last executing test programs: 1m12.660713631s ago: executing program 2 (id=786): unshare(0x26020480) r0 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="09000000040000000400000007"], 0x48) r2 = fsmount(r0, 0x1, 0x0) fchdir(r2) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', r1}, 0x18) 1m12.621831234s ago: executing program 2 (id=788): r0 = fsopen(&(0x7f0000000240)='sysfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x86) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000000)=""/31, 0x1f) getdents64(r2, 0xfffffffffffffffe, 0x29) 1m12.603556335s ago: executing program 2 (id=790): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) bind$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x5, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000100), 0x6) 1m12.558436657s ago: executing program 2 (id=793): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) move_mount(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x141) 1m12.52167717s ago: executing program 2 (id=796): perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x441e, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x9, 0x1}, 0x0, 0x10000, 0x53c, 0x1, 0x8, 0x2020005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xe, 0x3, 0x1, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=@newqdisc={0x170, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x140, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e0179832927deecf7465ea95bd97b018b7afaccdcb28bb42d677b73c44e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236749b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ff7944f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990604b9f12033688caa0b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d600"}, @TCA_GRED_PARMS={0x38, 0x1, {0x1ff, 0x1, 0x6, 0x3, 0x2, 0x0, 0xcb, 0xf, 0x5, 0xb, 0x1f, 0x1a, 0x8, 0xf, 0xf, 0x9}}]}}]}, 0x170}}, 0x24008004) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1m12.470235363s ago: executing program 2 (id=797): pipe2(&(0x7f0000000580)={0xffffffffffffffff}, 0x0) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1m12.470117512s ago: executing program 32 (id=797): pipe2(&(0x7f0000000580)={0xffffffffffffffff}, 0x0) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.19806545s ago: executing program 0 (id=2536): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd26, 0x8000007, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {}, {0x1, 0xfff3}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0xb, 0x1, 0x0, 0x0, {{0x7f, 0x1, 0x8001}, {0x8, 0x6a6, 0xfffb, 0x5, 0x3, 0x2}}}, @TCF_EM_CONTAINER={0x10, 0x2, 0x0, 0x0, {{0xffff, 0x0, 0x7540}, '\"'}}]}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x24008004}, 0x0) 1.043245948s ago: executing program 0 (id=2553): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x1, 0x1, r0}}, 0x40) r3 = socket(0x10, 0x3, 0x0) dup3(r3, r2, 0x0) 878.016368ms ago: executing program 0 (id=2548): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x40900, 0x0) r1 = syz_io_uring_setup(0x49a, &(0x7f0000000180)={0x0, 0x5ea3, 0x8, 0x8000, 0x80400251}, &(0x7f0000000080)=0x0, &(0x7f0000000400)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x2007, @fd=r0, 0x8006, &(0x7f0000000300)=""/210, 0xd2, 0x2, 0x1}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000d, 0x12, r4, 0x0) io_uring_enter(r1, 0x4be7, 0x4c3, 0x43, 0x0, 0x0) 762.884735ms ago: executing program 5 (id=2555): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) r2 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x2, 0xf4039, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_config_ext={0x1, 0xf60e}, 0x9092, 0x0, 0x43a1bd76, 0x2, 0x9, 0x6, 0x5, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x1) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000c3707bf4000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x48801}, 0x0) 712.192918ms ago: executing program 0 (id=2558): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000000000000850000007500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r2) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/net\x00') bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc) 646.305102ms ago: executing program 5 (id=2561): set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x654a, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 633.889343ms ago: executing program 0 (id=2562): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40)={0x8000203d}) 534.212939ms ago: executing program 0 (id=2565): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4, 0x2}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xfffffffffffffffe}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2002) setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100), 0x4) sendmsg$unix(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000090}, 0x0) 438.218074ms ago: executing program 3 (id=2570): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x64, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_fw={{0x7}, {0x38, 0x2, [@TCA_FW_ACT={0x34, 0x4, [@m_pedit={0x30, 0x1, 0x0, 0x0, {{0xa}, {0x4, 0x20}, {0x4}, {0x1f}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x800) 437.888194ms ago: executing program 4 (id=2571): setxattr$system_posix_acl(0x0, 0x0, &(0x7f00000001c0)={{}, {0x1, 0x5}, [], {0x4, 0x4}, [], {0x10, 0x2}}, 0x24, 0x2) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x353, 0x6, 0x88c, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x3, 0xe}, 0x50) r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'wlan1\x00', 0x0}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 437.721194ms ago: executing program 5 (id=2572): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffffffffffff}, 0x10208}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_config_ext={0x400, 0xdd5}, 0x0, 0x0, 0x10000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x63cf80fb, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f00000000c0)=0x7b1b) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) 425.869355ms ago: executing program 4 (id=2573): socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0xa, 0x300) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000000000000000050000000000000000000a2df3239112f0912a5675f5f52aa7ca37626278bfa36849dd22abf0f1ea8c03b316e675244e25d7fb1fe7277360c75d866a57eb7b9f98ade11592750c4efb690fff1efde373651bf1a3dbba7839a052ac9ca6a2a8d24d170ee083354767c9376680b4b200b8616192fa6d6aae794348ca7cfedfcae6dcee38537659d068e547297dd1ca6c19c53d84e0"], 0x28}, 0x1, 0x0, 0x0, 0x20000800}, 0x44000004) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x20}}, 0x0) 397.306497ms ago: executing program 4 (id=2574): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000100)=0x9, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x439a, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @loopback, 0xbf}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000f40)=0x6c, 0x4) recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/4110, 0x100e}, 0x7ffffffe}], 0x1, 0x40002000, 0x0) 362.883848ms ago: executing program 3 (id=2575): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x1000000009, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0xef, 0x3d27}, 0x400, 0x32, 0x43a1bd76, 0x7, 0x203, 0x6, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x3) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040016000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0) 361.758438ms ago: executing program 5 (id=2586): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$9p_virtio(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x48000, 0x0) 317.663761ms ago: executing program 4 (id=2577): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x80, &(0x7f0000000a00)={[{@i_version}, {@nogrpid}, {@bh}, {@block_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100}}, {@bsdgroups}]}, 0x1, 0x521, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvTLK2k7h1WnoABG1oCwFFWScbGlW9UE4IoUqIHkFKjb2xIu96Le+6YBMJ98wViUqc4MgfwDkn7lwQ3LiUAxI/LFCNxGHQzM7aW3vXP5qs13g/H2k0783b3e97cea9mbc/XgAT60ZEbEfEVES8FxFz5fGk3OLt7pY/7uOdx4u7O48Xk8iyd/+RFOX5seh7Tu5a+ZozEfG9b0X8MDkct725tbLQaNTXy/x8p7k2397cuv2oubBcX66v1mr3796/8+a9N2qnaM3MkaWvNKfK1Bc/+v32136SV2u2PNLfjmep2/TKXpzc5Yj4ziiCjcGlsj1T464In0oaES9GxKvF+T8Xl4q/JgBwkWXZXGRz/XkA4KJLizmwJK2WcwGzkabVancO76W4mjZa7c6th62N1aXuXNn1qKQPHzXqd8q5wutRSfL83SK9n68dyN+LiBci4ufTV4r8k2g1lsZ54QMAE+zagfH/39Pd8R8AuOCO/tgMAHARGf8BYPIY/wFg8hj/AWDydMf/K6d9WpZlPx1FdQCAM+D+HwAmj/EfACbKd995J9+y3fL3r5fe39xYab1/e6neXqk2Nxari631tepyq7XcqFcXW83jXq/Raq31Lifanfn25taDZmtjtfOg+F3vB/VKUbI94lYBAEd54ZUnf0ryEfmtK8UWfWs5VMZaM2DU0nFXABibS6d47PQI6wGcPat9weTav8c/9YcATA/ABTFgid5917q9w6EvCGVZlo20VsAo3fyc+X+YVH3z/z4FDBPmuPn/Ym1gbxLChWT+HyZXliUnXfM/oi+ZlM8GAP7/HDHHf/3srkKAcRry/v+L5f435ZsDP1g6+IgPR1krAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAON966/9Wy2V+ZyNNq9WI54oFgCrJw0eN+p2IeD4i/jhdmc7zd8dcZwDgaaV/Tcr1v27OvT77iaKXr+0lpyLiR7989xc/Xuh01v8QMZX8c7p3vPNhebx2bLCZUbQAADhab5wu9n038h/vPF7sbWdZn799s3tVkMfd3ZmK3b34l+NysZ+JSkRc/VdS5ruSvrmLp7H9QUR8dlD7k5gt5kC6lywH4+exnzvT+Okn4qflAs1p+W/xmWdQF5g0T/L+5+1B518aN4r94PN/puihnl7Z/+Uvtbhb9IH78Xv936Uh/d+Nk8b4+u++3U1dOVz2QcTnL0f0Yu/29T+9+MmQ+K+fMP6fv/Dyq8PKsl9F3IzB8ftjzXeaa/Ptza3bj5oLy/Xl+mqtdv/u/Ttv3nujNl/MUc8PHw3+/tat54eV5e2/OiT+zDHt//IJ2//r/773/S8dEf+rrw2Kn8ZLR8TPx8SvnDD+wtXfDr3vzuMvHW5/cpK//60Txv/oL1uHlg0HAManvbm1stBo1NclJM5/Iv8vew6qMTDxjbOKNRWDi372WvecPlCUZZ8q1rAe41nMugHnwd5JHxH/GXdlAAAAAAAAAAAAAACAgc7iG0vjbiMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX1/8CAAD//9OHyho=") r0 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x68) fallocate(r0, 0x0, 0x0, 0x1001ed) fallocate(r0, 0x3, 0xf00, 0x8) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101142, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0) lseek(r1, 0x1, 0x4) 316.944271ms ago: executing program 5 (id=2580): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd701004000000050000000600010005000000080009000200000008000b000000000008000c00a80a00000500130008000000050005"], 0x44}, 0x1, 0x0, 0x0, 0x20008802}, 0x30) 266.243794ms ago: executing program 4 (id=2581): r0 = socket$inet6(0xa, 0x3, 0x8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f00000000c0)=0xc) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@cred={{0x1c, 0x1, 0x2, {0x0, r1, 0xee01}}}], 0x20, 0x10}, 0x4c000) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0x10001, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000540)=0x2, 0x4) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)'], 0x28}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000001e00)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x0, 0x0) 265.849714ms ago: executing program 4 (id=2583): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1b}}], 0x10) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000240)="99", 0x1}], 0x1}, 0x4048043) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='hsr0\x00', 0x10) r1 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) sendto$inet6(r1, &(0x7f0000000480)="acc2", 0x2, 0x4c000, &(0x7f0000000380)={0xa, 0x4e24, 0xd, @loopback, 0xc5f}, 0x1c) 220.469446ms ago: executing program 3 (id=2585): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000140)='proc\x00', 0x800000, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r2, 0x0, 0x22) 178.057279ms ago: executing program 3 (id=2588): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5) syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_setup(0x8, &(0x7f0000000600)=0x0) io_submit(r2, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r1, 0x0}]) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) 177.5503ms ago: executing program 1 (id=2589): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x49801}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x17}, @IFLA_IPTUN_TOS={0x5, 0x5, 0x1}]}}}]}, 0x48}}, 0x0) sendto$packet(r0, &(0x7f0000000600)="05d936277c6f5422007f83477ca1b2f8e3e4018a34e7bfd3de1a00ad6762646c95c716727eb53bcc", 0x28, 0x40890, &(0x7f0000000200)={0x11, 0x86dd, r3, 0x1, 0x4, 0x6, @multicast}, 0x14) 137.096172ms ago: executing program 5 (id=2590): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x1, r1, 0x1, 0x9}, 0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0xfffffffe, 0x2000001, {0x0, 0x0, 0x0, r1, {0x7, 0xa}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) 136.777222ms ago: executing program 33 (id=2590): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000004c0)={r1, 0x3, 0x6}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x1, r1, 0x1, 0x9}, 0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0xfffffffe, 0x2000001, {0x0, 0x0, 0x0, r1, {0x7, 0xa}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) 136.314032ms ago: executing program 1 (id=2592): r0 = socket$inet_tcp(0x2, 0x1, 0x0) fcntl$setstatus(r0, 0x4, 0x42c00) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000300)="63ecedda41c3903803ed69d8d41f", 0x0, 0x0, 0xfffff000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 115.594153ms ago: executing program 1 (id=2593): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000000000000850000007500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r2) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/net\x00') bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc) 87.391054ms ago: executing program 3 (id=2594): ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f0000000080)={0x0, 0x1, 0x7, 0x10001, 0x5, "1afa86d32101b58680cdda128ed251c679583d", 0x3f, 0x80000004}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r1, 0x410, &(0x7f0000000080)={0x0, 0x1, 0x6, 0x1fd}) unlink(&(0x7f0000000100)='./file0\x00') close_range(r0, 0xffffffffffffffff, 0x0) 86.902274ms ago: executing program 1 (id=2595): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000440)='/sys/power/pm_print_times', 0x305002, 0x1) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32=r0], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) 22.241618ms ago: executing program 1 (id=2596): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r1 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000380)={0xc, 0x8, 0x144, {0x0}}, 0x10) 22.058738ms ago: executing program 1 (id=2597): unshare(0x6c000200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, 0x0, 0x4080) r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r2, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) 0s ago: executing program 3 (id=2598): r0 = socket$can_j1939(0x1d, 0x2, 0x7) socket$inet6_sctp(0xa, 0x5, 0x84) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x8020000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) kernel console output (not intermixed with test programs): netlink: 4 bytes leftover after parsing attributes in process `syz.1.232'. [ 49.726481][ T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.777256][ T4226] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 49.792834][ T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.869000][ T29] audit: type=1400 audit(2000000003.790:250): avc: denied { connect } for pid=4242 comm="syz.4.239" lport=32928 faddr=::ffff:100.1.1.0 fport=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 49.893364][ T29] audit: type=1400 audit(2000000003.790:251): avc: denied { name_connect } for pid=4242 comm="syz.4.239" dest=20002 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 49.946333][ T4237] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 49.984789][ T29] audit: type=1400 audit(2000000003.910:252): avc: denied { create } for pid=4249 comm="syz.4.241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 50.032182][ T29] audit: type=1400 audit(2000000003.930:253): avc: denied { ioctl } for pid=4249 comm="syz.4.241" path="socket:[6141]" dev="sockfs" ino=6141 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 50.056748][ T29] audit: type=1326 audit(2000000003.930:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4249 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 50.080438][ T29] audit: type=1326 audit(2000000003.930:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4249 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fccf4c6b58e code=0x7ffc0000 [ 50.103667][ T29] audit: type=1326 audit(2000000003.930:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4249 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fccf4c6b58e code=0x7ffc0000 [ 50.126917][ T29] audit: type=1326 audit(2000000003.930:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4249 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fccf4c6b58e code=0x7ffc0000 [ 50.150452][ T29] audit: type=1326 audit(2000000003.930:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4249 comm="syz.4.