last executing test programs: 3.382110998s ago: executing program 3 (id=1175): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000020000006d05000003"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000009c0), &(0x7f0000001f80), 0xfffffffb, r0}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000000740)="edd8218e787969e856c09e6a58032aeeb2b127fd06c915d43a0772c47fa940a23732237af229fe8e2d29760b4cda0546e96e", 0x1000, r0}, 0x38) 3.261421962s ago: executing program 3 (id=1176): socket(0xa, 0x3, 0x3a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x0, 0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r3 = creat(0x0, 0x2) dup2(r3, r3) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000047c0)=ANY=[@ANYBLOB="140000003a00010100000000000204000a"], 0x14}}, 0x0) recvmmsg(r4, &(0x7f0000003700)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/4085, 0xff5}], 0x1}}], 0x4000000000001a3, 0x140, 0x0) 2.267751165s ago: executing program 3 (id=1184): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x9}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x4ae26000) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x80800) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='map_files\x00') getdents(r1, &(0x7f0000000c80)=""/4096, 0x1000) 2.224391626s ago: executing program 2 (id=1185): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x20, 0x43, 0x107, 0xfffffffe, 0x25dfdbff, {0x1, 0x7c}, [@nested={0x4, 0x145}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x48}]}]}, 0x20}}, 0xc000) 2.09895949s ago: executing program 2 (id=1187): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000020000006d05000003"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000009c0), &(0x7f0000001f80), 0xfffffffb, r0}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000000740)="edd8218e787969e856c09e6a58032aeeb2b127fd06c915d43a0772c47fa940a23732237af229fe8e2d29760b4cda0546e96e", 0x1000, r0}, 0x38) 1.846301339s ago: executing program 3 (id=1189): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x45e, &(0x7f0000000b40)={[{@data_err_ignore}, {@min_batch_time={'min_batch_time', 0x3d, 0x80000000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6c}}, {@lazytime}, {@grpquota}, {@nodiscard}]}, 0x3, 0x453, &(0x7f0000000f80)="$eJzs281vG0UbAPBn7ST9St/krcpH0woCBRG+kiYtpQcuIJA4FAkJDuUYkrQKdRvUBIlWEQSESm+oEicuiCMSfwEnuCDgVIkr3FGlCuXSwslobW/iOLZbp3Zc6t9PWndmd92ZZ3fHfnYnDqBnjaYvScRgRPweEUPl6sYdRsv/3Fpdnvl7dXkmiWLxrb+S0n43V5dnsl2z9+3JKn0Ruc+SOFin3cWLl85OFwpzFyr1iaVz708sXrz0/Py56TNzZ+bOT504cezo5IvHp15oS5xpXDdHPlo4dOD1d66+MXPq6ru/fJdk8dfE0SajzTY+WSy2ubnu2hv5tXLS19Wu0IJ8eZhGf2n8D0U+1k/eULz2aVc7B3RUsVgsPth480oRuI8l0e0eAN0RufIXfXr/my3blnzcA268XL4BSuO+VVnKW/qyQ1O6N9rbofZHI+LUyj9fp0s0eQ6RdKh9AKD3/JDmP8/Vy/9yUf1c6H9x7cqVwXL5/xGxLyKOR8T+iHggorTvQxHxcIvt106SbM5/ctera8U2J0Jp/vdSZW5rY/6XZX8xnK/U0hxwOPqT0/OFuSOlYxIxFv070vpkkzZ+fPW3Lxptq87/0iVtP8sFK/243rdj43tmp5em7ybmajc+iRjpq4n/ZJQyzmwmID3kByJiZIttzD/z7aFG224ffxNtmGcqfhPxVPn8r8SG879+oSXN5ycndkZh7shEdlVs9uu1y282av+u4m+D9Pzvrnv9r8U/nFTP1y628r9/9XT6evmPzxveU271+h9I3i6VByrrPpxeWrowGTGQnCx3unr91Pp7s3q2fxr/2OH6439frB+JgxGxs1J/JCIerfT9sYh4PCIONzkKP7/yxHtbj7+z0vhnWzr/64WBqF1Tv5A/+9P3GxodbiX+9PwfK5XGKmvu5PPvTvrV6tUMAAAA/1W5iBiMJDe+Vs7lxsfLf8O/P3bnCguLS8+eXvjg/Gz5NwLD0Z/LnnQNVT0Pnazc1mf1qZr60cpz4y/zu0r18ZmFwmy3g4cet6fB+E/9me9274CO83st6F3GP/Qu4x96l/EPvavO+N/VjX4A26/e9//HXegHsP1qxr9pP+gh7v+hd21l/PvMgPtD07E8sH39ALbV4q64/Y/kFRQ2FSJ3T3RDoUOFbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtMe/AQAA//9c0uqW") socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)) pipe(&(0x7f0000000140)) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') socket$tipc(0x1e, 0x5, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x2, 0x4, 0x6, 0x8, 0x1014}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000f91f20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0x1, 0xfffffffc}, 0x50) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r1, &(0x7f00000003c0), &(0x7f0000000080)=@udp=r2, 0x1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) syz_emit_ethernet(0x1a, &(0x7f0000000340)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}, @remote, @val={@void, {0x812d, 0x1, 0x1, 0x4}}, {@llc={0x4, {@snap={0x0, 0x0, "c0", "118190", 0xa00}}}}}, 0x0) 1.655612385s ago: executing program 3 (id=1194): socket(0xa, 0x3, 0x3a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x0, 0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r3 = creat(0x0, 0x2) dup2(r3, r3) r4 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r4, &(0x7f0000003700)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/4085, 0xff5}], 0x1}}], 0x4000000000001a3, 0x140, 0x0) 1.545220309s ago: executing program 2 (id=1198): ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000040)={0x0, 0x0, "d607f8f9951e76c13f64323723e7eecdf40c363423eb3d259266ec9c37865c6c1a4640ce1b22bb3327ef4f001d34c09f39c3539e4f8d3ee0878ae95bc7f52363c468b257ff3e24852548deb01efd54f11ed2c41d078b9cf1fc8f72566153c97e4af37017ea6b16b694bb4a6e4606c3fb19d1d2bd3c8c4e97da2213f9d5c3b90400000000000000c279f03558083906666827d61dcc3a633bffff250b5a293e3877adc1660edbc9a0307a25720a170e7f5670e419dc44febf7ddc73fd4a5a0b6c28665f7f46c7084e17c809268103a2584ab40a68e528329d97afc3612e325c1eb4a3ab2e156a97444800", "0615e456c196e819a321fdb3690bfab19538829a732a01781564ef7738cb5b82a704b3952f81c68bb4ceeaad63206f88201638e87c4981cbf9332cbc9c4d69e392bd33237ece7ad91e44edac0da8dacad81adf2e08c21ad6b44ce1f90bd618c255ca40cdb411485fb48a51d329c816b3488c7d032ef69c502c6e1236bd381efd410165988847c1dcb98a18ca2b853910e52044fa3b3026cb88de269537c8f26ffc3b15cbf279832bfc90bd95939043182e88050dfd2a4784a5d1453610fb1f1c2bac36c3ecd3e6fb756ef8880debeef3636afd981d8af4ab119928448f90351aec113335eacf52a18c87738d9679d3acc032a16fbefc64776f363610a15b37bcd36e6a7cba931151b9c9ba5779d550e9ab21603a43a25f3b4895d8dc4f3ce0e7d5e964e888169ea79a0848e9338b3d34d62e963fbf98834f4455419907f0ffdb76373af77a34edee7789f56e7f01bdab9614a0d460f791a06e6cf5243bf2b3a1624a80ec7e1116f1c81f5ef4b895be74bf67eea9193428b58a8b62b7976d3d2e59796c46ec918c83cd49c3f43dbd2967586966c19ace7b0bef5f94eb333b362649f1bfa114f8b1f126e97ec672cff77e2130823fa7a1df6760c6a8917815e9f0a409ed32b133df7dc9afceffcd472b35145c83c9167764d25ce214133c6170adeb6653b30b226a3b6ff1363ac862a540c7fab584cd051ce7ee951e0f121d43cff75afbdec6bc6f6e8f7db58c8086751320d22ee8582e915cabc536e3767e9a9230c9ae8b92398f0ca2a7141ea4588af7afde10e5ec2a6fe85ba5712e126629d4e3998fc4721cb638f2ef8356049e3448466e2c400d5e8baf843fa399907cb526b791c5350ce29204cb6fe50b892a69ec6dbecc28f032a745738faa12c2a34222942fef0ec0511da5fe0b565ceac429da7cc25cfe0320b40a514723e2392a6a361032343edb79fd83cd0a354837153542fd61b3156b54c566036e493250c3a3214738e3cacc24a50d5dfd17d5008b4ca629c3062f3417cb69c48b8b888ae51256bb4e6c68e95a71a00383ad9df263f6a775ded64fef20ed5cb5f31c33cb86f839d00a12e40cd31219113619c4e0585454cb1776278bfd7f5c4275792afb790e83ff0fc6925355c7aee7a070477d9ec2292366e39b9dc66f7adcf449a1a718e5217183faf0f679efc5cef20bcdcf2d12ea0684084ec0d693256e280025b23b5a08b7b1ebe7d41fb045793f971d6ee066604818cb09d86c1eda99a44c35476a113fd5d1a7543f8f99424ebb78dd9e00d719502a6eafa743a061fa3fa55e4deaa0a011b6b9d633f10e0c9446b5a2e3f6d6014ab00695366c1a6bf0c32f703aebb7988c7d4d322681458e85626302c70f37628835e1fcfff1da3099c0b4af433eb9a51f9609f2c0c09a98b18880c846b34d6ac0210f073765666100976ee1d928893f983580ea47a012144633b98e02c3e81869534ab985eb3a73e0bac892dac949f85db949285a6a7a490b1075467226af23df82d8dd09b7282490fbb3ada9ed4cae8f761aefbe0701de6b132f12044c58ac1c2607c8f51361de5bed021dea13fd0a440263cf0b304522a324b581ab274e7bdae5994316657b5c0ab0220d9b08739729f7a35d436878c182aec4f08dd161c11ee5b7937fae7835e8bfe98a44c8d4bbb2e0eee0cb5d7c93517e96a9fc8132e60f3ef7c735bea1934b37df451f981c8d9210e61278c871e6dad6ceb89aa4d7245658a63e65cec7b81d307426a60a31cc917844a14e1d9ad83bef1c9f736d1836687c950d1275caece0d46ab9f3b0e95d9cf560eb8134e8346b35e0a6f60e6a87a14c4aeb3e0d06158390660a52a6e44b524c1e16de2bf99870f78fc81d267072bc63e97d3f26d23fd59799ff2c847d6a724cebc2377a582ba73d99a610a095c28d66c60910ac64b7d18847fa98fd8528b72e0a149b082c731575b2e2763e67c821ba29eecd8b8c87981c4fb1fbbaaa4e8aa077ec98de1362fc7af7a0ac5e3297fd0d924124b2e255b5cc4f6b0873f3d34418d5ae0d6f734628f38cb9b856b2db3fbb2fafb76983eabc51a348e55789e997fa25cbe6e5031bd2e33d4e2686f964a65d1abf7f96a20a8b270b1522ace4adf6fdade5cd3f101574960d13267e2382f70027ebe5ef7f9418e14e6a8a130d2aec2253c8fe21825e3295774db0c9b1340ea28a96589ba0d9f79aa61b92aea6f704ef7f716d849b8c77e6922e198a086d8133491d0bb85b925825a6d307d7cc8f09c655aa3edabf84c75560dfb279ee3e8b825323279edc58c3161e72cf9ae02ef80d500da922c0abeb8b164abd9c17ef7c02e89000d67b0c2ddd078cacbf37c4826be3845948d598980d63c1d7aade89d0637d80a4c102a35eb027a08ef90cc20d17fc514926914e68e5de54b861200ffa4ce1cbc16e4ecf342a1176cdb561f7dea38b3ae0fd81260f72d34e6f33d364cf313d3b3161410dcbf5f0f0579a1d235b49bb5d27f85825b94f1899e7846d0292ad912d934574f9d55d2152dbfb39d662e6e0f2496182d012af8b4bebbdfa1d68e3e988869fb5cd9612db97e6cc574444f4b5025ec9827bafc55341bf6ad3fd4fab2ee43f343cb9bcec0c38384b5699e5c6d5973ba591978275c51a40200d340b9ed3681f08c69f58320f538f9cd78a34eb6ed55710d2478ea4bd15813921817b42f88f1bb038033b519668f0a2e8693b9a19c7bcf96eec04bda625b31c32f4286be922ab2c87aa30310c8f46551450d5bc26b5fbfdedaae0f756384023bb9a28d3200cfeaedd63d6afe076513e8ad73d16607cd4ede16344e60d8707357e82b1089258c56d851a435e23ce0919825e04471dd61a44c43e87c2959d4e89311a30ee8be010094d0ef109bb210dda58b21b685b9e9c078c9ded6117d9a88dd7799291969851cd4c3f22b5f870a275a692188dafcf6e89ba87b0eb61011de031fda25fb3349901d40da2bbdb76eda417c9fafd90fb23504ab150ca0033ea1d00000000000086ba3aaa79d0df4f2e4e4afa565e66d28aa167f835d080bf1d41d0e52dbf81c671f8eacae234bf4fc328302671fab46613b73daf2ace80aff2f80f6a9d84b82480178cc612aa90adfc80ab3bba7d1527fc6ab04f009011bf093494a0d329df4e53d855b1c0ff6a25d22052b3a778e1ca2fbe59c9eeedf99e13682d06da269560524ffa0f404b73b946edf900ee958ceba09a051e27a620fb78e7a352c182c8c2981ce822eeaf6323965b4b3f322d40d406a158b6f3cf5d74822de952fefc341d0dead6c1c8fed8e48e0a85b51c1dcc7796d3f45bb1f50467a475da76c356c9e031b096867da1dbb89c3a038d475dbcdb2df1278d5dba55c2fb5ba6a9778c2a244198491f0f711cdb2ef0332f347afffb1b098b4c59041ccb0c286bb2dd40e7ec713f6ffe0b1067678c748615dae3c1e090f3739a9035767fb9972580d19fdef49a5071f99c3706b8fa4991f430721cf3ca11af0e3bd7c4d0cd0ab5b7d98ee66730c20a098110e4a15ce0bfc88c41fe375f261fe3557e14eb5ff4a2cdf6a008fd7b6702951b8456e940fbd269a0f3ed515ac03cfecce67027d579e1226bd7b7381827453550343566508d38790ee838c3bf85c6c91a45e7a44752f57313533a3e82e4042e65d346afb20c0527575f79080aef4e1aa8d5868d190c8d37bdae7592e41bed37b9d4c30d8126d3debde02dff25f5ef1e48133e2a41cd55347bd23dcce57a00189619db629c530dc112d22ac72bce353681264b5175be40b3ba84408d0f56762cc720e96c128447be7128748e185be2640115556bac64d060207e629b0144e501c1c49c6abd15c7982b01e22da2ad04bb28df1a27f31e18040c16406071d798bb40d901d001e22cc5ed870d08702f49f0021814cdd814901a13c7ab061bb4b8172c639b3449e24f656fee58186e69e6874ea95d946da781b49ca080ffb4a3c87746c661f43e9be52d0ba2ee368b9c143687c8846abac599069decf41e69fddcadf31c5f715917df12df4eedbfcc5805fe8e661b8fcd7b130d7bcc4a9a152de93a15dddacf3cf52479956185a3c5000d18ddce0236d5858c0d8761bca7446e3d30f3e8f48d5e8f86a60cbe46f038b1028ffd35590bdacfeebb86e28d42a923bdc3f9a307b919341a2a7dda096d41070db245c2c424aedd4a4bb9863169454d09f25fd0aa2da7bfc97ad7aca886dd998e041133e07899ad48f7cda600de48ac3951152dfbe6331b8acae24cfd2dd2b14696c75040685c756942a0d049ee9863a2e480388f93876f3910ecb3a59fa16c25b2b3636a542f92744495e10a4ce37f19f5c2256e2d61775d388e2a86b52f76add2f956aa02501f5badb94da12595b2bbf88b05dc70caae6766fd3df4f299d0ff71c8787249b255ea49b3d33b3f1a8c9403cb75d64264465c3578538382b23d721f8a49134020ca2d9e887d9949624ac6d63322b6507e277a0020db9bfa2928736b96c72fa3406a95adfe6b374ffa27001d37d3bbe725e75c257834572026c511f57dce67153a4008f9e75e07ed9237f600005800ee667c137fc78bc4fd4ebf4d228979ab0ccafbcd8b8daad76fb2abcfc585377ea6e19f170db898b950a7b0f4e75466a2ba26e7d60e0a6f5c54a3fe78677f3362c5b01ae791b62ee8a5d0fd65b739ece4f3b758d05a8e4e4ea7e4866ee67750ce2769f72a9f45780eadfae73b42d4dd4c614c797c694ece8af88cc732edabfa26ace57de54835c7551154dfa3be11a0d3b5845ac97b2da84410a652e72cd563acbb2b02bb59370cebaaa80014e3ad280944eae6fbf8d5f85237257bb5b8e5ec3e52dc06f8394176b325a577804e9eb78d7015172d17ed15f905f705d56687f53988bb207c74fbeb2b03a700258e835362886239f4d8f1c2cf6d4d10ff26d2579ea40a5fb99e5b6d01cdeda050d3faa78ed674f2899be08332086c8bf0410a7d06099c50a2d949d49a0f21b43bcdfbdf435875cf5a9def46db63746574ee8a5b1fbcef411154e914dd9e5bb1b1bd2944581083fb66a017e7972df3daefc487e4198cb281d3a80637d52b41738b7f1a57c867d5b2ee5d72465657593339506fd0c3807cd6445eb54cfb5ca9d35ef93eec6383224ebf85197eb6ed75f6c324f6a0345a25be6bb52ed347e57ccb059b903fb7db4e9f46513a4158ce29c1f5d6081b556bbc471e89225cad81aed34dae0f90ee8e7237b3b286e29b49d7a1700c537b28571f7d7e2a55e10792d6f7779ddefa3febdea5693048372a45903c04f1035a96c6cfbe6f6c2b754581aac02f8a70e698be6e37fd411cf4b76317b47683f6b0f80dfdeef3a9767c7e5c30dff786093a21477431fea0458023953700"}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) writev(r0, &(0x7f0000000080)=[{0x0}], 0x1) 1.521218889s ago: executing program 2 (id=1200): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r3, r4, 0x26, 0x0, @void}, 0x10) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000180), 0x0) 1.011258656s ago: executing program 4 (id=1208): r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) write$char_usb(r0, &(0x7f0000000040)="e2", 0xff0f) 1.010921757s ago: executing program 0 (id=1209): r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x30, r0, 0x1, 0x70bd2a, 0xffffffff, {}, [@ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}]}, @ETHTOOL_A_FEATURES_WANTED={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000d0}, 0x0) 982.696627ms ago: executing program 0 (id=1210): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c000780"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 982.547617ms ago: executing program 4 (id=1211): mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xe, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x7, 0x80000000, 0x10005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}}) 982.482627ms ago: executing program 0 (id=1212): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000380), 0x1000a) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 982.386997ms ago: executing program 4 (id=1213): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x7, 0x2, 0x87, 0xffffffff, 0x2}) socket$inet6(0xa, 0x3, 0x8000000003c) 928.091869ms ago: executing program 0 (id=1214): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) r1 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000100)='%\xff:2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\xd3\xc5*\x15\xdf_\xb2_`\x92|\x7f\xff9\xf7o$e&1\xfd\xea\xb0\xb0', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000002c0)='s\xefurce', &(0x7f0000000300)='\xb0\xfb\xd9\x9a\xbe\r\xcc:\x9b\xd0}\xe8\xff\xff\xff\xff\xff\xff\xff\x7f\xce\xf5\x1a\x01\xd6\a\xfe\xb8\x92~wS\x87\xd9\x9e0y\xc9\x8cw-zu(ht\xa1~\x9a\x8d^+\x9f\xee\x9a(&W\\\xbb\xd5W\xeb\x06\x9dva\x06\xe3\x97\xa1\x88\x83W{\x00\xff\xff\xff\xff\xff\xff\xff\xe9\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00)o\b~\xe3t`\xc9=;o\xe5\xb4T)\x04\xf9k\xfb%t\xa7\x80c\xbb\xeb\x10\xb8\x01', 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x8000000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) fsetxattr(0xffffffffffffffff, &(0x7f0000000200)=@known='user.incfs.id\x00', &(0x7f0000000280)='+.