last executing test programs: 1m37.027475094s ago: executing program 3 (id=13): perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x106200, 0x1000, 0x20da, 0x0, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) 1m36.940448358s ago: executing program 3 (id=15): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000080)={0x0, 0x3}, &(0x7f00000000c0)=0x8) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) 1m36.855695642s ago: executing program 3 (id=18): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105142, 0x2c) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) open(0x0, 0x105342, 0x20) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x5, 0x8, 0x3}, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) read$rfkill(r0, 0x0, 0x0) 1m36.793399445s ago: executing program 3 (id=21): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x20000, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='..\x00') mount$bpf(0x200000000000, &(0x7f0000000440)='./file0\x00', 0x0, 0x98d046, 0x0) mount$bpf(0x200000000000, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x10454ca, 0x0) 1m36.69868121s ago: executing program 3 (id=27): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/12, @ANYRES32, @ANYBLOB="0d00ff0000000000830000000000000045"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x90) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) mount$bpf(0x200000000000, 0x0, 0x0, 0x989046, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f3, &(0x7f0000000080)) 1m35.439535032s ago: executing program 3 (id=57): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000010003704000000000500000000000000", @ANYRES32=r2, @ANYBLOB="c3040580000000002800128008000100677265001c00028005000a000000000008000700ac1414aa0500130001"], 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x48000) sendmmsg$inet(r0, &(0x7f0000001580)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @private=0x1}, 0x10, 0x0, 0x0, &(0x7f0000000d00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @remote}}}], 0x20}}], 0x1, 0x40000) 1m35.439271262s ago: executing program 32 (id=57): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4800000010003704000000000500000000000000", @ANYRES32=r2, @ANYBLOB="c3040580000000002800128008000100677265001c00028005000a000000000008000700ac1414aa0500130001"], 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x48000) sendmmsg$inet(r0, &(0x7f0000001580)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @private=0x1}, 0x10, 0x0, 0x0, &(0x7f0000000d00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @remote}}}], 0x20}}], 0x1, 0x40000) 1m3.367824661s ago: executing program 4 (id=771): ioperm(0x0, 0x2, 0x7e) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x43) acct(&(0x7f0000000140)='./file0\x00') 1m2.493146764s ago: executing program 4 (id=793): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000140), 0x10) r1 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679d, 0x400, 0x2000006, 0x3ce}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, &(0x7f0000000240)="144024aeae8b2b5d63f7449a372e1406d4defe495b5744eed6801d1d51e1d3fcdcf25bdf4a5f2ef4b45d6898757795c858f0c3d4b26bd644", 0x38, 0x2400c0c7, 0x1}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 1m2.18384577s ago: executing program 4 (id=804): r0 = syz_io_uring_setup(0x74f9, &(0x7f0000000340)={0x0, 0xff67, 0x13911, 0x1, 0x187}, &(0x7f0000003400), &(0x7f0000000240)) syz_io_uring_setup(0x7674, &(0x7f0000000e40)={0x0, 0x17a1, 0x800, 0x0, 0x26c, 0x0, r0}, 0x0, 0x0) syz_io_uring_setup(0x10278e, &(0x7f0000000000)={0x0, 0x7974, 0x10, 0x0, 0x4}, &(0x7f00000005c0), &(0x7f0000000180)) r1 = eventfd2(0x800, 0x80800) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000100)=r1, 0x1) io_uring_enter(r0, 0x82, 0xbc7b, 0x1, 0x0, 0xfffffffffffffe60) 1m2.085379044s ago: executing program 4 (id=808): perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0, 0xa}, 0x102220, 0x10000, 0xfffffffa, 0x1, 0x2, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x2000000020000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000300)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@jqfmt_vfsold}, {@minixdf}, {@quota}]}, 0x3, 0x442, &(0x7f0000001180)="$eJzs3M1vG0UbAPBn7aR9+5m8VfloWiBQEBEfSZOW0gMXEEgcQEKCQzmGJK1C3QY1RqJVBAGhckSVuCOOSPwFnOCCgBMSV7ijShXKpYWT0drexHbsNHGdLNS/n7TtzO44M493x57ZySaAvjWa/pNE7I+I3yJiqJZtLjBa++/2ytLMXytLM0lUKm/+mVTL3VpZmsmKZq/bl2UGIgqfJnG0Tb2LV65emC6V5i7X8xPli+9NLF65+uz8xenzc+fnLk2dOXPq5OTzp6ee60mcaVy3Rj5cOHbk1bevvz5z9vo7P32TZPG3xNEjoxsdfKJS6XF1+TrQkE4GcmwIW1KsddMYrPb/oSjG2skbilc+aShaPphLC4HtUqlUKvd3PrxcAe5hSeTdAiAf2Rd9Ov/Ntogo7NDwI3c3X6xNgNK4b9e32pGB1TdhsGV+20ujEXF2+e8v0y225z4EAECT79LxzzPrxn/VIWDjfaGD9TWU4Yj4f0QciojTEXE4Iu6LqJZ9ICIe3GL9rYsk68c/hRtdBbZJ6fjvhfraVvP4b3UIPFys5w5U4x9Mzs2X5k7U35OxGNyd5ic3qOP7l3/9vNOxxvFfuqX1Z2PBejtuDOxufs3sdHn6bmJudPPjiJGBdvEnqysBSUQciYiRLuuYf+rrY52O3Tn+DfRgnanyVcSTtfO/HC3xZ5KN1ycn/heluRMT2VWx3s+/XHujU/13FX8PpOd/b9vrfzX+4aRxvXZx63Vc+/2zjnOabq//XclbTfs+mC6XL09G7EpeqzW6cf9US7mptfJp/GPH2/f/Q7H2ThyNiPQifigiHo6IR+ptfzQiHouI4xvE/+NLj7/bffzbK41/dkvnfy2xK1r3tE8UL/zwbVOlw1uJPz3/p6qpsfqezXz+baZd3V3NAAAA8N9TiIj9kRTGV9OFwvh47Xf4D8feQmlhsfz0uYX3L83WnhEYjsFCdqdrqOF+6GR9Wp/lp1ryJ+v3jb8o7qnmx2cWSrN5Bw99bl+H/p/6o5h364Bt53kt6F/6P/Qv/R/6l/4P/atN/9+TRzuAndfu+/+jHNoB7LyW/m/ZD/qI+T/0r276f9/8hSC4x/n+h760uCfu/JC8hMS6RBT+Fc2QSBPZcLyHPznvTyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDe+CcAAP//Fmvj5w==") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') umount2(&(0x7f0000000040)='./file0\x00', 0x9) 1m1.222856647s ago: executing program 4 (id=813): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000340)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000000, &(0x7f0000000180)=ANY=[@ANYBLOB="64656275672c757466383d312c757466383d302c757466383d312c73686f72746e616d653d77696e39352c636865636b3d7374726963742c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c002bc08d8cca74e8ecafb48437094fe1a4a2383bd9d85bff651d1101fd722e01b9b5d22f08b5fc0ac7cbf33fb553a90ae4d01d71ddeeb089f517aeaaa271899287d5b8949b02b23c2807b7d81714b89e9682f6c3faa6107733a77a4cf985560ed64ec24e255dee3654aa2ba55be4bf3ae257adba34bed8e52e4122bb46aa57a75dab0288098e42f886f09bdf63537db28a454b02a4204a7e7dac3c30a6d4b5c814916b02d7147f667ec516545366cc56018bc1b563b100a2e4c51c06546a25a2005847c9fcede77362f54890e96075086110ee9cec7a20b139d819c94dc4c36c0b9ae55721f33f037cf92f2c4941a4bc36eb6c79859a1e120eb2c9ff5210b7cf35bf5d1d0b61a8fc3c5f55888eca4c844ed0436afaa9e9ca1a8fa1ffbbdf0fd03a6263fc21bcaaeae592a90fd64085944d4b5de552f49e2ff3a09de62f85d0c6020cdb7ef052a53afe", @ANYRESOCT=0x0], 0x3, 0x26f, &(0x7f0000000680)="$eJzs2s9rHGUYB/BnY2I3KelG/EUL4ose1MvS5OyhRSKIAUWNUAXp1Ex0zbgbMktgRUxOevVP8CwevQnSo5dc/As8eMslxx7Ekd3Z1CQWWjHdhPr5HIaHyXxn3nnf8PLssvuvfvv5xnrZXs/6MdVoxNS12I07jViIqTi0G6+8dOOX59698cGb11dWmuOzSymlS8///OGXP7xwu3/x/R8v/XQh9hY+2j9Y+n3vmb3L+3++92mnTJ0ydXv9lKVbvV4/u1Xkaa1TbrRTervIszJPnW6Zbx37+3rR29wcpKy7Nj+3uZWXZcq6g7SRD1K/l/pbg5R9knW6qd1up/m54L9Y/f5OVcVBNXMzqqqa/S4u3o7536IVjSdS48lrjadvNp7dbVw+qKrWyejs2YyY01Wv/+Pxr9efR8J4U19+J6VmTA+3hO3ViOKb4TGiGdfXoxNF5HE1ZuOP0b/JWF2//sbK8tU0shBfFzvbdX5ne/Wx0f3v5hejFQv3zi/W+XSYvxARw+Pc0fxStOKpe+eXTuTr5zfj5ReP5NvRil8/jl4UsRbDbOyMp2D5q8WUXntr5UT+yug6AIBHTbtunWai7t+GTdux/q09vuCf/V2dP9Iftu7TH57or6bjyvTZvjsR5eCLjawo8q3hB7xRcffMKRQz46ec2g0nUcwenZYHKQ6/Cnl4A5s6tmbnZaL+v8Xu+RjGQy0iPpv4bsSk/b3o9720OZEBAQAAAAAAAAAA8EAm8XPCs35HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfPsrAAD//6c2uyA=") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0xd, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syz_tun\x00', 0x400}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@bloom_filter={0x1e, 0x0, 0xfffffffd, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x4, 0xf}, 0x50) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080)) 1m0.95792083s ago: executing program 4 (id=823): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x22}, 0x50) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0xe5, 0x4) listen(r1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000840)={r0, &(0x7f0000000240), &(0x7f0000000080)=@tcp=r1}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000900)={r0, &(0x7f00000008c0)}, 0x20) 1m0.912326893s ago: executing program 33 (id=823): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x22}, 0x50) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0xe5, 0x4) listen(r1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000840)={r0, &(0x7f0000000240), &(0x7f0000000080)=@tcp=r1}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000900)={r0, &(0x7f00000008c0)}, 0x20) 2.394039761s ago: executing program 0 (id=1971): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x2000}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) 2.186500221s ago: executing program 0 (id=1986): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x448}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0) sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) 2.184819131s ago: executing program 5 (id=1987): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r3, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r1], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="400000001000010001000000ffdbdf2500000000", @ANYRES32=r3, @ANYBLOB="850b0100609004002000128009000100766c616e00f90000100002800c000200100000000d"], 0x40}, 0x1, 0x0, 0x0, 0x90}, 0x0) 2.132142774s ago: executing program 0 (id=1991): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r0) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000240)={0x34, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40040}, 0x0) 1.950316093s ago: executing program 5 (id=1981): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) syz_emit_ethernet(0x66, &(0x7f00000000c0)={@multicast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010102, @multicast1=0xe000c800}, {{0x0, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{}, 0xfffff788}}}}}}}, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f0000000040)=0x9, 0x4) 1.949852013s ago: executing program 5 (id=1982): socket$igmp(0x2, 0x3, 0x2) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1f0719, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @perf_config_ext={0x100, 0x80000000004}, 0xa822, 0x4005, 0xb, 0x3, 0x2, 0xff000000, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x30000014}) 1.841086558s ago: executing program 2 (id=1983): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r1 = syz_clone(0xd104200, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(r1, &(0x7f00000000c0)='net/kcm\x00') 1.765696533s ago: executing program 6 (id=1990): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xc2dc}, 0x94) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000380)=r2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x38, 0x301, 0x70bd27, 0xfffffffc, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x0) 1.765149383s ago: executing program 5 (id=1992): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x448}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0) sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) 1.727566824s ago: executing program 6 (id=1993): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000900)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 1.727194604s ago: executing program 5 (id=1994): mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1000001, 0x13, r0, 0x8cee000) 1.444669358s ago: executing program 6 (id=1995): getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0x1, 0x288}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='0'], 0x30}}) io_uring_enter(r1, 0x3516, 0x0, 0x4, 0x0, 0x0) shutdown(r0, 0x0) 1.256641667s ago: executing program 0 (id=1997): ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0) mprotect(&(0x7f0000ffb000/0x3000)=nil, 0xffffffffdf004fff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) fchdir(r0) socketpair$unix(0x1, 0x2, 0x0, 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x10) 1.095881145s ago: executing program 2 (id=1998): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0xd0f, 0x0, 0x4, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x1c, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x2}, @TCA_CAKE_SPLIT_GSO={0x8}, @TCA_CAKE_FWMARK={0x8, 0x12, 0x8}]}}]}, 0x4c}}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendto$packet(r2, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r3}, 0x14) 1.080254646s ago: executing program 1 (id=1999): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xfff3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newtfilter={0x78, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff1, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x4c, 0x2, [@TCA_FW_POLICE={0x48, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x7, 0x20000005, 0x2, 0x3c1, 0x1, {0xb4, 0x0, 0x37f0, 0x100, 0x3}, {0x6, 0x1, 0x2, 0x7a96, 0x3, 0x6}, 0x4, 0x8, 0x8}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x80000001}]}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 1.01398517s ago: executing program 2 (id=2000): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) setuid(0xee00) r0 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x0, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000)) setrlimit(0x40000000000008, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) 1.013387529s ago: executing program 1 (id=2001): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = socket(0x10, 0x2, 0x0) write(r2, &(0x7f0000000280)="1c0000001a009b8a14e5f4070009042400000000ff02000000000000", 0x1e5) recvmmsg$unix(r2, &(0x7f0000006440)=[{{0x0, 0x0, 0x0}}], 0x11, 0x10002, 0x0) 897.377736ms ago: executing program 1 (id=2002): perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x7, 0x7}, 0x106200, 0x10004, 0x20da, 0x5, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000001400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0) close(r0) 897.159446ms ago: executing program 5 (id=2003): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0x9}, 0x17008}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ftruncate(0xffffffffffffffff, 0x5) 839.424448ms ago: executing program 1 (id=2004): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bond0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0xfffffffffffffdff, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x0, 0x33822}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x200c0800}, 0x20040040) 496.920185ms ago: executing program 1 (id=2006): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x14, 0x0, 0x5, 0x201, 0x0, 0x0, {0x3, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20048010) 475.530696ms ago: executing program 2 (id=2007): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r1) getsockname$packet(r1, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0x437, 0xfffffffe, 0x25dfdbff, {0x0, 0x0, 0x0, r2, 0x704c3, 0xc4a48b7f26bf141b}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1a}}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x7}]}, 0x40}, 0x1, 0x0, 0x0, 0x20a7d52d1a3e1087}, 0x1000c014) sendmmsg$inet(r0, &(0x7f00000018c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880) syz_open_dev$tty1(0xc, 0x4, 0x3) 444.478458ms ago: executing program 1 (id=2008): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x200000, &(0x7f0000000380)={[{@block_validity}, {}, {@data_err_ignore}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@usrquota}, {@noauto_da_alloc}, {@norecovery}]}, 0x3, 