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 50.262941][ T4262] netlink: 24 bytes leftover after parsing attributes in process `syz.3.246'. [ 50.372048][ T4269] netlink: 12 bytes leftover after parsing attributes in process `syz.3.249'. [ 50.382077][ T4269] netlink: 'syz.3.249': attribute type 12 has an invalid length. [ 50.419871][ T12] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 50.428856][ T12] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 50.441083][ T4269] netlink: 'syz.3.249': attribute type 12 has an invalid length. [ 50.458157][ T12] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 50.473970][ T2705] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 50.685267][ T4293] io-wq is not configured for unbound workers [ 50.693773][ T4291] loop0: detected capacity change from 0 to 4096 [ 50.716150][ T4291] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.847877][ T3324] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.058186][ T4297] syz.1.261 (4297) used greatest stack depth: 10176 bytes left [ 51.306048][ T4323] loop2: detected capacity change from 0 to 1024 [ 51.434667][ T4323] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.484935][ T3646] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.580239][ T4339] loop2: detected capacity change from 0 to 512 [ 51.617873][ T4339] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.275: invalid indirect mapped block 256 (level 2) [ 51.657607][ T4339] EXT4-fs (loop2): 2 truncates cleaned up [ 51.685927][ T4339] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.733611][ T4339] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.275: bg 0: block 5: invalid block bitmap [ 51.823332][ T4339] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 51.835677][ T4339] EXT4-fs (loop2): This should not happen!! Data will be lost [ 51.835677][ T4339] [ 51.845380][ T4339] EXT4-fs (loop2): Total free blocks count 0 [ 51.846350][ T4352] loop0: detected capacity change from 0 to 128 [ 51.851375][ T4339] EXT4-fs (loop2): Free/Dirty block details [ 51.851390][ T4339] EXT4-fs (loop2): free_blocks=0 [ 51.851406][ T4339] EXT4-fs (loop2): dirty_blocks=67 [ 51.873719][ T4339] EXT4-fs (loop2): Block reservation details [ 51.879743][ T4339] EXT4-fs (loop2): i_reserved_data_blocks=67 [ 51.914793][ T4339] syz.2.275 (4339) used greatest stack depth: 9448 bytes left [ 51.923252][ T4352] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 51.952469][ T31] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28 [ 51.983491][ T4352] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.047988][ T3324] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 52.423290][ T4375] loop4: detected capacity change from 0 to 1024 [ 52.447526][ T4375] EXT4-fs: Ignoring removed oldalloc option [ 52.453590][ T4375] EXT4-fs: Ignoring removed bh option [ 52.575355][ T4375] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.761601][ T4374] EXT4-fs error (device loop4): mb_free_blocks:2037: group 0, inode 15: block 337:freeing already freed block (bit 21); block bitmap corrupt. [ 52.843383][ T3332] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.995075][ T4404] tipc: Started in network mode [ 53.000063][ T4404] tipc: Node identity aaaaaaaaaa35, cluster identity 4711 [ 53.007518][ T4404] tipc: Enabled bearer , priority 18 [ 53.111141][ T4425] loop2: detected capacity change from 0 to 512 [ 53.138390][ T4425] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.172181][ T4425] ext4 filesystem being mounted at /41/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.235393][ T4437] __nla_validate_parse: 10 callbacks suppressed [ 53.235412][ T4437] netlink: 12 bytes leftover after parsing attributes in process `syz.4.316'. [ 53.271835][ T3646] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.548692][ T4463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.328'. [ 53.557659][ T4463] netlink: 4 bytes leftover after parsing attributes in process `syz.4.328'. [ 53.608381][ T4463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.328'. [ 53.609179][ T31] netdevsim netdevsim4 ÿÿÿÿÿÿ: set [0, 0] type 1 family 0 port 8472 - 0 [ 53.617508][ T4463] netlink: 4 bytes leftover after parsing attributes in process `syz.4.328'. [ 53.635293][ T31] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 53.644137][ T31] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 53.653162][ T31] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 53.664979][ T4468] sctp: [Deprecated]: syz.1.329 (pid 4468) Use of int in maxseg socket option. [ 53.664979][ T4468] Use struct sctp_assoc_value instead [ 53.786710][ T4477] loop2: detected capacity change from 0 to 128 [ 53.793516][ T4477] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 53.806556][ T4477] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 53.841696][ T31] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 54.123968][ T4373] tipc: Node number set to 10463914 [ 54.184545][ T29] kauditd_printk_skb: 40 callbacks suppressed [ 54.184564][ T29] audit: type=1400 audit(2000000008.110:299): avc: denied { read write } for pid=4500 comm="syz.3.343" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 54.215633][ T29] audit: type=1400 audit(2000000008.110:300): avc: denied { open } for pid=4500 comm="syz.3.343" path="/dev/loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 54.240348][ T29] audit: type=1400 audit(2000000008.110:301): avc: denied { ioctl } for pid=4500 comm="syz.3.343" path="/dev/loop-control" dev="devtmpfs" ino=99 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 54.268485][ T4504] netlink: 16 bytes leftover after parsing attributes in process `syz.3.343'. [ 54.339958][ T4512] netlink: 4 bytes leftover after parsing attributes in process `syz.1.348'. [ 54.439742][ T29] audit: type=1400 audit(2000000008.360:302): avc: denied { create } for pid=4521 comm="syz.1.354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 54.459341][ T29] audit: type=1400 audit(2000000008.360:303): avc: denied { write } for pid=4521 comm="syz.1.354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 54.482277][ T29] audit: type=1326 audit(2000000008.400:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4513 comm="syz.2.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd719e9acb9 code=0x7fc00000 [ 54.704815][ T4537] process 'syz.0.359' launched './file1' with NULL argv: empty string added [ 54.709617][ T29] audit: type=1400 audit(2000000008.630:305): avc: denied { watch watch_reads } for pid=4536 comm="syz.0.359" path="/70/file1" dev="tmpfs" ino=386 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 54.739360][ T29] audit: type=1400 audit(2000000008.630:306): avc: denied { execute_no_trans } for pid=4536 comm="syz.0.359" path="/70/file1" dev="tmpfs" ino=386 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 54.935238][ T29] audit: type=1400 audit(2000000008.850:307): avc: denied { create } for pid=4542 comm="syz.0.362" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1 [ 55.034281][ T4545] batadv_slave_1: entered promiscuous mode [ 55.041022][ T4544] batadv_slave_1: left promiscuous mode [ 55.201245][ T29] audit: type=1326 audit(2000000009.120:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4513 comm="syz.2.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd719e9acb9 code=0x7fc00000 [ 55.339230][ T3395] kernel write not supported for file bpf-prog (pid: 3395 comm: kworker/1:4) [ 55.436675][ T4580] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 55.488115][ T4586] loop4: detected capacity change from 0 to 1024 [ 55.508359][ T4586] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.540273][ T4586] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: comm syz.4.382: inode #926365495: comm syz.4.382: iget: illegal inode # [ 55.554062][ T4586] EXT4-fs error (device loop4): ext4_xattr_inode_iget:446: comm syz.4.382: error while reading EA inode 926365495 err=-117 [ 55.634977][ T3332] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.807768][ T4610] netlink: 144 bytes leftover after parsing attributes in process `syz.4.391'. [ 55.861238][ T4612] loop4: detected capacity change from 0 to 2048 [ 55.888187][ T4612] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.053943][ T3332] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.098218][ T4629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.399'. [ 56.107181][ T4629] netlink: 12 bytes leftover after parsing attributes in process `syz.0.399'. [ 56.108201][ T4631] loop2: detected capacity change from 0 to 128 [ 56.123157][ T4629] geneve2: entered promiscuous mode [ 56.128567][ T4629] geneve2: entered allmulticast mode [ 56.147127][ T4631] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 56.213434][ T4631] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.234876][ T4642] netdevsim netdevsim3: Direct firmware load for / [ 56.234876][ T4642] failed with error -2 [ 56.278143][ T3646] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 56.614383][ T4687] loop4: detected capacity change from 0 to 512 [ 56.624152][ T4687] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 56.780659][ T4687] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters [ 56.797434][ T4687] EXT4-fs (loop4): Remounting filesystem read-only [ 56.805580][ T4687] EXT4-fs (loop4): 1 truncate cleaned up [ 56.812123][ T4687] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.863603][ T4687] syz.4.424 (4687) used greatest stack depth: 9168 bytes left [ 56.886901][ T3332] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.959091][ T4701] 8021q: adding VLAN 0 to HW filter on device bond1 [ 56.977694][ T4701] bond1: (slave batadv2): Opening slave failed [ 57.365653][ T4716] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4716 comm=syz.1.437 [ 57.633358][ T4741] netlink: 'syz.0.445': attribute type 13 has an invalid length. [ 57.658394][ T4741] netlink: 'syz.0.445': attribute type 13 has an invalid length. [ 57.672086][ T101] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 57.681531][ T101] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 57.696264][ T101] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 57.705207][ T101] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 57.864460][ T4767] netlink: 'syz.2.456': attribute type 1 has an invalid length. [ 57.884326][ T4767] 8021q: adding VLAN 0 to HW filter on device bond1 [ 57.904415][ T4767] bond1: (slave veth0_to_bond): making interface the new active one [ 57.914605][ T4767] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 58.076710][ T4793] pim6reg: entered allmulticast mode [ 58.102877][ T4793] pim6reg: left allmulticast mode [ 58.412745][ T4822] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4822 comm=syz.3.482 [ 58.487101][ T4831] pim6reg: entered allmulticast mode [ 58.542274][ T4831] pim6reg: left allmulticast mode [ 58.601338][ T4843] __nla_validate_parse: 10 callbacks suppressed [ 58.601354][ T4843] netlink: 12 bytes leftover after parsing attributes in process `syz.2.490'. [ 58.649232][ T4843] 8021q: adding VLAN 0 to HW filter on device bond2 [ 58.679948][ T4846] bond2: (slave batadv1): Opening slave failed [ 59.696091][ T4876] loop4: detected capacity change from 0 to 8192 [ 59.878144][ T4887] pim6reg: entered allmulticast mode [ 59.895213][ T4887] pim6reg: left allmulticast mode [ 60.020632][ T4894] loop3: detected capacity change from 0 to 512 [ 60.033980][ T4894] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 60.046780][ T4894] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters [ 60.064625][ T4894] EXT4-fs (loop3): Remounting filesystem read-only [ 60.071750][ T4894] __quota_error: 49 callbacks suppressed [ 60.071838][ T4894] Quota error (device loop3): write_blk: dquota write failed [ 60.084996][ T4894] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5 [ 60.094499][ T4894] Quota error (device loop3): write_blk: dquota write failed [ 60.102143][ T4894] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 60.112381][ T4894] EXT4-fs (loop3): 1 truncate cleaned up [ 60.118743][ T4894] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.165724][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.416865][ T4914] loop3: detected capacity change from 0 to 1024 [ 60.426247][ T4914] EXT4-fs: Ignoring removed oldalloc option [ 60.432200][ T4914] EXT4-fs: Ignoring removed bh option [ 60.475867][ T4914] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.548894][ T4912] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 15: block 337:freeing already freed block (bit 21); block bitmap corrupt. [ 60.569132][ T4922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.518'. [ 60.623893][ T4916] netlink: 84 bytes leftover after parsing attributes in process `syz.2.517'. [ 60.643704][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.789629][ T4930] loop2: detected capacity change from 0 to 2048 [ 60.839797][ T3309] GPT:first_usable_lbas don't match. [ 60.845214][ T3309] GPT:34 != 290 [ 60.848708][ T3309] GPT: Use GNU Parted to correct GPT errors. [ 60.854787][ T3309] loop2: p1 p2 p3 [ 60.864644][ T4930] GPT:first_usable_lbas don't match. [ 60.870008][ T4930] GPT:34 != 290 [ 60.873481][ T4930] GPT: Use GNU Parted to correct GPT errors. [ 60.879697][ T4930] loop2: p1 p2 p3 [ 61.080434][ T4937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.534'. [ 61.095212][ T4940] loop2: detected capacity change from 0 to 512 [ 61.103222][ T4940] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 61.126516][ T4940] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters [ 61.141017][ T4940] EXT4-fs (loop2): Remounting filesystem read-only [ 61.147707][ T4940] Quota error (device loop2): write_blk: dquota write failed [ 61.155205][ T4940] Quota error (device loop2): find_free_dqentry: Can't write quota data block 5 [ 61.164848][ T4940] Quota error (device loop2): write_blk: dquota write failed [ 61.172314][ T4940] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 61.182639][ T4940] EXT4-fs (loop2): 1 truncate cleaned up [ 61.188863][ T4940] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.233461][ T3646] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.281326][ T4946] netlink: 52 bytes leftover after parsing attributes in process `syz.3.526'. [ 61.293098][ T4946] netlink: 67 bytes leftover after parsing attributes in process `syz.3.526'. [ 61.365787][ T4952] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 61.409965][ T4952] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 61.540189][ T29] audit: type=1400 audit(2000000015.460:354): avc: denied { load_policy } for pid=4961 comm="syz.3.533" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 61.560894][ T4962] SELinux: failed to load policy [ 61.718289][ T4967] loop3: detected capacity change from 0 to 2048 [ 61.774706][ T3309] GPT:first_usable_lbas don't match. [ 61.780047][ T3309] GPT:34 != 290 [ 61.783544][ T3309] GPT: Use GNU Parted to correct GPT errors. [ 61.789705][ T3309] loop3: p1 p2 p3 [ 61.812567][ T4967] GPT:first_usable_lbas don't match. [ 61.817942][ T4967] GPT:34 != 290 [ 61.821439][ T4967] GPT: Use GNU Parted to correct GPT errors. [ 61.827612][ T4967] loop3: p1 p2 p3 [ 61.909096][ T4977] netlink: 4 bytes leftover after parsing attributes in process `syz.2.539'. [ 61.948313][ T29] audit: type=1400 audit(2000000015.870:355): avc: denied { remount } for pid=4974 comm="syz.1.538" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 62.082142][ T4988] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 62.093001][ T4988] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 62.103957][ T4988] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 62.117836][ T4988] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 62.127419][ T4988] netlink: 566 bytes leftover after parsing attributes in process `syz.4.543'. [ 62.177022][ T4993] netlink: 28 bytes leftover after parsing attributes in process `syz.2.544'. [ 62.181753][ C1] hrtimer: interrupt took 33674 ns [ 62.186238][ T4993] netlink: 'syz.2.544': attribute type 7 has an invalid length. [ 62.198819][ T4993] netlink: 'syz.2.544': attribute type 8 has an invalid length. [ 62.206495][ T4993] netlink: 4 bytes leftover after parsing attributes in process `syz.2.544'. [ 62.469574][ T5004] loop3: detected capacity change from 0 to 128 [ 62.484303][ T5004] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 62.496962][ T5004] ext4 filesystem being mounted at /124/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 62.595463][ T3319] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 62.665528][ T5008] loop4: detected capacity change from 0 to 512 [ 62.674027][ T5008] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 62.689344][ T5008] EXT4-fs (loop4): 1 truncate cleaned up [ 62.697795][ T5008] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.731996][ T3332] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.769035][ T5013] loop4: detected capacity change from 0 to 2048 [ 62.814806][ T3309] GPT:first_usable_lbas don't match. [ 62.820151][ T3309] GPT:34 != 290 [ 62.823657][ T3309] GPT: Use GNU Parted to correct GPT errors. [ 62.829811][ T3309] loop4: p1 p2 p3 [ 62.839088][ T5013] GPT:first_usable_lbas don't match. [ 62.844452][ T5013] GPT:34 != 290 [ 62.847951][ T5013] GPT: Use GNU Parted to correct GPT errors. [ 62.854271][ T5013] loop4: p1 p2 p3 [ 63.440091][ T5042] loop4: detected capacity change from 0 to 128 [ 63.456264][ T5042] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 63.471355][ T5042] ext4 filesystem being mounted at /108/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 63.534357][ T3332] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 64.242911][ T5075] loop2: detected capacity change from 0 to 128 [ 64.262803][ T5075] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 64.276332][ T5075] ext4 filesystem being mounted at /97/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 64.313223][ T5081] loop4: detected capacity change from 0 to 512 [ 64.322178][ T5081] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 64.335458][ T5081] EXT4-fs (loop4): 1 truncate cleaned up [ 64.341700][ T5081] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 64.371528][ T3646] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 64.406530][ T3332] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.492483][ T5097] __nla_validate_parse: 1 callbacks suppressed [ 64.492500][ T5097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.588'. [ 64.507777][ T5097] netlink: 12 bytes leftover after parsing attributes in process `syz.4.588'. [ 64.765946][ T5126] netlink: 8 bytes leftover after parsing attributes in process `syz.0.601'. [ 64.774990][ T5126] netlink: 12 bytes leftover after parsing attributes in process `syz.0.601'. [ 65.112386][ T5141] SELinux: failed to load policy [ 65.125373][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 65.125390][ T29] audit: type=1326 audit(2000000019.050:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5142 comm="syz.1.606" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9a57e6acb9 code=0x0 [ 65.578851][ T5149] SELinux: failed to load policy [ 65.602236][ T29] audit: type=1400 audit(2000000019.520:362): avc: denied { connect } for pid=5156 comm="syz.4.612" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 65.830249][ T29] audit: type=1326 audit(2000000019.750:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5171 comm="syz.4.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 65.853670][ T29] audit: type=1326 audit(2000000019.750:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5171 comm="syz.4.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 65.923858][ T29] audit: type=1326 audit(2000000019.840:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5171 comm="syz.4.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 65.949668][ T29] audit: type=1326 audit(2000000019.840:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5171 comm="syz.4.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 66.012452][ T5176] netlink: 24 bytes leftover after parsing attributes in process `syz.3.621'. [ 66.215569][ T29] audit: type=1326 audit(2000000020.130:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5184 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf3e3dacb9 code=0x7ffc0000 [ 66.246884][ T29] audit: type=1326 audit(2000000020.160:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5184 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fdf3e3dacb9 code=0x7ffc0000 [ 66.270267][ T29] audit: type=1326 audit(2000000020.160:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5184 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf3e3dacb9 code=0x7ffc0000 [ 66.293812][ T29] audit: type=1326 audit(2000000020.160:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5184 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf3e3dacb9 code=0x7ffc0000 [ 68.587748][ T5289] 9p: Bad value for 'rfdno' [ 68.590965][ T5288] loop2: detected capacity change from 0 to 512 [ 68.642306][ T5288] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 68.664413][ T5288] EXT4-fs (loop2): 1 truncate cleaned up [ 68.672623][ T5296] mmap: syz.0.680 (5296) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 68.675139][ T5288] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 68.797876][ T3646] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.892690][ T5325] 9p: Bad value for 'rfdno' [ 69.056516][ T5346] netlink: 36 bytes leftover after parsing attributes in process `syz.1.690'. [ 69.139293][ T5358] 9p: Bad value for 'rfdno' [ 69.871267][ T5412] netlink: 8 bytes leftover after parsing attributes in process `syz.2.717'. [ 69.952217][ T5417] netlink: 'syz.2.719': attribute type 1 has an invalid length. [ 69.988894][ T5417] bond3: (slave geneve2): making interface the new active one [ 69.997031][ T5417] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 70.010229][ T3443] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 70.026330][ T3443] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 70.055398][ T3443] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 70.089206][ T3443] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 70.100793][ T5423] loop2: detected capacity change from 0 to 1024 [ 70.114162][ T5423] EXT4-fs: Ignoring removed orlov option [ 70.158091][ T5423] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.190596][ T29] kauditd_printk_skb: 45 callbacks suppressed [ 70.190627][ T29] audit: type=1400 audit(2000000024.110:416): avc: denied { name_bind } for pid=5427 comm="syz.0.734" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 70.425076][ T3646] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.440740][ T29] audit: type=1400 audit(2000000024.360:417): avc: denied { write } for pid=5453 comm="syz.1.736" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 70.574284][ T5461] netlink: 'syz.0.738': attribute type 1 has an invalid length. [ 70.649338][ T5461] bond2: (slave geneve3): making interface the new active one [ 70.674219][ T5461] bond2: (slave geneve3): Enslaving as an active interface with an up link [ 70.682925][ T101] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 70.693014][ T101] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 70.703726][ T101] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 70.712786][ T101] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 71.086826][ T29] audit: type=1326 audit(2000000025.000:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 71.110389][ T29] audit: type=1326 audit(2000000025.000:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 71.133758][ T29] audit: type=1326 audit(2000000025.000:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 71.168950][ T5503] gre1: entered promiscuous mode [ 71.226323][ T29] audit: type=1326 audit(2000000025.080:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 71.249895][ T29] audit: type=1326 audit(2000000025.080:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 71.273271][ T29] audit: type=1400 audit(2000000025.130:423): avc: denied { mount } for pid=5507 comm="syz.0.756" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 71.295282][ T29] audit: type=1326 audit(2000000025.130:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 71.319611][ T29] audit: type=1326 audit(2000000025.140:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5500 comm="syz.4.753" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 71.374200][ T5513] netlink: 'syz.1.758': attribute type 1 has an invalid length. [ 71.414106][ T3395] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 71.511650][ T5519] bond1: (slave geneve2): making interface the new active one [ 71.543757][ T5519] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 71.552744][ T12] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 71.562049][ T12] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 71.573077][ T12] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 71.601024][ T12] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 72.008152][ T5563] gre1: entered promiscuous mode [ 72.135607][ T3443] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.144390][ T2705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.152578][ T2705] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.161818][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.169948][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.190001][ T4373] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.214757][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.298323][ T5603] gre1: entered promiscuous mode [ 72.454137][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 72.709700][ T5618] chnl_net:caif_netlink_parms(): no params data found [ 72.772726][ T5618] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.780611][ T5618] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.788216][ T5618] bridge_slave_0: entered allmulticast mode [ 72.794948][ T5618] bridge_slave_0: entered promiscuous mode [ 72.801874][ T5618] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.809045][ T5618] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.816502][ T5618] bridge_slave_1: entered allmulticast mode [ 72.823062][ T5618] bridge_slave_1: entered promiscuous mode [ 72.842324][ T5618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.852957][ T5618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.872810][ T5618] team0: Port device team_slave_0 added [ 72.879424][ T5618] team0: Port device team_slave_1 added [ 72.895387][ T5618] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.902362][ T5618] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.928582][ T5618] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.940038][ T5618] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.947046][ T5618] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.973046][ T5618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.006729][ T5618] hsr_slave_0: entered promiscuous mode [ 73.014894][ T5618] hsr_slave_1: entered promiscuous mode [ 73.020859][ T5618] debugfs: 'hsr0' already exists in 'hsr' [ 73.026668][ T5618] Cannot create hsr debugfs directory [ 73.073560][ T5667] netlink: 7 bytes leftover after parsing attributes in process `syz.4.812'. [ 73.082791][ T5667] netlink: 7 bytes leftover after parsing attributes in process `syz.4.812'. [ 73.103886][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.128319][ T5618] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 73.137502][ T5618] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 73.146507][ T5618] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 73.155672][ T5618] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 73.172904][ T5618] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.179997][ T5618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.187320][ T5618] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.194427][ T5618] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.227948][ T5618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.239881][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.254776][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.269196][ T5618] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.283720][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.290858][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.307104][ T101] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.314386][ T101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.404098][ T5618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.450221][ T5696] netlink: 36 bytes leftover after parsing attributes in process `syz.0.818'. [ 73.531620][ T5618] veth0_vlan: entered promiscuous mode [ 73.540241][ T5618] veth1_vlan: entered promiscuous mode [ 73.559427][ T5618] veth0_macvtap: entered promiscuous mode [ 73.567640][ T5618] veth1_macvtap: entered promiscuous mode [ 73.581728][ T5618] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.594373][ T5618] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.606517][ T3443] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.630190][ T3443] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.643512][ T3443] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.653705][ T3443] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.878017][ T5727] netlink: 7 bytes leftover after parsing attributes in process `syz.5.825'. [ 73.888219][ T5727] netlink: 7 bytes leftover after parsing attributes in process `syz.5.825'. [ 73.960447][ T5731] geneve2: entered promiscuous mode [ 74.900296][ T5762] netlink: 7 bytes leftover after parsing attributes in process `syz.0.840'. [ 74.923358][ T5762] netlink: 7 bytes leftover after parsing attributes in process `syz.0.840'. [ 75.250989][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 75.251025][ T29] audit: type=1400 audit(2000000029.170:452): avc: denied { mount } for pid=5770 comm="syz.5.844" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 75.454579][ T5785] xt_hashlimit: size too large, truncated to 1048576 [ 75.481758][ T29] audit: type=1400 audit(2000000029.400:453): avc: denied { write } for pid=5784 comm="syz.4.851" laddr=::1 lport=256 faddr=::1 fport=20001 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 75.830469][ T5804] sch_tbf: burst 19360 is lower than device lo mtu (65550) ! [ 75.931007][ T5814] netlink: 4 bytes leftover after parsing attributes in process `syz.4.862'. [ 75.941124][ T5814] netlink: 12 bytes leftover after parsing attributes in process `syz.4.862'. [ 76.045856][ T5821] netlink: 168 bytes leftover after parsing attributes in process `syz.4.864'. [ 76.166456][ T5829] netlink: 'syz.0.867': attribute type 1 has an invalid length. [ 76.187314][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 76.196226][ T5829] bond3: (slave batadv1): making interface the new active one [ 76.205692][ T5829] bond3: (slave batadv1): Enslaving as an active interface with an up link [ 76.217650][ T5829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.867'. [ 76.229173][ T5829] bond3 (unregistering): (slave batadv1): Releasing active interface [ 76.238658][ T5829] bond3 (unregistering): Released all slaves [ 76.289487][ T29] audit: type=1326 audit(2000000030.210:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5836 comm="syz.4.870" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x0 [ 76.457542][ T29] audit: type=1400 audit(2000000030.380:455): avc: denied { mount } for pid=5847 comm="syz.0.874" name="/" dev="rpc_pipefs" ino=11812 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 76.541890][ T5852] sch_tbf: burst 19360 is lower than device lo mtu (65550) ! [ 76.863338][ T5890] netlink: 28 bytes leftover after parsing attributes in process `syz.1.894'. [ 76.972794][ T5900] netlink: 