last executing test programs: 433.51447ms ago: executing program 4 (id=1022): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f0000000b80)=ANY=[@ANYBLOB="020a061b02"], 0x10}}, 0x2008840) 349.525506ms ago: executing program 2 (id=1029): symlink(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000) 349.476756ms ago: executing program 4 (id=1030): r0 = socket$kcm(0xa, 0x922000000003, 0x11) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1={0xff, 0x2}}, 0x80, 0x0}, 0x0) 347.387686ms ago: executing program 0 (id=1032): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000540)={0x2, 0x0, 0x8, 0xf, 0x55, &(0x7f0000000140)="1a0393078ab5ad0bbaa98507319d64e53038010022239a10e9bc39aedc4566bff4080dd4b757fa6de35f5e35dc923cfef85597c3d527179e6b419d4f7979249ddb46cdc115aedab80e571ab11d1ae7b249903316672be31c558a01b885a20fd191aa02790532136e5124a42e052718874f85b6fd581128ce5d4d2ffc57a1c087b5c77d91cab76fef445fa7b5fafb1f651205a3c7af89024e9b51e18368883cf125f79c2e1c0acfdc0e9ece7f46d4c1c66ebcbe73d6a7ad42ddad04dbee5007d11da800ea0dec35e5579927a9b3d052f99a926f8dee62bf8b14c57696ad3f0b488f61b8b2aeaa2529e9ab6603dc95c3fd1e39be17f9bce55be34d5778b088ae094316fe26c0c2900f55bcbfc897f00be88425e91946cf199aad02a61c4402ac44b1cd59f496852d9d252747b9f1dfd0f5c1c1a0e6cb7a79a891e83e4e90c310c2146e13ca4a1f9124a337745590391e6ef1683e0eb383104d39b9895e2a8735977ca3468da6dfd2f1a45179f3f8c09b21bf0b962186a44dc0add2218b0147987298a6bd9ffaedf2322ad7c7666ab85e10423b356ab2646fd90ab8cb8c25c5b7ec53739fe9506c0e2e58b77b18cc64d31509f37339c7722d630f017683683869f84ca65f285bf58bb30a3795c30826f69cdbe97df5cd63b55afc8e0e122edf2f300b9c3d4902bbe8e29b1ff2b0619a178831d8cefb10294abec0712379a2a5a724cbe1d1aea26dc68cca1d7d568618679409d309effdaaba9f27a61b042804264ecc0d43f1b0603bdf6c6264cdee2c21f2f1bb349211e4cb64e9a38aa4fc0529ac239fc3784729f7e046c3eee6a029c062e784095ec57e237abdf500d70179cf3872856fc9c4608fcbf7bfc0bbfb8e6d66d07ea468b041efbbaddeff56395f7f8f29cddf4e78801230200c07fe1e3e4690c7306a92c6128b5d74c82641e08f563a5710fc4b188d1d7d31246ae9a70d78017c87890714348864b95a6f01bbdb3665bf0c6c796bdbe17e87b3307caa81c0b87d02a3b83a83c4e9003a33ec65c9adab63597b48ac3d52f9baa443080d4d454135af63ecd3050a84347ca35a389e8b3d80cd06eb05e005585d8ef0694d636b15e18a54a85550afa33acff86ca68eea843c0abd16dc338f11384e4fced47afdc1e13b9b315470ec50a4e2f8120dfa74b154aa6ee33c370eb40f50a6673abf0348e6e2b7bc342c84da2e9e3c9e6f4e330479e6abca20558d78377dbe97c80d62545e5b9eb598ddfa3ccd9ddb04bda8d31f3329733aeedede15e3f598f0350a544150cab4aac8f229a3195e5a98c12f015affdafab4b157372f95e91db77afefe47a2961fafce28db5636bb829471dca4f5a4c31530e6e7252db5324d68c256fdf670562df31eb99c8f51a93f32c443f4585e3ba29ea52cb6eec0c8a19ea5c4daf0e798c32dad1c175cb2863169cec53a99"}) 325.235608ms ago: executing program 3 (id=1033): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r0, 0x40f, &(0x7f0000000000)={0x0, 0x2, 0x0, 0xfffffffffffffff5}) 319.664398ms ago: executing program 2 (id=1034): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setresgid(0xee01, 0xffffffffffffffff, 0xffffffffffffffff) 269.795211ms ago: executing program 4 (id=1035): syz_clone(0x289a2400, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) 269.655301ms ago: executing program 3 (id=1037): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e06bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23870140cde10e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b27663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3800000000000000009c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fba6f421145c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488a0200000000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e4a59414329a7c7f2fad6bc871f5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561fe589e0d12969bc982ff3f0000006c0c6c747d9a1cc500bb89283a16ff10feea20bdac0000000000000000ca06f256a55591019465f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ee40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a3dc4e97f7fda840bcdd3afaa0d7c3c229de4f0f4ac4d04f1a4e52e38325ca2e5f1f9caaa7234053eca09ec3c8c16940bc3edfb2e016f355391c0e7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000638877fbac141416ac14141644089f034d2f87e5070f0cab845013f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) 269.612001ms ago: executing program 2 (id=1038): r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000cc0)={0xa, 0x4e20, 0x1, @ipv4={'\x00', '\xff\xff', @broadcast}, 0xffffffff}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=[@pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2d}}}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x9}}], 0x40}, 0x20044084) 262.163942ms ago: executing program 0 (id=1039): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000009e40)=ANY=[@ANYBLOB="380000001a0001000000000000e1ffff80808000000000000000000014000100fc00000000000000000000000000000008000f"], 0x38}}, 0x0) 250.962003ms ago: executing program 1 (id=1040): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001803000018014000300fe8000000000000000002000000000aa14000400ff0100000000000000000000000000010c00028005000100"], 0x98}}, 0x0) 181.717708ms ago: executing program 2 (id=1041): timer_create(0x3, &(0x7f0000000180)={0x0, 0x41, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000380)=0x0) timer_settime(r0, 0x0, &(0x7f0000000480)={{}, {0x77359400}}, &(0x7f0000000900)) 181.605158ms ago: executing program 4 (id=1042): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) 181.551078ms ago: executing program 1 (id=1043): unshare(0x2a060400) syz_clone(0x1b4a100, 0x0, 0x0, 0x0, 0x0, 0x0) 178.008988ms ago: executing program 0 (id=1044): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x1c, 0x3e, 0x9, 0x0, 0x800, {0x3}, [@typed={0x8, 0x2, 0x0, 0x0, @u32=0x800}]}, 0x1c}}, 0x0) 168.985718ms ago: executing program 3 (id=1045): r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000040)) 136.58145ms ago: executing program 2 (id=1046): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000200)=""/208, &(0x7f0000000300)=0xd0) 136.492261ms ago: executing program 4 (id=1047): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCXONC(r0, 0x540a, 0x3) 136.14684ms ago: executing program 1 (id=1048): r0 = socket(0x10, 0x803, 0x0) sendmsg$netlink(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="4c0100002600030628bd7000fedbdf253c01ce800c00e900636d646c696e65002a01f88008001b00020000009d0042800400f0800800ca00", @ANYRES32, @ANYBLOB="26fe11205f1414bb0c002600636d646c696e65000400f18004009480040049800f105b16c49641e8fd64b462811c336fa2653bcb1e8aaaf42598ba34aaf0ae6dcbd7a433dad545327231ce67e4c39c3ce15d8af032b6505c895578e1d4f942ac692b8992fb62f19d59b74ee39513c98d23a5d2ca03c1cedfcc819f1dd6d945943d7c191829abf21d9375c23e33000000540005"], 0x14c}], 0x1}, 0x40) 93.734253ms ago: executing program 0 (id=1049): fsopen(&(0x7f00000001c0)='sysfs\x00', 0x0) close(0x3) 93.619153ms ago: executing program 2 (id=1050): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0xe874, 0x8000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0xee}]}, 0x3c}}, 0x0) 90.527784ms ago: executing program 3 (id=1051): unshare(0x2040400) syz_io_uring_setup(0x3c5f, &(0x7f0000000240)={0x0, 0xa612, 0x27, 0x2}, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000000)) 85.739764ms ago: executing program 0 (id=1052): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f00000004c0)={{0x2, 0x4e21, @broadcast}, {0x306, @multicast}, 0x28, {0x2, 0x4e24, @broadcast}, 'veth0_macvtap\x00'}) 82.368395ms ago: executing program 1 (id=1053): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000002000000000000000100008018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000450000001801000020756c2500000000002020207b1a00ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000095"], &(0x7f0000000800)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) 53.085906ms ago: executing program 4 (id=1054): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x439, 0x70bd2a, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x8003, 0x610c3}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0xffffffff}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040) 5.71053ms ago: executing program 3 (id=1055): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x48}}, 0x0) 5.60663ms ago: executing program 1 (id=1056): r0 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) pwritev(r0, &(0x7f00000005c0)=[{&(0x7f0000000140)='0', 0x1}, {0x0, 0xfe17}], 0x2, 0x7, 0x20001) 5.51856ms ago: executing program 0 (id=1057): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)=[0xfffffffffffffff7], 0x0, 0x0, 0x1}}, 0x40) 297.63µs ago: executing program 3 (id=1058): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0x22, 0x0, &(0x7f00000000c0)="f6f4e9a1d78ad62ceef178bb3fb7dbfc8180ca8395ccfda2e499b3b5218100000000", 0x0, 0xa1b, 0x0, 0x2, 0x0, &(0x7f0000000700)="010a", 0x0}, 0x50) 0s ago: executing program 1 (id=1059): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000009c0)={0x24, 0x13, 0x0, 0x101, 0x0, 0x25dfdbfe, {0x5}, [@typed={0x8, 0x54, 0x0, 0x0, @u32=0x6}, @nested={0x8, 0xe8, 0x0, 0x1, [@nested={0x4, 0x43}]}]}, 0x24}}, 0x0) kernel console output (not intermixed with test programs): [ 18.873503][ T28] audit: type=1400 audit(1775654173.577:62): avc: denied { search } for pid=3192 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 18.896068][ T28] audit: type=1400 audit(1775654173.577:63): avc: denied { search } for pid=3192 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=483 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 18.918828][ T28] audit: type=1400 audit(1775654173.577:64): avc: denied { search } for pid=3192 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=488 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 18.942043][ T28] audit: type=1400 audit(1775654173.577:65): avc: denied { search } for pid=3192 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=489 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 18.965490][ T28] audit: type=1400 audit(1775654173.577:66): avc: denied { read open } for pid=3193 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=489 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 Warning: Permanently added '10.128.0.156' (ED25519) to the list of known hosts. [ 22.846117][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 22.846131][ T28] audit: type=1400 audit(1775654177.547:70): avc: denied { mounton } for pid=3297 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.876208][ T28] audit: type=1400 audit(1775654177.577:71): avc: denied { mount } for pid=3297 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.877042][ T3297] cgroup: Unknown subsys name 'net' [ 22.904777][ T28] audit: type=1400 audit(1775654177.607:72): avc: denied { unmount } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.002591][ T3297] cgroup: Unknown subsys name 'cpuset' [ 23.008824][ T3297] cgroup: Unknown subsys name 'rlimit' [ 23.128207][ T28] audit: type=1400 audit(1775654177.827:73): avc: denied { setattr } for pid=3297 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.160343][ T28] audit: type=1400 audit(1775654177.827:74): avc: denied { create } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.180977][ T28] audit: type=1400 audit(1775654177.827:75): avc: denied { write } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.201777][ T28] audit: type=1400 audit(1775654177.827:76): avc: denied { read } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.222408][ T28] audit: type=1400 audit(1775654177.827:77): avc: denied { mounton } for pid=3297 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.229411][ T3300] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 23.247613][ T28] audit: type=1400 audit(1775654177.827:78): avc: denied { mount } for pid=3297 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 23.279975][ T28] audit: type=1400 audit(1775654177.857:79): avc: denied { read } for pid=3038 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 23.312088][ T3297] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.394334][ T3310] chnl_net:caif_netlink_parms(): no params data found [ 24.434822][ T3314] chnl_net:caif_netlink_parms(): no params data found [ 24.461473][ T3309] chnl_net:caif_netlink_parms(): no params data found [ 24.531542][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.539178][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.546541][ T3310] bridge_slave_0: entered allmulticast mode [ 24.553299][ T3310] bridge_slave_0: entered promiscuous mode [ 24.564718][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.571899][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.579034][ T3314] bridge_slave_0: entered allmulticast mode [ 24.585713][ T3314] bridge_slave_0: entered promiscuous mode [ 24.597019][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.604419][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.611740][ T3310] bridge_slave_1: entered allmulticast mode [ 24.618786][ T3310] bridge_slave_1: entered promiscuous mode [ 24.633768][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.641022][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.648726][ T3314] bridge_slave_1: entered allmulticast mode [ 24.656296][ T3314] bridge_slave_1: entered promiscuous mode [ 24.680447][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 24.690881][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.703250][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.717726][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.730938][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.742145][ T3309] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.749618][ T3309] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.757312][ T3309] bridge_slave_0: entered allmulticast mode [ 24.763881][ T3309] bridge_slave_0: entered promiscuous mode [ 24.774937][ T3309] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.782060][ T3309] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.789534][ T3309] bridge_slave_1: entered allmulticast mode [ 24.796219][ T3309] bridge_slave_1: entered promiscuous mode [ 24.815381][ T3313] chnl_net:caif_netlink_parms(): no params data found [ 24.838624][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.858115][ T3310] team0: Port device team_slave_0 added [ 24.864481][ T3314] team0: Port device team_slave_0 added [ 24.871126][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.891609][ T3310] team0: Port device team_slave_1 added [ 24.898483][ T3314] team0: Port device team_slave_1 added [ 24.924690][ T3309] team0: Port device team_slave_0 added [ 24.943293][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.950410][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 24.977168][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.988980][ T3309] team0: Port device team_slave_1 added [ 25.003290][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.010382][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 25.036374][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.051625][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.058698][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 25.085405][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.096779][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.103889][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 