%+\x00', 0x5, 0x2) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, 0x9, 0x6, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) close(0x3) 927.931879ms ago: executing program 0 (id=1215): prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffc000/0x1000)=nil) syz_mount_image$vfat(&(0x7f0000000480), &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000014, &(0x7f0000000a00)=ANY=[@ANYRES32, @ANYRESOCT, @ANYRES16, @ANYRESDEC, @ANYRES64, @ANYBLOB="0ea1a3ed758749a35b0cf19e7301710a8a7c5e7fe9b7c49589266bd5045f15f1817fcc4ea04eeac3f0df37b8beaeafc22a5a08a1a70024"], 0x4, 0x2c3, &(0x7f0000000180)="$eJzs3cFqE1EUxvFjU5s0pU0EERTUg250M7TxATRIC2JAqY2oC2FqJxoyJmUmVCJisxG3Pkdx6U5QX6AbcePeXREEN12II52ZtJM2bdM2TWL7/0GZO3Pux71N0nISSLLy4N3zUsE1CmZVBhIqAyJ1WRVJr41CJ8LjgD8ekqi6XB35/f38vYePbmdzuclp1anszLWMqo5d/PTi1ftLX6oj9z+MfYzLcvrxyq/Mj+Wh5bMrf2eeFV0tulquVNXU2Uqlas7als4V3ZKhete2TNfSYtm1nKZ6wa7Mz9fULM+NJucdy3XVLNe0ZNW0WtGqU1PzqVksq2EYOpqU422wjTn5pelpM7tt2Yt1dEc4dMOtLjpOtt66mF/qwp4AAECf2bn/D3r97fr/je5wL/3/md37f5Fo/58IF6H/74B609ku/T+OBMfJmsnw77cZ/T8AAAAAAAAAAAAAAAAAAAAAAP+DVc9LeZ6XWjuGl/zzuIgkgreA++c93iYOSfT+9yI/6/d/eL4pdr1H20WHRd64lxCx3y7kF/LBMahnC1IUWywZl5T88R8PoWA8dSs3Oa6+tHy2F8P84kI+JvFGviHdKn/h1ESQ1+b8SUlG189ISk63Xj/TMj8kVy5H8oak5OsTqYgtc/7jeiP/ekL15p3cpvywPw8AAAAAgKPA0HVbnr/7dX9CQrbWg3zk9QHP8xZ3en1g0/PrQTnXzkdUAgAAAACAA3NrL0umbVvOPgZxETlAvPMDzxPp/TZi0h+3RvPghoj0wTa6NUiISHBF9xP/uR5vK+W1MWcw/AaO/rh9dh/0+j8TAAAAgE7baPr3EPr25hB3BAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8dPu54E15m8pNQo7xCPLxbr+CwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB95F8AAAD//6loFW8=") io_setup(0x4, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000800000004000000bb7f1a004d00feff000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f00000005c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x4c) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 927.840259ms ago: executing program 4 (id=1216): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/keys\x00', 0x0, 0x0) preadv2(r0, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/139, 0x8b}], 0x11, 0x867, 0x0, 0x0) 927.769919ms ago: executing program 4 (id=1217): unshare(0x62020600) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c0"], 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x3f00000000000000) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22}, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xee}}, {0x2, 0x0, @empty}, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x6}) 799.074664ms ago: executing program 1 (id=1219): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x45e, &(0x7f0000000b40)={[{@data_err_ignore}, {@min_batch_time={'min_batch_time', 0x3d, 0x80000000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6c}}, {@lazytime}, {@grpquota}, {@nodiscard}]}, 0x3, 0x453, &(0x7f0000000f80)="$eJzs281vG0UbAPBn7ST9St/krcpH0woCBRG+kiYtpQcuIJA4FAkJDuUYkrQKdRvUBIlWEQSESm+oEicuiCMSfwEnuCDgVIkr3FGlCuXSwslobW/iOLZbp3Zc6t9PWndmd92ZZ3fHfnYnDqBnjaYvScRgRPweEUPl6sYdRsv/3Fpdnvl7dXkmiWLxrb+S0n43V5dnsl2z9+3JKn0Ruc+SOFin3cWLl85OFwpzFyr1iaVz708sXrz0/Py56TNzZ+bOT504cezo5IvHp15oS5xpXDdHPlo4dOD1d66+MXPq6ru/fJdk8dfE0SajzTY+WSy2ubnu2hv5tXLS19Wu0IJ8eZhGf2n8D0U+1k/eULz2aVc7B3RUsVgsPth480oRuI8l0e0eAN0RufIXfXr/my3blnzcA268XL4BSuO+VVnKW/qyQ1O6N9rbofZHI+LUyj9fp0s0eQ6RdKh9AKD3/JDmP8/Vy/9yUf1c6H9x7cqVwXL5/xGxLyKOR8T+iHggorTvQxHxcIvt106SbM5/ctera8U2J0Jp/vdSZW5rY/6XZX8xnK/U0hxwOPqT0/OFuSOlYxIxFv070vpkkzZ+fPW3Lxptq87/0iVtP8sFK/243rdj43tmp5em7ybmajc+iRjpq4n/ZJQyzmwmID3kByJiZIttzD/z7aFG224ffxNtmGcqfhPxVPn8r8SG879+oSXN5ycndkZh7shEdlVs9uu1y282av+u4m+D9Pzvrnv9r8U/nFTP1y628r9/9XT6evmPzxveU271+h9I3i6VByrrPpxeWrowGTGQnCx3unr91Pp7s3q2fxr/2OH6439frB+JgxGxs1J/JCIerfT9sYh4PCIONzkKP7/yxHtbj7+z0vhnWzr/64WBqF1Tv5A/+9P3GxodbiX+9PwfK5XGKmvu5PPvTvrV6tUMAAAA/1W5iBiMJDe+Vs7lxsfLf8O/P3bnCguLS8+eXvjg/Gz5NwLD0Z/LnnQNVT0Pnazc1mf1qZr60cpz4y/zu0r18ZmFwmy3g4cet6fB+E/9me9274CO83st6F3GP/Qu4x96l/EPvavO+N/VjX4A26/e9//HXegHsP1qxr9pP+gh7v+hd21l/PvMgPtD07E8sH39ALbV4q64/Y/kFRQ2FSJ3T3RDoUOFbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtMe/AQAA//9c0uqW") socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)) pipe(&(0x7f0000000140)) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') socket$tipc(0x1e, 0x5, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x2, 0x4, 0x6, 0x8, 0x1014}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000f91f20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0x1, 0xfffffffc}, 0x50) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r1, &(0x7f00000003c0), &(0x7f0000000080)=@udp=r2, 0x1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r3, 0x0, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x1a, &(0x7f0000000340)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}, @remote, @val={@void, {0x812d, 0x1, 0x1, 0x4}}, {@llc={0x4, {@snap={0x0, 0x0, "c0", "118190", 0xa00}}}}}, 0x0) 690.766236ms ago: executing program 3 (id=1220): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c) syz_usb_connect$uac3(0x3, 0x80, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) 595.95345ms ago: executing program 1 (id=1221): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000004c0)=@dellink={0x20, 0x11, 0x1, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, 0x20001, 0x9684}}, 0x20}, 0x1, 0x0, 0x0, 0x20000050}, 0x2000c006) 448.280875ms ago: executing program 1 (id=1222): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x400455c8, 0x2) socket(0x2, 0x800, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000340)=0x4) ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0x19) 448.179205ms ago: executing program 1 (id=1223): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000040)={0x3}) 424.850076ms ago: executing program 1 (id=1224): prlimit64(0x0, 0xe, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040054) socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1b32, 0x4) sendto$inet(r0, &(0x7f0000000540)='v', 0x1, 0x4040, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}, 0xde6c}], 0x1, 0x40012002, 0x0) 381.581977ms ago: executing program 1 (id=1225): setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000400), 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_usb_connect(0x3, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x201, 0x1e, 0x43, 0x6d, 0x10, 0x45e, 0xf8, 0xe0e5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2a, 0x9, 0x20, 0x7f, "", [{{0x9, 0x4, 0xb2, 0x70, 0x0, 0xe, 0x1, 0x0, 0x2f}}]}}]}}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000006000/0x2000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff3000/0x3000)=nil, &(0x7f0000ff6000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x8085) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x1, 0xf3}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@deltfilter={0xe, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x3}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8010}, 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0xc, &(0x7f0000000100)=[{0x1, 0x36, 0x5, 0x537}, {0x27, 0x8, 0x9}, {0xe49, 0x2, 0xfa, 0x4}, {0x5b6, 0x8, 0x1, 0x2}, {0x2, 0xe, 0x80, 0x1000003}, {0x1ff, 0x5, 0x10, 0xf}, {0x2, 0x0, 0x1, 0x9}]}) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 324.230959ms ago: executing program 4 (id=1226): syz_open_dev$vcsu(&(0x7f0000000180), 0x1, 0x2242) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0xe, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x99}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001517ee40f00a057a00f6000203010902120001000000000904000000ff"], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000440)={0x20, 0xf, 0x11, "080d9baf2273bfc952e264eff8e30ab498"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 307.8009ms ago: executing program 2 (id=1227): r0 = inotify_init1(0x0) socket$key(0xf, 0x3, 0x2) inotify_add_watch(r0, &(0x7f0000000140)='.\x00', 0x40000132) bind$unix(0xffffffffffffffff, &(0x7f0000000200)=@abs={0x1, 0x0, 0x4e22}, 0x6e) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newlink={0x64, 0x10, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x1181}, [@IFLA_IFNAME={0x14, 0x3, 'team0\x00'}, @IFLA_VFINFO_LIST={0x30, 0x16, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0xfffffff9}}]}]}]}, 0x64}}, 0x20000010) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e26}, 0x6e) lseek(0xffffffffffffffff, 0x1, 0x4) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680)) socket$inet6_tcp(0xa, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) r2 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000002c0)='s\xefurce', &(0x7f0000000300)='\xb0\xfb\xd9\x9a\xbe\r\xcc:\x9b\xd0}\xe8\xff\xff\xff\xff\xff\xff\xff\x7f\xce\xf5\x1a\x01\xd6\a\xfe\xb8\x92~wS\x87\xd9\x9e0y\xc9\x8cw-zu(ht\xa1~\x9a\x8d^+\x9f\xee\x9a(&W\\\xbb\xd5W\xeb\x06\x9dva\x06\xe3\x97\xa1\x88\x83W{\x00\xff\xff\xff\xff\xff\xff\xff\xe9\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00)o\b~\xe3t`\xc9=;o\xe5\xb4T)\x04\xf9k\xfb%t\xa7\x80c\xbb\xeb\x10\xb8\x01', 0x0) userfaultfd(0x1) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c000780180001801400022bfe8000000000000000000000000000bbf731bcf3e398f5bfad1bb55af6d183c075a9b06e22d4d2625e984703082db72cb3594489489cb2d176d5670200b17a03e5981a3d064c32b960fbf69b7c2197e00e906cc1d6a36c9bb13e50f7d3f08c3285065bfd6fe401aa626fb9cd4b50eba849643c04cdcc58b07f6fb118102ad0c614cf8a7ce4d8e134975619777bec2ccfa943bae1a1afc6b0398ef250a6272ebac88d9a5b589b99d64a685cee2680a7a80400f6ae58ffdc12c993f171573c34d1ae69c850aad2ed507a4424b73dafd1d483156e82426ad880319c8873619a5e76efed85bdbf0ebf228e2a23564f7b2a0ad762168b52b86f8ba1dc1f06f13e8592c8fa477134757bb231416d35946a3b8c00c600586467c43c008d9d53ca2e75c56ec7d7c07779d36b1a8d1ade2d92683426861f0d7ba962525fbccc2310633ac87076b82d2457eac8e4461c1638b22e46f2aa8eb2767f9dd1"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 270.82033ms ago: executing program 2 (id=1228): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x1}, 0x10) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24) recvmmsg$unix(r0, &(0x7f0000000040), 0x4000000000002ac, 0x0, 0x0) 0s ago: executing program 0 (id=1229): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x8c, 0x2c, 0xd27, 0x470bd28, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x3, 0x800000, 0x1, 0x5, 0xfffffffb}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.228' (ED25519) to the list of known hosts. [ 22.913945][ T30] audit: type=1400 audit(1779154056.702:64): avc: denied { mounton } for pid=276 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.918471][ T276] cgroup: Unknown subsys name 'net' [ 22.937704][ T30] audit: type=1400 audit(1779154056.702:65): avc: denied { mount } for pid=276 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.965105][ T30] audit: type=1400 audit(1779154056.732:66): avc: denied { unmount } for pid=276 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.965554][ T276] cgroup: Unknown subsys name 'devices' [ 23.141404][ T276] cgroup: Unknown subsys name 'hugetlb' [ 23.147164][ T276] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 23.287494][ T30] audit: type=1400 audit(1779154057.072:67): avc: denied { setattr } for pid=276 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.310732][ T30] audit: type=1400 audit(1779154057.072:68): avc: denied { mounton } for pid=276 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.336487][ T30] audit: type=1400 audit(1779154057.072:69): avc: denied { mount } for pid=276 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 23.343047][ T278] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 23.368566][ T30] audit: type=1400 audit(1779154057.152:70): avc: denied { relabelto } for pid=278 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.391679][ T276] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.395337][ T30] audit: type=1400 audit(1779154057.152:71): avc: denied { write } for pid=278 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.428869][ T30] audit: type=1400 audit(1779154057.172:72): avc: denied { read } for pid=276 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.454534][ T30] audit: type=1400 audit(1779154057.172:73): avc: denied { open } for pid=276 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.020371][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.027748][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.035364][ T284] device bridge_slave_0 entered promiscuous mode [ 24.044131][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.051495][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.059236][ T284] device bridge_slave_1 entered promiscuous mode [ 24.098027][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.105361][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.113071][ T287] device bridge_slave_0 entered promiscuous mode [ 24.121796][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.128872][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.136565][ T287] device bridge_slave_1 entered promiscuous mode [ 24.197195][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.204457][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.212442][ T286] device bridge_slave_0 entered promiscuous mode [ 24.222549][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.229836][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.237304][ T286] device bridge_slave_1 entered promiscuous mode [ 24.268363][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.275843][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.283576][ T288] device bridge_slave_0 entered promiscuous mode [ 24.290733][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.297794][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.305330][ T288] device bridge_slave_1 entered promiscuous mode [ 24.312053][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.319117][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.326630][ T285] device bridge_slave_0 entered promiscuous mode [ 24.336487][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.343669][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.351153][ T285] device bridge_slave_1 entered promiscuous mode [ 24.507324][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.514623][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.522258][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.529337][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.542446][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.549662][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.557138][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.564416][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.580825][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.587985][ T285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.595421][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.602595][ T285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.639545][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.648012][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.655571][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.663283][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.670610][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.678395][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.686082][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.722005][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.729941][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.737394][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.746204][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.753312][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.760906][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.769635][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.776889][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.784592][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.792809][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.800050][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.807429][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.815708][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.822956][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.849739][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.858279][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.866899][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.875241][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.883499][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.911314][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.920415][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.929116][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.936256][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.945186][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.953522][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.960593][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.968114][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.976626][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.983684][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.991624][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.012768][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.021392][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.029970][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.037469][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.045271][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.053981][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.062063][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.070321][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.078249][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.086428][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.094460][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.102615][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.110670][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.118961][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.131832][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.140463][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.161713][ T287] device veth0_vlan entered promiscuous mode [ 25.172274][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.180491][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.188041][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.196709][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.205190][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.212356][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.219950][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.228308][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.236948][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.244053][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.251453][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.259669][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.267770][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.275850][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.285851][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.293623][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.302071][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.309999][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.318165][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.328246][ T284] device veth0_vlan entered promiscuous mode [ 25.335015][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.343141][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.360429][ T286] device veth0_vlan entered promiscuous mode [ 25.367706][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.375484][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.384112][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.392723][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.401326][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.409653][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.419360][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.427141][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.434724][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.443345][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.454514][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.463110][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.483236][ T285] device veth0_vlan entered promiscuous mode [ 25.492735][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.501293][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.510144][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.517703][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.525753][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.533950][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.542296][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.550066][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.558308][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.567545][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.576476][ T287] device veth1_macvtap entered promiscuous mode [ 25.589114][ T288] device veth0_vlan entered promiscuous mode [ 25.597184][ T284] device veth1_macvtap entered promiscuous mode [ 25.612208][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.620920][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.628681][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.636685][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.645253][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.654267][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.663068][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.677938][ T288] device veth1_macvtap entered promiscuous mode [ 25.689873][ T286] device veth1_macvtap entered promiscuous mode [ 25.697321][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.705749][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.715139][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.724236][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.732842][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.741928][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.750583][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.760392][ T285] device veth1_macvtap entered promiscuous mode [ 25.773760][ T287] request_module fs-gadgetfs succeeded, but still no fs? [ 25.797901][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.807351][ T309] loop1: detected capacity change from 0 to 128 [ 25.807669][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.825292][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.834289][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.843052][ T309] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrquota,nodelalloc,,errors=continue. Quota mode: writeback. [ 25.856430][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.858366][ T309] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 25.867364][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.888178][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.897088][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.905983][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.938338][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.947293][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.964443][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.973093][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.074925][ T315] loop4: detected capacity change from 0 to 512 [ 26.139486][ T315] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 26.153723][ T315] EXT4-fs (loop4): 1 truncate cleaned up [ 26.161426][ T335] loop1: detected capacity change from 0 to 256 [ 26.167909][ T315] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,abort,mb_optimize_scan=0x0000000000000000,minixdf,jqfmt=vfsv0,usrjquota=.",errors=continue. Quota mode: writeback. [ 26.224417][ T335] FAT-fs (loop1): Unrecognized mount option "shortnaed" or missing value [ 26.286033][ T349] netlink: 36 bytes leftover after parsing attributes in process `syz.4.15'. [ 26.315828][ T349] netlink: 12 bytes leftover after parsing attributes in process `syz.4.15'. [ 26.352638][ T356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19'. [ 26.361767][ T356] Zero length message leads to an empty skb [ 26.395351][ T362] capability: warning: `syz.1.21' uses 32-bit capabilities (legacy support in use) [ 26.497084][ T376] capability: warning: `syz.2.28' uses deprecated v2 capabilities in a way that may be insecure [ 26.766322][ T402] netlink: 12 bytes leftover after parsing attributes in process `syz.1.39'. [ 26.821030][ T404] loop1: detected capacity change from 0 to 1024 [ 26.852462][ T406] loop4: detected capacity change from 0 to 1024 [ 26.913587][ T406] EXT4-fs (loop4): Ignoring removed bh option [ 26.919892][ T404] EXT4-fs (loop1): Ignoring removed orlov option [ 26.957563][ T406] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,noblock_validity,stripe=0x0000000000000010,bh,init_itable,,errors=continue. Quota mode: none. [ 26.957742][ T404] EXT4-fs (loop1): mounted filesystem without journal. Opts: block_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,norecovery,,errors=continue. Quota mode: none. [ 27.054136][ T431] netlink: 8 bytes leftover after parsing attributes in process `syz.0.51'. [ 27.089065][ T433] device syzkaller0 entered promiscuous mode [ 27.155340][ T444] netlink: 'syz.0.58': attribute type 32 has an invalid length. [ 27.191016][ T447] loop1: detected capacity change from 0 to 512 [ 27.282198][ T457] netlink: 28 bytes leftover after parsing attributes in process `syz.2.64'. [ 27.292765][ T447] EXT4-fs error (device loop1): ext4_orphan_get:1432: comm syz.1.54: bad orphan inode 11862016 [ 27.310016][ T447] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.351818][ T466] deleting an unspecified loop device is not supported. [ 27.359360][ T447] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 27.387779][ T470] loop3: detected capacity change from 0 to 1024 [ 27.464029][ T470] EXT4-fs (loop3): Ignoring removed bh option [ 27.471723][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 27.481239][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 27.490942][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 27.499694][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 27.509544][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 27.521712][ T470] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000010,bh,init_itable,. Quota mode: none. [ 27.547195][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 27.556079][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 27.565104][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 27.579698][ T482] loop4: detected capacity change from 0 to 512 [ 27.598873][ T470] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 27.664644][ T482] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,usrquota,minixdf,nombcache,. Quota mode: writeback. [ 27.689272][ T482] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 27.946396][ T30] kauditd_printk_skb: 97 callbacks suppressed [ 27.946411][ T30] audit: type=1400 audit(1779154061.732:171): avc: denied { create } for pid=520 comm="syz.3.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 27.972972][ T30] audit: type=1400 audit(1779154061.732:172): avc: denied { write } for pid=520 comm="syz.3.