0x569, &(0x7f0000000940)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFxGkCCIWxD/Au8fiP+BfIWihSAl68BKZzWy7TXa7yXZrUufzgWnfm5nkO2/fvJfvzOyyARTWWPZPKeLliPg6iTjYtm048o1ja/utPLg2nS1JrK5+8mcSSb6utX+S/78/r7wUEb98EXG8tDFufWl5rlKtpgt5fbwxf3m8vrR84uJ8ZTadTS9NTk2demtq8t133h5YW18/9/d3H9/94NSXR1e+/eneodtJnIkD+bb2djyFG+2VsRjLX5OROLNux4kBBNtJkl47dDgH2H5D+TgfiWwOOBhD+agH/v+uR8QqUFCJ8Q8F1coDWtf2A7oOfm7cf3/tAqi9/V81b4IMr90biT3Na6N9K8ljV0bZ9e7oAOJnMX7+487tbIke9yGuDyAeQMuNmxFxcnh44/yf5PNf/05u4q7f+hhF+/sD2+lulv+80Sn/Kz3Mf6JD/rO/w9jtR+/xX7o3gDBdZfnfex3z34dT1+hQXnuhmfONJBcuVtOTEfFiRByLkd1Zvd/nOe35X7Zk8Vu5YH4c94Z3P/4zM5VGpc9wG9y/GfHKo/w3iQ3z/55mrru+/7PX49wmYxxJ77zabVvv9rcbfAa8+mPEax37/9ETreTJzyfHm+fDeOus2OivW0d+7RZ/a+0fvKz/9z25/aNJ+/Pa+tZj/LDnn7Tbtn7P/13Jp83yrnzd1UqjsTARsSv5aOP6yUc/26q39s/af+zok+e/Tuf/3oj4bJPtv3W4exq0E/p/Zkv9v/XCbx9+/n23+Jvr/zebpWP5ms3Mf5s9wKd57QAAAAAAAGCnKUXEgUhK5YflUqlcXnt/x+HYV6rW6o3jF2qLl2ai+VnZ0RgptZ50H2x7P8RE/n7YVn1yXX0qIg5FxDdDe5v18nStOrPdjQcAAAAAAAAAAAAAAAAAAIAdYn+Xz/9nfh/a7qMDnjlf+Q3F1XP8D+KbnoAdyd9/KC7jH4rL+IfiMv6huIx/KC7jH4rL+IfiMv4BAAAAAAAAAAAAAAAAAAAAAAAAAABgoM6dPZstqysPrk1n9ZkrS4tztSsnZtL6XHl+cbo8XVu4XJ6t1WaraXm6Nt/r91VrtcsTk7F4dbyR1hvj9aXl8/O1xUuN8xfnK7Pp+XTkP2kVAAAAAAAAAAAAAAAAAAAAPF/qS8tzlWo1XVDoWjgdO+Iw+i4kvXr5dH4y9BViePsbqPAMCts8MQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAm38DAAD//wC8MHI=") mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc) fallocate(r0, 0x0, 0x0, 0x8800000) r1 = open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x21) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x1600, 0x0, 0x3) 441.831028ms ago: executing program 2 (id=2009): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x6) fchdir(r1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181042, 0x15) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x4a302, 0x8c) pwritev2(r2, &(0x7f0000000480)=[{&(0x7f00000003c0)="7f", 0x1}], 0x1, 0x5412, 0x0, 0x0) 363.466121ms ago: executing program 0 (id=2010): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r1 = syz_clone(0xd104200, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(r1, &(0x7f00000000c0)='net/kcm\x00') 363.019692ms ago: executing program 2 (id=2011): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x2ddfdbff, 0x2ffffffff}, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0x4f}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x37}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, {0x24, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REDIR_FLAGS={0x8}, @NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xb0}, 0x1, 0x0, 0x0, 0x40}, 0x24000840) 362.823351ms ago: executing program 6 (id=2012): bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000140)='./file0\x00', 0x0, 0x10}, 0x18) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r2 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) sendmsg$kcm(r2, &(0x7f0000000100)={&(0x7f0000001540)=@tipc=@name={0x1e, 0x2, 0x3, {{0x40, 0x2000}, 0x1}}, 0x80, 0x0}, 0x0) 330.140523ms ago: executing program 6 (id=2013): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10c093, 0x2, @perf_config_ext={0x100000001, 0xdd5}, 0x0, 0x0, 0x10000, 0x2, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r1, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e1c}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r0, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x480d0) 324.117234ms ago: executing program 0 (id=2014): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000000)={[{@max_batch_time={'max_batch_time', 0x3d, 0x101}}, {@debug}, {@journal_dev={'journal_dev', 0x3d, 0x7}}]}, 0x1, 0x5fd, &(0x7f00000006c0)="$eJzs3c9vFFUcAPDv7LalpWALMSoepIkxkCgtLWCI8QBXYxr8ES9erLQgoUDT1mjRhJLgxcR4McbEkwfxv1AiV0960YMXT4aEqOFo4prZ7vTnbH8s7Q4wn0+y7My8ebw3LN++t6/vzQRQWgPpH5WIAxExlUT0JfOLaR3RSBxYOO/ePx+fTV9J1Gpv/JVE0jiWnZ803nsbmbsj4ucfk9hfXVvuzNzVi2OTkxPTjf2h2UtTQzNzV49cuDR2fuL8xOWRF0dOnjh+4uTw0Zau69raQ2l1Puj7dPTtb7/+Nxn+7vfRJE7FK40Tl1/HdhmIgfq/SbI2qffkdhdWkGrj/8nyjzjpKLBCbEn2+XVGxJPRF9VY+vD64pPXCq0csKNqSUQNKKlE/ENJZf2A7Lv96u/BlUJ6JUA73D29MACwNv47FsYGo7s+NrD7XhLLh3WSiGhtZG6lPRHx0+3RG+duj96Y3rsz43BAvvnrEfHUsvjvylKSevz3R3f01+O/siL+037BmcZ7evz1FstfPVQs/qF9FuK/O6f9X4r/aBL/7yyL/3dbLH9gafO9nhXx39PqJQEAAAAAAEBp3TodES/kzf+pLM7/iZz5P70RcWobyh9Ytb/29/+VO9tQDJDj7umIl3Pn/1aiujD7t7/a+D3/3vp8gM7k3IXJiaMR8VhEHI7OXen+8DplHPls/1fN0gYa8/+yV1p++r50RuVOx66VecbHZsfu97qBiLvXI57Onf+bLLb/SU77n/48mNpkGfufu3mmWdrG8Q/slNo3EYdy2/+lu1Yk69+fY6jeHxjKegVrPfPR5983K7/V+HeLCbh/afu/e/3470+W369nZutlHJvrqDVLa7X/35W8Wb/lTLZc4cOx2dnp4Yie5NVqenTF8ZGt1xkeRVk8ZPGSxv/hZ9cf/8vr//dExPyqvzv5e+Wa4swT//X+0aw++v9QnDT+x7fU/jfdSOYjcpNGbvb/0Kz8zbX/x+tt/eHGEeN/sODLLEy7Vh7PCdCOvKR21xcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgWViNgTSWVwcbtSGRyM6I2Ix2N3ZfLKzOzz5668f3k8Tas//7+SPem3b2E/yZ7/379sf2TV/rGI2BcRX1R76vuDZ69Mjhd98QAAAAAAAAAAAAAAAAAAAPCA6G2y/j/1Z7Xo2gE7rqPoCgCFyYn/X4qoB9B+2n8oL/EP5SX+obzEP5SX+IfyEv9QXuIfykv8AwAAAADAI2XfwVu/JREx/1JP/ZXqaqR1FlozYKdViq4AUBi3+IHyMvUHyst3fCDZIL27aaaNcjbLnJo6u3FmAAAAAAAAAAAAACBz6ID1/1BW1v9DeVn/D+WVrf8/WHA9gPZr+Tt+0zW9wMNovZX8zcN9E+v/AQAAAAAAAAAAAIBtMTN39eLY5OTEdPs2fm089Cv3nJ6IaHN9so23iii02I1arXat/lE8IPV5yDeyqfCbz9WdHwU7s5Gt9dtcroJ+IAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGv8HwAA//+xpBxA") r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x4040, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000cc0)=@raw={'raw\x00', 0x9, 0x3, 0x200, 0x128, 0xffffffff, 0xffffffff, 0x128, 0xffffffff, 0x1b8, 0xffffffff, 0xffffffff, 0x1b8, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x8, 0xb387, 0x10000, 'snmp_trap\x00', 'syz1\x00', {0xf}}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x260) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 0s ago: executing program 6 (id=2015): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) ioprio_set$pid(0x2, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0x1, 0x4) write(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): t: type=1400 audit(1774267933.777:1154): avc: denied { ioctl } for pid=4709 comm="syz.0.433" path="socket:[8116]" dev="sockfs" ino=8116 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 49.012165][ T4708] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 49.150931][ T4708] FAT-fs (loop2): error, invalid FAT chain (i_pos 196, last_block 8200) [ 49.173752][ T4708] FAT-fs (loop2): Filesystem has been set read-only [ 49.225559][ T4707] FAT-fs (loop2): error, corrupted file size (i_pos 196, 2057) [ 49.516040][ T4733] loop5: detected capacity change from 0 to 8192 [ 49.608107][ T4733] syz.5.444: attempt to access beyond end of device [ 49.608107][ T4733] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 49.666058][ T4733] Buffer I/O error on dev loop5, logical block 57847, async page read [ 49.754314][ T4733] syz.5.444: attempt to access beyond end of device [ 49.754314][ T4733] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 49.803515][ T4733] Buffer I/O error on dev loop5, logical block 57847, async page read [ 49.836881][ T4733] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1) [ 49.859863][ T4733] FAT-fs (loop5): Filesystem has been set read-only [ 49.882310][ T4733] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000e1b1) [ 50.251973][ T28] audit: type=1400 audit(1774267935.047:1155): avc: denied { create } for pid=4748 comm="syz.2.450" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 50.337816][ T4758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.350290][ T28] audit: type=1400 audit(1774267935.047:1156): avc: denied { write } for pid=4748 comm="syz.2.450" name="file0" dev="tmpfs" ino=358 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 50.373190][ T4760] loop5: detected capacity change from 0 to 256 [ 50.384467][ T4758] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.392863][ T4760] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 50.398095][ T28] audit: type=1400 audit(1774267935.047:1157): avc: denied { open } for pid=4748 comm="syz.2.450" path="/65/file0" dev="tmpfs" ino=358 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 50.428737][ T28] audit: type=1400 audit(1774267935.047:1158): avc: denied { ioctl } for pid=4748 comm="syz.2.450" path="/65/file0" dev="tmpfs" ino=358 ioctlcmd=0x1269 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 50.454226][ T28] audit: type=1400 audit(1774267935.097:1159): avc: denied { unlink } for pid=3316 comm="syz-executor" name="file0" dev="tmpfs" ino=358 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 50.477990][ T28] audit: type=1400 audit(1774267935.127:1160): avc: denied { ioctl } for pid=4757 comm="syz.4.452" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 50.609271][ T28] audit: type=1400 audit(1774267935.197:1161): avc: denied { read } for pid=4757 comm="syz.4.452" name="event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 50.634743][ T4758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 50.654919][ T4758] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 50.695937][ T28] audit: type=1400 audit(1774267935.197:1162): avc: denied { open } for pid=4757 comm="syz.4.452" path="/dev/input/event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 50.966314][ T4768] FAT-fs (loop5): error, invalid FAT chain (i_pos 196, last_block 8200) [ 50.975743][ T4768] FAT-fs (loop5): Filesystem has been set read-only [ 51.432967][ T28] audit: type=1400 audit(1774267936.237:1163): avc: denied { read } for pid=4800 comm="syz.4.470" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 51.575354][ T4816] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.582750][ T4816] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.592653][ T4824] netlink: 'syz.5.473': attribute type 4 has an invalid length. [ 51.623889][ T4823] loop0: detected capacity change from 0 to 1024 [ 51.660316][ T4823] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.794168][ T4816] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 51.811070][ T4816] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 51.894840][ T56] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 51.904382][ T56] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.940376][ T56] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 51.962123][ T56] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.996049][ T56] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 52.035763][ T56] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.065332][ T56] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 52.087067][ T56] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.158817][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.319916][ T4844] __nla_validate_parse: 4 callbacks suppressed [ 52.319937][ T4844] netlink: 8 bytes leftover after parsing attributes in process `syz.4.482'. [ 52.358859][ T4846] loop0: detected capacity change from 0 to 764 [ 52.380935][ T4848] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 52.499502][ T4858] netlink: 'syz.0.489': attribute type 39 has an invalid length. [ 52.600480][ T4870] netlink: 16178 bytes leftover after parsing attributes in process `syz.5.496'. [ 52.658942][ T4878] capability: warning: `syz.2.499' uses 32-bit capabilities (legacy support in use) [ 52.831892][ T4894] netlink: 'syz.0.504': attribute type 10 has an invalid length. [ 52.862874][ T4894] team0: Port device dummy0 added [ 52.888140][ T4897] netlink: 'syz.0.504': attribute type 10 has an invalid length. [ 52.962900][ T4897] team0: Port device dummy0 removed [ 52.974260][ T4897] bridge1: port 1(dummy0) entered blocking state [ 52.981541][ T4897] bridge1: port 1(dummy0) entered disabled state [ 52.988359][ T4897] dummy0: entered allmulticast mode [ 52.994354][ T4897] dummy0: entered promiscuous mode [ 53.214880][ T4915] netlink: 40 bytes leftover after parsing attributes in process `syz.1.513'. [ 53.347061][ T4929] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.867900][ T4969] netlink: 44 bytes leftover after parsing attributes in process `syz.1.536'. [ 54.063729][ T4972] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 54.212595][ T4979] loop5: detected capacity change from 0 to 128 [ 54.293554][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 54.293572][ T28] audit: type=1400 audit(1774267939.097:1180): avc: denied { getopt } for pid=4982 comm="syz.5.543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 54.378332][ T4991] netlink: 8 bytes leftover after parsing attributes in process `syz.5.546'. [ 54.390085][ T4991] netlink: 12 bytes leftover after parsing attributes in process `syz.5.546'. [ 54.408336][ T4991] netlink: 8 bytes leftover after parsing attributes in process `syz.5.546'. [ 54.418227][ T4991] netlink: 12 bytes leftover after parsing attributes in process `syz.5.546'. [ 54.559232][ T5008] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.632380][ T5008] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 54.646606][ T5008] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 54.812247][ T261] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.832623][ T261] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.854544][ T261] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.911259][ T261] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.007620][ T5047] netlink: 'syz.1.564': attribute type 12 has an invalid length. [ 55.016384][ T5047] netlink: 'syz.1.564': attribute type 29 has an invalid length. [ 55.024620][ T5047] netlink: 148 bytes leftover after parsing attributes in process `syz.1.564'. [ 55.034400][ T5047] netlink: 'syz.1.564': attribute type 2 has an invalid length. [ 55.042565][ T5047] netlink: 43 bytes leftover after parsing attributes in process `syz.1.564'. [ 55.215514][ T28] audit: type=1400 audit(1774267940.017:1181): avc: denied { execute_no_trans } for pid=5063 comm="syz.0.570" path="/117/file0" dev="tmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 55.352913][ T28] audit: type=1400 audit(1774267940.157:1182): avc: denied { getopt } for pid=5070 comm="syz.0.573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 55.428503][ T5059] loop2: detected capacity change from 0 to 512 [ 55.474372][ T5059] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 55.613808][ T5073] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.621175][ T5073] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.674265][ T5081] loop2: detected capacity change from 0 to 512 [ 55.690745][ T5081] EXT4-fs: Ignoring removed bh option [ 55.709110][ T5081] EXT4-fs: inline encryption not supported [ 55.723386][ T5081] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 55.793434][ T5073] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 55.809136][ T5081] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1142: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 55.832799][ T5073] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 55.866013][ T5081] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.579: bg 0: block 248: padding at end of block bitmap is not set [ 55.893848][ T5081] loop2: lost filesystem error report for type 5 error -117 [ 55.895836][ T5081] Quota error (device loop2): write_blk: dquota write failed [ 55.903253][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 55.903270][ C1] EXT4-fs (loop2): last error at time 1774267940: ext4_validate_block_bitmap:441 [ 55.926770][ T5081] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 55.937013][ T5081] EXT4-fs error (device loop2): ext4_acquire_dquot:7001: comm syz.2.579: Failed to acquire dquot type 1 [ 55.948377][ T5081] loop2: lost filesystem error report for type 5 error -117 [ 55.949043][ T5081] EXT4-fs (loop2): 1 truncate cleaned up [ 55.972572][ T5081] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 56.001554][ T5081] syz.2.579 (5081) used greatest stack depth: 9160 bytes left [ 56.079110][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 56.110540][ T56] Quota error (device loop2): do_check_range: Getting block 0 out of range 1-5 [ 56.123569][ T50] netdevsim netdevsim5 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.145039][ T56] EXT4-fs error (device loop2): ext4_release_dquot:7037: comm kworker/u8:4: Failed to release dquot type 1 [ 56.160330][ T50] netdevsim netdevsim5 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.195364][ T50] netdevsim netdevsim5 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.204124][ T56] loop2: lost filesystem error report for type 5 error -117 [ 56.210682][ T50] netdevsim netdevsim5 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.295248][ T5103] loop5: detected capacity change from 0 to 512 [ 56.316175][ T5103] EXT4-fs: Ignoring removed mblk_io_submit option [ 56.330070][ T5105] TCP: TCP_TX_DELAY enabled [ 56.336330][ T5103] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 