168 bytes leftover after parsing attributes in process `syz.0.908'. [ 77.082150][ T5908] netlink: 4 bytes leftover after parsing attributes in process `syz.5.900'. [ 77.092801][ T5908] netlink: 12 bytes leftover after parsing attributes in process `syz.5.900'. [ 77.140109][ T5915] xt_hashlimit: size too large, truncated to 1048576 [ 77.224502][ T5919] net_ratelimit: 8 callbacks suppressed [ 77.224523][ T5919] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 77.306900][ T5927] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.317389][ T5927] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.379565][ T5927] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.390006][ T5927] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.414585][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 77.447159][ T5927] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.457619][ T5927] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.508061][ T5927] netdevsim netdevsim4 ÿÿÿÿÿÿ (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.518203][ T5927] netdevsim netdevsim4 ÿÿÿÿÿÿ (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.571476][ T101] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.579889][ T101] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.604533][ T101] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.612771][ T101] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.724539][ T101] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.732894][ T101] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.754510][ T101] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.762740][ T101] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.020115][ T5968] loop5: detected capacity change from 0 to 512 [ 78.045584][ T5968] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 78.063587][ T5968] EXT4-fs (loop5): 1 truncate cleaned up [ 78.069939][ T5968] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.089660][ T5968] xt_hashlimit: size too large, truncated to 1048576 [ 78.234445][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.247393][ T5980] netlink: 'syz.1.939': attribute type 1 has an invalid length. [ 78.268442][ T5984] loop5: detected capacity change from 0 to 512 [ 78.297869][ T5984] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.304137][ T5980] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 78.318265][ T5984] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 78.324179][ T5980] bond2: (slave batadv1): making interface the new active one [ 78.337628][ T5980] bond2: (slave batadv1): Enslaving as an active interface with an up link [ 78.350863][ T5989] bond2 (unregistering): (slave batadv1): Releasing active interface [ 78.381845][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.410729][ T5989] bond2 (unregistering): Released all slaves [ 78.438842][ T5995] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 78.449214][ T5995] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.464725][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 78.497350][ T29] audit: type=1400 audit(2000000032.420:456): avc: denied { setopt } for pid=5999 comm="syz.1.936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 78.537552][ T5995] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 78.547962][ T5995] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.583855][ T29] audit: type=1326 audit(2000000032.500:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6003 comm="syz.1.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 78.607964][ T29] audit: type=1326 audit(2000000032.530:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6003 comm="syz.1.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 78.631364][ T29] audit: type=1326 audit(2000000032.530:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6003 comm="syz.1.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 78.655087][ T29] audit: type=1326 audit(2000000032.530:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6003 comm="syz.1.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 78.678492][ T29] audit: type=1326 audit(2000000032.530:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6003 comm="syz.1.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 78.717816][ T5995] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 78.728269][ T5995] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.787840][ T5995] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 78.798210][ T5995] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.862468][ T3443] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 78.870789][ T3443] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.883136][ T3443] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 78.891447][ T3443] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.904184][ T3443] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 78.912388][ T3443] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.923305][ T3443] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 78.931532][ T3443] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.014199][ T4373] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.036753][ T6016] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 79.046663][ T6016] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.096654][ T6016] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 79.106688][ T6016] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.145839][ T6016] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 79.155682][ T6016] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.174257][ T3408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.195656][ T6016] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 79.205511][ T6016] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.495182][ T3499] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.160540][ T6074] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 80.170931][ T6074] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.181276][ T6074] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 80.268026][ T6074] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 80.278519][ T6074] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.288898][ T6074] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 80.373908][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.457492][ T6074] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 80.468070][ T6074] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.478402][ T6074] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 80.538046][ T3486] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.735011][ T6074] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 80.745399][ T6074] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.755804][ T6074] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 80.853832][ T408] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 80.862110][ T408] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20004 - 0 [ 80.870440][ T408] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 80.912021][ T408] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 80.920423][ T408] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20004 - 0 [ 80.928794][ T408] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 80.944470][ T408] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 80.952713][ T408] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20004 - 0 [ 80.961102][ T408] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 81.031146][ T408] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 81.039582][ T408] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20004 - 0 [ 81.048057][ T408] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 81.168676][ T6091] __nla_validate_parse: 4 callbacks suppressed [ 81.168697][ T6091] netlink: 16 bytes leftover after parsing attributes in process `syz.4.974'. [ 81.184733][ T6093] netlink: 'syz.1.975': attribute type 2 has an invalid length. [ 81.202784][ T6093] netlink: 'syz.1.975': attribute type 2 has an invalid length. [ 81.217525][ T6091] gtp0: entered promiscuous mode [ 81.294690][ T6102] af_packet: tpacket_rcv: packet too big, clamped from 65232 to 4294967272. macoff=96 [ 81.573949][ T3497] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.654375][ T3443] Bluetooth: hci0: Frame reassembly failed (-84) [ 82.064126][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.500862][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 82.500880][ T29] audit: type=1400 audit(2000000036.420:465): avc: denied { nlmsg_read } for pid=6164 comm="syz.0.1005" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 82.615114][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.629754][ T3443] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 83.638062][ T3443] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.649980][ T408] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 83.658311][ T3521] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 83.658320][ T408] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.672805][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.699916][ T408] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 83.708365][ T408] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.719511][ T408] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 83.727792][ T408] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.744244][ T6200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.752507][ T6200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.760717][ T6200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.791143][ T6200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.799425][ T6200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.807700][ T6200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.815907][ T6200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.834266][ T6206] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.909176][ T6206] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.948117][ T6206] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.008816][ T6206] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.066632][ T12] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.087731][ T12] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.103995][ T12] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.119734][ T12] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.177977][ T6215] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1023'. [ 84.199173][ T6215] gtp0: entered promiscuous mode [ 84.694045][ T3497] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 84.877095][ T6238] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1032'. [ 84.922082][ T29] audit: type=1400 audit(2000000038.840:466): avc: denied { read } for pid=6243 comm="syz.5.1038" path="socket:[13849]" dev="sockfs" ino=13849 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 84.972593][ T29] audit: type=1400 audit(2000000038.890:467): avc: denied { create } for pid=6250 comm="syz.3.1041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 84.997530][ T29] audit: type=1400 audit(2000000038.910:468): avc: denied { read } for pid=6250 comm="syz.3.1041" path="socket:[13860]" dev="sockfs" ino=13860 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 85.147685][ T6254] netlink: 240 bytes leftover after parsing attributes in process `syz.3.1041'. [ 85.147670][ T29] audit: type=1400 audit(2000000039.070:469): avc: denied { write } for pid=6250 comm="syz.3.1041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 85.308228][ T6273] loop5: detected capacity change from 0 to 1024 [ 85.345978][ T6273] EXT4-fs: Ignoring removed orlov option [ 85.428087][ T29] audit: type=1400 audit(2000000039.350:470): avc: denied { sqpoll } for pid=6281 comm="syz.3.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 85.462025][ T6273] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.621421][ T29] audit: type=1400 audit(2000000039.540:471): avc: denied { remove_name } for pid=6269 comm="syz.5.1048" name="file0" dev="loop5" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 85.697304][ T29] audit: type=1400 audit(2000000039.540:472): avc: denied { rename } for pid=6269 comm="syz.5.1048" name="file0" dev="loop5" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 85.719803][ T29] audit: type=1400 audit(2000000039.540:473): avc: denied { unlink } for pid=6269 comm="syz.5.1048" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 85.756708][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.968748][ T6299] netlink: 240 bytes leftover after parsing attributes in process `syz.5.1055'. [ 86.305126][ T6312] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1068'. [ 86.353333][ T6317] loop5: detected capacity change from 0 to 256 [ 86.821319][ T29] audit: type=1326 audit(2000000040.740:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6328 comm="syz.4.1071" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 86.859248][ T6278] syz.1.1049 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0 [ 86.873179][ T6278] CPU: 0 UID: 0 PID: 6278 Comm: syz.1.1049 Not tainted syzkaller #0 PREEMPT(voluntary) [ 86.873212][ T6278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 86.873228][ T6278] Call Trace: [ 86.873240][ T6278] [ 86.873249][ T6278] __dump_stack+0x1d/0x30 [ 86.873356][ T6278] dump_stack_lvl+0x95/0xd0 [ 86.873379][ T6278] dump_stack+0x15/0x1b [ 86.873473][ T6278] dump_header+0x80/0x240 [ 86.873509][ T6278] oom_kill_process+0x295/0x350 [ 86.873538][ T6278] out_of_memory+0x97d/0xb80 [ 86.873569][ T6278] try_charge_memcg+0x62e/0xa10 [ 86.873700][ T6278] obj_cgroup_charge_pages+0xa6/0x150 [ 86.873764][ T6278] __memcg_kmem_charge_page+0x9e/0x170 [ 86.873968][ T6278] __alloc_frozen_pages_noprof+0x18a/0x350 [ 86.874039][ T6278] alloc_pages_mpol+0xb3/0x260 [ 86.874080][ T6278] alloc_pages_noprof+0x8f/0x130 [ 86.874161][ T6278] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 86.874218][ T6278] __kvmalloc_node_noprof+0x471/0x680 [ 86.874248][ T6278] ? ip_set_alloc+0x24/0x30 [ 86.874365][ T6278] ? ip_set_alloc+0x24/0x30 [ 86.874429][ T6278] ip_set_alloc+0x24/0x30 [ 86.874467][ T6278] hash_netiface_create+0x282/0x740 [ 86.874507][ T6278] ? __pfx_hash_netiface_create+0x10/0x10 [ 86.874606][ T6278] ip_set_create+0x3cf/0x970 [ 86.874678][ T6278] ? __nla_parse+0x40/0x60 [ 86.874709][ T6278] nfnetlink_rcv_msg+0x509/0x5d0 [ 86.874765][ T6278] netlink_rcv_skb+0x123/0x220 [ 86.874827][ T6278] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 86.874933][ T6278] nfnetlink_rcv+0x167/0x1720 [ 86.875037][ T6278] ? __kfree_skb+0x109/0x150 [ 86.875075][ T6278] ? nlmon_xmit+0x4f/0x60 [ 86.875099][ T6278] ? consume_skb+0x49/0x140 [ 86.875126][ T6278] ? nlmon_xmit+0x4f/0x60 [ 86.875149][ T6278] ? dev_hard_start_xmit+0x3a8/0x3e0 [ 86.875244][ T6278] ? __dev_queue_xmit+0x139a/0x1f20 [ 86.875276][ T6278] ? __dev_queue_xmit+0x148/0x1f20 [ 86.875374][ T6278] ? ref_tracker_free+0x37d/0x3e0 [ 86.875409][ T6278] ? __netlink_deliver_tap+0x4dc/0x500 [ 86.875450][ T6278] netlink_unicast+0x5c0/0x690 [ 86.875484][ T6278] netlink_sendmsg+0x5c8/0x6f0 [ 86.875571][ T6278] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.875646][ T6278] __sock_sendmsg+0x145/0x170 [ 86.875710][ T6278] ____sys_sendmsg+0x31e/0x4a0 [ 86.875747][ T6278] ___sys_sendmsg+0x195/0x1e0 [ 86.875832][ T6278] __x64_sys_sendmsg+0xd4/0x160 [ 86.875870][ T6278] x64_sys_call+0x17ba/0x3000 [ 86.875904][ T6278] do_syscall_64+0xc0/0x2a0 [ 86.876014][ T6278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.876043][ T6278] RIP: 0033:0x7f9a57e6acb9 [ 86.876069][ T6278] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.876094][ T6278] RSP: 002b:00007f9a568c7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 86.876121][ T6278] RAX: ffffffffffffffda RBX: 00007f9a580e5fa0 RCX: 00007f9a57e6acb9 [ 86.876217][ T6278] RDX: 0000000000000880 RSI: 0000200000000040 RDI: 0000000000000003 [ 86.876235][ T6278] RBP: 00007f9a57ed8bf7 R08: 0000000000000000 R09: 0000000000000000 [ 86.876252][ T6278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 