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 28.013462][ T30] audit: type=1400 audit(1779154061.802:173): avc: denied { ioctl } for pid=524 comm="syz.3.91" path="socket:[16008]" dev="sockfs" ino=16008 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.052019][ T30] audit: type=1400 audit(1779154061.842:174): avc: denied { create } for pid=526 comm="syz.1.93" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 28.071566][ T30] audit: type=1400 audit(1779154061.842:175): avc: denied { write } for pid=526 comm="syz.1.93" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 28.115736][ T30] audit: type=1400 audit(1779154061.902:176): avc: denied { mounton } for pid=547 comm="syz.1.95" path="/35/file0" dev="tmpfs" ino=198 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 28.165645][ T30] audit: type=1400 audit(1779154061.902:177): avc: denied { remount } for pid=547 comm="syz.1.95" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 28.184645][ T466] syz.2.65 (466) used greatest stack depth: 21216 bytes left [ 28.195209][ T554] loop1: detected capacity change from 0 to 128 [ 28.207192][ T30] audit: type=1400 audit(1779154061.932:178): avc: denied { unmount } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 28.215986][ T554] ======================================================= [ 28.215986][ T554] WARNING: The mand mount option has been deprecated and [ 28.215986][ T554] and is ignored by this kernel. Remove the mand [ 28.215986][ T554] option from the mount to silence this warning. [ 28.215986][ T554] ======================================================= [ 28.252952][ T30] audit: type=1400 audit(1779154061.972:179): avc: denied { block_suspend } for pid=527 comm="syz.3.92" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 28.327479][ T30] audit: type=1400 audit(1779154062.092:180): avc: denied { ioctl } for pid=555 comm="syz.2.98" path="socket:[16038]" dev="sockfs" ino=16038 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 28.335696][ T558] netlink: 104 bytes leftover after parsing attributes in process `syz.2.99'. [ 28.387753][ T554] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 28.406762][ T554] FAT-fs (loop1): Filesystem has been set read-only [ 28.419580][ T554] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 28.443969][ T554] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 28.463662][ T554] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 28.492271][ T554] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 28.512969][ T564] loop2: detected capacity change from 0 to 1024 [ 28.522780][ T554] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 28.545185][ T554] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 28.588761][ T554] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 28.609637][ T554] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 28.629183][ T554] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 550, start 05000006) [ 28.670972][ T564] EXT4-fs (loop2): Ignoring removed orlov option [ 28.707724][ T564] EXT4-fs (loop2): Unrecognized mount option "smackfsdef=grpjquota=" or missing value [ 28.724025][ T571] cgroup: none used incorrectly [ 28.736097][ T566] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noquota,errors=remount-ro,grpquota,. Quota mode: writeback. [ 28.848049][ T579] xt_hashlimit: size too large, truncated to 1048576 [ 28.961375][ T564] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,barrier=0x0000000000000857,,errors=continue. Quota mode: writeback. [ 29.034734][ T564] EXT4-fs (loop2): shut down requested (1) [ 29.050224][ T581] EXT4-fs (loop4): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 29.080387][ T587] device bridge0 entered promiscuous mode [ 29.100725][ T581] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 29.102801][ T564] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 29.116233][ T581] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 29.137483][ T581] EXT4-fs (loop4): This should not happen!! Data will be lost [ 29.137483][ T581] [ 29.147191][ T581] EXT4-fs (loop4): Total free blocks count 0 [ 29.153733][ T581] EXT4-fs (loop4): Free/Dirty block details [ 29.157099][ T587] device vlan2 entered promiscuous mode [ 29.159712][ T581] EXT4-fs (loop4): free_blocks=2415919104 [ 29.172095][ T581] EXT4-fs (loop4): dirty_blocks=64 [ 29.173409][ T588] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 29.177240][ T581] EXT4-fs (loop4): Block reservation details [ 29.177253][ T581] EXT4-fs (loop4): i_reserved_data_blocks=3 [ 29.210104][ T581] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: none. [ 29.223240][ T564] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 29.242991][ T564] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=13 [ 29.271743][ T564] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=15 [ 29.304351][ T564] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 29.336775][ T564] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 29.370452][ T564] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=13 [ 29.410785][ T564] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=15 [ 29.515726][ T611] tipc: Enabling of bearer rejected, failed to enable media [ 29.530411][ T610] EXT4-fs (loop1): bad s_min_extra_isize: 2304 [ 29.583736][ T607] EXT4-fs (loop2): Ignoring removed bh option [ 29.596728][ T615] EXT4-fs (loop4): Ignoring removed bh option [ 29.605111][ T613] device veth0_vlan left promiscuous mode [ 29.615389][ T613] device veth0_vlan entered promiscuous mode [ 29.636046][ T607] EXT4-fs error (device loop2): ext4_quota_enable:6435: inode #4: comm syz.2.117: iget: bad i_size value: 281474976716800 [ 29.654804][ T607] EXT4-fs error (device loop2): ext4_quota_enable:6438: comm syz.2.117: Bad quota inode: 4, type: 1 [ 29.671291][ T607] EXT4-fs warning (device loop2): ext4_enable_quotas:6479: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 29.686638][ T607] EXT4-fs (loop2): mount failed [ 29.692810][ T615] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000010,bh,init_itable,. Quota mode: none. [ 29.732891][ T628] netlink: 'syz.0.126': attribute type 8 has an invalid length. [ 29.936902][ T630] syz.3.127 (630) used greatest stack depth: 21184 bytes left [ 30.057126][ T659] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 30.115473][ T669] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 30.175179][ T669] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv1,stripe=0x0000000000000004,norecovery,noauto_da_alloc,debug_want_extra_isize=0x0000000000000080,jqfmt=vfsv1,max_batch_time=0x00000000000001ff,mblk_io_submit,norecovery,,errors=continue. Quota mode: none. [ 30.178604][ T683] sock: sock_timestamping_bind_phc: sock not bind to device [ 30.413484][ T704] EXT4-fs (loop3): Ignoring removed bh option [ 30.446901][ T704] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,noblock_validity,stripe=0x0000000000000010,bh,init_itable,,errors=continue. Quota mode: none. [ 30.760186][ T752] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.845237][ T779] set_capacity_and_notify: 10 callbacks suppressed [ 30.845256][ T779] loop3: detected capacity change from 0 to 128 [ 30.871122][ T779] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 30.881927][ T779] ext4 filesystem being mounted at /32/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 31.029104][ T809] process 'syz.3.210' launched '/dev/fd/3' with NULL argv: empty string added [ 31.082014][ T822] netlink: 104 bytes leftover after parsing attributes in process `syz.3.216'. [ 31.206474][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 31.232880][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 31.244245][ T846] loop2: detected capacity change from 0 to 128 [ 31.270948][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 31.279905][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 31.288356][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.297057][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 31.308536][ T846] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 31.310477][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.330176][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 31.339460][ T846] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 31.382603][ T855] loop1: detected capacity change from 0 to 256 [ 31.522158][ T866] loop1: detected capacity change from 0 to 512 [ 31.558666][ T866] EXT4-fs error (device loop1): ext4_orphan_get:1406: inode #15: comm syz.1.236: inode has both inline data and extents flags [ 31.600237][ T866] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.236: couldn't read orphan inode 15 (err -117) [ 31.639350][ T866] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 31.796251][ T888] loop1: detected capacity change from 0 to 128 [ 31.858818][ T897] loop2: detected capacity change from 0 to 512 [ 31.924417][ T897] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,noinit_itable,abort,bsdgroups,,errors=continue. Quota mode: writeback. [ 31.939677][ T897] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.003194][ T910] loop4: detected capacity change from 0 to 4096 [ 32.013777][ T914] loop1: detected capacity change from 0 to 512 [ 32.032279][ T910] EXT4-fs (loop4): Test dummy encryption mode enabled [ 32.042013][ T910] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 32.066983][ T910] EXT4-fs (loop4): first meta block group too large: 2 (group descriptor block count 1) [ 32.200833][ T935] netlink: 24 bytes leftover after parsing attributes in process `syz.1.266'. [ 32.274258][ T943] loop3: detected capacity change from 0 to 128 [ 32.309104][ T947] loop1: detected capacity change from 0 to 512 [ 32.311803][ T943] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 32.333969][ T947] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 32.384410][ T947] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 32.408994][ T947] EXT4-fs (loop1): 1 truncate cleaned up [ 32.414816][ T947] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.". Quota mode: writeback. [ 32.467021][ T947] EXT4-fs warning (device loop1): ext4_resize_begin:73: won't resize using backup superblock at 1 [ 32.554843][ T959] tipc: Started in network mode [ 32.560189][ T959] tipc: Node identity 2eaec34d5549, cluster identity 4711 [ 32.569380][ T959] tipc: Enabled bearer , priority 0 [ 32.606771][ T959] device syzkaller0 entered promiscuous mode [ 32.617247][ T958] tipc: Resetting bearer [ 32.632621][ T958] tipc: Disabling bearer [ 32.652896][ T970] device syzkaller0 entered promiscuous mode [ 32.660716][ T970] tipc: Started in network mode [ 32.665933][ T970] tipc: Node identity 9a0e5d9c0e6, cluster identity 4711 [ 32.680314][ T970] tipc: Enabled bearer , priority 0 [ 32.695125][ T969] tipc: Resetting bearer [ 32.709003][ T969] tipc: Disabling bearer [ 32.992732][ T1005] EXT4-fs error (device loop3): ext4_orphan_get:1432: comm syz.3.300: bad orphan inode 13 [ 33.019855][ T1005] ext4_test_bit(bit=12, block=4) = 1 [ 33.027553][ T1005] is_bad_inode(inode)=0 [ 33.033651][ T1005] NEXT_ORPHAN(inode)=0 [ 33.038699][ T1005] max_ino=32 [ 33.048504][ T1005] i_nlink=1 [ 33.053876][ T1005] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrjquota=,stripe=0x0000000000000007,,errors=continue. Quota mode: none. [ 33.091747][ T1014] xt_hashlimit: size too large, truncated to 1048576 [ 33.100770][ T1005] EXT4-fs warning (device loop3): dx_probe:845: inode #2: comm syz.3.300: Hash code is SIPHASH, but hash not in dirent [ 33.124274][ T1005] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.300: Corrupt directory, running e2fsck is recommended [ 33.158063][ T1005] EXT4-fs warning (device loop3): dx_probe:845: inode #2: comm syz.3.300: Hash code is SIPHASH, but hash not in dirent [ 33.180987][ T1005] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.300: Corrupt directory, running e2fsck is recommended [ 33.507979][ T30] kauditd_printk_skb: 55 callbacks suppressed [ 33.507996][ T30] audit: type=1400 audit(1779154067.292:236): avc: denied { read } for pid=1028 comm="syz.0.311" name="event0" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 33.556131][ T30] audit: type=1400 audit(1779154067.332:237): avc: denied { open } for pid=1028 comm="syz.0.311" path="/dev/input/event0" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 33.580988][ T30] audit: type=1400 audit(1779154067.342:238): avc: denied { ioctl } for pid=1028 comm="syz.0.311" path="/dev/input/event0" dev="devtmpfs" ino=256 ioctlcmd=0x4592 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 33.733887][ T30] audit: type=1400 audit(1779154067.522:239): avc: denied { setopt } for pid=1041 comm="syz.3.317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 33.785197][ T30] audit: type=1400 audit(1779154067.542:240): avc: denied { connect } for pid=1039 comm="syz.1.318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 33.825007][ T30] audit: type=1400 audit(1779154067.612:241): avc: denied { mount } for pid=1047 comm="syz.3.320" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 33.902572][ T30] audit: type=1400 audit(1779154067.612:242): avc: denied { write } for pid=1051 comm="syz.1.321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 34.015228][ T1058] xt_hashlimit: size too large, truncated to 1048576 [ 34.087811][ T30] audit: type=1400 audit(1779154067.872:243): avc: denied { create } for pid=1056 comm="syz.1.324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 34.177786][ T30] audit: type=1400 audit(1779154067.912:244): avc: denied { mount } for pid=1056 comm="syz.1.324" name="/" dev="ramfs" ino=18584 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 34.375589][ T30] audit: type=1400 audit(1779154067.952:245): avc: denied { read write } for pid=1056 comm="syz.1.324" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 34.418761][ T1077] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=e842c018, mo2=0003] [ 34.437716][ T1077] System zones: 0-5 [ 34.502306][ T1077] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,discard,errors=continue,errors=continue,delalloc,barrier,,errors=continue. Quota mode: writeback. [ 35.023687][ T1096] 9pnet: p9_errstr2errno: server reported unknown error 0x0000 [ 35.090220][ T310] loop3: p1 p2 p3 [ 35.094138][ T310] loop3: p1 start 51379968 is beyond EOD, truncated [ 35.101543][ T310] loop3: p3 size 100663552 extends beyond EOD, truncated [ 35.111470][ T1098] loop3: p1 p2 p3 [ 35.115785][ T1098] loop3: p1 start 51379968 is beyond EOD, truncated [ 35.123533][ T1098] loop3: p3 size 100663552 extends beyond EOD, truncated [ 35.155325][ T1113] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1113 comm=syz.0.348 [ 35.201174][ T1121] tipc: Started in network mode [ 35.206153][ T1121] tipc: Node identity 9e170aca739b, cluster identity 4711 [ 35.213678][ T1121] tipc: Enabled bearer , priority 0 [ 35.247461][ T1121] device syzkaller0 entered promiscuous mode [ 35.257429][ T1120] tipc: Resetting bearer [ 35.284964][ T310] udevd[310]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 35.296430][ T324] udevd[324]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 35.306369][ T1120] tipc: Disabling bearer [ 35.317923][ T1115] EXT4-fs (loop3): mounted filesystem without journal. Opts: resgid=0x000000000000ee00,bsddf,grpquota,nojournal_checksum,debug_want_extra_isize=0x0000000000000080,delalloc,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 35.334526][ T324] udevd[324]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 35.365036][ T310] udevd[310]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 35.452169][ T1149] EXT4-fs error (device loop3): ext4_map_blocks:632: inode #11: block 327694: comm syz.3.365: lblock 0 mapped to illegal pblock 327694 (length 1) [ 35.530281][ T1149] ------------[ cut here ]------------ [ 35.536067][ T1149] EA inode 11 i_nlink=2 [ 35.536201][ T1149] WARNING: CPU: 1 PID: 1149 at fs/ext4/xattr.c:1006 ext4_xattr_inode_update_ref+0x4e2/0x540 [ 35.551142][ T1149] Modules linked in: [ 35.555092][ T1149] CPU: 1 PID: 1149 Comm: syz.3.365 Not tainted syzkaller #0 [ 35.562822][ T1149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 35.573027][ T1149] RIP: 0010:ext4_xattr_inode_update_ref+0x4e2/0x540 [ 35.581237][ T1149] Code: 7c 24 40 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 cf ce bd ff 49 8b 37 48 c7 c7 40 8e 4f 85 89 da e8 4e dc bf 02 <0f> 0b 4c 8b 64 24 08 4c 8b 7c 24 10 e9 a9 fe ff ff e8 18 8d c3 02 [ 35.601003][ T1149] RSP: 0018:ffffc90000cb7180 EFLAGS: 00010246 [ 35.607116][ T1149] RAX: 8409ab6b6af99900 RBX: 0000000000000002 RCX: 0000000000080000 [ 35.615238][ T1149] RDX: ffffc90001b7d000 RSI: 0000000000008542 RDI: 0000000000008543 [ 35.623338][ T1149] RBP: ffffc90000cb7270 R08: ffff8881f7127493 R09: 1ffff1103ee24e92 [ 35.631597][ T1149] R10: dffffc0000000000 R11: ffffed103ee24e93 R12: ffff888111e24778 [ 35.639916][ T1149] R13: 