56.357278][ T5103] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.422999][ T5103] ext4 filesystem being mounted at /98/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 56.490690][ T3623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.703206][ T28] audit: type=1400 audit(1774267941.507:1183): avc: denied { mount } for pid=5121 comm="syz.4.595" name="/" dev="hugetlbfs" ino=10533 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 56.735519][ T5120] loop5: detected capacity change from 0 to 8192 [ 56.803685][ T5120] FAT-fs (loop5): error, clusters badly computed (2 != 1) [ 56.828083][ T5120] FAT-fs (loop5): Filesystem has been set read-only [ 56.898489][ T5128] loop4: detected capacity change from 0 to 512 [ 56.928053][ T5128] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 56.961761][ T5128] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.982634][ T5128] ext4 filesystem being mounted at /138/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 57.151045][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.262234][ T5165] sch_tbf: burst 12 is lower than device bridge1 mtu (1514) ! [ 57.305720][ T5167] netlink: 'syz.5.616': attribute type 15 has an invalid length. [ 57.372354][ T5169] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.379763][ T5169] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.436480][ T5169] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 57.447159][ T5169] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 57.501861][ T261] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.536883][ T261] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.563147][ T261] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.582049][ T261] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.831680][ T5174] loop5: detected capacity change from 0 to 512 [ 57.857188][ T28] audit: type=1400 audit(1774267942.657:1184): avc: denied { bind } for pid=5180 comm="syz.4.622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 57.882416][ T5182] loop2: detected capacity change from 0 to 512 [ 57.900473][ T28] audit: type=1400 audit(1774267942.657:1185): avc: denied { listen } for pid=5180 comm="syz.4.622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 57.926939][ T5182] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 57.947493][ T28] audit: type=1400 audit(1774267942.747:1186): avc: denied { read write } for pid=5184 comm="syz.0.623" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 57.957076][ T5174] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities [ 57.995695][ T5182] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.014798][ T5182] ext4 filesystem being mounted at /104/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 58.278648][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.498897][ T5212] sit1: entered allmulticast mode [ 58.549594][ T5219] loop5: detected capacity change from 0 to 512 [ 58.680019][ T5230] rdma_op ffff88811acac580 conn xmit_rdma 0000000000000000 [ 58.783036][ T5236] 9pnet: p9_errstr2errno: server reported unknown error 0x0000 [ 58.905675][ T3392] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 58.927439][ T3392] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 59.413974][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 59.413992][ T28] audit: type=1400 audit(1774267944.217:1193): avc: denied { bind } for pid=5270 comm="syz.0.660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 59.528955][ T28] audit: type=1400 audit(1774267944.267:1194): avc: denied { allowed } for pid=5272 comm="syz.0.661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 59.573498][ T28] audit: type=1400 audit(1774267944.367:1195): avc: denied { read write } for pid=5280 comm="syz.0.665" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 59.624828][ T5028] kernel write not supported for file bpf-prog (pid: 5028 comm: kworker/0:9) [ 59.642207][ T5024] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 59.649581][ T28] audit: type=1400 audit(1774267944.367:1196): avc: denied { open } for pid=5280 comm="syz.0.665" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 59.677134][ T5024] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz1] on syz0 [ 59.680271][ T28] audit: type=1400 audit(1774267944.427:1197): avc: denied { mounton } for pid=5284 comm="syz.4.667" path="/158/file0" dev="tmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 59.821634][ T56] tipc: Subscription rejected, illegal request [ 59.830291][ T28] audit: type=1400 audit(1774267944.617:1198): avc: denied { connect } for pid=5298 comm="syz.4.673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 59.978997][ T5307] netlink: 'syz.5.676': attribute type 1 has an invalid length. [ 60.042140][ T5307] 8021q: adding VLAN 0 to HW filter on device bond1 [ 60.104519][ T5312] bond1: (slave bridge2): making interface the new active one [ 60.116273][ T5316] loop0: detected capacity change from 0 to 128 [ 60.124593][ T5312] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 60.202689][ T5316] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 60.231847][ T5316] ext4 filesystem being mounted at /135/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 60.270586][ T5330] __nla_validate_parse: 3 callbacks suppressed [ 60.270598][ T5330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.684'. [ 60.305557][ T28] audit: type=1400 audit(1774267945.097:1199): avc: denied { remove_name } for pid=5315 comm="syz.0.679" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 60.350189][ T5333] mmap: syz.2.685 (5333) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 60.383808][ T3310] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 60.476051][ T28] audit: type=1400 audit(1774267945.277:1200): avc: denied { create } for pid=5345 comm="syz.5.692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 60.537502][ T28] audit: type=1400 audit(1774267945.277:1201): avc: denied { bind } for pid=5345 comm="syz.5.692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 60.600261][ T5024] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 60.613860][ T28] audit: type=1400 audit(1774267945.277:1202): avc: denied { node_bind } for pid=5345 comm="syz.5.692" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 60.635121][ T5024] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 61.023395][ T5401] netlink: 8 bytes leftover after parsing attributes in process `syz.1.705'. [ 61.235592][ T5427] netlink: 4 bytes leftover after parsing attributes in process `syz.4.709'. [ 61.798943][ T5343] kexec: Could not allocate control_code_buffer [ 61.976115][ T5538] loop5: detected capacity change from 0 to 4096 [ 62.002221][ T5538] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.137572][ T3623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.286375][ T5554] loop4: detected capacity change from 0 to 1024 [ 62.337510][ T5554] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 62.511336][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.603474][ T3392] Process accounting resumed [ 62.665165][ T5599] syzkaller1: entered promiscuous mode [ 62.671646][ T5599] syzkaller1: entered allmulticast mode [ 62.877654][ T5616] SELinux: failed to load policy [ 63.239415][ T5635] netlink: 'syz.5.764': attribute type 1 has an invalid length. [ 63.254330][ T5635] 8021q: adding VLAN 0 to HW filter on device bond2 [ 63.276386][ T5635] bond2: (slave geneve2): making interface the new active one [ 63.286223][ T5635] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 63.295882][ T5465] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.318564][ T5465] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.330310][ T5465] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.347768][ T5465] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.494928][ T5655] netlink: 4 bytes leftover after parsing attributes in process `syz.5.772'. [ 64.197302][ T5694] netlink: 'syz.1.790': attribute type 1 has an invalid length. [ 64.212466][ T5694] 8021q: adding VLAN 0 to HW filter on device bond2 [ 64.234549][ T5694] bond2: (slave geneve3): making interface the new active one [ 64.245297][ T5694] bond2: (slave geneve3): Enslaving as an active interface with an up link [ 64.256662][ T56] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 64.266109][ T56] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 64.279913][ T5465] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 64.299624][ T5465] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 64.399586][ T5708] netlink: 'syz.0.796': attribute type 1 has an invalid length. [ 64.426184][ T5708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.447936][ T5708] bond0: (slave geneve2): making interface the new active one [ 64.491485][ T5708] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 64.501869][ T5473] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.511521][ T5473] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.534337][ T5473] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.545779][ T28] kauditd_printk_skb: 32 callbacks suppressed [ 64.545796][ T28] audit: type=1400 audit(1774267949.357:1235): avc: denied { sqpoll } for pid=5714 comm="syz.5.799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 64.590619][ T5710] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 64.616328][ T5473] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.767723][ T5736] loop4: detected capacity change from 0 to 512 [ 64.777201][ T5736] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 64.796756][ T5736] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 64.902168][ T5736] EXT4-fs (loop4): 1 truncate cleaned up [ 64.908282][ T5736] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.927454][ T28] audit: type=1400 audit(1774267949.737:1236): avc: denied { mounton } for pid=5734 comm="syz.4.808" path="/183/file2/file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 65.413447][ T28] audit: type=1400 audit(1774267950.217:1237): avc: denied { shutdown } for pid=5744 comm="syz.5.810" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 65.589543][ T5736] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 65.626489][ T3315] EXT4-fs error (device loop4): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 65.647016][ T3315] EXT4-fs error (device loop4): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39 [ 65.651750][ T5750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.812'. [ 65.669777][ T5750] netlink: 64 bytes leftover after parsing attributes in process `syz.0.812'. [ 65.679418][ T5750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.812'. [ 65.764432][ T28] audit: type=1400 audit(1774267950.557:1238): avc: denied { watch watch_reads } for pid=5762 comm="syz.0.819" path="/157/file1" dev="tmpfs" ino=834 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 65.803893][ T28] audit: type=1400 audit(1774267950.557:1239): avc: denied { execute } for pid=5762 comm="syz.0.819" name="file1" dev="tmpfs" ino=834 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 65.828996][ T3315] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.843800][ T28] audit: type=1400 audit(1774267950.557:1240): avc: denied { execute_no_trans } for pid=5762 comm="syz.0.819" path="/157/file1" dev="tmpfs" ino=834 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 65.957686][ T5778] Driver unsupported XDP return value 0 on prog (id 157) dev N/A, expect packet loss! [ 66.108032][ T28] audit: type=1400 audit(1774267950.907:1241): avc: denied { write } for pid=5784 comm="syz.2.829" path="socket:[11629]" dev="sockfs" ino=11629 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 66.437690][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.451004][ T5794] netlink: 4 bytes leftover after parsing attributes in process `syz.0.830'. [ 66.464563][ T5789] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 66.482305][ T5792] netlink: 'syz.2.831': attribute type 2 has an invalid length. [ 66.567610][ T28] audit: type=1400 audit(1774267951.367:1242): avc: denied { setopt } for pid=5801 comm="syz.2.833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 66.592717][ T5487] bridge_slave_1: left allmulticast mode [ 66.598674][ T5487] bridge_slave_1: left promiscuous mode [ 66.627093][ T5487] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.637917][ T28] audit: type=1400 audit(1774267951.397:1243): avc: denied { getopt } for pid=5801 comm="syz.2.833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 66.664891][ T5487] bridge_slave_0: left allmulticast mode [ 66.678647][ T5487] bridge_slave_0: left promiscuous mode [ 66.708869][ T5487] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.710194][ T28] audit: type=1400 audit(1774267951.507:1244): avc: denied { ioctl } for pid=5812 comm="syz.5.836" path="socket:[11672]" dev="sockfs" ino=11672 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 66.812293][ T5487] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 66.823590][ T5487] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 66.833065][ T5487] bond0 (unregistering): Released all slaves [ 66.841766][ T5487] bond1 (unregistering): (slave bond2): Releasing backup interface [ 66.851050][ T5487] bond2 (unregistering): left promiscuous mode [ 66.864271][ T5487] bond1 (unregistering): Released all slaves [ 66.876017][ T5487] bond2 (unregistering): Released all slaves [ 66.928300][ T5487] hsr_slave_0: left promiscuous mode [ 66.957533][ T5487] hsr_slave_1: left promiscuous mode [ 66.973097][ T5487] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 67.042519][ T5487] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.105090][ T5487] team0 (unregistering): Port device team_slave_1 removed [ 67.119528][ T5487] team0 (unregistering): Port device team_slave_0 removed [ 67.245916][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 67.343748][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.362060][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.374159][ T5781] bridge_slave_0: entered allmulticast mode [ 67.408214][ T5781] bridge_slave_0: entered promiscuous mode [ 67.416845][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.425690][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.440596][ T5781] bridge_slave_1: entered allmulticast mode [ 67.450853][ T5781] bridge_slave_1: entered promiscuous mode [ 67.473746][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.490689][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.551042][ T5865] loop5: detected capacity change from 0 to 512 [ 67.559065][ T5781] team0: Port device team_slave_0 added [ 67.576789][ T5781] team0: Port device team_slave_1 added [ 67.620826][ T5865] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 67.653956][ T5865] ext4 filesystem being mounted at /153/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.694768][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.720038][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.762532][ T3623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.776032][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.811799][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.820553][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 67.857057][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.933749][ T5781] hsr_slave_0: entered promiscuous mode [ 67.941208][ T5781] hsr_slave_1: entered promiscuous mode [ 67.947235][ T5781] debugfs: 'hsr0' already exists in 'hsr' [ 67.953498][ T5781] Cannot create hsr debugfs directory [ 68.153088][ T5914] tipc: Started in network mode [ 68.160233][ T5914] tipc: Node identity ac1414aa, cluster identity 4711 [ 68.174827][ T5914] tipc: Enabled bearer , priority 10 [ 68.191544][ T5781] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 68.202541][ T5781] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 68.219978][ T5781] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 68.235173][ T5781] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 