25.130226][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.160290][ T3313] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.167862][ T3313] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.175319][ T3313] bridge_slave_0: entered allmulticast mode [ 25.181642][ T3313] bridge_slave_0: entered promiscuous mode [ 25.188447][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.195771][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 25.223074][ T3309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.234551][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.241665][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 25.268353][ T3309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.280574][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.287867][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.295312][ T3317] bridge_slave_0: entered allmulticast mode [ 25.301915][ T3317] bridge_slave_0: entered promiscuous mode [ 25.309171][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.316746][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.324202][ T3317] bridge_slave_1: entered allmulticast mode [ 25.330716][ T3317] bridge_slave_1: entered promiscuous mode [ 25.337464][ T3313] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.344780][ T3313] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.352307][ T3313] bridge_slave_1: entered allmulticast mode [ 25.358776][ T3313] bridge_slave_1: entered promiscuous mode [ 25.387718][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 25.402601][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 25.430993][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 25.461247][ T3309] hsr_slave_0: entered promiscuous mode [ 25.467547][ T3309] hsr_slave_1: entered promiscuous mode [ 25.478484][ T3314] hsr_slave_0: entered promiscuous mode [ 25.484644][ T3314] hsr_slave_1: entered promiscuous mode [ 25.490531][ T3314] debugfs: 'hsr0' already exists in 'hsr' [ 25.496629][ T3314] Cannot create hsr debugfs directory [ 25.503511][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 25.519314][ T3310] hsr_slave_0: entered promiscuous mode [ 25.525693][ T3310] hsr_slave_1: entered promiscuous mode [ 25.531819][ T3310] debugfs: 'hsr0' already exists in 'hsr' [ 25.537718][ T3310] Cannot create hsr debugfs directory [ 25.544358][ T3313] team0: Port device team_slave_0 added [ 25.565544][ T3313] team0: Port device team_slave_1 added [ 25.580400][ T3317] team0: Port device team_slave_0 added [ 25.587103][ T3317] team0: Port device team_slave_1 added [ 25.622405][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.629361][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 25.655862][ T3313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.669055][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.676513][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 25.703660][ T3313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.721492][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 25.728797][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 25.755743][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 25.775969][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 25.783191][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 25.809977][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 25.870932][ T3317] hsr_slave_0: entered promiscuous mode [ 25.877297][ T3317] hsr_slave_1: entered promiscuous mode [ 25.883409][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 25.889227][ T3317] Cannot create hsr debugfs directory [ 25.919464][ T3313] hsr_slave_0: entered promiscuous mode [ 25.925709][ T3313] hsr_slave_1: entered promiscuous mode [ 25.931628][ T3313] debugfs: 'hsr0' already exists in 'hsr' [ 25.937473][ T3313] Cannot create hsr debugfs directory [ 26.003553][ T3309] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 26.014899][ T3309] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 26.024620][ T3309] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 26.043617][ T3309] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 26.098207][ T3310] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 26.107518][ T3310] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 26.116363][ T3310] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 26.128641][ T3310] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 26.157467][ T3314] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 26.167819][ T3314] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 26.177830][ T3314] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 26.188318][ T3314] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 26.233761][ T3313] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 26.242750][ T3313] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 26.253722][ T3313] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 26.262685][ T3313] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 26.286211][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.307747][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 26.317241][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 26.326844][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 26.341048][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 26.364189][ T3309] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.376025][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.386770][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.393937][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.403148][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.410359][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.429893][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.442943][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.455214][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.463123][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.479841][ T3314] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.494971][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.502055][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.518414][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.525862][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.543395][ T400] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.550578][ T400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.574776][ T3310] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 26.585390][ T3310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 26.630790][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.640416][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 26.672886][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.690827][ T30] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.698272][ T30] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.708287][ T30] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.715482][ T30] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.725335][ T3313] 8021q: adding VLAN 0 to HW filter on device team0 [ 26.745795][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.753134][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.765040][ T3309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.777874][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.785341][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.802030][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.834505][ T3317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 26.873925][ T3313] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 26.894157][ T3313] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 26.906899][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 26.978794][ T3310] veth0_vlan: entered promiscuous mode [ 26.998146][ T3309] veth0_vlan: entered promiscuous mode [ 27.012812][ T3309] veth1_vlan: entered promiscuous mode [ 27.022721][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 27.030792][ T3310] veth1_vlan: entered promiscuous mode [ 27.043865][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 27.061507][ T3310] veth0_macvtap: entered promiscuous mode [ 27.091842][ T3310] veth1_macvtap: entered promiscuous mode [ 27.099011][ T3309] veth0_macvtap: entered promiscuous mode [ 27.124188][ T3309] veth1_macvtap: entered promiscuous mode [ 27.158771][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 27.171324][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 27.186067][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 27.195948][ T40] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.212291][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 27.221174][ T40] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.230560][ T40] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.253033][ T3313] veth0_vlan: entered promiscuous mode [ 27.261308][ T3314] veth0_vlan: entered promiscuous mode [ 27.269093][ T40] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.279288][ T40] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.293370][ T3313] veth1_vlan: entered promiscuous mode [ 27.306487][ T40] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.322217][ T3314] veth1_vlan: entered promiscuous mode [ 27.335015][ T3310] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 27.344771][ T40] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.359399][ T40] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.396247][ T3317] veth0_vlan: entered promiscuous mode [ 27.409278][ T3313] veth0_macvtap: entered promiscuous mode [ 27.418961][ T3314] veth0_macvtap: entered promiscuous mode [ 27.430224][ T3317] veth1_vlan: entered promiscuous mode [ 27.443927][ T3313] veth1_macvtap: entered promiscuous mode [ 27.456532][ T3314] veth1_macvtap: entered promiscuous mode [ 27.468396][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 27.483181][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 27.505251][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 27.514876][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 27.526983][ T2644] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.542467][ T2644] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.556876][ T2644] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.587048][ T2644] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.603818][ T2644] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.614440][ T3317] veth0_macvtap: entered promiscuous mode [ 27.626912][ T3489] geneve2: entered promiscuous mode [ 27.634595][ T2644] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.648679][ T2644] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.665499][ T3317] veth1_macvtap: entered promiscuous mode [ 27.679770][ T2644] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.701095][ T2644] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 27.710726][ T3497] loop1: detected capacity change from 0 to 512 [ 27.718375][ T3497] EXT4-fs: Ignoring removed nobh option [ 27.730083][ T2644] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 27.768412][ T3497] ------------[ cut here ]------------ [ 27.772476][ T2644] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 27.774043][ T3497] EA inode 11 i_nlink=1026 [ 27.783108][ T3497] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x313/0x350, CPU#1: syz.1.13/3497 [ 27.784442][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 27.787564][ T3497] Modules linked in: [ 27.803290][ T2644] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 27.806197][ T3497] CPU: 1 UID: 0 PID: 3497 Comm: syz.1.13 Not tainted syzkaller #0 PREEMPT(full) [ 27.819125][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 27.819348][ T3497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 27.833883][ T40] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.835929][ T3497] RIP: 0010:ext4_xattr_inode_update_ref+0x332/0x350 [ 27.862078][ T3497] Code: 54 33 99 ff 4c 8d 2d 9d a5 5d 05 49 8d 7e 40 e8 94 cc b5 ff 49 8b 6e 40 4c 89 e7 e8 c8 c7 b5 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 02 ff ff ff e8 1f e8 dd 03 66 66 66 66 66 66 2e [ 27.882524][ T3497] RSP: 0018:ffffc900016e75a8 EFLAGS: 00010246 [ 27.888706][ T3497] RAX: ffff888105674dc8 RBX: ffff8881083e9be8 RCX: ffffffff81c02778 [ 27.897291][ T3497] RDX: 0000000000000402 RSI: 000000000000000b RDI: ffffffff871dcd00 [ 27.905436][ T3497] RBP: 000000000000000b R08: 00018881083e9b9b R09: 0000000000000000 [ 27.913572][ T3497] R10: ffffc900016e74d8 R11: 0001c900016e74d8 R12: ffff8881083e9b98 [ 27.921700][ T3497] R13: ffffffff871dcd00 R14: ffff8881083e9b50 R15: 0000000000000001 [ 27.929981][ T3497] FS: 00007fe039d1f6c0(0000) GS:ffff8882ae9d7000(0000) knlGS:0000000000000000 [ 27.939014][ T3497] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.945810][ T3497] CR2: 0000001b33624000 CR3: 000000011affc000 CR4: 00000000003506f0 [ 27.954002][ T3497] Call Trace: [ 27.957487][ T3497] [ 27.960697][ T3497] ext4_xattr_set_entry+0x77c/0x1010 [ 27.966219][ T3497] ext4_xattr_ibody_set+0x184/0x3c0 [ 27.971481][ T3497] ext4_expand_extra_isize_ea+0xd7b/0x11a0 [ 27.977459][ T3497] __ext4_expand_extra_isize+0x246/0x280 [ 27.983223][ T3497] __ext4_mark_inode_dirty+0x29b/0x400 [ 27.988685][ T3497] ext4_evict_inode+0x865/0xe40 [ 27.993617][ T3497] ? __pfx_ext4_evict_inode+0x10/0x10 [ 27.999005][ T3497] evict+0x2af/0x510 [ 28.002929][ T3497] ? __dquot_initialize+0x146/0x7c0 [ 28.008155][ T3497] iput+0x41a/0x580 [ 28.012117][ T3497] ext4_process_orphan+0x1a9/0x1c0 [ 28.017280][ T3497] ext4_orphan_cleanup+0x6a8/0xa00 [ 28.022421][ T3497] ext4_fill_super+0x3414/0x37c0 [ 28.027451][ T3497] ? set_blocksize+0x14c/0x270 [ 28.032364][ T3497] ? setup_bdev_super+0x30e/0x370 [ 28.037525][ T3497] ? __pfx_ext4_fill_super+0x10/0x10 [ 28.042980][ T3497] get_tree_bdev_flags+0x291/0x300 [ 28.048094][ T3497] ? __pfx_ext4_fill_super+0x10/0x10 [ 28.053481][ T3497] get_tree_bdev+0x1f/0x30 [ 28.057906][ T3497] ext4_get_tree+0x1c/0x30 [ 28.062427][ T3497] vfs_get_tree+0x57/0x1d0 [ 28.066963][ T3497] do_new_mount+0x288/0x8d0 [ 28.071466][ T3497] path_mount+0x4d0/0xbc0 [ 28.075818][ T3497] __se_sys_mount+0x28c/0x2e0 [ 28.080528][ T3497] __x64_sys_mount+0x67/0x80 [ 28.085470][ T3497] x64_sys_call+0x2d61/0x3020 [ 28.090338][ T3497] do_syscall_64+0x12c/0x370 [ 28.095048][ T3497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 28.101033][ T3497] RIP: 0033:0x7fe03b2cda8a [ 28.105631][ T3497] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 28.125670][ T3497] RSP: 002b:00007fe039d1ee58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 28.134378][ T3497] RAX: ffffffffffffffda RBX: 00007fe039d1eee0 RCX: 00007fe03b2cda8a [ 28.142452][ T3497] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007fe039d1eea0 [ 28.150606][ T3497] RBP: 0000200000000180 R08: 00007fe039d1eee0 R09: 0000000000800718 [ 28.159390][ T3497] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 28.167651][ T3497] R13: 00007fe039d1eea0 R14: 00000000000004a3 R15: 0000200000000540 [ 28.175760][ T3497] [ 28.178962][ T3497] ---[ end trace 0000000000000000 ]--- [ 28.187909][ T3497] EXT4-fs (loop1): 1 orphan inode deleted [ 28.188003][ T40] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.194523][ T3497] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 28.203679][ T3505] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3'. [ 28.224499][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 28.224511][ T28] audit: type=1400 audit(1775654182.927:104): avc: denied { mount } for pid=3495 comm="syz.1.13" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 28.242348][ T3505] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3'. [ 28.264122][ T3497] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 28.271182][ T3505] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3'. [ 28.297532][ T28] audit: type=1400 audit(1775654182.987:105): avc: denied { map_create } for pid=3506 comm="syz.3.