1ffff110223c491b R14: dffffc0000000000 R15: ffff888111e247b8 [ 35.648170][ T1149] FS: 00007faf7837c6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 35.666639][ T1149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.674840][ T1149] CR2: 00007ff22fbb9ff8 CR3: 000000010caa5000 CR4: 00000000003506a0 [ 35.694012][ T1149] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.706385][ T1149] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.732488][ T1149] Call Trace: [ 35.735975][ T1149] [ 35.738939][ T1149] ? ext4_xattr_block_csum+0x590/0x590 [ 35.759630][ T1149] ? ext4_xattr_inode_dec_ref_all+0x389/0xfc0 [ 35.765847][ T1149] ext4_xattr_inode_dec_ref_all+0x960/0xfc0 [ 35.772168][ T1149] ? errseq_check+0x41/0x80 [ 35.794294][ T1149] ? ext4_xattr_delete_inode+0xca0/0xca0 [ 35.800417][ T1149] ? __ext4_journal_ensure_credits+0x430/0x430 [ 35.807129][ T1149] ? ext4_get_inode_loc+0x100/0x130 [ 35.813276][ T1149] ext4_xattr_delete_inode+0xad1/0xca0 [ 35.820391][ T1149] ? ext4_expand_extra_isize_ea+0x1930/0x1930 [ 35.826639][ T1149] ext4_evict_inode+0xe50/0x1460 [ 35.837391][ T1149] ? _raw_spin_unlock+0x4d/0x70 [ 35.842566][ T1149] ? ext4_inode_is_fast_symlink+0x3a0/0x3a0 [ 35.850316][ T1149] ? unlock_new_inode+0x97/0xc0 [ 35.855642][ T1149] ? ext4_inode_is_fast_symlink+0x3a0/0x3a0 [ 35.863170][ T1149] evict+0x4c9/0x8d0 [ 35.867252][ T1149] ? proc_nr_inodes+0x310/0x310 [ 35.880288][ T1149] ? _raw_spin_lock+0x94/0xf0 [ 35.885128][ T1149] ? _raw_spin_trylock_bh+0x150/0x150 [ 35.890897][ T1149] ? __kasan_check_write+0x14/0x20 [ 35.896342][ T1149] iput+0x635/0x7c0 [ 35.908939][ T1149] ext4_process_orphan+0x2b1/0x320 [ 35.914612][ T1149] ext4_orphan_cleanup+0x9ee/0x10f0 [ 35.920852][ T1149] ? ext4_orphan_del+0xbf0/0xbf0 [ 35.926432][ T1149] ? errseq_check_and_advance+0x66/0x130 [ 35.935162][ T1149] ext4_fill_super+0x84b2/0x8bd0 [ 35.940445][ T1149] ? ext4_mount+0x40/0x40 [ 35.945328][ T1149] ? set_blocksize+0x1eb/0x370 [ 35.957221][ T1149] ? sb_set_blocksize+0xaa/0xf0 [ 35.962526][ T1149] ? ext4_mount+0x40/0x40 [ 35.967308][ T1149] mount_bdev+0x2ae/0x3e0 [ 35.972906][ T1149] ? ext4_mount+0x40/0x40 [ 35.977588][ T1149] ext4_mount+0x34/0x40 [ 35.982606][ T1149] legacy_get_tree+0xed/0x190 [ 35.987518][ T1149] ? ext4_errno_to_code+0x160/0x160 [ 35.993570][ T1149] vfs_get_tree+0x89/0x260 [ 35.999562][ T1149] do_new_mount+0x25a/0xa20 [ 36.004465][ T1149] path_mount+0x659/0xff0 [ 36.009483][ T1149] ? user_path_at_empty+0x161/0x1c0 [ 36.014878][ T1149] __se_sys_mount+0x320/0x390 [ 36.020215][ T1149] ? __x64_sys_mount+0xd0/0xd0 [ 36.025136][ T1149] __x64_sys_mount+0xbf/0xd0 [ 36.034421][ T1149] x64_sys_call+0x6bf/0x9a0 [ 36.039456][ T1149] do_syscall_64+0x4c/0xa0 [ 36.044073][ T1149] ? clear_bhb_loop+0x50/0xa0 [ 36.048880][ T1149] ? clear_bhb_loop+0x50/0xa0 [ 36.055353][ T1149] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 36.061611][ T1149] RIP: 0033:0x7faf799230ca [ 36.066217][ T1149] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 36.087804][ T1200] netlink: 44 bytes leftover after parsing attributes in process `syz.1.388'. [ 36.097976][ T1149] RSP: 002b:00007faf7837be58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 36.106757][ T1149] RAX: ffffffffffffffda RBX: 00007faf7837bee0 RCX: 00007faf799230ca [ 36.115908][ T1149] RDX: 0000200000000080 RSI: 00002000000001c0 RDI: 00007faf7837bea0 [ 36.118965][ T1199] netlink: 'syz.1.388': attribute type 1 has an invalid length. [ 36.124628][ T1149] RBP: 0000200000000080 R08: 00007faf7837bee0 R09: 0000000000800718 [ 36.134032][ T1199] netlink: 256 bytes leftover after parsing attributes in process `syz.1.388'. [ 36.141447][ T1149] R10: 0000000000800718 R11: 0000000000000246 R12: 00002000000001c0 [ 36.151876][ T1199] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.160341][ T1149] R13: 00007faf7837bea0 R14: 0000000000000492 R15: 00002000000000c0 [ 36.190820][ T1149] [ 36.194339][ T1149] ---[ end trace bb5b5e036d4f2610 ]--- [ 36.201612][ T1149] EXT4-fs (loop3): 1 orphan inode deleted [ 36.207822][ T1149] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,journal_dev=0x00000000040000ff,debug_want_extra_isize=0x000000000000005c,nouid32,noinit_itable,acl,jqfmt=vfsv0,,errors=continue. Quota mode: none. [ 36.391911][ T1216] netlink: 28 bytes leftover after parsing attributes in process `syz.3.395'. [ 36.657646][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.665529][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.673685][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.681732][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.689894][ T307] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 36.697794][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.705496][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.713165][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.721134][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.728764][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.736362][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.743882][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.751535][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.758970][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.766652][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.774625][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.814961][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.822765][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.830852][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.838310][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.846984][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.855985][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.864383][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.872174][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.885097][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.892863][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.901702][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.909242][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.917538][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.925048][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.932786][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940475][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940502][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940522][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940543][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940565][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940585][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940604][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940623][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940644][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940664][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940685][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.940706][ T289] hid-generic 0080:0008:0000.0001: unknown main item tag 0x0 [ 36.942137][ T289] hid-generic 0080:0008:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 37.041617][ T307] usb 4-1: device descriptor read/64, error -71 [ 37.085192][ T1240] fido_id[1240]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 37.168538][ T1251] set_capacity_and_notify: 8 callbacks suppressed [ 37.168556][ T1251] loop1: detected capacity change from 0 to 8192 [ 37.223293][ T1257] loop2: detected capacity change from 0 to 1024 [ 37.231432][ T1251] loop1: p1 p2 p3 [ 37.235304][ T1251] loop1: p1 start 51379968 is beyond EOD, truncated [ 37.243247][ T1251] loop1: p3 size 100663552 extends beyond EOD, truncated [ 37.285462][ T1257] EXT4-fs (loop2): mounted filesystem without journal. Opts: nouid32,nodioread_nolock,noquota,delalloc,journal_dev=0x0000000000000009,commit=0x0000000000000000,,errors=continue. Quota mode: none. [ 37.311469][ T1257] ext4 filesystem being mounted at /77/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 37.325468][ T1257] EXT4-fs error (device loop2): ext4_map_blocks:742: inode #15: comm syz.2.414: lblock 0 mapped to illegal pblock 0 (length 1) [ 37.340176][ T1257] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 37.353452][ T1257] EXT4-fs (loop2): This should not happen!! Data will be lost [ 37.353452][ T1257] [ 37.364630][ T1257] EXT4-fs error (device loop2): ext4_ext_remove_space:2929: inode #15: comm syz.2.414: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 37.383530][ T1257] EXT4-fs error (device loop2) in ext4_setattr:5676: Corrupt filesystem [ 37.394388][ T1257] EXT4-fs error (device loop2): ext4_map_blocks:742: inode #15: block 3: comm syz.2.414: lblock 3 mapped to illegal pblock 3 (length 3) [ 37.415946][ T1257] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 37.434320][ T1257] EXT4-fs (loop2): This should not happen!! Data will be lost [ 37.434320][ T1257] [ 37.453640][ T306] EXT4-fs error (device loop2): ext4_map_blocks:742: inode #15: block 8: comm kworker/u4:3: lblock 8 mapped to illegal pblock 8 (length 8) [ 37.481724][ T306] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 37.495737][ T100] loop1: p1 p2 p3 [ 37.499753][ T100] loop1: p1 start 51379968 is beyond EOD, truncated [ 37.506675][ T306] EXT4-fs (loop2): This should not happen!! Data will be lost [ 37.506675][ T306] [ 37.516683][ T100] loop1: p3 size 100663552 extends beyond EOD, truncated [ 37.579209][ T6] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 37.592071][ T1270] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 37.669227][ T307] usb 4-1: device descriptor read/64, error -71 [ 37.686137][ T1270] loop2: detected capacity change from 0 to 1024 [ 37.720724][ T1270] EXT4-fs error (device loop2): ext4_fill_super:4863: comm syz.2.415: inode #2: comm syz.2.415: iget: illegal inode # [ 37.734142][ T1270] EXT4-fs (loop2): Remounting filesystem read-only [ 37.741501][ T1270] EXT4-fs (loop2): get root inode failed [ 37.747622][ T1270] EXT4-fs (loop2): mount failed [ 37.939239][ T307] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 37.989257][ T6] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 38.005670][ T6] usb 2-1: config 0 has no interfaces? [ 38.011929][ T6] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 38.022545][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.034281][ T6] usb 2-1: config 0 descriptor?? [ 38.309215][ T307] usb 4-1: device descriptor read/64, error -71 [ 38.379228][ T39] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 38.410216][ T6] usb 2-1: USB disconnect, device number 2 [ 38.595712][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 38.595726][ T30] audit: type=1400 audit(1779154072.382:262): avc: denied { bind } for pid=1313 comm="syz.0.436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 38.699361][ T307] usb 4-1: device descriptor read/64, error -71 [ 38.709978][ T1330] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 38.719890][ T30] audit: type=1400 audit(1779154072.512:263): avc: denied { relabelto } for pid=1329 comm="syz.0.444" name="101" dev="tmpfs" ino=530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 38.746647][ T39] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.751011][ T30] audit: type=1400 audit(1779154072.512:264): avc: denied { associate } for pid=1329 comm="syz.0.444" name="101" dev="tmpfs" ino=530 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0" [ 38.762931][ T39] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 38.785350][ T30] audit: type=1400 audit(1779154072.512:265): avc: denied { write } for pid=284 comm="syz-executor" name="101" dev="tmpfs" ino=530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 38.821106][ T307] usb usb4-port1: attempt power cycle [ 38.821372][ T30] audit: type=1400 audit(1779154072.512:266): avc: denied { remove_name } for pid=284 comm="syz-executor" name="binderfs" dev="tmpfs" ino=534 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 38.853791][ T30] audit: type=1400 audit(1779154072.512:267): avc: denied { rmdir } for pid=284 comm="syz-executor" name="101" dev="tmpfs" ino=530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 38.959270][ T39] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 38.989288][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.005213][ T39] usb 3-1: Product: syz [ 39.016012][ T39] usb 3-1: Manufacturer: syz [ 39.020743][ T39] usb 3-1: SerialNumber: syz [ 39.038031][ T30] audit: type=1400 audit(1779154072.822:268): avc: denied { map } for pid=1350 comm="syz.1.454" path="/dev/usbmon0" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 39.069802][ T39] cdc_mbim 3-1:1.0: skipping garbage [ 39.140400][ T1362] loop1: detected capacity change from 0 to 1024 [ 39.159924][ T1362] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 39.195889][ T1362] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv1,stripe=0x0000000000000004,norecovery,noauto_da_alloc,debug_want_extra_isize=0x0000000000000080,jqfmt=vfsv1,max_batch_time=0x00000000000001ff,mblk_io_submit,norecovery,,errors=continue. Quota mode: none. [ 39.249403][ T307] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 39.270580][ T1281] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 39.356876][ T1386] netlink: 'syz.0.471': attribute type 10 has an invalid length. [ 39.377138][ T1386] netlink: 40 bytes leftover after parsing attributes in process `syz.0.471'. [ 39.392444][ T1386] device wg0 entered promiscuous mode [ 39.434345][ T307] usb 4-1: device descriptor read/8, error -71 [ 39.501041][ T1281] UDC core: couldn't find an available UDC or it's busy: -16 [ 39.510184][ T1281] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 39.663420][ T307] usb 4-1: device descriptor read/8, error -71 [ 39.699318][ T1448] loop3: detected capacity change from 0 to 4096 [ 39.718414][ T1458] usb usb1: check_ctrlrecip: process 1458 (syz.0.506) requesting ep 01 but needs 81 [ 39.738387][ T1448] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 39.745959][ T1458] usb usb1: usbfs: process 1458 (syz.0.506) did not claim interface 0 before use [ 39.779363][ T1281] loop2: detected capacity change from 0 to 512 [ 39.832829][ T1469] loop3: detected capacity change from 0 to 4096 [ 39.850419][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 39.864383][ T1281] EXT4-fs (loop2): Ignoring removed oldalloc option [ 39.880629][ T1281] EXT4-fs (loop2): mounted filesystem without journal. Opts: i_version,nodiscard,oldalloc,,errors=continue. Quota mode: none. [ 39.901878][ T1469] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 39.925989][ T1469] EXT4-fs (loop3): mounted filesystem without journal. Opts: init_itable=0x0000000000000101,stripe=0x0000000000000061,journal_ioprio=0x0000000000000006,minixdf,nodiscard,nomblk_io_submit,acl,nojournal_checksum,resuid=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 39.957590][ T30] audit: type=1400 audit(1779154073.698:269): avc: denied { unlink } for pid=1468 comm="syz.3.508" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 39.986265][ T1489] 9pnet: Insufficient options for proto=fd [ 39.989564][ T30] audit: type=1400 audit(1779154073.716:270): avc: denied { create } for pid=1468 comm="syz.3.508" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 40.058613][ T30] audit: type=1400 audit(1779154073.790:271): avc: denied { nlmsg_read } for pid=1492 comm="syz.4.522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 40.131935][ T1503] netlink: 63 bytes leftover after parsing attributes in process `syz.3.525'. [ 40.171121][ T1281] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 40.189038][ T1507] loop3: detected capacity change from 0 to 512 [ 40.206039][ T39] cdc_mbim 3-1:1.0: setting tx_max = 16384 [ 40.214320][ T39] cdc_mbim 3-1:1.0: cdc-wdm0: USB WDM device [ 40.229518][ T39] cdc_mbim 3-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 3a:f7:6d:89:9a:20 [ 40.439167][ T313] usb 3-1: USB disconnect, device number 2 [ 40.456975][ T313] cdc_mbim 3-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM [ 40.980417][ T1614] netlink: 16 bytes leftover after parsing attributes in process `syz.2.565'. [ 41.042878][ T313] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 41.424074][ T313] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 41.453396][ T1635] netlink: 12 bytes leftover after parsing attributes in process `syz.0.574'. [ 41.462731][ T1635] netlink: 40 bytes leftover after parsing attributes in process `syz.0.574'. [ 41.471812][ T1635] netlink: 40 bytes leftover after parsing attributes in process `syz.0.574'. [ 41.801131][ T1667] netlink: 24 bytes leftover after parsing attributes in process `syz.1.588'. [ 41.814356][ T1667] netlink: 24 bytes leftover after parsing attributes in process `syz.1.588'. [ 41.966039][ T1678] loop3: detected capacity change from 0 to 512 [ 41.975544][ T1680] loop1: detected capacity change from 0 to 512 [ 41.997637][ T1680] SELinux: security_context_str_to_sid(staff_u) failed for (dev ?, type ?) errno=-22 [ 42.029007][ T1678] EXT4-fs error (device loop3): ext4_orphan_get:1432: comm syz.3.594: bad orphan inode 11862016 [ 42.056508][ T1680] EXT4-fs error (device loop1): ext4_orphan_get:1406: inode #15: comm syz.1.595: inode has both inline data and extents flags [ 42.075978][ T1678] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 42.100263][ T1678] ext4 filesystem being mounted at /87/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.111737][ T1680] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.595: couldn't read orphan inode 15 (err -117) [ 42.159295][ T1680] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 42.199998][ T1680] SELinux: security_context_str_to_sid(staff_u) failed for (dev loop1, type ext4) errno=-22 [ 42.338467][ T1700] netlink: 200 bytes leftover after parsing attributes in process `syz.0.602'. [ 42.355879][ T1703] loop3: detected capacity change from 0 to 2048 [ 42.444613][ T1703] EXT4-fs (loop3): mounted filesystem without journal. Opts: abort,jqfmt=vfsold,lazytime,,errors=continue. Quota mode: none. [ 42.593527][ T1734] syz.2.619 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 44.000901][ T30] kauditd_printk_skb: 44 callbacks suppressed [ 44.000916][ T30] audit: type=1326 audit(1779154077.751:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1815 comm="syz.0.654" exe="/root/ci2-android-5-15/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff54bfc2e59 code=0x7ffc0000 [ 44.048465][ T30] audit: type=1326 audit(1779154077.751:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1815 comm="syz.0.654" exe="/root/ci2-android-5-15/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff54bfc2e59 code=0x7ffc0000 [ 44.074050][ T30] audit: type=1326 audit(1779154077.790:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1815 comm="syz.0.654" exe="/root/ci2-android-5-15/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff54bfc2e59 code=0x7ffc0000 [ 44.103129][ T1820] loop2: detected capacity change from 0 to 1024 [ 44.111121][ T30] audit: type=1326 audit(1779154077.790:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1815 comm="syz.0.654" exe="/root/ci2-android-5-15/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff54bfc2e59 code=0x7ffc0000 [ 44.157054][ T30] audit: type=1326 audit(1779154077.790:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1815 comm="syz.0.654" exe="/root/ci2-android-5-15/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7ff54bfc2e59 code=0x7ffc0000 [ 44.193594][ T30] audit: type=1326 audit(1779154077.790:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1815 comm="syz.0.654" exe="/root/ci2-android-5-15/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff54bfc2e59 code=0x7ffc0000 [ 44.224668][ T30] audit: type=1326 audit(1779154077.790:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1815 comm="syz.0.654" exe="/root/ci2-android-5-15/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff54bfc2e59 code=0x7ffc0000 [ 44.257505][ T30] audit: type=1326 audit(1779154077.790:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1815 comm="syz.0.654" exe="/root/ci2-android-5-15/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7ff54bfc2e59 code=0x7ffc0000 [ 44.283289][ T1820] EXT4-fs (loop2): Ignoring removed bh option [ 44.306942][ T1820] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e80ce028, mo2=0000] [ 44.318755][ T1820] System zones: 0-1, 3-12 [ 44.331883][ T30] audit: type=1326 audit(1779154077.790:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1815 comm="syz.0.654" exe="/root/ci2-android-5-15/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff54bfc2e59 code=0x7ffc0000 [ 44.369629][ T1820] EXT4-fs error (device loop2): ext4_map_blocks:742: inode #3: block 1: comm syz.2.656: lblock 1 mapped to illegal pblock 1 (length 1) [ 44.389989][ T30] audit: type=1400 audit(1779154078.053:325): avc: denied { watch watch_reads } for pid=1825 comm="syz.0.659" path="/167" dev="tmpfs" ino=870 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 44.447809][ T1820] EXT4-fs (loop2): Remounting filesystem read-only [ 44.454772][ T1820] EXT4-fs error (device loop2): ext4_acquire_dquot:6227: comm syz.2.656: Failed to acquire dquot type 0 [ 44.474498][ T1820] EXT4-fs (loop2): Remounting filesystem read-only [ 44.481265][ T1820] EXT4-fs error (device loop2): ext4_free_blocks:6231: comm syz.2.656: Freeing blocks not in datazone - block = 0, count = 4096 [ 44.506007][ T1820] EXT4-fs (loop2): Remounting filesystem read-only [ 44.512745][ T1820] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.656: Invalid inode bitmap blk 0 in block_group 0 [ 44.527368][ T45] EXT4-fs error (device loop2): ext4_map_blocks:632: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 44.542419][ T1820] EXT4-fs (loop2): Remounting filesystem read-only [ 44.549083][ T1820] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 44.553651][ T45] EXT4-fs (loop2): Remounting filesystem read-only [ 44.571281][ T1820] EXT4-fs (loop2): Remounting filesystem read-only [ 44.577962][ T1820] EXT4-fs (loop2): 1 orphan inode deleted [ 44.586015][ T45] EXT4-fs error (device loop2): ext4_release_dquot:6263: comm kworker/u4:2: Failed to release dquot type 0 [ 44.595635][ T1820] EXT4-fs (loop2): mounted filesystem without journal. Opts: ; usrquota,auto_da_alloc,bh,max_batch_time=0x00000000000008c9,debug,errors=remount-ro,. Quota mode: writeback. [ 44.651651][ T45] EXT4-fs (loop2): Remounting filesystem read-only [ 44.673123][ T1820] EXT4-fs error (device loop2): ext4_search_dir:1549: inode #2: block 16: comm syz.2.656: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 44.702337][ T1820] EXT4-fs (loop2): Remounting filesystem read-only [ 45.560708][ T1862] tipc: Started in network mode [ 45.574270][ T1862] tipc: Node identity 2, cluster identity 4711 [ 45.598175][ T1862] tipc: Node number set to 2 [ 45.616188][ T1862] tipc: Cannot configure node identity twice [ 45.636090][ T1864] netlink: 2048 bytes leftover after parsing attributes in process `syz.1.671'. [ 45.669633][ T1864] netlink: 24 bytes leftover after parsing attributes in process `syz.1.671'. [ 45.747762][ T1873] xt_hashlimit: size too large, truncated to 1048576 [ 45.782790][ T1871] loop3: detected capacity change from 0 to 8192 [ 46.257912][ T1928] netlink: 8 bytes leftover after parsing attributes in process `syz.0.702'. [ 46.524214][ T1961] netlink: 'syz.2.720': attribute type 3 has an invalid length. [ 46.764114][ T1997] loop1: detected capacity change from 0 to 1024 [ 46.803707][ T1997] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c801e018, mo2=0000] [ 46.823588][ T1997] EXT4-fs error (device loop1): ext4_map_blocks:632: inode #3: block 2: comm syz.1.737: lblock 2 mapped to illegal pblock 2 (length 1) [ 46.841064][ T1997] EXT4-fs error (device loop1): ext4_map_blocks:632: inode #3: block 48: comm syz.1.737: lblock 0 mapped to illegal pblock 48 (length 1) [ 46.863861][ T1997] EXT4-fs error (device loop1): ext4_acquire_dquot:6227: comm syz.1.737: Failed to acquire dquot type 0 [ 46.882550][ T1997] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5904: Corrupt filesystem [ 46.905730][ T1997] EXT4-fs error (device loop1): ext4_evict_inode:285: inode #11: comm syz.1.737: mark_inode_dirty error [ 46.928430][ T1997] EXT4-fs warning (device loop1): ext4_evict_inode:288: couldn't mark inode dirty (err -117) [ 46.947193][ T1997] EXT4-fs (loop1): 1 orphan inode deleted [ 46.954040][ T1997] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,noblock_validity,data_err=ignore,max_batch_time=0x0000000000000006,debug,nolazytime,noauto_da_alloc,,errors=continue. Quota mode: none. [ 46.974426][ T45] EXT4-fs error (device loop1): ext4_map_blocks:632: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 47.013787][ T45] EXT4-fs error (device loop1): ext4_release_dquot:6263: comm kworker/u4:2: Failed to release dquot type 0 [ 47.036022][ T306] EXT4-fs error (device loop1): ext4_map_blocks:632: inode #3: block 1: comm kworker/u4:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 47.050929][ T306] EXT4-fs error (device loop1): ext4_release_dquot:6263: comm kworker/u4:3: Failed to release dquot type 0 [ 47.063404][ T287] EXT4-fs error (device loop1): __ext4_get_inode_loc:4365: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 47.081270][ T287] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5904: Corrupt filesystem [ 47.091452][ T287] EXT4-fs error (device loop1): ext4_quota_off:6533: inode #3: comm syz-executor: mark_inode_dirty error [ 47.161452][ T2040] loop2: detected capacity change from 0 to 128 [ 47.210110][ T2040] FAT-fs (loop2): Unrecognized mount option "0177777777777777777777718446744073709551615uI[ sq [ 47.210110][ T2040] |^ĕ&k_NN7*Z" or missing value [ 47.686205][ T2054] loop1: detected capacity change from 0 to 1024 [ 47.714847][ T2054] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 47.766617][ T2054] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_nolock,norecovery,min_batch_time=0x0000000000000001,nojournal_checksum,debug_want_extra_isize=0x0000000000000080,nodelalloc,errors=remount-ro,acl,auto_da_alloc=0x0000000000000343,jqfmt=vfsold,barrier=0x00000000000000. Quota mode: none. [ 48.079036][ T2079] loop3: detected capacity change from 0 to 512 [ 48.100804][ T2079] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 48.126190][ T2079] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 48.159732][ T2079] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.774: invalid indirect mapped block 9 (level 0) [ 48.204982][ T2079] EXT4-fs (loop3): 1 truncate cleaned up [ 48.232728][ T2079] EXT4-fs (loop3): mounted filesystem without journal. Opts: init_itable,journal_ioprio=0x0000000000000007,dioread_lock,,errors=continue. Quota mode: none. [ 48.313466][ T2099] loop1: detected capacity change from 0 to 128 [ 48.349351][ T2108] netlink: 24 bytes leftover after parsing attributes in process `syz.2.787'. [ 48.370984][ T2099] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 48.383199][ T2099] ext4 filesystem being mounted at /148/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 48.524882][ T2130] loop1: detected capacity change from 0 to 1024 [ 48.996920][ T2159] loop2: detected capacity change from 0 to 512 [ 49.090339][ T2177] loop1: detected capacity change from 0 to 128 [ 49.114126][ T2159] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,noinit_itable,abort,bsdgroups,,errors=continue. Quota mode: writeback. [ 49.130057][ T2159] ext4 filesystem being mounted at /134/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.158004][ T2176] loop3: detected capacity change from 0 to 8192 [ 49.196183][ T2177] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 49.239952][ T2177] ext4 filesystem being mounted at /154/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 49.276839][ T2176] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 2074) [ 49.295061][ T2176] FAT-fs (loop3): Filesystem has been set read-only [ 49.321104][ T2184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.819'. [ 49.330227][ T2184] netlink: 40 bytes leftover after parsing attributes in process `syz.3.819'. [ 49.370381][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 49.370400][ T30] audit: type=1400 audit(1779154082.847:358): avc: denied { connect } for pid=2187 comm="syz.3.821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 49.408583][ T2190] loop1: detected capacity change from 0 to 1024 [ 49.446509][ T2190] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 49.457743][ T2190] ext4 filesystem being mounted at /155/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.497156][ T30] audit: type=1400 audit(1779154082.969:359): avc: denied { bind } for pid=2197 comm="syz.2.824" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 49.533194][ T2200] loop3: detected capacity change from 0 to 1024 [ 49.590633][ T2207] device vlan3 entered promiscuous mode [ 49.596439][ T2207] device gretap0 entered promiscuous mode [ 49.617107][ T2200] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 49.679858][ T2200] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 49.738521][ T2221] loop2: detected capacity change from 0 to 1024 [ 49.801744][ T30] audit: type=1400 audit(1779154083.249:360): avc: denied { create } for pid=2230 comm="syz.3.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 49.840096][ T30] audit: type=1400 audit(1779154083.249:361): avc: denied { read } for pid=2230 comm="syz.3.