68.305601][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.319716][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.340032][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.347237][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.378970][ T5489] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.386071][ T5489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.492151][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.659584][ T5781] veth0_vlan: entered promiscuous mode [ 68.673369][ T5781] veth1_vlan: entered promiscuous mode [ 68.700309][ T5781] veth0_macvtap: entered promiscuous mode [ 68.712501][ T5781] veth1_macvtap: entered promiscuous mode [ 68.736072][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.755282][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.774418][ T5489] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.789063][ T5489] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.801269][ T5489] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.812716][ T5489] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.945550][ T5994] netlink: 'syz.6.873': attribute type 7 has an invalid length. [ 68.954322][ T5994] netlink: 'syz.6.873': attribute type 7 has an invalid length. [ 69.127342][ T6007] loop5: detected capacity change from 0 to 1024 [ 69.134623][ T6007] EXT4-fs: Ignoring removed orlov option [ 69.163141][ T6007] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.205679][ T3623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.244286][ T6013] delete_channel: no stack [ 69.291935][ T5026] tipc: Node number set to 2886997162 [ 69.351071][ T6029] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 69.495579][ T6044] netlink: 4580 bytes leftover after parsing attributes in process `syz.5.893'. [ 69.510862][ T6044] netlink: 4580 bytes leftover after parsing attributes in process `syz.5.893'. [ 69.522239][ T6046] loop2: detected capacity change from 0 to 512 [ 69.651315][ T6046] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.674881][ T6046] ext4 filesystem being mounted at /154/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.720331][ T6046] EXT4-fs (loop2): shut down requested (0) [ 69.731292][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 69.731309][ T28] audit: type=1400 audit(1774267954.537:1259): avc: denied { read } for pid=2979 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 69.770250][ T28] audit: type=1400 audit(1774267954.537:1260): avc: denied { search } for pid=2979 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 69.794260][ T28] audit: type=1400 audit(1774267954.537:1261): avc: denied { search } for pid=2979 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 69.817452][ T28] audit: type=1400 audit(1774267954.537:1262): avc: denied { add_name } for pid=2979 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 69.855957][ T28] audit: type=1400 audit(1774267954.537:1263): avc: denied { create } for pid=2979 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 69.879328][ T28] audit: type=1400 audit(1774267954.537:1264): avc: denied { append open } for pid=2979 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 69.906120][ T28] audit: type=1400 audit(1774267954.537:1265): avc: denied { getattr } for pid=2979 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 69.930575][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.974784][ T6067] 9p: Unknown uid 00000000004294967295 [ 70.042235][ T6076] netlink: 104 bytes leftover after parsing attributes in process `syz.5.905'. [ 70.046405][ T6077] loop0: detected capacity change from 0 to 512 [ 70.056812][ T6064] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 70.091163][ T6077] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 70.140784][ T6077] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 70.162688][ T6077] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 70.185006][ T6065] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 70.205009][ T6077] System zones: 0-2, 18-18, 34-35 [ 70.234965][ T6077] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 70.280323][ T28] audit: type=1400 audit(1774267955.087:1266): avc: denied { remount } for pid=6075 comm="syz.0.906" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 70.319927][ T6077] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 70.344768][ T6077] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 70.357150][ T6077] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 70.445330][ T6077] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.906: bg 0: block 353: padding at end of block bitmap is not set [ 70.466953][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.1.917'. [ 70.492400][ T6106] netlink: 'syz.1.917': attribute type 2 has an invalid length. [ 70.537434][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.671926][ T28] audit: type=1400 audit(1774267955.477:1267): avc: denied { read } for pid=5026 comm="kworker/1:11" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=13253 scontext=system_u:system_r:kernel_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 71.156950][ T6152] loop0: detected capacity change from 0 to 128 [ 71.181940][ T28] audit: type=1400 audit(1774267955.987:1268): avc: denied { watch } for pid=6151 comm="syz.0.936" path="/174/file0/file1" dev="loop0" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 71.582471][ T6168] loop6: detected capacity change from 0 to 512 [ 71.593422][ T6168] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended [ 71.603490][ T6168] EXT4-fs (loop6): couldn't mount as ext2 due to feature incompatibilities [ 73.448680][ T6102] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 73.497735][ T6195] netlink: 48 bytes leftover after parsing attributes in process `syz.6.956'. [ 73.920393][ T6231] sctp: [Deprecated]: syz.1.968 (pid 6231) Use of struct sctp_assoc_value in delayed_ack socket option. [ 73.920393][ T6231] Use struct sctp_sack_info instead [ 74.832223][ T6252] netlink: 'syz.2.975': attribute type 1 has an invalid length. [ 74.850883][ T6252] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 74.887781][ T6252] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 74.905087][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 74.905105][ T28] audit: type=1400 audit(1774267959.707:1273): avc: denied { override_creds } for pid=6254 comm="syz.5.976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 74.911824][ T6252] bond2: (slave ip6gre1): making interface the new active one [ 74.963895][ T6252] bond2: (slave ip6gre1): Enslaving as an active interface with an up link [ 75.044179][ T28] audit: type=1326 audit(1774267959.807:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6260 comm="syz.6.979" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f794324c799 code=0x0 [ 75.123498][ T28] audit: type=1400 audit(1774267959.927:1275): avc: denied { write } for pid=6267 comm="syz.5.982" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 75.151062][ T6269] loop2: detected capacity change from 0 to 512 [ 75.243334][ T6274] netlink: 44 bytes leftover after parsing attributes in process `syz.1.984'. [ 75.265293][ T6274] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.272615][ T6274] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.294722][ T6279] netlink: 44 bytes leftover after parsing attributes in process `syz.1.984'. [ 75.314537][ T6278] loop5: detected capacity change from 0 to 512 [ 75.339802][ T6278] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 75.372663][ T6278] EXT4-fs (loop5): 1 truncate cleaned up [ 75.385580][ T6278] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.489548][ T3623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.545673][ T6294] netlink: 'syz.1.992': attribute type 29 has an invalid length. [ 75.573867][ T6294] netlink: 'syz.1.992': attribute type 29 has an invalid length. [ 75.593512][ T6294] netlink: 500 bytes leftover after parsing attributes in process `syz.1.992'. [ 75.666165][ T6214] syz.0.963 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 75.695229][ T6302] loop2: detected capacity change from 0 to 512 [ 75.724120][ T6302] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.734304][ T6214] CPU: 0 UID: 0 PID: 6214 Comm: syz.0.963 Not tainted syzkaller #0 PREEMPT(full) [ 75.734332][ T6214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 75.734343][ T6214] Call Trace: [ 75.734351][ T6214] [ 75.734359][ T6214] __dump_stack+0x1d/0x30 [ 75.734443][ T6214] dump_stack_lvl+0x95/0xd0 [ 75.734536][ T6214] dump_stack+0x15/0x1b [ 75.734558][ T6214] dump_header+0x80/0x240 [ 75.734581][ T6214] oom_kill_process+0x295/0x350 [ 75.734624][ T6214] out_of_memory+0x97d/0xb80 [ 75.734647][ T6214] try_charge_memcg+0x62e/0xa10 [ 75.734683][ T6214] obj_cgroup_charge_pages+0x23/0xc0 [ 75.734712][ T6214] __memcg_kmem_charge_page+0x9e/0x170 [ 75.734739][ T6214] __alloc_frozen_pages_noprof+0x18a/0x360 [ 75.734769][ T6214] alloc_pages_mpol+0xb3/0x260 [ 75.734875][ T6214] alloc_pages_noprof+0x8f/0x130 [ 75.734902][ T6214] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 75.734936][ T6214] __kvmalloc_node_noprof+0x3d4/0x650 [ 75.735006][ T6214] ? ip_set_alloc+0x24/0x30 [ 75.735108][ T6214] ? ip_set_alloc+0x24/0x30 [ 75.735133][ T6214] ? __kmalloc_cache_noprof+0x18a/0x410 [ 75.735158][ T6214] ip_set_alloc+0x24/0x30 [ 75.735224][ T6214] hash_netiface_create+0x282/0x740 [ 75.735290][ T6214] ? __pfx_hash_netiface_create+0x10/0x10 [ 75.735317][ T6214] ip_set_create+0x3cf/0x970 [ 75.735358][ T6214] ? __nla_parse+0x40/0x60 [ 75.735395][ T6214] nfnetlink_rcv_msg+0x509/0x5d0 [ 75.735441][ T6214] netlink_rcv_skb+0x123/0x220 [ 75.735534][ T6214] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 75.735564][ T6214] nfnetlink_rcv+0x167/0x1720 [ 75.735597][ T6214] ? __kfree_skb+0x109/0x150 [ 75.735673][ T6214] ? nlmon_xmit+0x4f/0x60 [ 75.735707][ T6214] ? consume_skb+0x4b/0x160 [ 75.735733][ T6214] ? nlmon_xmit+0x4f/0x60 [ 75.735753][ T6214] ? dev_hard_start_xmit+0x3b9/0x3f0 [ 75.735784][ T6214] ? __dev_queue_xmit+0x136c/0x1f20 [ 75.735825][ T6214] ? __dev_queue_xmit+0x148/0x1f20 [ 75.735904][ T6214] ? ref_tracker_free+0x37d/0x3e0 [ 75.735933][ T6214] ? __netlink_deliver_tap+0x4dc/0x500 [ 75.736064][ T6214] netlink_unicast+0x5c0/0x690 [ 75.736092][ T6214] netlink_sendmsg+0x5c8/0x6f0 [ 75.736124][ T6214] ? __pfx_netlink_sendmsg+0x10/0x10 [ 75.736172][ T6214] ____sys_sendmsg+0x563/0x5b0 [ 75.736205][ T6214] ___sys_sendmsg+0x195/0x1e0 [ 75.736276][ T6214] __x64_sys_sendmsg+0xd4/0x160 [ 75.736355][ T6214] x64_sys_call+0x194c/0x3020 [ 75.736380][ T6214] do_syscall_64+0x12c/0x370 [ 75.736405][ T6214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.736455][ T6214] RIP: 0033:0x7f394058c799 [ 75.736472][ T6214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.736564][ T6214] RSP: 002b:00007f393efdf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 75.736586][ T6214] RAX: ffffffffffffffda RBX: 00007f3940805fa0 RCX: 00007f394058c799 [ 75.736600][ T6214] RDX: 0000000000000880 RSI: 0000200000000040 RDI: 0000000000000003 [ 75.736614][ T6214] RBP: 00007f3940622c99 R08: 0000000000000000 R09: 0000000000000000 [ 75.736626][ T6214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.736648][ T6214] R13: 00007f3940806038 R14: 00007f3940805fa0 R15: 00007ffea70a7828 [ 75.736739][ T6214] [ 75.736747][ T6214] memory: usage 307200kB, limit 307200kB, failcnt 520 [ 75.891285][ T6302] ext4 filesystem being mounted at /170/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 75.981803][ T6214] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0 [ 76.096038][ T6214] kmem: usage 302288kB, limit 9007199254740988kB, failcnt 0 [ 76.097533][ T28] audit: type=1400 audit(1774267960.897:1276): avc: denied { listen } for pid=6311 comm="syz.6.997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 76.104048][ T6214] Memory cgroup stats for /syz0: [ 76.104267][ T6214] cache 0 [ 76.140557][ T6214] rss 5029888 [ 76.144112][ T6214] shmem 0 [ 76.147171][ T6214] mapped_file 0 [ 76.153131][ T6214] dirty 0 [ 76.153567][ T28] audit: type=1400 audit(1774267960.897:1277): avc: denied { accept } for pid=6311 comm="syz.6.997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 76.177313][ T6214] writeback 0 [ 76.180826][ T6214] workingset_refault_anon 62 [ 76.185480][ T6214] workingset_refault_file 416 [ 76.190617][ T6214] swap 204800 [ 76.194042][ T6214] swapcached 204800 [ 76.199149][ T6214] pgpgin 29624 [ 76.202603][ T28] audit: type=1400 audit(1774267961.007:1278): avc: denied { read write } for pid=6287 comm="syz.2.989" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 76.206152][ T6214] pgpgout 28396 [ 76.227487][ T28] audit: type=1400 audit(1774267961.037:1279): avc: denied { open } for pid=6287 comm="syz.2.989" path="/170/bus/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 76.249930][ T6214] pgfault 45181 [ 76.262154][ T6214] pgmajfault 44 [ 76.268917][ T6214] inactive_anon 0 [ 76.275906][ T6214] active_anon 0 [ 76.282853][ T6214] inactive_file 5029888 [ 76.291662][ T6214] active_file 0 [ 76.298449][ T6214] unevictable 0 [ 76.306638][ T6214] hierarchical_memory_limit 314572800 [ 76.318890][ T6214] hierarchical_memsw_limit 9223372036854771712 [ 76.326932][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.339706][ T6214] total_cache 0 [ 76.359614][ T6214] total_rss 5029888 [ 76.365823][ T6214] total_shmem 0 [ 76.371594][ T6214] total_mapped_file 0 [ 76.376890][ T6214] total_dirty 0 [ 76.381155][ T6214] total_writeback 0 [ 76.385380][ T6214] total_workingset_refault_anon 62 [ 76.390967][ T6214] total_workingset_refault_file 416 [ 76.397565][ T6214] total_swap 204800 [ 76.401988][ T6214] total_swapcached 204800 [ 76.403416][ T28] audit: type=1400 audit(1774267961.207:1280): avc: denied { create } for pid=6324 comm="syz.5.1003" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 76.406388][ T6214] total_pgpgin 29624 [ 76.432866][ T6214] total_pgpgout 28396 [ 76.436971][ T6214] total_pgfault 45183 [ 76.441505][ T6214] total_pgmajfault 44 [ 76.445619][ T6214] total_inactive_anon 0 [ 76.449910][ T6214] total_active_anon 0 [ 76.454378][ T6214] total_inactive_file 5029888 [ 76.457900][ T28] audit: type=1400 audit(1774267961.237:1281): avc: denied { write } for pid=6324 comm="syz.5.1003" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 76.459498][ T6214] total_active_file 0 [ 76.480013][ T28] audit: type=1400 audit(1774267961.237:1282): avc: denied { read } for pid=6324 comm="syz.5.1003" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 76.500348][ T6214] total_unevictable 0 [ 76.508963][ T6214] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.963,pid=6213,uid=0 [ 76.524778][ T6214] Memory cgroup out of memory: Killed process 6213 (syz.0.963) total-vm:96344kB, anon-rss:6140kB, file-rss:22148kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 76.799545][ T6337] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1008'. [ 76.825726][ T6337] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1008'. [ 76.878290][ T6339] netlink: 'syz.5.1009': attribute type 1 has an invalid length. [ 76.893848][ T6339] 8021q: adding VLAN 0 to HW filter on device bond3 [ 77.407958][ T6214] syz.0.963 (6214) used greatest stack depth: 7352 bytes left [ 77.532847][ T6366] netlink: 80 bytes leftover after parsing attributes in process `syz.5.1020'. [ 77.566066][ T6366] netlink: 80 bytes leftover after parsing attributes in process `syz.5.1020'. [ 77.608139][ T6373] loop2: detected capacity change from 0 to 256 [ 77.636053][ T6375] loop5: detected capacity change from 0 to 128 [ 77.909967][ T6396] netlink: 'syz.0.1031': attribute type 1 has an invalid length. [ 77.924047][ T6396] 8021q: adding VLAN 0 to HW filter on device bond1 [ 77.937734][ T6396] bond1: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 78.115962][ T6399] loop6: detected capacity change from 0 to 32768 [ 78.174585][ T3290] loop6: p1 p3 < > [ 78.190214][ T6399] loop6: p1 p3 < > [ 78.277317][ T3301] udevd[3301]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 78.288551][ T3290] udevd[3290]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 