86.876269][ T6278] R13: 00007f9a580e6038 R14: 00007f9a580e5fa0 R15: 00007ffec35f9e08 [ 86.876297][ T6278] [ 87.193571][ T6278] memory: usage 307200kB, limit 307200kB, failcnt 516 [ 87.200512][ T6278] memory+swap: usage 307504kB, limit 9007199254740988kB, failcnt 0 [ 87.208484][ T6278] kmem: usage 235308kB, limit 9007199254740988kB, failcnt 0 [ 87.215817][ T6278] Memory cgroup stats for /syz1: [ 87.218691][ T6331] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 87.234105][ T6331] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.244409][ T6331] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 87.248172][ T6278] cache 69414912 [ 87.258469][ T6278] rss 4202496 [ 87.261774][ T6278] shmem 0 [ 87.264852][ T6278] mapped_file 0 [ 87.268424][ T6278] dirty 0 [ 87.271374][ T6278] writeback 0 [ 87.274717][ T6278] workingset_refault_anon 1398 [ 87.279494][ T6278] workingset_refault_file 293 [ 87.284209][ T6278] swap 311296 [ 87.287520][ T6278] swapcached 0 [ 87.290966][ T6278] pgpgin 120465 [ 87.294488][ T6278] pgpgout 102492 [ 87.298053][ T6278] pgfault 73523 [ 87.301529][ T6278] pgmajfault 207 [ 87.305110][ T6278] inactive_anon 0 [ 87.308757][ T6278] active_anon 0 [ 87.312356][ T6278] inactive_file 4202496 [ 87.316567][ T6278] active_file 0 [ 87.320104][ T6278] unevictable 69414912 [ 87.324251][ T6278] hierarchical_memory_limit 314572800 [ 87.329647][ T6278] hierarchical_memsw_limit 9223372036854771712 [ 87.335889][ T6278] total_cache 69414912 [ 87.340052][ T6278] total_rss 4202496 [ 87.343948][ T6278] total_shmem 0 [ 87.347431][ T6278] total_mapped_file 0 [ 87.351429][ T6278] total_dirty 0 [ 87.354941][ T6278] total_writeback 0 [ 87.358768][ T6278] total_workingset_refault_anon 1398 [ 87.364131][ T6278] total_workingset_refault_file 293 [ 87.369581][ T6278] total_swap 311296 [ 87.373562][ T6278] total_swapcached 0 [ 87.377527][ T6278] total_pgpgin 120465 [ 87.381581][ T6278] total_pgpgout 102492 [ 87.385689][ T6278] total_pgfault 73523 [ 87.389809][ T6278] total_pgmajfault 207 [ 87.393931][ T6278] total_inactive_anon 0 [ 87.398201][ T6278] total_active_anon 0 [ 87.402493][ T6278] total_inactive_file 4202496 [ 87.407317][ T6278] total_active_file 0 [ 87.411317][ T6278] total_unevictable 69414912 [ 87.415971][ T6278] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1049,pid=6277,uid=0 [ 87.430597][ T6278] Memory cgroup out of memory: Killed process 6277 (syz.1.1049) total-vm:94264kB, anon-rss:5300kB, file-rss:22416kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:0 [ 87.517749][ T6331] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 87.528180][ T6331] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.538565][ T6331] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 87.650801][ T6331] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 87.661216][ T6331] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.672009][ T6331] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 87.748030][ T6331] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 87.758475][ T6331] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.768856][ T6331] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 87.851407][ T385] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.859800][ T385] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20004 - 0 [ 87.868127][ T385] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 87.894024][ T3497] net_ratelimit: 3 callbacks suppressed [ 87.894041][ T3497] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 87.915481][ T385] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.923754][ T385] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20004 - 0 [ 87.932132][ T385] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 87.974174][ T385] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.982425][ T385] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20004 - 0 [ 87.990786][ T385] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 88.027976][ T385] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 88.036322][ T385] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20004 - 0 [ 88.044721][ T385] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 88.059954][ T6363] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1085'. [ 88.145308][ T4373] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 88.196963][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 88.197022][ T29] audit: type=1400 audit(2000000042.120:486): avc: denied { setopt } for pid=6374 comm="syz.5.1091" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 88.238548][ T29] audit: type=1400 audit(2000000042.150:487): avc: denied { connect } for pid=6374 comm="syz.5.1091" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 88.339831][ T6278] syz.1.1049 (6278) used greatest stack depth: 7416 bytes left [ 88.434389][ T29] audit: type=1326 audit(2000000042.360:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6384 comm="syz.0.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 88.522247][ T29] audit: type=1326 audit(2000000042.390:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6384 comm="syz.0.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 88.545861][ T29] audit: type=1326 audit(2000000042.390:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6384 comm="syz.0.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 88.569270][ T29] audit: type=1326 audit(2000000042.390:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6384 comm="syz.0.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 88.592690][ T29] audit: type=1326 audit(2000000042.390:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6384 comm="syz.0.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 88.616065][ T29] audit: type=1326 audit(2000000042.400:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6384 comm="syz.0.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 88.668518][ T29] audit: type=1326 audit(2000000042.470:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6384 comm="syz.0.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fceb801b58e code=0x7ffc0000 [ 88.691910][ T29] audit: type=1326 audit(2000000042.470:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6384 comm="syz.0.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 88.775846][ T2970] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 88.788522][ T6401] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1099'. [ 88.868909][ T6410] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1101'. [ 88.933933][ T3486] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 89.068956][ T6442] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1117'. [ 89.110176][ T6449] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1119'. [ 89.447490][ T6494] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1133'. [ 89.591643][ T6504] loop5: detected capacity change from 0 to 512 [ 89.598808][ T6504] EXT4-fs: Ignoring removed bh option [ 89.626596][ T6504] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.639701][ T6504] ext4 filesystem being mounted at /77/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 89.687279][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.895798][ T6532] netlink: 'syz.5.1148': attribute type 3 has an invalid length. [ 89.905272][ T6532] netlink: 'syz.5.1148': attribute type 3 has an invalid length. [ 89.913086][ T6532] netlink: 'syz.5.1148': attribute type 3 has an invalid length. [ 89.921056][ T6532] netlink: 'syz.5.1148': attribute type 3 has an invalid length. [ 89.952692][ T6539] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 89.959535][ T6532] netlink: 'syz.5.1148': attribute type 3 has an invalid length. [ 89.961352][ T6539] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 89.968840][ T6532] netlink: 'syz.5.1148': attribute type 3 has an invalid length. [ 89.977131][ T6539] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 89.986276][ T6532] netlink: 'syz.5.1148': attribute type 3 has an invalid length. [ 90.000688][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 90.002424][ T6532] netlink: 'syz.5.1148': attribute type 3 has an invalid length. [ 90.021026][ T6532] netlink: 'syz.5.1148': attribute type 3 has an invalid length. [ 90.029419][ T6532] netlink: 'syz.5.1148': attribute type 3 has an invalid length. [ 90.684672][ T6547] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 90.694556][ T6547] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 90.704475][ T6547] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 90.776135][ T6547] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 90.786015][ T6547] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 90.795943][ T6547] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 90.818780][ T6547] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 90.828627][ T6547] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 90.838584][ T6547] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 90.913260][ T6547] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 90.923194][ T6547] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 90.933121][ T6547] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 90.984862][ T6583] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1167'. [ 91.012459][ T6587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 91.020909][ T6587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 91.044309][ T6583] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1167'. [ 91.871451][ T1667] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.879744][ T1667] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20004 - 0 [ 91.888148][ T1667] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 91.920140][ T1667] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.928465][ T1667] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20004 - 0 [ 91.937065][ T1667] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 91.946052][ T1667] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.954337][ T1667] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20004 - 0 [ 91.962619][ T1667] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 91.971650][ T1667] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.979972][ T1667] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20004 - 0 [ 91.988364][ T1667] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 92.045979][ T6649] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1197'. [ 92.054957][ T6649] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1197'. [ 92.124926][ T6655] syzkaller0: entered allmulticast mode [ 92.130840][ T6655] syzkaller0: entered promiscuous mode [ 92.138968][ T6655] syzkaller0 (unregistering): left allmulticast mode [ 92.145807][ T6655] syzkaller0 (unregistering): left promiscuous mode [ 92.340343][ T6666] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1205'. [ 92.381538][ T6666] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1205'. [ 92.675562][ T6688] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1214'. [ 92.684635][ T6688] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1214'. [ 92.700015][ T6688] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1214'. [ 92.709046][ T6688] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1214'. [ 92.823134][ T6697] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1218'. [ 92.836977][ T3443] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.837000][ T6697] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1218'. [ 92.858334][ T3443] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.867733][ T3443] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.876193][ T3443] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.953149][ T6707] net_ratelimit: 10 callbacks suppressed [ 92.953169][ T6707] A link change request failed with some changes committed already. Interface gre2 may have been left with an inconsistent configuration, please check. [ 93.097372][ T3497] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 93.138605][ T6720] netdevsim netdevsim5 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.148484][ T6720] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.215294][ T6731] syzkaller0: entered allmulticast mode [ 93.221141][ T6731] syzkaller0: entered promiscuous mode [ 93.229960][ T6731] syzkaller0 (unregistering): left allmulticast mode [ 93.236763][ T6731] syzkaller0 (unregistering): left promiscuous mode [ 93.286089][ T6720] netdevsim netdevsim5 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.295988][ T6720] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.356156][ T6720] netdevsim netdevsim5 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.366042][ T6720] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.447841][ T6720] netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.457789][ T6720] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.477767][ T6743] A link change request failed with some changes committed already. Interface gre2 may have been left with an inconsistent configuration, please check. [ 93.524918][ T31] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.533192][ T31] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.550926][ T31] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.559237][ T31] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.576730][ T31] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.585269][ T31] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.648742][ T31] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.657215][ T31] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.667351][ T6758] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 93.800555][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 93.800573][ T29] audit: type=1400 audit(2000000047.720:519): avc: denied { write } for pid=6769 comm="syz.5.1247" name="001" dev="devtmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 93.904510][ T3408] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 94.059405][ T6791] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 94.069261][ T6791] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.133973][ T23] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 94.156706][ T6791] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 94.166692][ T6791] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.179834][ T29] audit: type=1400 audit(2000000048.100:520): avc: denied { execute_no_trans } for pid=6795 comm="syz.5.1260" path="/96/file0" dev="tmpfs" ino=515 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 94.214151][ T4373] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 94.236643][ T6791] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 94.237877][ T6800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 94.246538][ T6791] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.254868][ T6800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 94.272511][ T6800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 94.370249][ T6791] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 94.380183][ T6791] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.579612][ T6826] tipc: Failed to remove unknown binding: 66,1,1/0:3887198234/3887198236 [ 94.611800][ T6831] loop5: detected capacity change from 0 to 512 [ 94.625136][ T6831] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 94.633337][ T6831] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e118, mo2=0002] [ 94.653391][ T6831] EXT4-fs (loop5): orphan cleanup on readonly fs [ 94.669299][ T1667] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.677685][ T1667] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.677731][ T6831] Quota error (device loop5): v2_read_header: Failed header read: expected=8 got=0 [ 94.695647][ T6831] EXT4-fs warning (device loop5): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 94.710231][ T6831] EXT4-fs (loop5): Cannot turn on quotas: error -22 [ 94.717226][ T6831] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1276: bg 0: block 40: padding at end of block bitmap is not set [ 94.731688][ T6831] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 