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 49.861104][ T2221] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,,errors=continue. Quota mode: writeback. [ 49.899260][ T30] audit: type=1400 audit(1779154083.342:362): avc: denied { read write } for pid=2233 comm="syz.0.840" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 49.995833][ T30] audit: type=1400 audit(1779154083.342:363): avc: denied { open } for pid=2233 comm="syz.0.840" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 50.067815][ T2247] netlink: 8 bytes leftover after parsing attributes in process `syz.2.844'. [ 50.291689][ T2259] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 50.368216][ T10] EXT4-fs error (device loop1): ext4_map_blocks:742: inode #15: comm kworker/u4:1: lblock 0 mapped to illegal pblock 0 (length 6) [ 50.394188][ T10] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 50.407682][ T10] EXT4-fs (loop1): This should not happen!! Data will be lost [ 50.407682][ T10] [ 50.412557][ T2277] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 50.428746][ T2277] ext4 filesystem being mounted at /147/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.446915][ T10] EXT4-fs error (device loop1): ext4_map_blocks:742: inode #15: block 8: comm kworker/u4:1: lblock 8 mapped to illegal pblock 8 (length 8) [ 50.461953][ T10] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 50.474614][ T10] EXT4-fs (loop1): This should not happen!! Data will be lost [ 50.474614][ T10] [ 50.679598][ T2284] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 50.716209][ T2284] ext4 filesystem being mounted at /150/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.832771][ T2290] netlink: 4 bytes leftover after parsing attributes in process `syz.2.866'. [ 51.050228][ T30] audit: type=1400 audit(1779154084.423:364): avc: denied { getopt } for pid=2314 comm="syz.1.876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 51.107350][ T2332] netlink: 8 bytes leftover after parsing attributes in process `syz.4.886'. [ 51.238020][ T30] audit: type=1400 audit(1779154084.581:365): avc: denied { read } for pid=2359 comm="syz.3.899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 51.273539][ T30] audit: type=1326 audit(1779154084.618:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2361 comm="syz.1.898" exe="/root/ci2-android-5-15/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78d1f81e59 code=0x7ffc0000 [ 51.328989][ T30] audit: type=1326 audit(1779154084.618:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2361 comm="syz.1.898" exe="/root/ci2-android-5-15/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78d1f81e59 code=0x7ffc0000 [ 51.925218][ T2407] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 51.936214][ T2407] ext4 filesystem being mounted at /171/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 52.084795][ T2436] mmap: syz.4.931 (2436) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 52.135712][ T2439] EXT4-fs (loop2): mounted filesystem without journal. Opts: mb_optimize_scan=0x0000000000000000,init_itable,bsdgroups,,errors=continue. Quota mode: writeback. [ 52.367948][ T2468] netlink: 36 bytes leftover after parsing attributes in process `syz.4.945'. [ 52.448076][ T2472] xt_hashlimit: size too large, truncated to 1048576 [ 52.621905][ T2485] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 52.664811][ T2485] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,norecovery,min_batch_time=0x0000000000000001,nojournal_checksum,debug_want_extra_isize=0x0000000000000080,nodelalloc,errors=remount-ro,acl,auto_da_alloc=0x0000000000000343,jqfmt=vfsold,barrier=0x00000000000000. Quota mode: none. [ 53.037290][ T2504] fuse: Bad value for 'fd' [ 53.166621][ T2528] set_capacity_and_notify: 9 callbacks suppressed [ 53.166635][ T2528] loop1: detected capacity change from 0 to 512 [ 53.200580][ T2528] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 53.214199][ T2528] ext4 filesystem being mounted at /182/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.392316][ T2556] tipc: Enabling of bearer rejected, media not registered [ 53.441318][ T2562] bridge: RTM_NEWNEIGH with invalid ether address [ 53.448179][ T2562] bridge: RTM_NEWNEIGH with invalid ether address [ 54.604175][ T2647] loop2: detected capacity change from 0 to 1024 [ 54.622402][ T2647] EXT4-fs (loop2): Ignoring removed bh option [ 54.639869][ T2647] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000010,bh,init_itable,. Quota mode: none. [ 54.689134][ T288] EXT4-fs error (device loop2): ext4_read_inline_dir:1632: inode #12: block 7: comm syz-executor: path /183/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 54.712051][ T288] EXT4-fs (loop2): Remounting filesystem read-only [ 54.719453][ T288] EXT4-fs error (device loop2): ext4_read_inline_dir:1632: inode #12: block 7: comm syz-executor: path /183/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 54.747657][ T288] EXT4-fs (loop2): Remounting filesystem read-only [ 54.764815][ T288] EXT4-fs error (device loop2): empty_inline_dir:1887: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 54.808685][ T2641] loop1: detected capacity change from 0 to 40427 [ 54.818006][ T288] EXT4-fs (loop2): Remounting filesystem read-only [ 54.833731][ T2641] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 54.842930][ T288] EXT4-fs warning (device loop2): empty_inline_dir:1894: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 54.862231][ T2641] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 54.871375][ T288] EXT4-fs error (device loop2): ext4_read_inline_dir:1632: inode #12: block 7: comm syz-executor: path /183/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 54.894377][ T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 54.902129][ T288] EXT4-fs (loop2): Remounting filesystem read-only [ 54.909012][ T288] EXT4-fs error (device loop2): ext4_read_inline_dir:1632: inode #12: block 7: comm syz-executor: path /183/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 54.931500][ T288] EXT4-fs (loop2): Remounting filesystem read-only [ 54.938327][ T288] EXT4-fs error (device loop2): empty_inline_dir:1887: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 54.959069][ T288] EXT4-fs (loop2): Remounting filesystem read-only [ 54.965727][ T288] EXT4-fs warning (device loop2): empty_inline_dir:1894: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 54.980305][ T288] EXT4-fs error (device loop2): ext4_read_inline_dir:1632: inode #12: block 7: comm syz-executor: path /183/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 55.023656][ T288] EXT4-fs (loop2): Remounting filesystem read-only [ 55.030435][ T288] EXT4-fs error (device loop2): ext4_read_inline_dir:1632: inode #12: block 7: comm syz-executor: path /183/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 55.068778][ T288] EXT4-fs (loop2): Remounting filesystem read-only [ 55.075968][ T288] EXT4-fs error (device loop2): empty_inline_dir:1887: inode #12: block 7: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=20, inode=14, rec_len=40, size=60 fake=0 [ 55.108279][ T2641] F2FS-fs (loop1): Found nat_bits in checkpoint [ 55.140034][ T288] EXT4-fs (loop2): Remounting filesystem read-only [ 55.150769][ T288] EXT4-fs warning (device loop2): empty_inline_dir:1894: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 55.173734][ T2641] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 55.181262][ T288] EXT4-fs error (device loop2): ext4_read_inline_dir:1632: inode #12: block 7: comm syz-executor: path /183/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=40, inode=14, rec_len=40, size=80 fake=0 [ 55.203992][ T2641] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 55.231340][ T288] EXT4-fs (loop2): Remounting filesystem read-only [ 55.272094][ T288] EXT4-fs warning (device loop2): empty_inline_dir:1894: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 55.329066][ T288] EXT4-fs warning (device loop2): empty_inline_dir:1894: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 55.364189][ T288] EXT4-fs warning (device loop2): empty_inline_dir:1894: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 55.412038][ T288] EXT4-fs warning (device loop2): empty_inline_dir:1894: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 55.459298][ T288] EXT4-fs warning (device loop2): empty_inline_dir:1894: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 55.502529][ T288] EXT4-fs warning (device loop2): empty_inline_dir:1894: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 55.542044][ T288] EXT4-fs warning (device loop2): empty_inline_dir:1894: bad inline directory (dir #12) - inode 14, rec_len 40, name_len 255inline size 60 [ 55.558847][ T30] kauditd_printk_skb: 90 callbacks suppressed [ 55.558863][ T30] audit: type=1400 audit(1779154088.596:458): avc: denied { create } for pid=2650 comm="syz.4.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 55.664297][ T2677] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1036'. [ 55.843888][ T2681] loop1: detected capacity change from 0 to 1024 [ 55.858506][ T6] usb 1-1: Using ep0 maxpacket: 32 [ 55.915476][ T2681] EXT4-fs (loop1): Ignoring removed bh option [ 55.924790][ T45] tipc: Left network mode [ 55.956673][ T2681] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,dioread_lock,barrier=0x0000000000000004,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000010,bh,init_itable,. Quota mode: none. [ 55.999052][ T6] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 56.083753][ T30] audit: type=1400 audit(1779154089.077:459): avc: denied { mounton } for pid=2694 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 56.217373][ T6] usb 1-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40 [ 56.253783][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.271201][ T2694] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.281747][ T2694] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.291152][ T2694] device bridge_slave_0 entered promiscuous mode [ 56.298162][ T2717] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1060'. [ 56.300701][ T2694] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.314599][ T2694] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.317606][ T6] usb 1-1: Product: syz [ 56.323203][ T2694] device bridge_slave_1 entered promiscuous mode [ 56.334181][ T2717] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1060'. [ 56.343581][ T2717] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1060'. [ 56.368700][ T6] usb 1-1: Manufacturer: syz [ 56.383858][ T6] usb 1-1: SerialNumber: syz [ 56.445513][ T2694] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.452643][ T2694] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.460178][ T2694] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.467345][ T2694] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.505984][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.520890][ T474] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.531557][ T474] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.553118][ T2724] loop1: detected capacity change from 0 to 512 [ 56.564464][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.583062][ T474] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.590363][ T474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.599254][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.607622][ T474] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.614710][ T474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.632760][ T2724] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,usrquota,minixdf,nombcache,. Quota mode: writeback. [ 56.650250][ T2644] tmpfs: Unknown parameter 'grpquota_inode_hardlimit' [ 56.662729][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.669043][ T2724] ext4 filesystem being mounted at /189/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 56.672852][ T20] usb 1-1: USB disconnect, device number 2 [ 56.687475][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.711931][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.730361][ T45] device bridge_slave_1 left promiscuous mode [ 56.736774][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.744516][ T45] device bridge_slave_0 left promiscuous mode [ 56.750953][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.765445][ T45] device veth1_macvtap left promiscuous mode [ 56.771638][ T45] device veth0_vlan left promiscuous mode [ 56.879024][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 56.888283][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.897022][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 56.905398][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.914506][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.922877][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.931562][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.940210][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.955095][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.965979][ T2694] device veth0_vlan entered promiscuous mode [ 56.975175][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.983108][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 57.003038][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.011608][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.038386][ T2694] device veth1_macvtap entered promiscuous mode [ 57.049985][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.058035][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.066990][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.077187][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.086086][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.101615][ T30] audit: type=1400 audit(1779154090.021:460): avc: denied { mount } for pid=2694 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 57.127631][ T30] audit: type=1400 audit(1779154090.048:461): avc: denied { mounton } for pid=2694 comm="syz-executor" path="/root/syzkaller.U5fubR/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 57.243013][ T2747] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1059'. [ 57.305321][ T2757] loop1: detected capacity change from 0 to 2048 [ 57.428672][ T2757] EXT4-fs (loop1): mounted filesystem without journal. Opts: abort,jqfmt=vfsold,lazytime,,errors=continue. Quota mode: none. [ 57.797477][ T2770] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1072'. [ 57.808593][ T2770] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1072'. [ 57.906100][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 57.920007][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.939206][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 57.953673][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.969347][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.984004][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.997164][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.021149][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.381170][ T2802] loop2: detected capacity change from 0 to 8192 [ 58.433701][ T310] loop2: p1 p2 p3 [ 58.438054][ T310] loop2: p1 start 51379968 is beyond EOD, truncated [ 58.468114][ T2818] tipc: Enabling of bearer rejected, failed to enable media [ 58.479634][ T310] loop2: