blocks:675: inode #2: block 3: comm syz.5.6422: lblock 0 mapped to illegal pblock 3 (length 1) [ 180.250718][T17414] netlink: 'syz.6.6425': attribute type 298 has an invalid length. [ 180.253847][T17407] EXT4-fs (loop5): Remounting filesystem read-only [ 180.262650][T17408] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.265422][T17407] EXT4-fs warning (device loop5): dx_probe:793: inode #2: lblock 0: comm syz.5.6422: error -117 reading directory block [ 180.299384][T17407] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 180.308422][T17407] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.353081][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.409234][T15924] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.496000][T17447] xt_hashlimit: size too large, truncated to 1048576 [ 180.502792][T17447] xt_hashlimit: Unknown mode mask 80FF, kernel too old? [ 180.577095][T17466] loop6: detected capacity change from 0 to 256 [ 180.766780][T17501] loop5: detected capacity change from 0 to 256 [ 180.789215][T17505] loop4: detected capacity change from 0 to 1024 [ 180.818982][T17505] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.863821][ T29] kauditd_printk_skb: 19 callbacks suppressed [ 180.863838][ T29] audit: type=1400 audit(2000000839.492:1520): avc: denied { ioctl } for pid=17512 comm="syz.1.6471" path="socket:[51332]" dev="sockfs" ino=51332 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 180.870680][T17505] ext4 filesystem being mounted at /1354/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.977015][T17521] IPVS: stopping master sync thread 16135 ... [ 181.029071][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.038790][T17530] netlink: 'syz.3.6480': attribute type 26 has an invalid length. [ 181.070008][T17536] loop1: detected capacity change from 0 to 256 [ 181.091388][T17534] loop4: detected capacity change from 0 to 2048 [ 181.133480][T17534] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.189750][ T3308] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.232571][T17556] loop3: detected capacity change from 0 to 1024 [ 181.273054][T17556] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.285243][T17556] ext4 filesystem being mounted at /1331/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 181.341676][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.544631][T17587] netlink: 'syz.4.6516': attribute type 2 has an invalid length. [ 181.643749][T17606] loop6: detected capacity change from 0 to 1024 [ 181.682955][T17615] IPVS: stopping master sync thread 15537 ... [ 181.695871][T17606] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.713826][T17606] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 181.743591][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.795077][T17625] loop6: detected capacity change from 0 to 2045 [ 181.817924][ T29] audit: type=1326 audit(2000000840.479:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17527 comm="syz.5.6488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6dc1f9e969 code=0x7fc00000 [ 181.892585][T17629] xt_hashlimit: size too large, truncated to 1048576 [ 181.899393][T17629] xt_hashlimit: Unknown mode mask 80FF, kernel too old? [ 181.941328][T17625] Alternate GPT is invalid, using primary GPT. [ 181.948012][T17625] loop6: p2 p3 p7 [ 181.954803][T17633] __nla_validate_parse: 1 callbacks suppressed [ 181.954824][T17633] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6536'. [ 182.052929][T17645] loop6: detected capacity change from 0 to 512 [ 182.086395][T17645] EXT4-fs (loop6): 1 truncate cleaned up [ 182.093123][T17645] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.122178][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.146467][T17658] loop6: detected capacity change from 0 to 512 [ 182.163553][T17658] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.186911][T17658] ext4 filesystem being mounted at /170/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 182.249683][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.310561][T17681] loop3: detected capacity change from 0 to 164 [ 182.313564][T17682] No such timeout policy "syz0" [ 182.321290][T17681] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 182.435160][ T29] audit: type=1326 audit(2000000841.141:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17699 comm="syz.1.6558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 182.458113][T17704] netlink: 3 bytes leftover after parsing attributes in process `syz.5.6560'. [ 182.468072][T17698] loop6: detected capacity change from 0 to 512 [ 182.475869][ T29] audit: type=1326 audit(2000000841.162:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17699 comm="syz.1.6558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 182.499442][ T29] audit: type=1326 audit(2000000841.162:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17699 comm="syz.1.6558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 182.523517][ T29] audit: type=1326 audit(2000000841.172:1525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17699 comm="syz.1.6558" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbe856e969 code=0x7ffc0000 [ 182.536780][T17698] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 182.559110][T17710] rtc_cmos 00:00: Alarms can be up to one day in the future [ 182.569280][T17698] EXT4-fs (loop6): 1 truncate cleaned up [ 182.577059][T17698] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.598807][T17713] loop5: detected capacity change from 0 to 512 [ 182.616976][T17713] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 182.628148][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.645846][T17713] EXT4-fs (loop5): 1 truncate cleaned up [ 182.663769][T17722] loop6: detected capacity change from 0 to 1024 [ 182.663970][T17713] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.693504][T17722] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.706871][T17713] EXT4-fs error (device loop5): htree_dirblock_to_tree:1082: inode #2: block 13: comm syz.5.6564: bad entry in directory: rec_len is smaller than minimal - offset=44, inode=262156, rec_len=0, size=1024 fake=0 [ 182.730534][T17730] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6570'. [ 