78.309718][ T3301] udevd[3301]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 78.321198][ T3290] udevd[3290]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 78.626402][ T6429] loop5: detected capacity change from 0 to 1024 [ 78.655718][ T6429] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.683110][ T6429] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4222: comm syz.5.1044: Allocating blocks 385-513 which overlap fs metadata [ 78.758965][ T6429] EXT4-fs (loop5): pa ffff888106bf62a0: logic 16, phys. 129, len 24 [ 78.767163][ T6429] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5465: group 0, free 0, pa_free 8 [ 78.812307][ T3623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.882849][ T6448] loop0: detected capacity change from 0 to 512 [ 78.904313][ T6448] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.923175][ T6448] ext4 filesystem being mounted at /193/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 79.004234][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.056776][ T6459] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1051'. [ 79.346040][ T6491] loop2: detected capacity change from 0 to 1024 [ 79.370885][ T6491] EXT4-fs: Ignoring removed bh option [ 79.423642][ T6491] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 79.449720][ T6491] ext4 filesystem being mounted at /180/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 79.515029][ T6491] EXT4-fs error (device loop2): ext4_map_blocks:818: inode #15: comm syz.2.1061: lblock 0 mapped to illegal pblock 0 (length 1) [ 79.629528][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 79.756573][ T6521] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1064'. [ 79.876070][ T6524] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 79.902469][ T6524] SELinux: failed to load policy [ 80.069140][ T6551] loop5: detected capacity change from 0 to 128 [ 80.078393][ T6551] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 80.130526][ T6551] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 80.149334][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 80.149353][ T28] audit: type=1400 audit(1774267964.947:1297): avc: denied { read } for pid=6547 comm="syz.2.1071" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 80.254113][ T5473] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 80.595272][ T6581] loop6: detected capacity change from 0 to 1024 [ 80.633403][ T6581] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 80.646486][ T6581] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 80.767077][ T6588] EXT4-fs error (device loop6): ext4_free_blocks:6724: comm syz.6.1083: Freeing blocks not in datazone - block = 0, count = 16 [ 80.836649][ T6580] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.1083: bg 0: block 112: padding at end of block bitmap is not set [ 80.852327][ T6580] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 2688 with max blocks 64 with error 28 [ 80.871208][ T6580] EXT4-fs (loop6): This should not happen!! Data will be lost [ 80.871208][ T6580] [ 80.889751][ T6580] EXT4-fs (loop6): Total free blocks count 0 [ 80.896296][ T6580] EXT4-fs (loop6): Free/Dirty block details [ 80.904421][ T6580] EXT4-fs (loop6): free_blocks=0 [ 80.912669][ T6580] EXT4-fs (loop6): dirty_blocks=64 [ 80.921221][ T6580] EXT4-fs (loop6): Block reservation details [ 80.930780][ T6580] EXT4-fs (loop6): i_reserved_data_blocks=4 [ 80.958312][ T5781] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 81.131605][ T6594] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1087'. [ 81.160246][ T6594] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1087'. [ 81.176476][ T5489] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 81.185860][ T6594] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1087'. [ 81.196418][ T5489] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 81.214427][ T6594] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1087'. [ 81.223925][ T5489] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 81.242251][ T5489] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 81.385782][ T6587] syz.0.1084 invoked oom-killer: gfp_mask=0x402d02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 81.413024][ T6587] CPU: 0 UID: 0 PID: 6587 Comm: syz.0.1084 Not tainted syzkaller #0 PREEMPT(full) [ 81.413057][ T6587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 81.413070][ T6587] Call Trace: [ 81.413077][ T6587] [ 81.413085][ T6587] __dump_stack+0x1d/0x30 [ 81.413170][ T6587] dump_stack_lvl+0x95/0xd0 [ 81.413196][ T6587] dump_stack+0x15/0x1b [ 81.413221][ T6587] dump_header+0x80/0x240 [ 81.413306][ T6587] oom_kill_process+0x295/0x350 [ 81.413329][ T6587] out_of_memory+0x97d/0xb80 [ 81.413352][ T6587] try_charge_memcg+0x62e/0xa10 [ 81.413458][ T6587] obj_cgroup_charge_pages+0x23/0xc0 [ 81.413485][ T6587] __memcg_kmem_charge_page+0x9e/0x170 [ 81.413515][ T6587] __alloc_frozen_pages_noprof+0x18a/0x360 [ 81.413672][ T6587] alloc_pages_mpol+0xb3/0x260 [ 81.413705][ T6587] alloc_pages_noprof+0x8f/0x130 [ 81.413733][ T6587] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 81.413777][ T6587] __kvmalloc_node_noprof+0x3d4/0x650 [ 81.413804][ T6587] ? futex_hash_allocate+0x190/0x9d0 [ 81.413917][ T6587] ? futex_hash_allocate+0x190/0x9d0 [ 81.413983][ T6587] futex_hash_allocate+0x190/0x9d0 [ 81.414012][ T6587] ? cap_task_prctl+0x13f/0x6e0 [ 81.414039][ T6587] futex_hash_prctl+0xd8/0xf0 [ 81.414097][ T6587] __se_sys_prctl+0xa3d/0x13f0 [ 81.414130][ T6587] __x64_sys_prctl+0x67/0x80 [ 81.414158][ T6587] x64_sys_call+0x2533/0x3020 [ 81.414209][ T6587] do_syscall_64+0x12c/0x370 [ 81.414235][ T6587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.414291][ T6587] RIP: 0033:0x7f394058c799 [ 81.414311][ T6587] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 81.414330][ T6587] RSP: 002b:00007f393efdf028 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 81.414350][ T6587] RAX: ffffffffffffffda RBX: 00007f3940805fa0 RCX: 00007f394058c799 [ 81.414411][ T6587] RDX: 0000000001000000 RSI: 0000000000000001 RDI: 000000000000004e [ 81.414427][ T6587] RBP: 00007f3940622c99 R08: 0000000000000000 R09: 0000000000000000 [ 81.414440][ T6587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.414454][ T6587] R13: 00007f3940806038 R14: 00007f3940805fa0 R15: 00007ffea70a7828 [ 81.414475][ T6587] [ 81.419760][ T6587] memory: usage 307200kB, limit 307200kB, failcnt 735 [ 81.670745][ T6587] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 81.678939][ T6587] kmem: usage 306976kB, limit 9007199254740988kB, failcnt 0 [ 81.730123][ T6587] Memory cgroup stats for /syz0: [ 81.730434][ T6587] cache 40960 [ 81.750165][ T6587] rss 188416 [ 81.754104][ T6587] shmem 0 [ 81.765242][ T6587] mapped_file 40960 [ 81.769629][ T6587] dirty 8192 [ 81.780185][ T6587] writeback 0 [ 81.783549][ T6587] workingset_refault_anon 2128 [ 81.788415][ T6587] workingset_refault_file 672 [ 81.804954][ T6587] swap 0 [ 81.820211][ T6587] swapcached 135168 [ 81.830183][ T6587] pgpgin 40819 [ 81.833931][ T6587] pgpgout 40763 [ 81.856545][ T6587] pgfault 58417 [ 81.869938][ T6587] pgmajfault 321 [ 81.880140][ T6587] inactive_anon 176128 [ 81.893128][ T6587] active_anon 12288 [ 81.902960][ T6587] inactive_file 0 [ 81.910369][ T6587] active_file 40960 [ 81.922813][ T6587] unevictable 0 [ 81.932833][ T6587] hierarchical_memory_limit 314572800 [ 81.951502][ T6587] hierarchical_memsw_limit 9223372036854771712 [ 81.967801][ T6587] total_cache 40960 [ 81.974008][ T6587] total_rss 188416 [ 81.983614][ T6587] total_shmem 0 [ 81.998656][ T6587] total_mapped_file 40960 [ 82.018359][ T6587] total_dirty 8192 [ 82.025802][ T6587] total_writeback 0 [ 82.042738][ T6587] total_workingset_refault_anon 2128 [ 82.052745][ T6587] total_workingset_refault_file 672 [ 82.064898][ T6587] total_swap 0 [ 82.070426][ T6587] total_swapcached 135168 [ 82.074825][ T6587] total_pgpgin 40819 [ 82.079004][ T6587] total_pgpgout 40763 [ 82.083380][ T6587] total_pgfault 58419 [ 82.087556][ T6587] total_pgmajfault 321 [ 82.099602][ T6587] total_inactive_anon 176128 [ 82.107179][ T6587] total_active_anon 12288 [ 82.120006][ T6587] total_inactive_file 0 [ 82.132558][ T6587] total_active_file 40960 [ 82.142460][ T6587] total_unevictable 0 [ 82.149650][ T6587] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.1084,pid=6586,uid=0 [ 82.182089][ T6587] Memory cgroup out of memory: Killed process 6587 (syz.0.1084) total-vm:96080kB, anon-rss:1400kB, file-rss:22244kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 82.319838][ T6664] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 82.377860][ T28] audit: type=1400 audit(1774267967.177:1298): avc: denied { read } for pid=6668 comm="syz.0.1100" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 82.435431][ T28] audit: type=1400 audit(1774267967.177:1299): avc: denied { open } for pid=6668 comm="syz.0.1100" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 82.471120][ T28] audit: type=1400 audit(1774267967.217:1300): avc: denied { ioctl } for pid=6668 comm="syz.0.1100" path="/dev/autofs" dev="devtmpfs" ino=91 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 82.497126][ T28] audit: type=1400 audit(1774267967.277:1301): avc: denied { unmount } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 82.830532][ T6714] loop0: detected capacity change from 0 to 512 [ 82.839355][ T6714] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 82.887244][ T6714] EXT4-fs (loop0): 1 truncate cleaned up [ 82.917148][ T6714] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.933264][ T6714] EXT4-fs (loop0): shut down requested (2) [ 82.948776][ T6714] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 82.981658][ T6714] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 83.019358][ T6714] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 83.063116][ T6714] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 83.069538][ T6735] loop6: detected capacity change from 0 to 512 [ 83.102833][ T6714] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 83.107991][ T28] audit: type=1400 audit(1774267967.907:1302): avc: denied { add_name } for pid=6713 comm="syz.0.1110" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 83.149776][ T28] audit: type=1400 audit(1774267967.927:1303): avc: denied { create } for pid=6713 comm="syz.0.1110" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 83.186878][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.459956][ T6772] loop6: detected capacity change from 0 to 512 [ 83.474936][ T6772] EXT4-fs: Ignoring removed orlov option [ 83.493019][ T6772] EXT4-fs: Ignoring removed i_version option [ 83.513000][ T6772] EXT4-fs error (device loop6): ext4_iget_extra_inode:5025: inode #15: comm syz.6.1117: corrupted in-inode xattr: e_value size too large [ 83.568386][ T6772] loop6: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 83.568566][ T6772] EXT4-fs error (device loop6): ext4_orphan_get:1396: comm syz.6.1117: couldn't read orphan inode 15 (err -117) [ 83.578317][ C0] EXT4-fs (loop6): error count since last fsck: 1 [ 83.578336][ C0] EXT4-fs (loop6): initial error at time 1774267968: ext4_iget_extra_inode:5025: inode 15 [ 83.578368][ C0] EXT4-fs (loop6): last error at time 1774267968: ext4_iget_extra_inode:5025: inode 15 [ 83.619355][ T6772] loop6: lost filesystem error report for type 5 error -117 [ 83.619976][ T6772] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.641910][ T28] audit: type=1400 audit(1774267968.447:1304): avc: denied { create } for pid=6771 comm="syz.6.1117" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 83.687225][ T6772] EXT4-fs error (device loop6): ext4_map_blocks:776: inode #2: block 12: comm syz.6.1117: lblock 3 mapped to illegal pblock 12 (length 1) [ 83.725660][ T28] audit: type=1400 audit(1774267968.487:1305): avc: denied { rename } for pid=6771 comm="syz.6.1117" name="file0" dev="loop6" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 83.810711][ T5781] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.858968][ T28] audit: type=1400 audit(1774267968.657:1306): avc: denied { open } for pid=6781 comm="syz.1.1118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 84.796409][ T6839] netlink: 'syz.5.1133': attribute type 1 has an invalid length. [ 85.397413][ T6873] SELinux: ebitmap start bit (32) is not a multiple of the map unit size (64) [ 85.406920][ T6873] SELinux: failed to load policy [ 85.528179][ T6889] netlink: 27 bytes leftover after parsing attributes in process `syz.0.1154'. [ 85.910179][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 85.910195][ T28] audit: type=1400 audit(1774267970.707:1319): avc: denied { read append } for pid=6907 comm="syz.0.1162" name="ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 85.960468][ T28] audit: type=1400 audit(1774267970.707:1320): avc: denied { open } for pid=6907 comm="syz.0.1162" path="/dev/ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 86.019915][ T28] audit: type=1400 audit(1774267970.757:1321): avc: denied { ioctl } for pid=6907 comm="syz.0.1162" path="/dev/ptp0" dev="devtmpfs" ino=247 ioctlcmd=0x3d0c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 86.068238][ T28] audit: type=1400 audit(1774267970.797:1322): avc: denied { watch } for pid=6909 comm="syz.0.1163" path="/217/file1" dev="tmpfs" ino=1145 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 88.279755][ T28] audit: type=1326 audit(1774267973.077:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6936 comm="syz.5.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f473186c799 code=0x7ffc0000 [ 88.346861][ T28] audit: type=1326 audit(1774267973.077:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6936 comm="syz.5.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f473186c799 code=0x7ffc0000 [ 88.379447][ T28] audit: type=1326 audit(1774267973.077:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6936 comm="syz.5.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f473186c799 code=0x7ffc0000 [ 88.407555][ T6955] loop0: detected capacity change from 0 to 1024 [ 88.410474][ T28] audit: type=1326 audit(1774267973.087:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6936 comm="syz.5.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7f473186c799 code=0x7ffc0000 [ 88.444453][ T28] audit: type=1326 audit(1774267973.087:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6936 comm="syz.5.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f473186c799 code=0x7ffc0000 [ 88.474642][ T28] audit: type=1326 audit(1774267973.087:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6936 comm="syz.5.