p3 size 100663552 extends beyond EOD, truncated [ 58.495594][ T2802] loop2: p1 p2 p3 [ 58.499702][ T2802] loop2: p1 start 51379968 is beyond EOD, truncated [ 58.514748][ T2802] loop2: p3 size 100663552 extends beyond EOD, truncated [ 58.681002][ T310] udevd[310]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 58.681003][ T324] udevd[324]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 58.714073][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 59.119645][ T2846] device veth0_vlan left promiscuous mode [ 59.183710][ T2846] device veth0_vlan entered promiscuous mode [ 59.268667][ T2846] syz.1.1104 (2846) used greatest stack depth: 20992 bytes left [ 59.307852][ T2859] usb usb1: check_ctrlrecip: process 2859 (syz.1.1105) requesting ep 01 but needs 81 [ 59.322296][ T2859] usb usb1: usbfs: process 2859 (syz.1.1105) did not claim interface 0 before use [ 59.430734][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 59.444631][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.459139][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 59.474005][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 59.482674][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.491248][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.500136][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.508727][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.517229][ T474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.541648][ T2874] tipc: Enabling of bearer rejected, failed to enable media [ 59.569255][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 59.697269][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.705489][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.713026][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.720816][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.728686][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.736719][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.752782][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.774385][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.792620][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.811239][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.828229][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.843880][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.862260][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.878106][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.894131][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.913003][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.931635][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.943345][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.951132][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.966456][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.979183][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.987070][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 59.994676][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.002875][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.010489][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.040078][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.055820][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.063549][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.071585][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.079167][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.086748][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.094349][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.102636][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.110240][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.117726][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.125307][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.133192][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.140832][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.148484][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.156316][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.163792][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.171348][ T2853] hid-generic 0080:0008:0000.0002: unknown main item tag 0x0 [ 60.180065][ T2853] hid-generic 0080:0008:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 60.254439][ T2886] fido_id[2886]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 60.425765][ T2890] device veth0_vlan left promiscuous mode [ 60.434853][ T2890] device veth0_vlan entered promiscuous mode [ 60.569888][ T2895] tipc: Enabled bearer , priority 0 [ 60.592930][ T2895] device syzkaller0 entered promiscuous mode [ 60.608203][ T2892] tipc: Resetting bearer [ 60.671071][ T2892] tipc: Disabling bearer [ 61.013338][ T2905] xt_hashlimit: size too large, truncated to 1048576 [ 61.234460][ T2911] loop2: detected capacity change from 0 to 512 [ 61.272848][ T2909] xt_hashlimit: size too large, truncated to 1048576 [ 61.298808][ T30] audit: type=1400 audit(1779154093.902:462): avc: denied { mount } for pid=2908 comm="syz.4.1129" name="/" dev="ramfs" ino=23379 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 61.662249][ T2933] loop2: detected capacity change from 0 to 512 [ 61.724289][ T2933] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 61.738909][ T2933] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 61.748152][ T2933] EXT4-fs error (device loop2): ext4_get_branch:178: inode #13: block 1024: comm syz.2.1141: invalid block [ 61.760241][ T2933] EXT4-fs (loop2): Remounting filesystem read-only [ 61.767312][ T2933] EXT4-fs (loop2): 1 truncate cleaned up [ 61.773032][ T2933] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.". Quota mode: writeback. [ 61.796017][ T2933] EXT4-fs warning (device loop2): ext4_resize_begin:73: won't resize using backup superblock at 1 [ 62.362305][ T2973] loop1: detected capacity change from 0 to 256 [ 62.836000][ T2996] loop2: detected capacity change from 0 to 128 [ 62.898273][ T2996] xt_hashlimit: size too large, truncated to 1048576 [ 63.665076][ T3030] overlayfs: missing 'lowerdir' [ 66.029223][ T3125] loop1: detected capacity change from 0 to 512 [ 66.519740][ T30] audit: type=1400 audit(1779154098.722:463): avc: denied { create } for pid=3143 comm="syz.2.1227" dev="anon_inodefs" ino=24746 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 66.758499][ T2853] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 66.827606][ T3148] ================================================================== [ 66.836303][ T3148] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x870/0x3240 [ 66.844483][ T3148] Read of size 8 at addr ffff8881149648c0 by task syz.0.1229/3148 [ 66.852585][ T3148] [ 66.855036][ T3148] CPU: 0 PID: 3148 Comm: syz.0.1229 Tainted: G W syzkaller #0 [ 66.863954][ T3148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 66.874123][ T3148] Call Trace: [ 66.877500][ T3148] [ 66.880537][ T3148] __dump_stack+0x21/0x30 [ 66.884890][ T3148] dump_stack_lvl+0x110/0x170 [ 66.889582][ T3148] ? show_regs_print_info+0x20/0x20 [ 66.894791][ T3148] ? load_image+0x3e0/0x3e0 [ 66.899327][ T3148] print_address_description+0x7f/0x2c0 [ 66.904907][ T3148] ? tc_setup_flow_action+0x870/0x3240 [ 66.910413][ T3148] kasan_report+0xf1/0x140 [ 66.915035][ T3148] ? tc_setup_flow_action+0x870/0x3240 [ 66.920615][ T3148] __asan_report_load8_noabort+0x14/0x20 [ 66.926259][ T3148] tc_setup_flow_action+0x870/0x3240 [ 66.931553][ T3148] mall_replace_hw_filter+0x2cc/0x8b0 [ 66.937110][ T3148] ? pcpu_block_update_hint_alloc+0x8c4/0xc50 [ 66.943341][ T3148] ? mall_set_parms+0x520/0x520 [ 66.948202][ T3148] ? tcf_exts_destroy+0xb0/0xb0 [ 66.953284][ T3148] ? pcpu_alloc+0x1170/0x16e0 [ 66.958010][ T3148] ? mall_set_parms+0x1e8/0x520 [ 66.962900][ T3148] mall_change+0x544/0x760 [ 66.967522][ T3148] ? __kasan_check_write+0x14/0x20 [ 66.973112][ T3148] ? mall_get+0xa0/0xa0 [ 66.977380][ T3148] ? tcf_chain_tp_insert_unique+0xac1/0xc10 [ 66.983395][ T3148] ? mall_get+0xa0/0xa0 [ 66.987788][ T3148] tc_new_tfilter+0x142f/0x19b0 [ 66.992705][ T3148] ? tcf_gate_entry_destructor+0x20/0x20 [ 66.999291][ T3148] ? __update_load_avg_cfs_rq+0xaf/0x2f0 [ 67.005518][ T3148] ? security_capable+0x87/0xb0 [ 67.010391][ T3148] ? ns_capable+0x8c/0xf0 [ 67.014756][ T3148] ? netlink_net_capable+0x125/0x160 [ 67.020270][ T3148] ? tcf_gate_entry_destructor+0x20/0x20 [ 67.026196][ T3148] rtnetlink_rcv_msg+0x871/0xce0 [ 67.031344][ T3148] ? rtnetlink_bind+0x80/0x80 [ 67.036638][ T3148] ? avc_has_perm_noaudit+0x391/0x490 [ 67.042049][ T3148] ? memcpy+0x56/0x70 [ 67.046054][ T3148] ? avc_has_perm_noaudit+0x30b/0x490 [ 67.051620][ T3148] ? arch_stack_walk+0xee/0x140 [ 67.056502][ T3148] ? avc_denied+0x1b0/0x1b0 [ 67.061123][ T3148] ? stack_trace_save+0xa6/0xf0 [ 67.066076][ T3148] ? avc_has_perm+0x163/0x250 [ 67.070871][ T3148] ? avc_has_perm_noaudit+0x490/0x490 [ 67.076259][ T3148] ? x64_sys_call+0x4b/0x9a0 [ 67.081041][ T3148] ? selinux_nlmsg_lookup+0x416/0x4c0 [ 67.086481][ T3148] netlink_rcv_skb+0x1f5/0x440 [ 67.091441][ T3148] ? rtnetlink_bind+0x80/0x80 [ 67.096309][ T3148] ? netlink_ack+0xb50/0xb50 [ 67.100914][ T3148] ? __netlink_lookup+0x387/0x3b0 [ 67.105957][ T3148] rtnetlink_rcv+0x1c/0x20 [ 67.110389][ T3148] netlink_unicast+0x876/0xa40 [ 67.115175][ T3148] netlink_sendmsg+0x879/0xb80 [ 67.119971][ T3148] ? netlink_getsockopt+0x530/0x530 [ 67.125426][ T3148] ? do_futex+0xde8/0x2800 [ 67.129896][ T3148] ? security_socket_sendmsg+0x82/0xa0 [ 67.135407][ T3148] ? netlink_getsockopt+0x530/0x530 [ 67.140653][ T3148] ____sys_sendmsg+0x5b7/0x8f0 [ 67.145488][ T3148] ? __sys_sendmsg_sock+0x40/0x40 [ 67.150633][ T3148] ? import_iovec+0x7c/0xb0 [ 67.155425][ T3148] ___sys_sendmsg+0x236/0x2e0 [ 67.160223][ T3148] ? __sys_sendmsg+0x280/0x280 [ 67.165012][ T3148] ? __kasan_check_write+0x14/0x20 [ 67.170145][ T3148] ? put_vma+0x44/0x60 [ 67.174239][ T3148] ? __fdget+0x1a1/0x230 [ 67.178585][ T3148] __x64_sys_sendmsg+0x206/0x2f0 [ 67.183538][ T3148] ? ___sys_sendmsg+0x2e0/0x2e0 [ 67.188408][ T3148] ? __kasan_check_write+0x14/0x20 [ 67.193782][ T3148] ? switch_fpu_return+0x15d/0x2c0 [ 67.198923][ T3148] x64_sys_call+0x4b/0x9a0 [ 67.203357][ T3148] do_syscall_64+0x4c/0xa0 [ 67.207789][ T3148] ? clear_bhb_loop+0x50/0xa0 [ 67.212921][ T3148] ? clear_bhb_loop+0x50/0xa0 [ 67.217797][ T3148] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.223931][ T3148] RIP: 0033:0x7ff54bfc2e59 [ 67.228389][ T3148] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 67.248360][ T3148] RSP: 002b:00007ff54aa1d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 67.256822][ T3148] RAX: ffffffffffffffda RBX: 00007ff54c23bfa0 RCX: 00007ff54bfc2e59 [ 67.264822][ T3148] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 67.272855][ T3148] RBP: 00007ff54c058d6f R08: 0000000000000000 R09: 0000000000000000 [ 67.280950][ T3148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.289097][ T3148] R13: 00007ff54c23c038 R14: 00007ff54c23bfa0 R15: 00007fffb1acb4a8 [ 67.297185][ T3148] [ 67.300229][ T3148] [ 67.302566][ T3148] Allocated by task 3148: [ 67.307096][ T3148] __kasan_kmalloc+0xda/0x110 [ 67.311797][ T3148] __kmalloc+0x13d/0x2c0 [ 67.316206][ T3148] tcf_idr_create+0x5f/0x790 [ 67.320821][ T3148] tcf_idr_create_from_flags+0x61/0x70 [ 67.326323][ T3148] tcf_gact_init+0x342/0x570 [ 67.330932][ T3148] tcf_action_init_1+0x3ff/0x6b0 [ 67.335885][ T3148] tcf_action_init+0x233/0x7a0 [ 67.340664][ T3148] tcf_exts_validate+0x24a/0x580 [ 67.345614][ T3148] mall_set_parms+0x48/0x520 [ 67.350219][ T3148] mall_change+0x478/0x760 [ 67.354651][ T3148] tc_new_tfilter+0x142f/0x19b0 [ 67.359791][ T3148] rtnetlink_rcv_msg+0x871/0xce0 [ 67.364743][ T3148] netlink_rcv_skb+0x1f5/0x440 [ 67.369524][ T3148] rtnetlink_rcv+0x1c/0x20 [ 67.373965][ T3148] netlink_unicast+0x876/0xa40 [ 67.378827][ T3148] netlink_sendmsg+0x879/0xb80 [ 67.383611][ T3148] ____sys_sendmsg+0x5b7/0x8f0 [ 67.388401][ T3148] ___sys_sendmsg+0x236/0x2e0 [ 67.393093][ T3148] __x64_sys_sendmsg+0x206/0x2f0 [ 67.398051][ T3148] x64_sys_call+0x4b/0x9a0 [ 67.402487][ T3148] do_syscall_64+0x4c/0xa0 [ 67.406929][ T3148] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.412835][ T3148] [ 67.415187][ T3148] The buggy address belongs to the object at ffff888114964800 [ 67.415187][ T3148] which belongs to the cache kmalloc-192 of size 192 [ 67.429434][ T3148] The buggy address is located 0 bytes to the right of [ 67.429434][ T3148] 192-byte region [ffff888114964800, ffff8881149648c0) [ 67.443078][ T3148] The buggy address belongs to the page: [ 67.448817][ T3148] page:ffffea0004525900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114964 [ 67.459192][ T3148] flags: 0x4000000000000200(slab|zone=1) [ 67.464963][ T3148] raw: 4000000000000200 0000000000000000 0000000100000001 ffff888100042c00 [ 67.473741][ T3148] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 67.482505][ T3148] page dumped because: kasan: bad access detected [ 67.488926][ T3148] page_owner tracks the page as allocated [ 67.494652][ T3148] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 106, ts 5803209955, free_ts 0 [ 67.509985][ T3148] post_alloc_hook+0x192/0x1b0 [ 67.514791][ T3148] prep_new_page+0x1c/0x110 [ 67.519401][ T3148] get_page_from_freelist+0x2d3a/0x2dc0 [ 67.524964][ T3148] __alloc_pages+0x1a2/0x460 [ 67.529665][ T3148] new_slab+0xa1/0x4d0 [ 67.533935][ T3148] ___slab_alloc+0x381/0x810 [ 67.538632][ T3148] __slab_alloc+0x49/0x90 [ 67.543151][ T3148] kmem_cache_alloc_trace+0x146/0x270 [ 67.548546][ T3148] kernfs_fop_open+0x343/0xb30 [ 67.553320][ T3148] do_dentry_open+0x834/0x1010 [ 67.558187][ T3148] vfs_open+0x73/0x80 [ 67.562272][ T3148] path_openat+0x26a6/0x2f20 [ 67.567174][ T3148] do_filp_open+0x1e2/0x410 [ 67.571737][ T3148] do_sys_openat2+0x15e/0x7f0 [ 67.576454][ T3148] __x64_sys_openat+0x136/0x160 [ 67.581327][ T3148] x64_sys_call+0x219/0x9a0 [ 67.585851][ T3148] page_owner free stack trace missing [ 67.591231][ T3148] [ 67.593562][ T3148] Memory state around the buggy address: [ 67.599199][ T3148] ffff888114964780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 67.607318][ T3148] ffff888114964800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 67.615484][ T3148] >ffff888114964880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 67.623994][ T3148] ^ [ 67.630522][ T3148] ffff888114964900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.638921][ T3148] ffff888114964980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 67.647093][ T3148] ================================================================== [ 67.655272][ T3148] Disabling lock debugging due to kernel taint [ 67.798278][ T2853] usb 2-1: Using ep0 maxpacket: 16 [ 67.949911][ T2853] usb 2-1: unable to get BOS descriptor or descriptor too short [ 68.014958][ T2853] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 68.022575][ T2853] usb 2-1: can't read configurations, error -71