182.739506][T17730] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6570'. [ 182.750063][T17722] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4113: comm syz.6.6567: Allocating blocks 497-513 which overlap fs metadata [ 182.773898][T17722] EXT4-fs (loop6): pa ffff8881056d7690: logic 256, phys. 369, len 9 [ 182.782098][T17722] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 182.783600][T15924] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.816576][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.889755][T17747] loop3: detected capacity change from 0 to 128 [ 182.912405][T17752] SELinux: syz.5.6582 (17752) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 182.935025][T17750] netlink: 32 bytes leftover after parsing attributes in process `syz.6.6581'. [ 182.943366][T17745] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 183.026115][T17766] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6588'. [ 183.069805][ T3384] IPVS: starting estimator thread 0... [ 183.092012][T17778] loop4: detected capacity change from 0 to 128 [ 183.092694][T17776] loop6: detected capacity change from 0 to 512 [ 183.115157][T17776] EXT4-fs: Ignoring removed nobh option [ 183.140525][T17776] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.166058][T17774] IPVS: using max 2304 ests per chain, 115200 per kthread [ 183.187951][T15927] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.222541][T17797] netlink: 'syz.5.6604': attribute type 32 has an invalid length. [ 183.230487][T17797] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6604'. [ 183.232657][ T29] audit: type=1326 audit(2000000841.959:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17796 comm="syz.5.6604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6dc1f9e969 code=0x7ffc0000 [ 183.263948][ T29] audit: type=1326 audit(2000000841.959:1527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17796 comm="syz.5.6604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6dc1f9e969 code=0x7ffc0000 [ 183.264323][T17797] (unnamed net_device) (uninitialized): option coupled_control: invalid value (6) [ 183.287649][ T29] audit: type=1326 audit(2000000841.959:1528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17796 comm="syz.5.6604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6dc1f9e969 code=0x7ffc0000 [ 183.287685][ T29] audit: type=1326 audit(2000000841.959:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17796 comm="syz.5.6604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6dc1f9e969 code=0x7ffc0000 [ 183.497787][T17831] tipc: Started in network mode [ 183.502810][T17831] tipc: Node identity 7fffffff, cluster identity 4711 [ 183.509674][T17831] tipc: Node number set to 2147483647 [ 183.601041][T17849] netlink: 56 bytes leftover after parsing attributes in process `syz.6.6629'. [ 183.610165][T17849] netlink: 'syz.6.6629': attribute type 1 has an invalid length. [ 183.617983][T17849] netlink: 'syz.6.6629': attribute type 2 has an invalid length. [ 183.680410][T17867] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6638'. [ 183.753472][T17879] loop3: detected capacity change from 0 to 256 [ 183.768932][T17879] FAT-fs (loop3): Directory bread(block 64) failed [ 183.775898][T17879] FAT-fs (loop3): Directory bread(block 65) failed [ 183.787241][T17879] FAT-fs (loop3): Directory bread(block 66) failed [ 183.794091][T17879] FAT-fs (loop3): Directory bread(block 67) failed [ 183.800914][T17879] FAT-fs (loop3): Directory bread(block 68) failed [ 183.807701][T17879] FAT-fs (loop3): Directory bread(block 69) failed [ 183.815347][T17879] FAT-fs (loop3): Directory bread(block 70) failed [ 183.829227][T17879] FAT-fs (loop3): Directory bread(block 71) failed [ 183.836619][T17879] FAT-fs (loop3): Directory bread(block 72) failed [ 183.843906][T17879] FAT-fs (loop3): Directory bread(block 73) failed [ 183.870112][T17894] netlink: 132 bytes leftover after parsing attributes in process `syz.6.6651'. [ 183.902957][T17900] loop1: detected capacity change from 0 to 512 [ 183.912717][T17900] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 183.924071][T17900] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00cc128, mo2=0002] [ 183.933389][T17900] System zones: 1-12 [ 183.938069][T17900] EXT4-fs (loop1): 1 truncate cleaned up [ 184.004736][T17917] loop3: detected capacity change from 0 to 512 [ 184.011787][T17917] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 184.020717][T17917] EXT4-fs (loop3): invalid journal inode [ 184.026982][T17917] EXT4-fs (loop3): can't get journal size [ 184.034132][T17917] EXT4-fs (loop3): 1 truncate cleaned up [ 184.068040][T17922] loop6: detected capacity change from 0 to 8192 [ 184.082039][T17924] loop1: detected capacity change from 0 to 1024 [ 193.606381][ T31] ================================================================== [ 193.614526][ T31] BUG: KCSAN: data-race in process_scheduled_works / process_scheduled_works [ 193.623307][ T31] [ 193.625645][ T31] read-write to 0xffff8881000730b0 of 8 bytes by task 296 on cpu 0: [ 193.633632][ T31] process_scheduled_works+0x4fe/0x9d0 [ 193.639224][ T31] worker_thread+0x582/0x770 [ 193.644742][ T31] kthread+0x486/0x510 [ 193.648830][ T31] ret_from_fork+0x4b/0x60 [ 193.653266][ T31] ret_from_fork_asm+0x1a/0x30 [ 193.658037][ T31] [ 193.660378][ T31] read-write to 0xffff8881000730b0 of 8 bytes by task 31 on cpu 1: [ 193.668317][ T31] process_scheduled_works+0x4fe/0x9d0 [ 193.673909][ T31] worker_thread+0x582/0x770 [ 193.678528][ T31] kthread+0x486/0x510 [ 193.682701][ T31] ret_from_fork+0x4b/0x60 [ 193.687172][ T31] ret_from_fork_asm+0x1a/0x30 [ 193.691948][ T31] [ 193.694277][ T31] value changed: 0x0000000000001e44 -> 0x0000000000001e45 [ 193.701395][ T31] [ 193.703727][ T31] Reported by Kernel Concurrency Sanitizer on: [ 193.709884][ T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/u8:1 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(voluntary) [ 193.722303][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 193.732372][ T31] Workqueue: events_unbound nsim_dev_trap_report_work [ 193.739143][ T31] ==================================================================