94.741072][ T6831] EXT4-fs (loop5): 1 truncate cleaned up [ 94.747181][ T6831] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 94.768680][ T1667] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.777071][ T1667] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.786025][ T1667] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.794272][ T1667] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.802995][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.820830][ T1667] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.829078][ T1667] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.205249][ T29] audit: type=1400 audit(2000000049.120:521): avc: denied { create } for pid=6875 comm="syz.3.1294" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=chr_file permissive=1 [ 95.348166][ T6897] tipc: Failed to remove unknown binding: 66,1,1/0:973299460/973299462 [ 95.671377][ T29] audit: type=1400 audit(2000000049.590:522): avc: denied { listen } for pid=6929 comm="syz.0.1326" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 95.704432][ T6934] tipc: Failed to remove unknown binding: 66,1,1/0:1480064882/1480064884 [ 95.783756][ T6942] loop5: detected capacity change from 0 to 512 [ 95.828343][ T6942] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.846469][ T6942] ext4 filesystem being mounted at /114/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.950547][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.021477][ T6961] 8021q: adding VLAN 0 to HW filter on device bond2 [ 96.039087][ T6961] bond2: option ad_select: unable to set because the bond device is up [ 96.721606][ T7012] 8021q: adding VLAN 0 to HW filter on device bond1 [ 96.768692][ T7016] bond1: option ad_select: unable to set because the bond device is up [ 96.821342][ T6987] loop5: detected capacity change from 0 to 32768 [ 97.271166][ T7044] __nla_validate_parse: 13 callbacks suppressed [ 97.271244][ T7044] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1362'. [ 97.295298][ T7044] 8021q: adding VLAN 0 to HW filter on device bond3 [ 97.317483][ T7044] bond3: option ad_select: unable to set because the bond device is up [ 97.745335][ T29] audit: type=1400 audit(2000000051.660:523): avc: denied { name_bind } for pid=7078 comm="syz.1.1386" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1 [ 97.862706][ T7101] validate_nla: 43 callbacks suppressed [ 97.862726][ T7101] netlink: 'syz.0.1385': attribute type 8 has an invalid length. [ 97.876221][ T7101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1385'. [ 97.889076][ T7101] bond0: entered promiscuous mode [ 97.894283][ T7101] bond_slave_0: entered promiscuous mode [ 97.900143][ T7101] bond_slave_1: entered promiscuous mode [ 97.908216][ T7101] geneve0: entered promiscuous mode [ 97.914826][ T7101] hsr1: entered promiscuous mode [ 98.047821][ T7126] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1395'. [ 98.085283][ T7130] net_ratelimit: 1220 callbacks suppressed [ 98.085292][ T7130] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 98.319155][ T7152] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1403'. [ 98.328293][ T7152] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1403'. [ 98.461534][ T29] audit: type=1400 audit(2000000052.380:524): avc: denied { getopt } for pid=7161 comm="syz.4.1411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 98.669954][ T7182] netlink: 'syz.1.1429': attribute type 8 has an invalid length. [ 98.677783][ T7182] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1429'. [ 98.689999][ T7182] bond0: entered promiscuous mode [ 98.695168][ T7182] bond_slave_0: entered promiscuous mode [ 98.701231][ T7182] bond_slave_1: entered promiscuous mode [ 98.710157][ T7182] geneve0: entered promiscuous mode [ 98.716687][ T7182] debugfs: 'hsr1' already exists in 'hsr' [ 98.722466][ T7182] Cannot create hsr debugfs directory [ 98.727890][ T7182] hsr1: entered promiscuous mode [ 98.841068][ T7201] netlink: 'syz.3.1436': attribute type 8 has an invalid length. [ 98.848964][ T7201] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1436'. [ 98.864331][ T7201] bond0: entered promiscuous mode [ 98.869470][ T7201] bond_slave_0: entered promiscuous mode [ 98.875335][ T7201] bond_slave_1: entered promiscuous mode [ 98.881935][ T7201] bond0: left promiscuous mode [ 98.886821][ T7201] bond_slave_0: left promiscuous mode [ 98.892327][ T7201] bond_slave_1: left promiscuous mode [ 99.335883][ T7257] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1449'. [ 99.344925][ T7257] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1449'. [ 99.403633][ T7260] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1450'. [ 99.496347][ T7272] loop5: detected capacity change from 0 to 1024 [ 99.520227][ T7272] EXT4-fs: inline encryption not supported [ 99.557263][ T7272] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.578874][ T29] audit: type=1326 audit(2000000053.500:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7289 comm="syz.1.1464" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9a57e6acb9 code=0x0 [ 99.618421][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.580407][ T29] audit: type=1400 audit(2000000054.500:526): avc: denied { ioctl } for pid=7318 comm="syz.0.1472" path="socket:[25316]" dev="sockfs" ino=25316 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 100.690161][ T7322] bridge_slave_1: left allmulticast mode [ 100.696073][ T7322] bridge_slave_1: left promiscuous mode [ 100.701847][ T7322] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.752901][ T7322] bridge_slave_0: left allmulticast mode [ 100.758752][ T7322] bridge_slave_0: left promiscuous mode [ 100.764505][ T7322] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.003663][ T7361] veth0_macvtap: left promiscuous mode [ 101.067793][ T6874] IPVS: starting estimator thread 0... [ 101.163820][ T7365] IPVS: using max 2352 ests per chain, 117600 per kthread [ 101.249915][ T7379] loop5: detected capacity change from 0 to 128 [ 101.302349][ T29] audit: type=1400 audit(2000000055.210:527): avc: denied { watch watch_reads } for pid=7378 comm="syz.5.1498" path="/145/file0/file0" dev="loop5" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 101.395859][ T101] IPVS: stop unused estimator thread 0... [ 101.500172][ T7393] bridge_slave_1: left allmulticast mode [ 101.506061][ T7393] bridge_slave_1: left promiscuous mode [ 101.511803][ T7393] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.520440][ T7393] bridge_slave_0: left allmulticast mode [ 101.526296][ T7393] bridge_slave_0: left promiscuous mode [ 101.532042][ T7393] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.916495][ T7433] bridge_slave_1: left allmulticast mode [ 101.922227][ T7433] bridge_slave_1: left promiscuous mode [ 101.928123][ T7433] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.936437][ T7433] bridge_slave_0: left allmulticast mode [ 101.942094][ T7433] bridge_slave_0: left promiscuous mode [ 101.947976][ T7433] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.156744][ T7451] bridge_slave_1: left allmulticast mode [ 102.162619][ T7451] bridge_slave_1: left promiscuous mode [ 102.168519][ T7451] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.176631][ T7451] bridge_slave_0: left allmulticast mode [ 102.182274][ T7451] bridge_slave_0: left promiscuous mode [ 102.187994][ T7451] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.322271][ T7461] __nla_validate_parse: 9 callbacks suppressed [ 102.322291][ T7461] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1534'. [ 102.365089][ T29] audit: type=1326 audit(2000000056.290:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7464 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 102.403362][ T29] audit: type=1326 audit(2000000056.290:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7464 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 102.426912][ T29] audit: type=1326 audit(2000000056.290:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7464 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 102.450497][ T29] audit: type=1326 audit(2000000056.290:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7464 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 102.474289][ T29] audit: type=1326 audit(2000000056.290:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7464 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 102.497678][ T29] audit: type=1326 audit(2000000056.290:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7464 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 102.520987][ T29] audit: type=1326 audit(2000000056.290:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7464 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 103.470838][ T7492] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1546'. [ 103.479961][ T7492] bridge_slave_1: left allmulticast mode [ 103.485762][ T7492] bridge_slave_1: left promiscuous mode [ 103.491501][ T7492] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.500084][ T7494] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1549'. [ 103.540319][ T7492] bridge_slave_0: left allmulticast mode [ 103.546200][ T7492] bridge_slave_0: left promiscuous mode [ 103.551915][ T7492] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.577261][ T7501] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1550'. [ 103.619059][ T7501] veth0_macvtap: left promiscuous mode [ 103.678608][ T7507] netlink: 'syz.3.1553': attribute type 1 has an invalid length. [ 103.692280][ T7507] 8021q: adding VLAN 0 to HW filter on device bond3 [ 103.708118][ T7507] bond3: (slave gretap1): making interface the new active one [ 103.716660][ T7507] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 103.734840][ T7510] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1554'. [ 103.750368][ T7510] 8021q: adding VLAN 0 to HW filter on device bond2 [ 103.760189][ T7510] bond2: Unable to set up delay as MII monitoring is disabled [ 104.121646][ T7535] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1564'. [ 104.285178][ T7539] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1566'. [ 104.315304][ T7539] veth0_macvtap: left promiscuous mode [ 104.598917][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 104.599005][ T29] audit: type=1326 audit(2000000058.520:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 104.628582][ T29] audit: type=1326 audit(2000000058.520:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 104.672372][ T29] audit: type=1326 audit(2000000058.520:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 104.695824][ T29] audit: type=1326 audit(2000000058.520:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 104.719266][ T29] audit: type=1326 audit(2000000058.520:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 104.742594][ T29] audit: type=1326 audit(2000000058.580:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 104.765928][ T29] audit: type=1326 audit(2000000058.580:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 104.789652][ T29] audit: type=1326 audit(2000000058.580:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=306 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 104.813399][ T29] audit: type=1326 audit(2000000058.580:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 104.836863][ T29] audit: type=1326 audit(2000000058.580:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.0.1574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fceb805acb9 code=0x7ffc0000 [ 104.886644][ T7561] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1577'. [ 104.924799][ T7563] ipip0: entered promiscuous mode [ 105.028927][ T7580] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1587'. [ 105.054046][ T7580] 8021q: adding VLAN 0 to HW filter on device bond1 [ 105.072388][ T7589] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1589'. [ 105.102229][ T7580] bond1: Unable to set up delay as MII monitoring is disabled [ 105.131858][ T7592] netlink: 'syz.0.1590': attribute type 30 has an invalid length. [ 105.555576][ T7635] 8021q: adding VLAN 0 to HW filter on device bond4 [ 105.569864][ T7635] bond4: Unable to set up delay as MII monitoring is disabled [ 105.616473][ T7640] all: renamed from lo (while UP) [ 105.642724][ T7643] netlink: 'syz.0.1610': attribute type 1 has an invalid length. [ 105.680345][ T7643] 8021q: adding VLAN 0 to HW filter on device bond4 [ 105.740276][ T7643] bond4: (slave gretap1): making interface the new active one [ 105.778319][ T7643] bond4: (slave gretap1): Enslaving as an active interface with an up link [ 106.834197][ T7713] all: renamed from lo (while UP) [ 107.043477][ T7725] team1: entered promiscuous mode [ 107.048678][ T7725] team1: entered allmulticast mode [ 107.059304][ T7725] 8021q: adding VLAN 0 to HW filter on device team1 [ 107.409877][ T7746] all: renamed from lo (while UP) [ 108.019572][ T7767] capability: warning: `syz.1.1658' uses 32-bit capabilities (legacy support in use) [ 108.032219][ T7769] loop5: detected capacity change from 0 to 128 [ 108.151900][ T7775] __nla_validate_parse: 5 callbacks suppressed [ 108.151931][ T7775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1661'. [ 108.167112][ T7775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1661'. [ 108.267686][ T31] bio_check_eod: 58 callbacks suppressed [ 108.267706][ T31] kworker/u8:1: attempt to access beyond end of device [ 108.267706][ T31] loop5: rw=1, sector=145, nr_sectors = 896 limit=128 [ 108.403175][ T7783] all: renamed from lo (while UP) [ 109.250719][ T7818] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1679'. [ 109.270403][ T7818] team1: entered promiscuous mode [ 109.275529][ T7818] team1: entered allmulticast mode [ 109.286155][ T7818] 8021q: adding VLAN 0 to HW filter on device team1 [ 110.171916][ T7859] netlink: 'syz.3.1693': attribute type 30 has an invalid length. [ 110.197516][ T7862] IPv4: Oversized IP packet from 127.202.26.0 [ 110.219432][ T7864] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1696'. [ 110.768680][ T7891] netlink: 'syz.4.1710': attribute type 1 has an invalid length. [ 110.776577][ T7891] netlink: 'syz.4.1710': attribute type 4 has an invalid length. [ 110.784360][ T7891] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.1710'. [ 112.301532][ T7931] IPv4: Oversized IP packet from 127.202.26.0 [ 113.107578][ T7970] IPv4: Oversized IP packet from 127.202.26.0 [ 113.262174][ T7984] IPv4: Oversized IP packet from 127.202.26.0 [ 114.264042][ T8035] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1774'. [ 115.098661][ T8057] loop5: detected capacity change from 0 to 1024 [ 115.131427][ T8057] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.308436][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.569475][ T8119] loop5: detected capacity change from 0 to 1024 [ 115.582740][ T8119] EXT4-fs: Ignoring removed mblk_io_submit option [ 115.628909][ T8119] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.695504][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.785535][ T29] kauditd_printk_skb: 46 callbacks suppressed [ 115.785553][ T29] audit: type=1326 audit(2000000069.710:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8145 comm="syz.5.1816" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fec052bacb9 code=0x0 [ 115.883376][ T29] audit: type=1400 audit(2000000069.800:615): avc: denied { bind } for pid=8150 comm="syz.1.1818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 115.960135][ T8157] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1820'. [ 116.034724][ T8165] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1822'. [ 116.147775][ T29] audit: type=1400 audit(2000000070.070:616): avc: denied { append } for pid=8171 comm="syz.0.1827" name="rt_cache" dev="proc" ino=4026532655 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 116.430817][ T8190] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1836'. [ 116.525948][ T29] audit: type=1326 audit(2000000070.450:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8202 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 116.573918][ T29] audit: type=1326 audit(2000000070.470:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8202 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 116.597434][ T29] audit: type=1326 audit(2000000070.470:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8202 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 116.620963][ T29] audit: type=1326 audit(2000000070.470:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8202 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 116.644537][ T29] audit: type=1326 audit(2000000070.470:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8202 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 116.667991][ T29] audit: type=1326 audit(2000000070.480:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8202 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9a57e6c547 code=0x7ffc0000 [ 116.691314][ T29] audit: type=1326 audit(2000000070.480:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8202 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 116.870644][ T8208] netlink: 'syz.1.1843': attribute type 2 has an invalid length. [ 116.878581][ T8208] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1843'. [ 116.930080][ T8212] loop5: detected capacity change from 0 to 1024 [ 116.942376][ T8212] ext4: Unknown parameter 'func' [ 117.362580][ T8242] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1857'. [ 117.786859][ T8260] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1865'. [ 117.896604][ T8275] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1873'. [ 117.970213][ T8284] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 117.993155][ T8284] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 118.096865][ T8297] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1880'. [ 118.211320][ T8312] xt_hashlimit: size too large, truncated to 1048576 [ 118.298979][ T8328] [syz.0.] <== rxrpc_preparse_xdr_yfs_rxgk() = -EKEYREJECTED [d9c19884!