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f473186c799 code=0x7ffc0000 [ 88.507168][ T6955] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.538638][ T6955] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: comm syz.0.1181: inode #1897035249: comm syz.0.1181: iget: illegal inode # [ 88.572106][ T6955] EXT4-fs error (device loop0): ext4_xattr_inode_iget:446: comm syz.0.1181: error while reading EA inode 1897035249 err=-117 [ 88.591185][ T6975] loop5: detected capacity change from 0 to 128 [ 88.595602][ T6973] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1197'. [ 88.622122][ T6975] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 88.657718][ T6975] ext4 filesystem being mounted at /239/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 88.693541][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.728037][ T6983] loop0: detected capacity change from 0 to 512 [ 88.737333][ T3623] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 88.765854][ T6983] EXT4-fs: Ignoring removed orlov option [ 88.780230][ T6983] EXT4-fs: Ignoring removed i_version option [ 88.794587][ T6985] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1192'. [ 88.818179][ T6983] EXT4-fs error (device loop0): ext4_iget_extra_inode:5025: inode #15: comm syz.0.1190: corrupted in-inode xattr: e_value size too large [ 88.835598][ T6983] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 88.836558][ T6983] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.1190: couldn't read orphan inode 15 (err -117) [ 88.846245][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 88.846267][ C1] EXT4-fs (loop0): initial error at time 1774267973: ext4_iget_extra_inode:5025: inode 15 [ 88.846298][ C1] EXT4-fs (loop0): last error at time 1774267973: ext4_iget_extra_inode:5025: inode 15 [ 88.885346][ T6983] loop0: lost filesystem error report for type 5 error -117 [ 88.901471][ T6983] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.989306][ T6983] EXT4-fs error (device loop0): ext4_map_blocks:776: inode #2: block 12: comm syz.0.1190: lblock 3 mapped to illegal pblock 12 (length 1) [ 89.032708][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.177114][ T7017] loop6: detected capacity change from 0 to 128 [ 89.186297][ T7017] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 89.212204][ T7017] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 89.309257][ T7021] loop0: detected capacity change from 0 to 4096 [ 89.340445][ T7021] EXT4-fs: test_dummy_encryption option not supported [ 89.473972][ T7040] netlink: 'syz.6.1216': attribute type 1 has an invalid length. [ 89.502667][ T7043] loop0: detected capacity change from 0 to 512 [ 89.512604][ T7043] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 89.527875][ T7043] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.1220: bg 0: block 104: invalid block bitmap [ 89.531954][ T7040] 8021q: adding VLAN 0 to HW filter on device bond1 [ 89.540787][ T7043] loop0: lost filesystem error report for type 5 error -117 [ 89.550115][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 89.564297][ C1] EXT4-fs (loop0): initial error at time 1774267974: ext4_validate_block_bitmap:432 [ 89.574563][ C1] EXT4-fs (loop0): last error at time 1774267974: ext4_validate_block_bitmap:432 [ 89.579797][ T7043] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6685: Corrupt filesystem [ 89.605982][ T7050] bond1: (slave gretap1): making interface the new active one [ 89.614986][ T7043] loop0: lost filesystem error report for type 5 error -117 [ 89.615228][ T7043] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.1220: invalid indirect mapped block 1 (level 1) [ 89.641308][ T7050] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 89.650506][ T7043] loop0: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 89.659743][ T7043] EXT4-fs (loop0): 1 truncate cleaned up [ 89.677169][ T7043] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.689591][ T7053] loop5: detected capacity change from 0 to 1024 [ 89.724912][ T7053] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 89.738141][ T7053] ext4 filesystem being mounted at /248/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.838541][ T7053] EXT4-fs (loop5): re-mounted 00000000-0000-0006-0000-000000000000 ro. [ 89.847747][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.883931][ T3623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 89.884239][ T7060] loop0: detected capacity change from 0 to 512 [ 89.952521][ T7060] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.973826][ T7060] ext4 filesystem being mounted at /229/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.005161][ T7073] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 90.015417][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.116787][ T7079] loop6: detected capacity change from 0 to 2048 [ 90.138315][ T7079] EXT4-fs: Ignoring removed mblk_io_submit option [ 90.173264][ T7079] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.234012][ T5781] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.300240][ T3591] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 90.306511][ T3821] Bluetooth: hci0: command 0x1003 tx timeout [ 90.432799][ T7093] loop2: detected capacity change from 0 to 512 [ 90.510538][ T7093] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.551795][ T7093] ext4 filesystem being mounted at /211/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 90.602273][ T7093] EXT4-fs error (device loop2): ext4_do_update_inode:5569: inode #2: comm syz.2.1236: corrupted inode contents [ 90.615601][ T7093] EXT4-fs error (device loop2): ext4_dirty_inode:6450: inode #2: comm syz.2.1236: mark_inode_dirty error [ 90.650321][ T7093] EXT4-fs error (device loop2): ext4_do_update_inode:5569: inode #2: comm syz.2.1236: corrupted inode contents [ 90.691957][ T7093] EXT4-fs error (device loop2): __ext4_ext_dirty:207: inode #2: comm syz.2.1236: mark_inode_dirty error [ 90.698549][ T7114] netlink: 'syz.6.1246': attribute type 1 has an invalid length. [ 90.717183][ T7093] EXT4-fs warning (device loop2): ext4_es_cache_extent:1082: inode #2: comm syz.2.1236: ES cache extent failed: add [0,1,22,0x1] conflict with existing [0,8,576460752303423487,0x18] [ 90.717183][ T7093] [ 90.750709][ T7112] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 90.781763][ T7075] syz.5.1231 invoked oom-killer: gfp_mask=0x402d02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 90.804062][ T7114] 8021q: adding VLAN 0 to HW filter on device bond2 [ 90.811326][ T7075] CPU: 0 UID: 0 PID: 7075 Comm: syz.5.1231 Not tainted syzkaller #0 PREEMPT(full) [ 90.811357][ T7075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 90.811370][ T7075] Call Trace: [ 90.811378][ T7075] [ 90.811387][ T7075] __dump_stack+0x1d/0x30 [ 90.811416][ T7075] dump_stack_lvl+0x95/0xd0 [ 90.811454][ T7075] dump_stack+0x15/0x1b [ 90.811522][ T7075] dump_header+0x80/0x240 [ 90.811548][ T7075] oom_kill_process+0x295/0x350 [ 90.811572][ T7075] out_of_memory+0x97d/0xb80 [ 90.811597][ T7075] try_charge_memcg+0x62e/0xa10 [ 90.811686][ T7075] obj_cgroup_charge_pages+0x23/0xc0 [ 90.811711][ T7075] __memcg_kmem_charge_page+0x9e/0x170 [ 90.811735][ T7075] __alloc_frozen_pages_noprof+0x18a/0x360 [ 90.811804][ T7075] alloc_pages_mpol+0xb3/0x260 [ 90.811829][ T7075] alloc_pages_noprof+0x8f/0x130 [ 90.811878][ T7075] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 90.811935][ T7075] __kvmalloc_node_noprof+0x3d4/0x650 [ 90.811957][ T7075] ? futex_hash_allocate+0x190/0x9d0 [ 90.811980][ T7075] ? futex_hash_allocate+0x190/0x9d0 [ 90.812071][ T7075] futex_hash_allocate+0x190/0x9d0 [ 90.812095][ T7075] ? cap_task_prctl+0x13f/0x6e0 [ 90.812212][ T7075] futex_hash_prctl+0xd8/0xf0 [ 90.812236][ T7075] __se_sys_prctl+0xa3d/0x13f0 [ 90.812260][ T7075] __x64_sys_prctl+0x67/0x80 [ 90.812294][ T7075] x64_sys_call+0x2533/0x3020 [ 90.812316][ T7075] do_syscall_64+0x12c/0x370 [ 90.812338][ T7075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.812399][ T7075] RIP: 0033:0x7f473186c799 [ 90.812414][ T7075] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 90.812430][ T7075] RSP: 002b:00007f47302bf028 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 90.812450][ T7075] RAX: ffffffffffffffda RBX: 00007f4731ae5fa0 RCX: 00007f473186c799 [ 90.812462][ T7075] RDX: 0000000001000000 RSI: 0000000000000001 RDI: 000000000000004e [ 90.812601][ T7075] RBP: 00007f4731902c99 R08: 0000000000000000 R09: 0000000000000000 [ 90.812611][ T7075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 90.812629][ T7075] R13: 00007f4731ae6038 R14: 00007f4731ae5fa0 R15: 00007ffc793904a8 [ 90.812645][ T7075] [ 90.812654][ T7075] memory: usage 307200kB, limit 307200kB, failcnt 159 [ 90.828671][ T7117] bond2: (slave geneve2): making interface the new active one [ 90.832509][ T7075] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 90.889612][ T7117] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 90.893066][ T7075] kmem: usage 307020kB, limit 9007199254740988kB, failcnt 0 [ 90.899507][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.904300][ T7075] Memory cgroup stats for /syz5: [ 91.102887][ T7075] cache 0 [ 91.118214][ T7075] rss 184320 [ 91.121561][ T7075] shmem 0 [ 91.124514][ T7075] mapped_file 0 [ 91.134633][ T7075] dirty 0 [ 91.147169][ T7075] writeback 0 [ 91.150977][ T7075] workingset_refault_anon 2 [ 91.155517][ T7075] workingset_refault_file 4 [ 91.194284][ T7075] swap 0 [ 91.197938][ T7075] swapcached 0 [ 91.201504][ T7075] pgpgin 50341 [ 91.205112][ T7075] pgpgout 50296 [ 91.208726][ T7075] pgfault 47123 [ 91.212592][ T7075] pgmajfault 53 [ 91.216679][ T7075] inactive_anon 180224 [ 91.232929][ T7075] active_anon 4096 [ 91.236798][ T7075] inactive_file 0 [ 91.240914][ T7075] active_file 0 [ 91.244389][ T7075] unevictable 0 [ 91.248198][ T7075] hierarchical_memory_limit 314572800 [ 91.253772][ T7075] hierarchical_memsw_limit 9223372036854771712 [ 91.260604][ T7075] total_cache 0 [ 91.264246][ T7075] total_rss 184320 [ 91.342159][ T7075] total_shmem 0 [ 91.357550][ T7075] total_mapped_file 0 [ 91.369466][ T7075] total_dirty 0 [ 91.378809][ T7075] total_writeback 0 [ 91.388256][ T7075] total_workingset_refault_anon 2 [ 91.410365][ T7151] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1261'. [ 91.422317][ T7075] total_workingset_refault_file 4 [ 91.439019][ T7075] total_swap 0 [ 91.446958][ T7075] total_swapcached 0 [ 91.456426][ T7075] total_pgpgin 50341 [ 91.470183][ T7075] total_pgpgout 50296 [ 91.477622][ T7075] total_pgfault 47123 [ 91.487807][ T7075] total_pgmajfault 53 [ 91.498093][ T7075] total_inactive_anon 180224 [ 91.507589][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 91.507648][ T28] audit: type=1326 audit(1774267976.317:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7158 comm="syz.1.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 91.550618][ T7075] total_active_anon 4096 [ 91.555251][ T7075] total_inactive_file 0 [ 91.559469][ T7075] total_active_file 0 [ 91.563988][ T7075] total_unevictable 0 [ 91.568312][ T7075] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.1231,pid=7074,uid=0 [ 91.583682][ T28] audit: type=1326 audit(1774267976.347:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7158 comm="syz.1.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 91.608622][ T7075] Memory cgroup out of memory: Killed process 7075 (syz.5.1231) total-vm:96080kB, anon-rss:1400kB, file-rss:22236kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 91.656553][ T28] audit: type=1326 audit(1774267976.347:1358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7158 comm="syz.1.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 91.714506][ T28] audit: type=1326 audit(1774267976.347:1359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7158 comm="syz.1.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 91.809440][ T28] audit: type=1326 audit(1774267976.347:1360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7158 comm="syz.1.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 91.888353][ T28] audit: type=1326 audit(1774267976.357:1361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7158 comm="syz.1.1265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 91.995032][ T7177] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.000216][ T28] audit: type=1326 audit(1774267976.777:1362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7184 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 92.033847][ T7177] EXT4-fs error (device loop6): ext4_xattr_inode_iget:441: comm syz.6.1273: inode #7114504: comm syz.6.1273: iget: illegal inode # [ 92.052976][ T28] audit: type=1326 audit(1774267976.777:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7184 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 92.058295][ T7183] FAT-fs (loop2): bogus logical sector size 759 [ 92.077115][ T28] audit: type=1326 audit(1774267976.777:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7184 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 92.107535][ T28] audit: type=1326 audit(1774267976.777:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7184 comm="syz.1.1278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 92.131054][ T7177] EXT4-fs (loop6): Remounting filesystem read-only [ 92.139612][ T7183] FAT-fs (loop2): Can't find a valid FAT filesystem [ 92.189452][ T7177] EXT4-fs warning (device loop6): ext4_xattr_block_set:2200: inode #19: comm syz.6.1273: dec ref error=-30 [ 92.268328][ T5781] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.340296][ T7206] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.408598][ T7206] ext4 filesystem being mounted at /222/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 92.444976][ T7215] syzkaller1: entered promiscuous mode [ 92.452756][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.462985][ T7215] syzkaller1: entered allmulticast mode [ 92.802152][ T7249] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.1301: inode has both inline data and extents flags [ 92.816198][ T7249] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 92.820136][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 92.836136][ C0] EXT4-fs (loop0): initial error at time 1774267977: ext4_orphan_get:1391: inode 15 [ 92.845667][ C0] EXT4-fs (loop0): last error at time 1774267977: ext4_orphan_get:1391: inode 15 [ 92.850414][ T7249] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.1301: couldn't read orphan inode 15 (err -117) [ 92.874024][ T7249] loop0: lost filesystem error report for type 5 error -117 [ 92.883455][ T7249] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.929457][ T7258] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.943934][ T7258] ext4 filesystem being mounted at /224/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.963515][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.001835][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.911845][ T7295] set_capacity_and_notify: 6 callbacks suppressed [ 93.911863][ T7295] loop6: detected capacity change from 0 to 512 [ 93.956359][ T7295] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.988933][ T7295] ext4 filesystem being mounted at /92/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 94.042611][ T7295] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.114513][ T7305] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1319'. [ 94.160676][ T12] bond0: (slave bond_slave_0): interface is now down [ 94.163130][ T7308] netlink: 'syz.6.1321': attribute type 10 has an invalid length. [ 94.168145][ T12] bond0: (slave bond_slave_1): interface is now down [ 94.195530][ T12] bond0: now running without any active interface! [ 94.758335][ T7330] Process accounting resumed [ 95.219544][ T7349] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 95.219544][ T7349] The task syz.0.1340 (7349) triggered the difference, watch for misbehavior. [ 95.288021][ T7201] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 95.380907][ T7361] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 95.566396][ T7370] syzkaller0: tun_chr_ioctl cmd 1074025678 [ 95.579431][ T7370] syzkaller0: group set to 0 [ 96.382461][ T7428] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1375'. [ 96.604310][ T28] kauditd_printk_skb: 163 callbacks suppressed [ 96.604328][ T28] audit: type=1326 audit(1774267981.407:1529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7439 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 96.663688][ T28] audit: type=1326 audit(1774267981.407:1530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7439 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 96.708013][ T28] audit: type=1326 audit(1774267981.437:1531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7439 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 96.735714][ T28] audit: type=1326 audit(1774267981.437:1532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7439 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 96.789328][ T28] audit: type=1326 audit(1774267981.437:1533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7439 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 96.818721][ T28] audit: type=1326 audit(1774267981.437:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7439 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 96.852340][ T28] audit: type=1326 audit(1774267981.437:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7439 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 96.925889][ T28] audit: type=1326 audit(1774267981.447:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7439 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 96.963071][ T28] audit: type=1326 audit(1774267981.447:1537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7439 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 97.059095][ T28] audit: type=1326 audit(1774267981.447:1538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7439 comm="syz.0.