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 28.338268][ T28] audit: type=1400 audit(1775654182.987:106): avc: denied { map_read map_write } for pid=3506 comm="syz.3.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 28.365311][ T3510] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16'. [ 28.378244][ T40] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.386534][ T28] audit: type=1400 audit(1775654182.987:107): avc: denied { prog_load } for pid=3506 comm="syz.3.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 28.411701][ T40] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.435546][ T28] audit: type=1400 audit(1775654182.987:108): avc: denied { bpf } for pid=3506 comm="syz.3.15" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 28.504927][ T28] audit: type=1400 audit(1775654182.987:109): avc: denied { perfmon } for pid=3506 comm="syz.3.15" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 28.579415][ T28] audit: type=1400 audit(1775654182.987:110): avc: denied { prog_run } for pid=3506 comm="syz.3.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 28.640398][ T28] audit: type=1400 audit(1775654183.177:111): avc: denied { create } for pid=3513 comm="syz.2.18" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 28.681774][ C0] hrtimer: interrupt took 29022 ns [ 28.720047][ T28] audit: type=1400 audit(1775654183.177:112): avc: denied { write } for pid=3513 comm="syz.2.18" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 28.761575][ T28] audit: type=1400 audit(1775654183.237:113): avc: denied { create } for pid=3519 comm="syz.1.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 28.855431][ T3558] netlink: 12 bytes leftover after parsing attributes in process `syz.0.38'. [ 29.003731][ T3582] netlink: 'syz.0.48': attribute type 46 has an invalid length. [ 29.011487][ T3582] netlink: 55 bytes leftover after parsing attributes in process `syz.0.48'. [ 29.193196][ T3612] xt_TCPMSS: Only works on TCP SYN packets [ 29.218755][ T3615] netlink: 'syz.0.66': attribute type 21 has an invalid length. [ 29.251499][ T3615] netlink: 156 bytes leftover after parsing attributes in process `syz.0.66'. [ 29.385195][ T3640] netlink: 12 bytes leftover after parsing attributes in process `syz.2.78'. [ 29.522977][ T3661] No such timeout policy "syz1" [ 29.614660][ T3675] loop2: detected capacity change from 0 to 2048 [ 29.617173][ T3676] netlink: 'syz.3.91': attribute type 6 has an invalid length. [ 29.674632][ T3675] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 29.704158][ T3687] xt_CT: You must specify a L4 protocol and not use inversions on it [ 29.750836][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 29.824936][ T3701] netlink: 12 bytes leftover after parsing attributes in process `syz.1.105'. [ 29.879962][ T3707] netlink: 72 bytes leftover after parsing attributes in process `syz.2.108'. [ 29.967486][ T3718] bridge1: entered promiscuous mode [ 29.985877][ T3718] bridge1: entered allmulticast mode [ 30.118959][ T3738] bond1: option resend_igmp: invalid value (18446744073709508766) [ 30.127244][ T3738] bond1: option resend_igmp: allowed values 0 - 255 [ 30.135291][ T3749] netlink: 'syz.3.128': attribute type 1 has an invalid length. [ 30.136329][ T3738] bond1 (unregistering): Released all slaves [ 30.149817][ T3749] netlink: 'syz.3.128': attribute type 2 has an invalid length. [ 30.325736][ T3778] x_tables: unsorted underflow at hook 3 [ 30.536001][ T3813] netlink: 'syz.2.158': attribute type 12 has an invalid length. [ 30.557410][ T3814] netlink: 'syz.1.157': attribute type 21 has an invalid length. [ 31.026731][ T3895] xt_l2tp: v2 doesn't support IP mode [ 31.640756][ T3984] SET target dimension over the limit! [ 31.889738][ T4012] bond1 (unregistering): Released all slaves [ 32.098190][ T4034] netlink: 'syz.3.260': attribute type 21 has an invalid length. [ 32.133136][ T4034] IPv6: NLM_F_CREATE should be specified when creating new route [ 32.267696][ T4066] veth0_to_hsr: entered allmulticast mode [ 32.309537][ T4071] Zero length message leads to an empty skb [ 32.342516][ T4075] netlink: 'syz.0.281': attribute type 15 has an invalid length. [ 32.351290][ T4076] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 32.375763][ T4075] netlink: 'syz.0.281': attribute type 7 has an invalid length. [ 32.545098][ T4107] capability: warning: `syz.0.296' uses 32-bit capabilities (legacy support in use) [ 32.614059][ T4118] loop0: detected capacity change from 0 to 512 [ 32.663737][ T4118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.705652][ T4118] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.799519][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.883316][ T4138] bond1: option mode: invalid value (9) [ 32.918970][ T4138] bond1 (unregistering): Released all slaves [ 33.473804][ T4143] __nla_validate_parse: 11 callbacks suppressed [ 33.473821][ T4143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.312'. [ 33.582388][ T4155] netlink: 666 bytes leftover after parsing attributes in process `syz.2.317'. [ 33.634473][ T28] kauditd_printk_skb: 94 callbacks suppressed [ 33.634487][ T28] audit: type=1400 audit(1775654188.337:208): avc: denied { setcheckreqprot } for pid=4160 comm="syz.2.322" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 33.713859][ T4170] loop2: detected capacity change from 0 to 1024 [ 33.737658][ T4170] EXT4-fs: Ignoring removed mblk_io_submit option [ 33.766735][ T4170] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 33.798038][ T4170] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.854657][ T4170] EXT4-fs error (device loop2): __ext4_iget:5393: inode #12: block 13: comm syz.2.326: invalid block [ 33.904639][ T4170] EXT4-fs (loop2): Remounting filesystem read-only [ 33.938020][ T4192] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 33.982113][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.046412][ T4201] netlink: 28 bytes leftover after parsing attributes in process `syz.2.337'. [ 34.074149][ T4201] netlink: 28 bytes leftover after parsing attributes in process `syz.2.337'. [ 34.077722][ T4128] kexec: Could not allocate control_code_buffer [ 34.098701][ T28] audit: type=1400 audit(1775654188.787:209): avc: denied { ioctl } for pid=4204 comm="syz.1.341" path="/dev/sg0" dev="devtmpfs" ino=137 ioctlcmd=0x227e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 34.114860][ T4207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.342'. [ 34.148751][ T28] audit: type=1400 audit(1775654188.847:210): avc: denied { validate_trans } for pid=4208 comm="syz.2.343" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 34.278962][ T4224] netlink: 44 bytes leftover after parsing attributes in process `syz.2.350'. [ 34.292470][ T4228] loop3: detected capacity change from 0 to 764 [ 34.310584][ T4224] netlink: 'syz.2.350': attribute type 3 has an invalid length. [ 34.342257][ T28] audit: type=1400 audit(1775654189.037:211): avc: denied { mount } for pid=4223 comm="syz.3.351" name="/" dev="loop3" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 34.365740][ T4235] netlink: 44 bytes leftover after parsing attributes in process `syz.4.356'. [ 34.386461][ T4235] netlink: 44 bytes leftover after parsing attributes in process `syz.4.356'. [ 34.395389][ T28] audit: type=1400 audit(1775654189.087:212): avc: denied { unmount } for pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 34.485670][ T28] audit: type=1326 audit(1775654189.127:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4237 comm="syz.0.