=bc, 2c,d9c19820] [ 118.634548][ T8352] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1902'. [ 119.543688][ T8445] [syz.1.] <== rxrpc_preparse_xdr_yfs_rxgk() = -EKEYREJECTED [d9c19884!=bc, 2c,d9c19820] [ 119.765687][ T8463] tipc: Started in network mode [ 119.770600][ T8463] tipc: Node identity 84e, cluster identity 4711 [ 119.777025][ T8463] tipc: Node number set to 2126 [ 120.243394][ T8538] __nla_validate_parse: 5 callbacks suppressed [ 120.243415][ T8538] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1957'. [ 120.907761][ T8570] netlink: 7 bytes leftover after parsing attributes in process `syz.5.1971'. [ 120.935338][ T8572] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1981'. [ 120.972235][ T8574] xt_hashlimit: size too large, truncated to 1048576 [ 121.163180][ T8594] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1979'. [ 121.198437][ T8598] netlink: 'syz.4.1982': attribute type 2 has an invalid length. [ 121.206309][ T8598] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1982'. [ 121.436395][ T8612] loop5: detected capacity change from 0 to 512 [ 121.601104][ T8616] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1992'. [ 121.611536][ T8618] xt_hashlimit: size too large, truncated to 1048576 [ 122.302967][ T8662] xt_hashlimit: size too large, truncated to 1048576 [ 122.478899][ T8676] loop5: detected capacity change from 0 to 512 [ 122.489775][ T8676] EXT4-fs: Ignoring removed mblk_io_submit option [ 122.506810][ T8676] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2010: invalid indirect mapped block 4294967295 (level 1) [ 122.523846][ T8676] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.2010: invalid indirect mapped block 4294967295 (level 1) [ 122.539046][ T8676] EXT4-fs (loop5): 2 truncates cleaned up [ 122.545867][ T8676] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.572520][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.430108][ T8752] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 123.534234][ T8759] loop5: detected capacity change from 0 to 512 [ 123.552433][ T8759] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 123.570045][ T8759] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.2042: bad orphan inode 11 [ 123.586645][ T8759] ext4_test_bit(bit=10, block=4) = 1 [ 123.591979][ T8759] is_bad_inode(inode)=0 [ 123.596216][ T8759] NEXT_ORPHAN(inode)=2080374784 [ 123.601098][ T8759] max_ino=32 [ 123.604349][ T8759] i_nlink=0 [ 123.639207][ T8759] EXT4-fs (loop5): 1 truncate cleaned up [ 123.658883][ T8759] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.694891][ T8766] netlink: 27 bytes leftover after parsing attributes in process `syz.0.2044'. [ 123.818667][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.982528][ T29] kauditd_printk_skb: 27 callbacks suppressed [ 123.982545][ T29] audit: type=1400 audit(2000000077.900:651): avc: denied { ioctl } for pid=8785 comm="syz.1.2055" path="socket:[28496]" dev="sockfs" ino=28496 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 124.626534][ T8837] gtp1: entered promiscuous mode [ 124.638980][ T8837] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2076'. [ 124.846866][ T8853] loop5: detected capacity change from 0 to 128 [ 124.887084][ T8853] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 124.944491][ T8853] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 125.044467][ T29] audit: type=1400 audit(2000000078.970:652): avc: denied { watch } for pid=8862 comm="syz.3.2085" path="/384/file0" dev="tmpfs" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 125.487948][ T12] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 125.640259][ T29] audit: type=1326 audit(2000000079.560:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8890 comm="syz.4.2095" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fccf4caacb9 code=0x0 [ 125.694465][ T8893] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 125.844294][ T8900] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2100'. [ 125.853228][ T8900] netlink: 'syz.5.2100': attribute type 5 has an invalid length. [ 125.861011][ T8900] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2100'. [ 125.880363][ T8900] geneve2: entered promiscuous mode [ 125.885646][ T8900] geneve2: entered allmulticast mode [ 125.892267][ T12] netdevsim netdevsim5 eth0: set [1, 1] type 2 family 0 port 65535 - 0 [ 125.909036][ T12] netdevsim netdevsim5 eth1: set [1, 1] type 2 family 0 port 65535 - 0 [ 125.925051][ T12] netdevsim netdevsim5 eth2: set [1, 1] type 2 family 0 port 65535 - 0 [ 125.936449][ T12] netdevsim netdevsim5 eth3: set [1, 1] type 2 family 0 port 65535 - 0 [ 126.339139][ T8921] gtp0: entered promiscuous mode [ 126.354561][ T8921] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2108'. [ 126.591450][ T29] audit: type=1400 audit(2000000080.510:654): avc: denied { kexec_image_load } for pid=8937 comm="syz.3.2113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 126.820247][ T8958] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2130'. [ 126.847970][ T8960] gtp0: entered promiscuous mode [ 126.877713][ T8960] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2122'. [ 126.893361][ T29] audit: type=1400 audit(2000000080.810:655): avc: denied { wake_alarm } for pid=8961 comm="syz.4.2123" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 126.958648][ T8966] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2125'. [ 127.092213][ T8978] loop5: detected capacity change from 0 to 512 [ 127.140814][ T8978] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.160168][ T8978] ext4 filesystem being mounted at /276/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.257972][ T29] audit: type=1400 audit(2000000081.170:656): avc: denied { read write } for pid=8977 comm="syz.5.2128" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 127.280661][ T29] audit: type=1400 audit(2000000081.170:657): avc: denied { open } for pid=8977 comm="syz.5.2128" path="/276/file1/file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 127.355779][ T9000] gtp0: entered promiscuous mode [ 127.371077][ T9000] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2139'. [ 127.381444][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.445981][ T9005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.469257][ T9005] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.772308][ T9051] ref_ctr_offset mismatch. inode: 0x89c offset: 0x0 ref_ctr_offset(old): 0x100 ref_ctr_offset(new): 0x0 [ 129.047687][ T9065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2166'. [ 129.207894][ T9085] netlink: 208 bytes leftover after parsing attributes in process `syz.4.2182'. [ 129.217195][ T9085] netlink: 208 bytes leftover after parsing attributes in process `syz.4.2182'. [ 129.252001][ T29] audit: type=1326 audit(2000000339.166:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9087 comm="syz.0.2174" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fceb805acb9 code=0x0 [ 129.324778][ T29] audit: type=1400 audit(2000000339.246:659): avc: denied { create } for pid=9096 comm="syz.5.2178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 129.394290][ T29] audit: type=1400 audit(2000000339.286:660): avc: denied { read } for pid=9096 comm="syz.5.2178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 129.605440][ T29] audit: type=1400 audit(2000000339.516:661): avc: denied { bind } for pid=9127 comm="syz.3.2194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 129.626058][ T29] audit: type=1400 audit(2000000339.516:662): avc: denied { setopt } for pid=9127 comm="syz.3.2194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 129.800535][ T9139] netlink: 'syz.3.2198': attribute type 20 has an invalid length. [ 129.831210][ T9139] netlink: 'syz.3.2198': attribute type 20 has an invalid length. [ 130.417331][ T29] audit: type=1400 audit(2000000340.336:663): avc: denied { bind } for pid=9177 comm="syz.3.2216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 130.436643][ T29] audit: type=1400 audit(2000000340.336:664): avc: denied { connect } for pid=9177 comm="syz.3.2216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 130.585342][ T9193] netlink: 'syz.0.2219': attribute type 2 has an invalid length. [ 130.593561][ T9193] netlink: 'syz.0.2219': attribute type 2 has an invalid length. [ 130.813245][ T9216] uprobe: syz.0.2230:9216 failed to unregister, leaking uprobe [ 130.998637][ T9237] bond0: entered promiscuous mode [ 131.003830][ T9237] bond_slave_0: entered promiscuous mode [ 131.009578][ T9237] bond_slave_1: entered promiscuous mode [ 131.018661][ T9237] batadv0: entered promiscuous mode [ 131.025238][ T9237] debugfs: 'hsr1' already exists in 'hsr' [ 131.031092][ T9237] Cannot create hsr debugfs directory [ 131.037279][ T9237] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 131.047202][ T9237] bond0: left promiscuous mode [ 131.052097][ T9237] bond_slave_0: left promiscuous mode [ 131.057644][ T9237] bond_slave_1: left promiscuous mode [ 131.063702][ T9237] batadv0: left promiscuous mode [ 131.392698][ T9252] __nla_validate_parse: 8 callbacks suppressed [ 131.392754][ T9252] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2242'. [ 131.408041][ T9252] openvswitch: netlink: Message has 5 unknown bytes. [ 131.447985][ T9265] netlink: 208 bytes leftover after parsing attributes in process `syz.0.2246'. [ 131.457205][ T9265] netlink: 208 bytes leftover after parsing attributes in process `syz.0.2246'. [ 132.783248][ T9341] loop5: detected capacity change from 0 to 256 [ 132.795295][ T9341] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 133.477685][ T29] audit: type=1400 audit(2000000343.396:665): avc: denied { read } for pid=9384 comm="syz.1.2300" path="socket:[30294]" dev="sockfs" ino=30294 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 133.823335][ T9411] loop5: detected capacity change from 0 to 512 [ 134.049870][ T9411] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c198, mo2=0002] [ 134.074981][ T9411] System zones: 1-12 [ 134.087041][ T9411] EXT4-fs error (device loop5): ext4_iget_extra_inode:5073: inode #15: comm syz.5.2310: corrupted in-inode xattr: e_value size too large [ 134.101567][ T9411] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.2310: couldn't read orphan inode 15 (err -117) [ 134.114225][ T9411] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 135.166785][ T9446] geneve2: entered promiscuous mode [ 135.172068][ T9446] geneve2: entered allmulticast mode [ 135.217548][ T8504] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 135.249260][ T8504] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 135.274049][ T8504] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 135.304263][ T8504] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 135.403997][ T9467] netlink: 'syz.4.2331': attribute type 4 has an invalid length. [ 135.449166][ T9467] netlink: 'syz.4.2331': attribute type 4 has an invalid length. [ 135.721630][ T29] audit: type=1400 audit(2000000345.636:666): avc: denied { associate } for pid=9442 comm="syz.4.2323" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 135.828600][ T9501] netlink: 'syz.3.2341': attribute type 29 has an invalid length. [ 135.914800][ T9501] netlink: 'syz.3.2341': attribute type 29 has an invalid length. [ 135.964314][ T9505] tipc: Started in network mode [ 135.969250][ T9505] tipc: Node identity ac1414aa, cluster identity 4711 [ 135.971325][ T9501] netlink: 500 bytes leftover after parsing attributes in process `syz.3.2341'. [ 135.994154][ T9505] tipc: Enabled bearer , priority 10 [ 136.378765][ T9540] netlink: 'syz.0.2357': attribute type 29 has an invalid length. [ 136.405834][ T9540] netlink: 'syz.0.2357': attribute type 29 has an invalid length. [ 136.415858][ T9540] netlink: 500 bytes leftover after parsing attributes in process `syz.0.2357'. [ 136.844310][ T5618] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.133181][ T2970] tipc: Node number set to 2886997162 [ 137.205063][ T9605] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 137.430458][ T29] audit: type=1326 audit(2000000347.346:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9627 comm="syz.1.2393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 137.492648][ T9637] netlink: 'syz.0.2396': attribute type 4 has an invalid length. [ 137.505538][ T29] audit: type=1326 audit(2000000347.376:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9627 comm="syz.1.2393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 137.529006][ T29] audit: type=1326 audit(2000000347.376:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9627 comm="syz.1.2393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 137.552426][ T29] audit: type=1326 audit(2000000347.376:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9627 comm="syz.1.2393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 137.553200][ T9639] netlink: 'syz.0.2396': attribute type 4 has an invalid length. [ 137.575866][ T29] audit: type=1326 audit(2000000347.376:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9627 comm="syz.1.2393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 137.606905][ T29] audit: type=1326 audit(2000000347.376:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9627 comm="syz.1.2393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 137.630231][ T29] audit: type=1326 audit(2000000347.376:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9627 comm="syz.1.2393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 137.653639][ T29] audit: type=1326 audit(2000000347.376:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9627 comm="syz.1.2393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 137.676969][ T29] audit: type=1326 audit(2000000347.376:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9627 comm="syz.1.2393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a57e6acb9 code=0x7ffc0000 [ 138.075473][ T9665] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2403'. [ 138.383719][ T9678] tipc: Started in network mode [ 138.388777][ T9678] tipc: Node identity ac1414aa, cluster identity 4711 [ 138.396027][ T9678] tipc: Enabled bearer , priority 10 [ 138.421521][ T9681] netlink: 'syz.1.2412': attribute