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 97.159493][ T7471] loop6: detected capacity change from 0 to 512 [ 97.177121][ T7471] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 97.210297][ T7471] EXT4-fs (loop6): 1 truncate cleaned up [ 97.216515][ T7471] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.547995][ T5781] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.594320][ T7511] loop6: detected capacity change from 0 to 2048 [ 97.651062][ T7511] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.792349][ T5781] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.201542][ T7551] capability: warning: `syz.5.1423' uses deprecated v2 capabilities in a way that may be insecure [ 98.298404][ T7556] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1424'. [ 98.337078][ T7556] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1424'. [ 98.382147][ T5489] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.420240][ T5489] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.450190][ T5487] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.472054][ T5487] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.838261][ T7576] syz_tun: entered allmulticast mode [ 98.846714][ T7576] syz_tun: left allmulticast mode [ 99.244068][ T7601] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1443'. [ 99.269821][ T7601] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1443'. [ 99.284336][ T7601] netlink: 'syz.6.1443': attribute type 6 has an invalid length. [ 99.304963][ T7601] netlink: 'syz.6.1443': attribute type 5 has an invalid length. [ 99.333224][ T7601] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1443'. [ 99.390770][ T7601] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1443'. [ 99.444280][ T7619] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1449'. [ 99.448312][ T7601] netlink: 'syz.6.1443': attribute type 6 has an invalid length. [ 99.474382][ T7601] netlink: 'syz.6.1443': attribute type 5 has an invalid length. [ 99.586080][ T7627] loop0: detected capacity change from 0 to 1024 [ 99.623848][ T7627] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.676192][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.843522][ T7641] loop0: detected capacity change from 0 to 1024 [ 99.909212][ T7641] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.020997][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.763111][ T7684] loop0: detected capacity change from 0 to 512 [ 100.787132][ T7684] xt_hashlimit: size too large, truncated to 1048576 [ 101.945151][ T7730] netlink: 'syz.5.1490': attribute type 4 has an invalid length. [ 102.073855][ T7739] loop5: detected capacity change from 0 to 128 [ 102.097189][ T7739] EXT4-fs: Ignoring removed i_version option [ 102.135450][ T7739] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0003] [ 102.150134][ T7739] System zones: 1-3, 19-19, 35-36 [ 102.160643][ T7739] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 102.173657][ T7739] ext4 filesystem being mounted at /294/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 102.203514][ T7739] EXT4-fs warning (device loop5): verify_group_input:137: Cannot add at group 475318719 (only 1 groups) [ 102.215249][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 102.215266][ T28] audit: type=1400 audit(1774267987.007:1563): avc: denied { ioctl } for pid=7738 comm="syz.5.1497" path="/294/mnt/file1" dev="loop5" ino=12 ioctlcmd=0x6608 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 102.266325][ T7748] @0Ù: renamed from bond_slave_1 (while UP) [ 102.321103][ T3623] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 102.734408][ T7779] loop5: detected capacity change from 0 to 512 [ 102.951723][ T7779] EXT4-fs (loop5): orphan cleanup on readonly fs [ 102.979815][ T7779] Quota error (device loop5): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 103.002377][ T7779] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 103.037571][ T7779] EXT4-fs error (device loop5): ext4_acquire_dquot:7001: comm syz.5.1513: Failed to acquire dquot type 1 [ 103.106037][ T7779] loop5: lost filesystem error report for type 5 error -117 [ 103.106316][ T7779] Quota error (device loop5): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 103.114009][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 103.114047][ C1] EXT4-fs (loop5): last error at time 1774267987: ext4_acquire_dquot:7001 [ 103.159977][ T7779] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 103.200517][ T7779] EXT4-fs error (device loop5): ext4_acquire_dquot:7001: comm syz.5.1513: Failed to acquire dquot type 1 [ 103.242896][ T7779] loop5: lost filesystem error report for type 5 error -117 [ 103.255176][ T7779] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1513: bg 0: block 248: padding at end of block bitmap is not set [ 103.323979][ T7779] loop5: lost filesystem error report for type 5 error -117 [ 103.325369][ T7779] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6685: Corrupt filesystem [ 103.373364][ T7779] loop5: lost filesystem error report for type 5 error -117 [ 103.374088][ T7779] Quota error (device loop5): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 103.418465][ T7779] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 103.429972][ T7779] EXT4-fs error (device loop5): ext4_acquire_dquot:7001: comm syz.5.1513: Failed to acquire dquot type 1 [ 103.442226][ T7779] loop5: lost filesystem error report for type 5 error -117 [ 103.533448][ T7818] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1530'. [ 103.560737][ T7779] EXT4-fs (loop5): 1 orphan inode deleted [ 103.690228][ T7826] loop6: detected capacity change from 0 to 512 [ 103.744193][ T7826] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.787239][ T7826] ext4 filesystem being mounted at /140/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.919344][ T7826] EXT4-fs error (device loop6): ext4_do_update_inode:5569: inode #18: comm syz.6.1534: corrupted inode contents [ 103.967093][ T7826] loop6: lost file I/O error report for ino 18 type 5 pos 0x0 len 0x0 error -117 [ 103.967311][ T7826] EXT4-fs error (device loop6): ext4_dirty_inode:6450: inode #18: comm syz.6.1534: mark_inode_dirty error [ 104.015312][ T7826] loop6: lost file I/O error report for ino 18 type 5 pos 0x0 len 0x0 error -117 [ 104.015504][ T7826] EXT4-fs error (device loop6): ext4_do_update_inode:5569: inode #18: comm syz.6.1534: corrupted inode contents [ 104.061374][ T7826] loop6: lost file I/O error report for ino 18 type 5 pos 0x0 len 0x0 error -117 [ 104.061586][ T7826] EXT4-fs error (device loop6): ext4_xattr_delete_inode:2999: inode #18: comm syz.6.1534: mark_inode_dirty error [ 104.106697][ T7826] loop6: lost file I/O error report for ino 18 type 5 pos 0x0 len 0x0 error -117 [ 104.106876][ T7826] EXT4-fs error (device loop6): ext4_xattr_delete_inode:3002: inode #18: comm syz.6.1534: mark inode dirty (error -117) [ 104.157903][ T7826] loop6: lost file I/O error report for ino 18 type 5 pos 0x0 len 0x0 error -117 [ 104.158130][ T7826] EXT4-fs warning (device loop6): ext4_evict_inode:275: xattr delete (err -117) [ 104.353750][ T7779] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 104.382401][ T5781] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.399798][ T28] audit: type=1326 audit(1774267989.197:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7838 comm="syz.1.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 104.424651][ T28] audit: type=1326 audit(1774267989.197:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7838 comm="syz.1.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 104.461141][ T28] audit: type=1326 audit(1774267989.197:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7838 comm="syz.1.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f326c18c799 code=0x7ffc0000 [ 104.497332][ T3623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.243721][ T7885] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1559'. [ 105.310800][ T7889] 9pnet: p9_errstr2errno: server reported unknown error ÿÿ [ 105.434417][ T7894] loop6: detected capacity change from 0 to 1024 [ 105.465100][ T7894] EXT4-fs: inline encryption not supported [ 105.491834][ T7894] EXT4-fs: Ignoring removed bh option [ 105.535618][ T7894] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.654373][ T5781] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.872694][ T7932] netlink: 27 bytes leftover after parsing attributes in process `syz.6.1579'. [ 106.143281][ T7952] SELinux: unknown common r [ 106.149081][ T7952] SELinux: failed to load policy [ 107.182906][ T7985] loop6: detected capacity change from 0 to 512 [ 107.245131][ T7985] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.277235][ T7995] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1607'. [ 107.294093][ T7995] netlink: 'syz.0.1607': attribute type 4 has an invalid length. [ 107.302690][ T7985] ext4 filesystem being mounted at /153/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.322304][ T28] kauditd_printk_skb: 29 callbacks suppressed [ 107.322321][ T28] audit: type=1400 audit(1774267992.127:1596): avc: denied { link } for pid=7984 comm="syz.6.1603" name="file1" dev="loop6" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 107.351951][ T7985] Quota error (device loop6): write_blk: dquota write failed [ 107.370438][ T7985] Quota error (device loop6): qtree_write_dquot: Error -28 occurred while creating quota [ 107.391303][ T7985] EXT4-fs error (device loop6): ext4_acquire_dquot:7001: comm syz.6.1603: Failed to acquire dquot type 1 [ 107.444407][ T7985] EXT4-fs (loop6): Remounting filesystem read-only [ 107.497557][ T5781] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.818902][ T28] audit: type=1400 audit(1774267992.617:1597): avc: denied { connect } for pid=8018 comm="syz.1.1619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 108.649008][ T8035] pimreg: entered allmulticast mode [ 108.657292][ T8035] pimreg: left allmulticast mode [ 109.072698][ T28] audit: type=1400 audit(1774267993.877:1598): avc: denied { create } for pid=8059 comm="syz.2.1636" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1 [ 109.114313][ T28] audit: type=1326 audit(1774267993.917:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8057 comm="syz.0.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 109.160297][ T28] audit: type=1326 audit(1774267993.917:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8057 comm="syz.0.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 109.205057][ T28] audit: type=1326 audit(1774267993.917:1601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8057 comm="syz.0.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 109.269762][ T28] audit: type=1326 audit(1774267993.917:1602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8057 comm="syz.0.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 109.339865][ T28] audit: type=1326 audit(1774267993.917:1603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8057 comm="syz.0.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394058c799 code=0x7ffc0000 [ 109.408425][ T8079] netlink: 'syz.1.1645': attribute type 83 has an invalid length. [ 110.164197][ T8130] loop0: detected capacity change from 0 to 128 [ 110.459834][ T8156] lo: entered allmulticast mode [ 110.482267][ T8154] lo: left allmulticast mode [ 110.906559][ T8176] netlink: 'syz.2.1686': attribute type 4 has an invalid length. [ 110.917857][ T8176] netlink: 'syz.2.1686': attribute type 4 has an invalid length. [ 111.358345][ T8194] bond4: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 111.375635][ T8194] bond4: (slave lo): Enslaving as an active interface with an up link [ 111.384858][ T8194] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 111.646702][ T8207] syz.1.1698 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 111.788047][ T8220] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1703'. [ 111.850248][ T8227] atomic_op ffff888131f5ed28 conn xmit_atomic 0000000000000000 [ 112.052962][ T3489] Process accounting resumed [ 112.249934][ T8200] kexec: Could not allocate control_code_buffer [ 112.259102][ T8270] loop5: detected capacity change from 0 to 1024 [ 112.300278][ T8270] EXT4-fs: Ignoring removed orlov option [ 112.353667][ T8270] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.487477][ T8292] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1734'. [ 112.533186][ T8292] 8021q: adding VLAN 0 to HW filter on device bond2 [ 112.579898][ T3623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.581163][ T8292] bond2: (slave batadv1): Opening slave failed [ 112.601078][ T8310] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 112.637342][ T8310] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 112.741257][ T8323] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1747'. [ 112.773040][ T8328] loop0: detected capacity change from 0 to 512 [ 112.808329][ T8335] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1752'. [ 112.818364][ T8335] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1752'. [ 112.840454][ T8328] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.886664][ T8323] hsr_slave_0: left promiscuous mode [ 112.892952][ T8323] hsr_slave_1: left promiscuous mode [ 112.987205][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.154771][ T8350] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1758'. [ 113.670470][ T8387] team0: Device gtp0 is of different type [ 113.724316][ T8389] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 113.756713][ T8389] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.764200][ T8389] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.583669][ T8423] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 114.776378][ T28] kauditd_printk_skb: 45 callbacks suppressed [ 114.776393][ T28] audit: type=1400 audit(1774267999.577:1649): avc: denied { mounton } for pid=8435 comm="syz.2.1804" path="/335/file0" dev="tmpfs" ino=1769 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 114.806679][ T8436] FAT-fs (loop5): unable to read boot sector [ 115.317411][ T8443] netlink: 'syz.1.1797': attribute type 4 has an invalid length. [ 115.345519][ T8443] netlink: 'syz.1.1797': attribute type 4 has an invalid length. [ 115.567950][ T5473] Bluetooth: hci0: Frame reassembly failed (-84) [ 115.713654][ T28] audit: type=1400 audit(1774268000.517:1650): avc: denied { firmware_load } for pid=8453 comm="syz.6.1802" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 115.952687][ T28] audit: type=1326 audit(1774268000.757:1651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8464 comm="syz.6.1808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f794324c799 code=0x7ffc0000 [ 115.956575][ T8465] loop6: detected capacity change from 0 to 512 [ 116.003809][ T8467] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1809'. [ 116.009853][ T28] audit: type=1326 audit(1774268000.757:1652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8464 comm="syz.6.1808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f794324c799 code=0x7ffc0000 [ 116.022788][ T8467] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1809'. [ 116.038754][ T28] audit: type=1326 audit(1774268000.757:1653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8464 comm="syz.6.1808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f794324c799 code=0x7ffc0000 [ 116.073527][ T28] audit: type=1326 audit(1774268000.757:1654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8464 comm="syz.6.1808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f794324c799 