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502737c819 code=0x7ffc0000 [ 34.500435][ T4253] ip6erspan0: entered allmulticast mode [ 34.555810][ T28] audit: type=1326 audit(1775654189.127:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4237 comm="syz.0.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f502737c819 code=0x7ffc0000 [ 34.631860][ T28] audit: type=1326 audit(1775654189.127:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4237 comm="syz.0.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502737c819 code=0x7ffc0000 [ 34.694694][ T4279] loop3: detected capacity change from 0 to 512 [ 34.710496][ T28] audit: type=1326 audit(1775654189.127:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4237 comm="syz.0.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502737c819 code=0x7ffc0000 [ 34.769488][ T28] audit: type=1400 audit(1775654189.237:217): avc: denied { setopt } for pid=4257 comm="syz.2.366" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 34.771945][ T4279] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.821918][ T4279] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.916889][ T4279] EXT4-fs error (device loop3): ext4_do_update_inode:5602: inode #2: comm syz.3.378: corrupted inode contents [ 34.987107][ T4279] EXT4-fs error (device loop3): ext4_dirty_inode:6495: inode #2: comm syz.3.378: mark_inode_dirty error [ 35.003360][ T4279] EXT4-fs error (device loop3): ext4_do_update_inode:5602: inode #2: comm syz.3.378: corrupted inode contents [ 35.019893][ T4322] netlink: 'syz.0.399': attribute type 21 has an invalid length. [ 35.034495][ T4279] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #2: comm syz.3.378: mark_inode_dirty error [ 35.036713][ T4322] netlink: 8 bytes leftover after parsing attributes in process `syz.0.399'. [ 35.094204][ T4329] netlink: 16 bytes leftover after parsing attributes in process `syz.4.402'. [ 35.122345][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.215810][ T4343] loop2: detected capacity change from 0 to 2048 [ 35.263902][ T4343] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.276458][ T4343] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.292749][ T4343] EXT4-fs error (device loop2): ext4_find_dest_de:2050: inode #2: block 16: comm syz.2.409: bad entry in directory: directory entry overrun - offset=108, inode=646161, rec_len=4096, size=4096 fake=0 [ 35.335453][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.354942][ T4368] random: crng reseeded on system resumption [ 35.569831][ T4402] netlink: 'syz.3.435': attribute type 21 has an invalid length. [ 35.599436][ T4411] loop2: detected capacity change from 0 to 512 [ 35.654954][ T4411] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 35.697884][ T4411] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #13: comm syz.2.438: inode has both inline data and extents flags [ 35.724879][ T4411] loop2: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 35.725142][ T4411] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.438: couldn't read orphan inode 13 (err -117) [ 35.734482][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 35.734513][ C0] EXT4-fs (loop2): initial error at time 1775654190: ext4_orphan_get:1397: inode 13 [ 35.734547][ C0] EXT4-fs (loop2): last error at time 1775654190: ext4_orphan_get:1397: inode 13 [ 35.830857][ T4411] loop2: lost filesystem error report for type 5 error -117 [ 35.831813][ T4411] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.851849][ T4442] loop3: detected capacity change from 0 to 2048 [ 35.915113][ T3291] Alternate GPT is invalid, using primary GPT. [ 35.921682][ T3291] loop3: p2 p3 p7 [ 35.929011][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.956566][ T4442] Alternate GPT is invalid, using primary GPT. [ 35.963131][ T4442] loop3: p2 p3 p7 [ 36.046427][ T3291] udevd[3291]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 36.056966][ T3303] udevd[3303]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 36.067429][ T4468] udevd[4468]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 36.090591][ T4479] openvswitch: netlink: Message has 4 unknown bytes. [ 36.397507][ T4526] capability: warning: `syz.4.494' uses deprecated v2 capabilities in a way that may be insecure [ 36.711093][ T4575] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 36.770311][ T4586] loop4: detected capacity change from 0 to 512 [ 36.776853][ T4588] x_tables: unsorted underflow at hook 3 [ 36.789816][ T4586] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 36.852007][ T4586] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.852068][ T4586] ext4 filesystem being mounted at /109/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 36.889470][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.953723][ T4609] loop1: detected capacity change from 0 to 512 [ 36.986521][ T4609] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.002179][ T4613] loop3: detected capacity change from 0 to 512 [ 37.023528][ T4609] ext4 filesystem being mounted at /137/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 37.041410][ T4613] EXT4-fs (loop3): orphan cleanup on readonly fs [ 37.081644][ T4613] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.537: invalid indirect mapped block 256 (level 2) [ 37.113228][ T4613] loop3: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 37.113867][ T4613] EXT4-fs (loop3): 2 truncates cleaned up [ 37.123427][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 37.123446][ C0] EXT4-fs (loop3): initial error at time 1775654191: ext4_free_branches:1023: inode 11 [ 37.123474][ C0] EXT4-fs (loop3): last error at time 1775654191: ext4_free_branches:1023: inode 11 [ 37.156705][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.167983][ T4613] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 37.230904][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.438765][ T4667] xt_CONNSECMARK: invalid mode: 0 [ 37.522476][ T4680] SET target dimension over the limit! [ 37.967905][ T4765] netlink: 'syz.2.609': attribute type 9 has an invalid length. [ 38.086425][ T4782] bond1 (unregistering): Released all slaves [ 38.506708][ T4853] __nla_validate_parse: 15 callbacks suppressed [ 38.506722][ T4853] netlink: 44 bytes leftover after parsing attributes in process `syz.2.650'. [ 38.556274][ T4861] loop0: detected capacity change from 0 to 1764 [ 38.577132][ T4853] netlink: 44 bytes leftover after parsing attributes in process `syz.2.650'. [ 38.594515][ T4865] team0: entered allmulticast mode [ 38.599880][ T4865] team_slave_0: entered allmulticast mode [ 38.627366][ T4865] team_slave_1: entered allmulticast mode [ 38.671415][ T4878] netlink: 'syz.4.662': attribute type 2 has an invalid length. [ 38.790016][ T4897] loop4: detected capacity change from 0 to 1024 [ 38.809638][ T28] kauditd_printk_skb: 625 callbacks suppressed [ 38.809652][ T28] audit: type=1400 audit(1775654193.507:843): avc: denied { write } for pid=4899 comm="syz.1.683" name="ptype" dev="proc" ino=4026532576 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 38.839570][ T4897] EXT4-fs: Ignoring removed mblk_io_submit option [ 38.862159][ T4897] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 38.898963][ T4897] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.931154][ T4897] EXT4-fs error (device loop4): __ext4_iget:5393: inode #12: block 13: comm syz.4.672: invalid block [ 38.952492][ T4897] EXT4-fs (loop4): Remounting filesystem read-only [ 39.013242][ T4923] netlink: 16 bytes leftover after parsing attributes in process `syz.2.682'. [ 39.024717][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.113140][ T4925] Driver unsupported XDP return value 0 on prog (id 22) dev N/A, expect packet loss! [ 39.215494][ T4938] xt_hashlimit: max too large, truncated to 1048576 [ 39.364057][ T4948] loop2: detected capacity change from 0 to 512 [ 39.402736][ T4948] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.427886][ T4948] ext4 filesystem being mounted at /125/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.562145][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.600856][ T4962] x_tables: unsorted entry at hook 1 [ 39.630692][ T4964] netlink: 52 bytes leftover after parsing attributes in process `syz.2.698'. [ 39.688924][ T4966] loop1: detected capacity change from 0 to 8192 [ 39.689808][ T4970] netlink: 'syz.4.705': attribute type 15 has an invalid length. [ 39.707349][ T4966] ======================================================= [ 39.707349][ T4966] WARNING: The mand mount option has been deprecated and [ 39.707349][ T4966] and is ignored by this kernel. Remove the mand [ 39.707349][ T4966] option from the mount to silence this warning. [ 39.707349][ T4966] ======================================================= [ 39.755013][ T4970] netlink: 'syz.4.705': attribute type 7 has an invalid length. [ 39.804401][ T4976] loop3: detected capacity change from 0 to 512 [ 39.823092][ T28] audit: type=1400 audit(1775654194.527:844): avc: denied { mount } for pid=4965 comm="syz.1.703" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 39.874088][ T4976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.901328][ T4976] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.915341][ T28] audit: type=1400 audit(1775654194.557:845): avc: denied { unmount } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 39.936266][ T28] audit: type=1400 audit(1775654194.647:846): avc: denied { read write } for pid=4989 comm="syz.1.712" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 39.961243][ T28] audit: type=1400 audit(1775654194.647:847): avc: denied { open } for pid=4989 comm="syz.1.712" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 39.995920][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.040270][ T4998] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 40.050834][ T5000] loop1: detected capacity change from 0 to 512 [ 40.065369][ T5002] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 40.082404][ T5000] EXT4-fs: Ignoring removed nomblk_io_submit option [ 40.098470][ T5004] random: crng reseeded on system resumption [ 40.133784][ T5000] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.202132][ T5000] ext4 filesystem being mounted at /168/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 40.266748][ T5000] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0 [ 40.296644][ T5021] netlink: 48 bytes leftover after parsing attributes in process `syz.0.727'. [ 40.311303][ T5000] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 40.331882][ T5000] EXT4-fs error (device loop1): ext4_acquire_dquot:7026: comm syz.1.720: Failed to acquire dquot type 1 [ 40.344271][ T5023] loop4: detected capacity change from 0 to 512 [ 40.405827][ T5027] bridge1: entered allmulticast mode [ 40.430849][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.432048][ T5031] xt_TCPMSS: Only works on TCP SYN packets [ 40.511127][ T5034] loop0: detected capacity change from 0 to 512 [ 40.530593][ T5037] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 40.532911][ T5034] EXT4-fs: Ignoring removed nobh option [ 40.563278][ T5040] IPv6: Can't replace route, no match found [ 40.584110][ T5034] EXT4-fs (loop0): 1 orphan inode deleted [ 40.613863][ T5034] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.690437][ T5034] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.691656][ T5054] loop3: detected capacity change from 0 to 1024 [ 40.729688][ T5054] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 40.740271][ T5054] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 40.761024][ T5054] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 40.799907][ T5062] netlink: 'syz.0.746': attribute type 12 has an invalid length. [ 40.808621][ T5054] EXT4-fs (loop3): orphan cleanup on readonly fs [ 40.818200][ T5054] EXT4-fs error (device loop3): ext4_read_inode_bitmap:167: comm syz.3.744: Inode bitmap for bg 0 marked uninitialized [ 40.834403][ T5054] loop3: lost filesystem error report for type 5 error -117 [ 40.841423][ T5054] EXT4-fs (loop3): Remounting filesystem read-only [ 40.845602][ T5065] netlink: 48 bytes leftover after parsing attributes in process `syz.4.745'. [ 40.848795][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 40.870984][ C0] EXT4-fs (loop3): initial error at time 1775654195: ext4_read_inode_bitmap:167 [ 40.880330][ C0] EXT4-fs (loop3): last error at time 1775654195: ext4_read_inode_bitmap:167 [ 40.880903][ T5054] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 40.913995][ T5071] netlink: 'syz.2.750': attribute type 28 has an invalid length. [ 40.935090][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.056743][ T5082] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 41.135844][ T5102] netlink: 'syz.0.766': attribute type 9 has an invalid length. [ 41.147714][ T5100] netlink: 16 bytes leftover after parsing attributes in process `syz.3.767'. [ 41.253557][ T5115] bond1 (unregistering): Released all slaves [ 41.371855][ T28] audit: type=1400 audit(1775654196.067:848): avc: denied { wake_alarm } for pid=5129 comm="syz.0.779" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 41.400996][ T5134] netlink: 8 bytes leftover after parsing attributes in process `syz.4.781'. [ 41.445978][ T28] audit: type=1400 audit(1775654196.077:849): avc: denied { write } for pid=5127 comm="syz.3.780" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 41.505557][ T28] audit: type=1400 audit(1775654196.207:850): avc: denied { audit_control } for pid=5147 comm="syz.0.791" capability=30 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 41.719181][ T5163] bond1: option resend_igmp: invalid value (18446744073709508766) [ 41.741932][ T5163] bond1: option resend_igmp: allowed values 0 - 255 [ 41.753483][ T5163] bond1 (unregistering): Released all slaves [ 41.795797][ T5183] netlink: 'syz.1.807': attribute type 13 has an invalid length. [ 41.973477][ T5212] IPv6: Can't replace route, no match found [ 42.022189][ T5222] xt_hashlimit: size too large, truncated to 1048576 [ 42.026153][ T5223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.074521][ T5229] loop0: detected capacity change from 0 to 512 [ 42.107503][ T5235] netlink: 24 bytes leftover after parsing attributes in process `syz.4.833'. [ 42.185522][ T5247] IPv6: Can't replace route, no match found [ 42.251253][ T5258] loop3: detected capacity change from 0 to 512 [ 42.260764][ T5258] EXT4-fs: Ignoring removed nomblk_io_submit option [ 42.285876][ T5258] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.299675][ T5258] ext4 filesystem being mounted at /184/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 42.335727][ T5258] EXT4-fs error (device loop3): ext4_acquire_dquot:7026: comm syz.3.844: Failed to acquire dquot type 1 [ 42.372327][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.396484][ T5269] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.398092][ T5273] xt_l2tp: v2 sid > 0xffff: 4294967292 [ 42.419539][ T5269] ext4 filesystem being mounted at /145/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.462037][ T5269] EXT4-fs error (device loop0): ext4_find_dest_de:2050: inode #2: block 16: comm syz.0.847: bad entry in directory: directory entry overrun - offset=108, inode=646161, rec_len=4096, size=4096 fake=0 [ 42.480291][ T5285] IPv6: Can't replace route, no match found [ 42.500908][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.734221][ T5314] netlink: 8 bytes leftover after parsing attributes in process `syz.2.869'. [ 42.779049][ T5316] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.779114][ T5316] ext4 filesystem being mounted at /192/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.781481][ T5316] EXT4-fs error (device loop3): ext4_find_dest_de:2050: inode #2: block 16: comm syz.3.868: bad entry in directory: directory entry overrun - offset=108, inode=646161, rec_len=4096, size=4096 fake=0 [ 42.818804][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.870321][ T5328] netlink: 'syz.2.875': attribute type 21 has an invalid length. [ 42.899930][ T5328] netlink: 'syz.2.875': attribute type 5 has an invalid length. [ 43.211940][ T5390] netlink: 'syz.4.906': attribute type 63 has an invalid length. [ 43.219813][ T5390] lo: entered promiscuous mode [ 43.243396][ T5390] lo: entered allmulticast mode [ 43.318201][ T5402] bond2 (unregistering): Released all slaves [ 43.535149][ T5440] __nla_validate_parse: 4 callbacks suppressed [ 43.535165][ T5440] netlink: 24 bytes leftover after parsing attributes in process `syz.3.928'. [ 43.578550][ T5440] netlink: 24 bytes leftover after parsing attributes in process `syz.3.928'. [ 43.678794][ T5463] bridge_slave_1: left allmulticast mode [ 43.694782][ T5468] netlink: 1 bytes leftover after parsing attributes in process `syz.0.944'. [ 43.709504][ T5463] bridge_slave_1: left promiscuous mode [ 43.718155][ T5463] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.745389][ T5463] bridge_slave_0: left promiscuous mode [ 43.756988][ T5475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.947'. [ 43.767139][ T5463] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.777146][ T5477] netlink: 24 bytes leftover after parsing attributes in process `syz.3.948'. [ 43.787203][ T5475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.947'. [ 43.963539][ T5505] openvswitch: netlink: Key type 1542 is out of range max 32 [ 43.994700][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 43.994714][ T28] audit: type=1400 audit(1775654198.697:859): avc: denied { write } for pid=5511 comm="syz.2.966" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 44.157265][ T5535] ip6t_rpfilter: unknown options [ 44.209097][ T5540] netlink: 'syz.1.980': attribute type 21 has an invalid length. [ 44.236081][ T5540] IPv6: NLM_F_CREATE should be specified when creating new route [ 44.261277][ T5545] x_tables: arp_tables: NFQUEUE target: not valid for this family [ 44.301805][ T28] audit: type=1326 audit(1775654198.997:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.4.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d3185c819 code=0x7ffc0000 [ 44.366374][ T5559] netlink: 24 bytes leftover after parsing attributes in process `syz.4.988'. [ 44.371992][ T28] audit: type=1326 audit(1775654199.037:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.4.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d3185c819 code=0x7ffc0000 [ 44.445926][ T28] audit: type=1326 audit(1775654199.037:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.4.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d3185c819 code=0x7ffc0000 [ 44.505826][ T5578] netlink: 12 bytes leftover after parsing attributes in process `syz.3.996'. [ 44.509304][ T5577] set_capacity_and_notify: 3 callbacks suppressed [ 44.509322][ T5577] loop2: detected capacity change from 0 to 256 [ 44.532123][ T28] audit: type=1326 audit(1775654199.037:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.4.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f5d3185c819 code=0x7ffc0000 [ 44.577602][ T5587] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1001'. [ 44.592772][ T28] audit: type=1326 audit(1775654199.037:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.4.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d3185c819 code=0x7ffc0000 [ 44.680888][ T28] audit: type=1326 audit(1775654199.037:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.4.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d3185c819 code=0x7ffc0000 [ 44.705747][ T28] audit: type=1326 audit(1775654199.037:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.4.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d3185c819 code=0x7ffc0000 [ 44.746642][ T28] audit: type=1326 audit(1775654199.037:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.4.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f5d3185c819 code=0x7ffc0000 [ 44.777284][ T28] audit: type=1326 audit(1775654199.037:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5551 comm="syz.4.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f5d3185c819 code=0x7ffc0000 [ 44.792932][ T5612] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1015'. [ 45.142727][ T5662] netlink: 'syz.0.1039': attribute type 1 has an invalid length. [ 45.395470][ T2998] ================================================================== [ 45.403666][ T2998] BUG: KCSAN: data-race in d_make_discardable / lookup_fast [ 45.411224][ T2998] [ 45.413558][ T2998] write to 0xffff8881082b6780 of 4 bytes by task 3303 on cpu 1: [ 45.415848][ T5704] netlink: 'syz.0.1060': attribute type 21 has an invalid length. [ 45.421275][ T2998] d_make_discardable+0x4f/0xa0 [ 45.421306][ T2998] simple_unlink+0x68/0x80 [ 45.438625][ T2998] shmem_unlink+0x12d/0x140 [ 45.443294][ T2998] vfs_unlink+0x1c7/0x490 [ 45.447627][ T2998] filename_unlinkat+0x1e2/0x410 [ 45.452643][ T2998] __se_sys_unlink+0x2b/0xe0 [ 45.457582][ T2998] __x64_sys_unlink+0x1f/0x30 [ 45.462361][ T2998] x64_sys_call+0x2eb6/0x3020 [ 45.467565][ T2998] do_syscall_64+0x12c/0x370 [ 45.472147][ T2998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 45.478311][ T2998] [ 45.480647][ T2998] read to 0xffff8881082b6780 of 4 bytes by task 2998 on cpu 0: [ 45.489051][ T2998] lookup_fast+0xf0/0x320 [ 45.494030][ T2998] path_lookupat+0x15c/0x500 [ 45.498611][ T2998] filename_lookup+0x190/0x390 [ 45.503373][ T2998] do_readlinkat+0x74/0x2f0 [ 45.507958][ T2998] __x64_sys_readlink+0x47/0x60 [ 45.512889][ T2998] x64_sys_call+0x2b51/0x3020 [ 45.517557][ T2998] do_syscall_64+0x12c/0x370 [ 45.522137][ T2998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 45.528021][ T2998] [ 45.530342][ T2998] value changed: 0x08300080 -> 0x00004080 [ 45.536138][ T2998] [ 45.538446][ T2998] Reported by Kernel Concurrency Sanitizer on: [ 45.544582][ T2998] CPU: 0 UID: 0 PID: 2998 Comm: udevd Tainted: G W syzkaller #0 PREEMPT(full) [ 45.555348][ T2998] Tainted: [W]=WARN [ 45.559153][ T2998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 45.569316][ T2998] ==================================================================