code=0x7ffc0000 [ 116.098259][ T28] audit: type=1326 audit(1774268000.757:1655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8464 comm="syz.6.1808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f794324c799 code=0x7ffc0000 [ 116.111056][ T8465] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.123181][ T28] audit: type=1326 audit(1774268000.757:1656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8464 comm="syz.6.1808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f794324c799 code=0x7ffc0000 [ 116.161004][ T28] audit: type=1326 audit(1774268000.757:1657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8464 comm="syz.6.1808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f794324c799 code=0x7ffc0000 [ 116.163711][ T8465] ext4 filesystem being mounted at /180/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 116.185335][ T28] audit: type=1326 audit(1774268000.757:1658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8464 comm="syz.6.1808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f794324c799 code=0x7ffc0000 [ 116.290811][ T5781] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.411104][ T8490] tipc: Started in network mode [ 116.416368][ T8490] tipc: Node identity , cluster identity 4711 [ 116.505109][ T8497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 116.515763][ T8497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 116.645390][ T8499] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.681330][ T8499] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.781172][ T8499] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.831567][ T8499] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.887057][ T261] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.911190][ T261] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.928040][ T261] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.947517][ T261] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.024811][ T8521] loop5: detected capacity change from 0 to 512 [ 117.074164][ T8521] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities [ 117.123585][ T8529] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1835'. [ 117.153295][ T8529] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1835'. [ 117.176777][ T8532] loop5: detected capacity change from 0 to 256 [ 117.222326][ T8532] FAT-fs (loop5): Directory bread(block 64) failed [ 117.233300][ T8532] FAT-fs (loop5): Directory bread(block 65) failed [ 117.242193][ T8532] FAT-fs (loop5): Directory bread(block 66) failed [ 117.248929][ T8532] FAT-fs (loop5): Directory bread(block 67) failed [ 117.256302][ T8532] FAT-fs (loop5): Directory bread(block 68) failed [ 117.263204][ T8532] FAT-fs (loop5): Directory bread(block 69) failed [ 117.270465][ T8532] FAT-fs (loop5): Directory bread(block 70) failed [ 117.277038][ T8532] FAT-fs (loop5): Directory bread(block 71) failed [ 117.284071][ T8532] FAT-fs (loop5): Directory bread(block 72) failed [ 117.292333][ T8532] FAT-fs (loop5): Directory bread(block 73) failed [ 117.325619][ T8539] netlink: 'syz.6.1839': attribute type 8 has an invalid length. [ 117.334488][ T8539] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1839'. [ 117.363477][ T8532] syz.5.1836: attempt to access beyond end of device [ 117.363477][ T8532] loop5: rw=8388608, sector=1160, nr_sectors = 4 limit=256 [ 117.380664][ T8539] bond0: entered promiscuous mode [ 117.385792][ T8539] bond_slave_0: entered promiscuous mode [ 117.400874][ T8539] @0Ù: entered promiscuous mode [ 117.422354][ T8539] bond0: left promiscuous mode [ 117.428776][ T8539] bond_slave_0: left promiscuous mode [ 117.434593][ T8539] @0Ù: left promiscuous mode [ 117.534882][ T8543] team0: Device gtp0 is of different type [ 117.580370][ T3821] Bluetooth: hci0: command 0x1003 tx timeout [ 117.586677][ T3591] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 117.631831][ T8547] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59426 sclass=netlink_route_socket pid=8547 comm=syz.0.1841 [ 117.827940][ T8559] batadv_slave_1: entered promiscuous mode [ 117.851029][ T8558] batadv_slave_1: left promiscuous mode [ 118.644016][ T8588] loop6: detected capacity change from 0 to 2048 [ 118.669388][ T8588] EXT4-fs (loop6): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 118.720035][ T8588] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.736241][ T8596] FAT-fs (loop1): unable to read boot sector [ 118.843139][ T5781] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.899153][ T8604] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1864'. [ 119.025129][ T8620] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1868'. [ 119.354812][ T8641] loop6: detected capacity change from 0 to 256 [ 119.382224][ T8641] FAT-fs (loop6): Directory bread(block 64) failed [ 119.397055][ T8641] FAT-fs (loop6): Directory bread(block 65) failed [ 119.420181][ T8641] FAT-fs (loop6): Directory bread(block 66) failed [ 119.435950][ T8641] FAT-fs (loop6): Directory bread(block 67) failed [ 119.450336][ T8641] FAT-fs (loop6): Directory bread(block 68) failed [ 119.463759][ T8641] FAT-fs (loop6): Directory bread(block 69) failed [ 119.477323][ T8641] FAT-fs (loop6): Directory bread(block 70) failed [ 119.498316][ T8641] FAT-fs (loop6): Directory bread(block 71) failed [ 119.515352][ T8641] FAT-fs (loop6): Directory bread(block 72) failed [ 119.524939][ T8619] loop0: detected capacity change from 0 to 1024 [ 119.529199][ T8641] FAT-fs (loop6): Directory bread(block 73) failed [ 119.564956][ T8619] EXT4-fs: inline encryption not supported [ 119.588488][ T8641] syz.6.1876: attempt to access beyond end of device [ 119.588488][ T8641] loop6: rw=8388608, sector=1160, nr_sectors = 4 limit=256 [ 119.592609][ T8619] ext4: Bad value for 'mb_optimize_scan' [ 119.983952][ T28] kauditd_printk_skb: 42 callbacks suppressed [ 119.983968][ T28] audit: type=1400 audit(1774268004.787:1701): avc: denied { create } for pid=8662 comm="syz.5.1884" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 120.069994][ T28] audit: type=1400 audit(1774268004.827:1702): avc: denied { read } for pid=8662 comm="syz.5.1884" path="socket:[20160]" dev="sockfs" ino=20160 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 120.073785][ T8647] loop6: detected capacity change from 0 to 512 [ 120.159275][ T8647] EXT4-fs (loop6): couldn't mount as ext2 due to feature incompatibilities [ 121.039351][ T8693] loop0: detected capacity change from 0 to 512 [ 121.077944][ T8693] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.216177][ T8702] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1901'. [ 121.475996][ T8720] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1916'. [ 121.495523][ T8720] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1916'. [ 121.521084][ T8720] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1916'. [ 121.521078][ T12] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 121.521135][ T12] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 121.558947][ T8720] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1916'. [ 121.623797][ T12] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 121.651936][ T12] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 121.739905][ T8733] netlink: 'syz.2.1912': attribute type 13 has an invalid length. [ 121.814873][ T28] audit: type=1400 audit(1774268006.617:1703): avc: denied { ioctl } for pid=8737 comm="syz.5.1914" path="socket:[21459]" dev="sockfs" ino=21459 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 121.845351][ T28] audit: type=1400 audit(1774268006.617:1704): avc: denied { bind } for pid=8737 comm="syz.5.1914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 121.888939][ T28] audit: type=1400 audit(1774268006.617:1705): avc: denied { write } for pid=8737 comm="syz.5.1914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 121.949282][ T8745] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 122.002508][ T8750] netlink: 'syz.2.1920': attribute type 7 has an invalid length. [ 122.011011][ T8750] netlink: 'syz.2.1920': attribute type 8 has an invalid length. [ 122.093423][ T8754] loop5: detected capacity change from 0 to 512 [ 122.106105][ T8754] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.136228][ T8754] ext4 filesystem being mounted at /395/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 122.183814][ T3623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.801471][ T8788] loop0: detected capacity change from 0 to 512 [ 122.846902][ T8788] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities [ 122.855997][ T8793] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 122.871783][ T8793] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 122.889276][ T8793] bond0: (slave ipvlan2): Error -95 calling set_mac_address [ 122.985383][ T28] audit: type=1400 audit(1774268007.787:1706): avc: denied { setopt } for pid=8795 comm="syz.0.1941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 123.017604][ T8794] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.032366][ T8794] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 123.090990][ T8794] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.112971][ T8794] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 123.186834][ T8794] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.211696][ T8794] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 123.329241][ T8794] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.355161][ T8794] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 123.403462][ T28] audit: type=1400 audit(1774268008.177:1707): avc: denied { setopt } for pid=8809 comm="syz.6.1947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 123.575389][ T5489] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 123.594591][ T5489] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 123.614249][ T5489] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 123.639465][ T5489] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 123.657044][ T5489] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 123.668926][ T5489] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 123.704543][ T5489] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 123.718719][ T5489] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 123.838495][ T28] audit: type=1326 audit(1774268008.637:1708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8827 comm="syz.1.1955" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f326c18c799 code=0x0 [ 124.272978][ T8853] __nla_validate_parse: 2 callbacks suppressed [ 124.272997][ T8853] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1965'. [ 124.375004][ T28] audit: type=1400 audit(1774268009.177:1709): avc: denied { write } for pid=8864 comm="syz.5.1970" name="usbmon9" dev="devtmpfs" ino=169 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 124.458678][ T8869] netlink: 'syz.0.1971': attribute type 13 has an invalid length. [ 124.536294][ T28] audit: type=1400 audit(1774268009.337:1710): avc: denied { getopt } for pid=8873 comm="syz.2.1974" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 124.581452][ T8872] netlink: 'syz.6.1973': attribute type 1 has an invalid length. [ 124.766212][ T8890] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 124.797141][ T8890] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.867682][ T8898] syz_tun: entered allmulticast mode [ 124.874097][ T8897] syz_tun: left allmulticast mode [ 124.901689][ T8890] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 124.913161][ T8890] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.973024][ T8890] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 124.984279][ T8890] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.058116][ T8911] netlink: 'syz.1.1989': attribute type 13 has an invalid length. [ 125.196322][ T8890] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.207374][ T8890] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.223448][ T8914] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1993'. [ 125.278140][ T5489] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.286574][ T5489] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.305359][ T5489] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.357584][ T5489] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.378679][ T5489] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.396134][ T5489] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.426544][ T5489] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 125.445653][ T5489] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.526932][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 125.526951][ T28] audit: type=1400 audit(1774268010.327:1712): avc: denied { create } for pid=8928 comm="syz.1.1996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 125.593386][ T28] audit: type=1326 audit(1774268010.387:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8930 comm="syz.0.1997" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f394058c799 code=0x0 [ 126.018587][ T8949] team0: entered promiscuous mode [ 126.041159][ T8949] team_slave_0: entered promiscuous mode [ 126.069565][ T8949] team_slave_1: entered promiscuous mode [ 126.099185][ T8949] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 126.134610][ T8949] team0: left promiscuous mode [ 126.148949][ T8949] team_slave_0: left promiscuous mode [ 126.165358][ T8949] team_slave_1: left promiscuous mode [ 126.461962][ T8962] xt_hashlimit: size too large, truncated to 1048576 [ 126.526224][ T8969] loop0: detected capacity change from 0 to 1024 [ 126.555148][ T8969] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 126.571327][ T8969] System zones: 0-1, 3-36 [ 126.586160][ T8969] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.2014: bad orphan inode 134217728 [ 126.634480][ T8969] loop0: lost filesystem error report for type 5 error -117 [ 126.635080][ T8969] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.852220][ T8969] ================================================================== [ 126.860580][ T8969] BUG: KCSAN: data-race in filemap_read / filemap_read [ 126.867623][ T8969] [ 126.870051][ T8969] write to 0xffff88812e1538e8 of 8 bytes by task 8976 on cpu 1: [ 126.877888][ T8969] filemap_read+0x98d/0xa10 [ 126.882598][ T8969] generic_file_read_iter+0x79/0x330 [ 126.887998][ T8969] ext4_file_read_iter+0x1cc/0x290 [ 126.893145][ T8969] copy_splice_read+0x471/0x6c0 [ 126.898292][ T8969] splice_direct_to_actor+0x28f/0x670 [ 126.903775][ T8969] do_splice_direct+0x119/0x1a0 [ 126.908740][ T8969] do_sendfile+0x382/0x650 [ 126.913343][ T8969] __x64_sys_sendfile64+0x105/0x150 [ 126.918842][ T8969] x64_sys_call+0x2dc4/0x3020 [ 126.923815][ T8969] do_syscall_64+0x12c/0x370 [ 126.928945][ T8969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.935134][ T8969] [ 126.937746][ T8969] read to 0xffff88812e1538e8 of 8 bytes by task 8969 on cpu 0: [ 126.945400][ T8969] filemap_read+0x6f/0xa10 [ 126.949847][ T8969] generic_file_read_iter+0x79/0x330 [ 126.955331][ T8969] ext4_file_read_iter+0x1cc/0x290 [ 126.960571][ T8969] copy_splice_read+0x471/0x6c0 [ 126.965822][ T8969] splice_direct_to_actor+0x28f/0x670 [ 126.971303][ T8969] do_splice_direct+0x119/0x1a0 [ 126.976176][ T8969] do_sendfile+0x382/0x650 [ 126.980795][ T8969] __x64_sys_sendfile64+0x105/0x150 [ 126.986411][ T8969] x64_sys_call+0x2dc4/0x3020 [ 126.991205][ T8969] do_syscall_64+0x12c/0x370 [ 126.995991][ T8969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.002073][ T8969] [ 127.004398][ T8969] value changed: 0x00000000000000ed -> 0x00000000000000ee [ 127.011612][ T8969] [ 127.014026][ T8969] Reported by Kernel Concurrency Sanitizer on: [ 127.020676][ T8969] CPU: 0 UID: 0 PID: 8969 Comm: syz.0.2014 Not tainted syzkaller #0 PREEMPT(full) [ 127.030221][ T8969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 127.040277][ T8969] ================================================================== [ 127.199855][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.