type 4 has an invalid length. [ 138.467789][ T9681] netlink: 'syz.1.2412': attribute type 4 has an invalid length. [ 138.644032][ T9704] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2422'. [ 138.786066][ T3499] kernel read not supported for file /newroot/474 (pid: 3499 comm: kworker/1:7) [ 138.821056][ T9721] netlink: 16166 bytes leftover after parsing attributes in process `syz.0.2431'. [ 139.043168][ T9747] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2440'. [ 139.090260][ T9751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2442'. [ 139.100091][ T9751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2442'. [ 139.513884][ T10] tipc: Node number set to 2886997162 [ 139.660766][ T9764] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 139.723533][ T9769] serio: Serial port ptm0 [ 140.070216][ T9790] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2461'. [ 140.083181][ T9790] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2461'. [ 140.365011][ T9804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2467'. [ 140.528216][ T10] kernel read not supported for file /newroot/503 (pid: 10 comm: kworker/0:1) [ 141.561374][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 141.561394][ T29] audit: type=1400 audit(2000000351.476:683): avc: denied { read } for pid=9856 comm="syz.1.2488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 142.355140][ T9897] validate_nla: 7 callbacks suppressed [ 142.355159][ T9897] netlink: 'syz.4.2505': attribute type 83 has an invalid length. [ 142.577619][ T29] audit: type=1400 audit(2000000352.486:684): avc: denied { bind } for pid=9909 comm="syz.1.2510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 143.113578][ T9939] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2521'. [ 143.215786][ T29] audit: type=1400 audit(2000000353.116:685): avc: denied { append } for pid=9942 comm="syz.4.2523" name="file0" dev="tmpfs" ino=2725 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 143.440600][ T29] audit: type=1326 audit(2000000353.356:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9960 comm="syz.4.2532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 143.464057][ T29] audit: type=1326 audit(2000000353.356:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9960 comm="syz.4.2532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 143.487603][ T29] audit: type=1326 audit(2000000353.356:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9960 comm="syz.4.2532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 143.511176][ T29] audit: type=1326 audit(2000000353.356:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9960 comm="syz.4.2532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 143.534855][ T29] audit: type=1326 audit(2000000353.356:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9960 comm="syz.4.2532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 143.558393][ T29] audit: type=1326 audit(2000000353.356:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9960 comm="syz.4.2532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 143.581892][ T29] audit: type=1326 audit(2000000353.356:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9960 comm="syz.4.2532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccf4caacb9 code=0x7ffc0000 [ 143.711787][ T9975] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2538'. [ 143.957919][ T9996] wireguard0: entered promiscuous mode [ 143.963525][ T9996] wireguard0: entered allmulticast mode [ 144.170766][ T3499] IPVS: starting estimator thread 0... [ 144.284190][T10022] IPVS: using max 2304 ests per chain, 115200 per kthread [ 144.534771][T10077] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2575'. [ 144.707738][T10102] IPv6: sit3: Disabled Multicast RS [ 144.941808][ C1] ================================================================== [ 144.949978][ C1] BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv [ 144.957238][ C1] [ 144.959588][ C1] read-write to 0xffff888104788080 of 4 bytes by interrupt on cpu 0: [ 144.967677][ C1] can_can_gw_rcv+0x807/0x820 [ 144.972402][ C1] can_rcv_filter+0xc7/0x4f0 [ 144.977030][ C1] can_receive+0x163/0x1c0 [ 144.981469][ C1] can_rcv+0xed/0x190 [ 144.985481][ C1] __netif_receive_skb+0x120/0x270 [ 144.990631][ C1] process_backlog+0x228/0x420 [ 144.995461][ C1] __napi_poll+0x5f/0x300 [ 144.999832][ C1] net_rx_action+0x452/0x930 [ 145.004466][ C1] handle_softirqs+0xb9/0x280 [ 145.009190][ C1] do_softirq+0x45/0x60 [ 145.013400][ C1] __local_bh_enable_ip+0x70/0x80 [ 145.018465][ C1] _raw_spin_unlock_bh+0x18/0x20 [ 145.023452][ C1] nsim_dev_trap_report_work+0x52b/0x630 [ 145.029250][ C1] process_scheduled_works+0x4cd/0x9d0 [ 145.034749][ C1] worker_thread+0x581/0x770 [ 145.039379][ C1] kthread+0x488/0x510 [ 145.043498][ C1] ret_from_fork+0x148/0x280 [ 145.048118][ C1] ret_from_fork_asm+0x1a/0x30 [ 145.052908][ C1] [ 145.055267][ C1] read-write to 0xffff888104788080 of 4 bytes by interrupt on cpu 1: [ 145.063374][ C1] can_can_gw_rcv+0x807/0x820 [ 145.068104][ C1] can_rcv_filter+0xc7/0x4f0 [ 145.072782][ C1] can_receive+0x163/0x1c0 [ 145.077251][ C1] can_rcv+0xed/0x190 [ 145.081268][ C1] __netif_receive_skb+0x120/0x270 [ 145.086415][ C1] process_backlog+0x228/0x420 [ 145.091226][ C1] __napi_poll+0x5f/0x300 [ 145.095606][ C1] net_rx_action+0x452/0x930 [ 145.100242][ C1] handle_softirqs+0xb9/0x280 [ 145.104975][ C1] run_ksoftirqd+0x1c/0x30 [ 145.109425][ C1] smpboot_thread_fn+0x32a/0x510 [ 145.114397][ C1] kthread+0x488/0x510 [ 145.118502][ C1] ret_from_fork+0x148/0x280 [ 145.123130][ C1] ret_from_fork_asm+0x1a/0x30 [ 145.127930][ C1] [ 145.130285][ C1] value changed: 0x0000062b -> 0x0000062c [ 145.136032][ C1] [ 145.138375][ C1] Reported by Kernel Concurrency Sanitizer on: [ 145.144564][ C1] CPU: 1 UID: 0 PID: 22 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(voluntary) [ 145.154233][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 145.164587][ C1] ================================================================== [ 145.334582][ C1] ================================================================== [ 145.342729][ C1] BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter [ 145.349980][ C1] [ 145.352323][ C1] read-write to 0xffff8881009c5158 of 8 bytes by interrupt on cpu 0: [ 145.360415][ C1] can_rcv_filter+0xd9/0x4f0 [ 145.365054][ C1] can_receive+0x163/0x1c0 [ 145.369505][ C1] can_rcv+0xed/0x190 [ 145.373546][ C1] __netif_receive_skb+0x120/0x270 [ 145.378694][ C1] process_backlog+0x228/0x420 [ 145.383493][ C1] __napi_poll+0x5f/0x300 [ 145.387860][ C1] net_rx_action+0x452/0x930 [ 145.392492][ C1] handle_softirqs+0xb9/0x280 [ 145.397214][ C1] do_softirq+0x45/0x60 [ 145.401432][ C1] __local_bh_enable_ip+0x70/0x80 [ 145.406501][ C1] __alloc_skb+0x477/0x4b0 [ 145.410956][ C1] inet6_ifmcaddr_notify+0xd6/0x190 [ 145.416180][ C1] __ipv6_dev_mc_inc+0x4e4/0x5b0 [ 145.421150][ C1] ipv6_dev_mc_inc+0x1f/0x30 [ 145.425768][ C1] ipv6_add_dev+0x955/0xac0 [ 145.430315][ C1] addrconf_notify+0x4a5/0x8f0 [ 145.435112][ C1] raw_notifier_call_chain+0x6f/0x1b0 [ 145.440539][ C1] call_netdevice_notifiers+0xb5/0x110 [ 145.446033][ C1] register_netdevice+0xc84/0xdd0 [ 145.451091][ C1] rtnl_newlink_create+0x1f3/0x650 [ 145.456238][ C1] rtnl_newlink+0xf5b/0x1370 [ 145.460869][ C1] rtnetlink_rcv_msg+0x64b/0x720 [ 145.465837][ C1] netlink_rcv_skb+0x123/0x220 [ 145.470638][ C1] rtnetlink_rcv+0x1c/0x30 [ 145.475080][ C1] netlink_unicast+0x5c0/0x690 [ 145.479872][ C1] netlink_sendmsg+0x5c8/0x6f0 [ 145.484669][ C1] __sock_sendmsg+0x145/0x170 [ 145.489405][ C1] __sys_sendto+0x2b2/0x380 [ 145.493929][ C1] __x64_sys_sendto+0x76/0x90 [ 145.498634][ C1] x64_sys_call+0x29a7/0x3000 [ 145.503424][ C1] do_syscall_64+0xc0/0x2a0 [ 145.507952][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.513881][ C1] [ 145.516230][ C1] read-write to 0xffff8881009c5158 of 8 bytes by interrupt on cpu 1: [ 145.524332][ C1] can_rcv_filter+0xd9/0x4f0 [ 145.528964][ C1] can_receive+0x163/0x1c0 [ 145.533501][ C1] can_rcv+0xed/0x190 [ 145.537523][ C1] __netif_receive_skb+0x120/0x270 [ 145.542710][ C1] process_backlog+0x228/0x420 [ 145.547509][ C1] __napi_poll+0x5f/0x300 [ 145.552056][ C1] net_rx_action+0x452/0x930 [ 145.556675][ C1] handle_softirqs+0xb9/0x280 [ 145.561406][ C1] __irq_exit_rcu+0x39/0xc0 [ 145.565937][ C1] sysvec_apic_timer_interrupt+0x74/0x80 [ 145.571596][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 145.577595][ C1] _raw_spin_unlock_irqrestore+0x1a/0x30 [ 145.583276][ C1] folios_put_refs+0x232/0x2d0 [ 145.588069][ C1] free_pages_and_swap_cache+0x2ca/0x450 [ 145.593730][ C1] tlb_flush_mmu+0x2e6/0x460 [ 145.598357][ C1] tlb_finish_mmu+0x8d/0x110 [ 145.602972][ C1] exit_mmap+0x313/0x6c0 [ 145.607243][ C1] __mmput+0x28/0x1c0 [ 145.611269][ C1] mmput+0x40/0x50 [ 145.615029][ C1] exit_mm+0xe3/0x180 [ 145.619042][ C1] do_exit+0x3fa/0x1590 [ 145.623217][ C1] do_group_exit+0x138/0x140 [ 145.627825][ C1] __x64_sys_exit_group+0x1f/0x20 [ 145.632884][ C1] x64_sys_call+0x2fff/0x3000 [ 145.637583][ C1] do_syscall_64+0xc0/0x2a0 [ 145.642117][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.648034][ C1] [ 145.650371][ C1] value changed: 0x00000000000038cb -> 0x00000000000038cc [ 145.657496][ C1] [ 145.659889][ C1] Reported by Kernel Concurrency Sanitizer on: [ 145.666053][ C1] CPU: 1 UID: 0 PID: 3307 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) [ 145.675966][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 145.686049][ C1] ================================================================== [ 145.714829][ C0] ================================================================== [ 145.722968][ C0] BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter [ 145.730216][ C0] [ 145.732558][ C0] read-write to 0xffff8881019d74c8 of 8 bytes by interrupt on cpu 1: [ 145.740738][ C0] can_rcv_filter+0x242/0x4f0 [ 145.745457][ C0] can_receive+0x163/0x1c0 [ 145.749909][ C0] can_rcv+0xed/0x190 [ 145.753921][ C0] __netif_receive_skb+0x120/0x270 [ 145.759072][ C0] process_backlog+0x228/0x420 [ 145.763877][ C0] __napi_poll+0x5f/0x300 [ 145.768240][ C0] net_rx_action+0x452/0x930 [ 145.772874][ C0] handle_softirqs+0xb9/0x280 [ 145.777591][ C0] do_softirq+0x45/0x60 [ 145.781787][ C0] __local_bh_enable_ip+0x70/0x80 [ 145.786872][ C0] __alloc_skb+0x477/0x4b0 [ 145.791314][ C0] nsim_dev_trap_report_work+0x18a/0x630 [ 145.796986][ C0] process_scheduled_works+0x4cd/0x9d0 [ 145.802479][ C0] worker_thread+0x581/0x770 [ 145.807103][ C0] kthread+0x488/0x510 [ 145.811216][ C0] ret_from_fork+0x148/0x280 [ 145.815860][ C0] ret_from_fork_asm+0x1a/0x30 [ 145.820654][ C0] [ 145.822991][ C0] read-write to 0xffff8881019d74c8 of 8 bytes by interrupt on cpu 0: [ 145.831161][ C0] can_rcv_filter+0x242/0x4f0 [ 145.835885][ C0] can_receive+0x163/0x1c0 [ 145.840336][ C0] can_rcv+0xed/0x190 [ 145.844345][ C0] __netif_receive_skb+0x120/0x270 [ 145.849495][ C0] process_backlog+0x228/0x420 [ 145.854297][ C0] __napi_poll+0x5f/0x300 [ 145.858660][ C0] net_rx_action+0x452/0x930 [ 145.863298][ C0] handle_softirqs+0xb9/0x280 [ 145.868018][ C0] do_softirq+0x45/0x60 [ 145.872213][ C0] __local_bh_enable_ip+0x70/0x80 [ 145.877305][ C0] __alloc_skb+0x477/0x4b0 [ 145.881742][ C0] alloc_skb_with_frags+0x7d/0x470 [ 145.886885][ C0] sock_alloc_send_pskb+0x44d/0x500 [ 145.892117][ C0] unix_dgram_sendmsg+0x397/0x1000 [ 145.897271][ C0] __sock_sendmsg+0x145/0x170 [ 145.901985][ C0] __sys_sendto+0x2b2/0x380 [ 145.906513][ C0] __x64_sys_sendto+0x76/0x90 [ 145.911218][ C0] x64_sys_call+0x29a7/0x3000 [ 145.915943][ C0] do_syscall_64+0xc0/0x2a0 [ 145.920480][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.926410][ C0] [ 145.928752][ C0] value changed: 0x00000000000047b6 -> 0x00000000000047b7 [ 145.935876][ C0] [ 145.938217][ C0] Reported by Kernel Concurrency Sanitizer on: [ 145.944390][ C0] CPU: 0 UID: 0 PID: 2996 Comm: klogd Not tainted syzkaller #0 PREEMPT(voluntary) [ 145.953789][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 145.963864][ C0] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 146.267966][T10109] chnl_net:caif_netlink_parms(): no params data found [ 146.312328][ C0] ================================================================== [ 146.320487][ C0] BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit [ 146.327045][ C0] [ 146.329399][ C0] read-write to 0xffff888109cf0220 of 8 bytes by interrupt on cpu 1: [ 146.337492][ C0] vxcan_xmit+0x2c8/0x340 [ 146.341870][ C0] dev_hard_start_xmit+0x125/0x3e0 [ 146.347036][ C0] __dev_queue_xmit+0xdb1/0x1f20 [ 146.352020][ C0] can_send+0x589/0x720 [ 146.356206][ C0] can_can_gw_rcv+0x7bb/0x820 [ 146.360938][ C0] can_rcv_filter+0xc7/0x4f0 [ 146.365562][ C0] can_receive+0x163/0x1c0 [ 146.370014][ C0] can_rcv+0xed/0x190 [ 146.374021][ C0] __netif_receive_skb+0x120/0x270 [ 146.379246][ C0] process_backlog+0x228/0x420 [ 146.384043][ C0] __napi_poll+0x5f/0x300 [ 146.388405][ C0] net_rx_action+0x452/0x930 [ 146.393020][ C0] handle_softirqs+0xb9/0x280 [ 146.397725][ C0] do_softirq+0x45/0x60 [ 146.401912][ C0] __local_bh_enable_ip+0x70/0x80 [ 146.406958][ C0] _raw_spin_unlock_bh+0x18/0x20 [ 146.411922][ C0] wg_packet_decrypt_worker+0x166/0x6e0 [ 146.417474][ C0] process_scheduled_works+0x4cd/0x9d0 [ 146.422952][ C0] worker_thread+0x581/0x770 [ 146.427582][ C0] kthread+0x488/0x510 [ 146.431679][ C0] ret_from_fork+0x148/0x280 [ 146.436283][ C0] ret_from_fork_asm+0x1a/0x30 [ 146.441075][ C0] [ 146.443401][ C0] read-write to 0xffff888109cf0220 of 8 bytes by interrupt on cpu 0: [ 146.451472][ C0] vxcan_xmit+0x2c8/0x340 [ 146.455822][ C0] dev_hard_start_xmit+0x125/0x3e0 [ 146.460955][ C0] __dev_queue_xmit+0xdb1/0x1f20 [ 146.465903][ C0] can_send+0x589/0x720 [ 146.470092][ C0] can_can_gw_rcv+0x7bb/0x820 [ 146.474792][ C0] can_rcv_filter+0xc7/0x4f0 [ 146.479404][ C0] can_receive+0x163/0x1c0 [ 146.483862][ C0] can_rcv+0xed/0x190 [ 146.487872][ C0] __netif_receive_skb+0x120/0x270 [ 146.493004][ C0] process_backlog+0x228/0x420 [ 146.497780][ C0] __napi_poll+0x5f/0x300 [ 146.502136][ C0] net_rx_action+0x452/0x930 [ 146.506743][ C0] handle_softirqs+0xb9/0x280 [ 146.511448][ C0] do_softirq+0x45/0x60 [ 146.515617][ C0] __local_bh_enable_ip+0x70/0x80 [ 146.520672][ C0] _raw_spin_unlock_bh+0x18/0x20 [ 146.525720][ C0] lock_sock_nested+0x132/0x160 [ 146.530603][ C0] j1939_sk_sendmsg+0x51/0xc00 [ 146.535379][ C0] __sock_sendmsg+0x145/0x170 [ 146.540106][ C0] ____sys_sendmsg+0x345/0x4a0 [ 146.544909][ C0] ___sys_sendmsg+0x195/0x1e0 [ 146.549614][ C0] __sys_sendmmsg+0x185/0x320 [ 146.554315][ C0] __x64_sys_sendmmsg+0x57/0x70 [ 146.559186][ C0] x64_sys_call+0x1e28/0x3000 [ 146.563978][ C0] do_syscall_64+0xc0/0x2a0 [ 146.568507][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.574423][ C0] [ 146.576756][ C0] value changed: 0x000000000000b3b9 -> 0x000000000000b3ba [ 146.583889][ C0] [ 146.586223][ C0] Reported by Kernel Concurrency Sanitizer on: [ 146.592381][ C0] CPU: 0 UID: 0 PID: 10127 Comm: syz.3.2598 Not tainted syzkaller #0 PREEMPT(voluntary) [ 146.602196][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 146.612257][ C0] ================================================================== [ 147.578623][T10122] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2597'. [ 147.944288][ C0] ================================================================== [ 147.952458][ C0] BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv [ 147.959740][ C0] [ 147.962085][ C0] read-write to 0xffff888104788080 of 4 bytes by interrupt on cpu 1: [ 147.970176][ C0] can_can_gw_rcv+0x807/0x820 [ 147.974898][ C0] can_rcv_filter+0xc7/0x4f0 [ 147.979517][ C0] can_receive+0x163/0x1c0 [ 147.983973][ C0] can_rcv+0xed/0x190 [ 147.987990][ C0] __netif_receive_skb+0x120/0x270 [ 147.993139][ C0] process_backlog+0x228/0x420 [ 147.997943][ C0] __napi_poll+0x5f/0x300 [ 148.002313][ C0] net_rx_action+0x452/0x930 [ 148.006941][ C0] handle_softirqs+0xb9/0x280 [ 148.011667][ C0] do_softirq+0x45/0x60 [ 148.015867][ C0] __local_bh_enable_ip+0x70/0x80 [ 148.020931][ C0] __alloc_skb+0x477/0x4b0 [ 148.025388][ C0] alloc_uevent_skb+0x5c/0x120 [ 148.030173][ C0] kobject_uevent_net_broadcast+0xfb/0x410 [ 148.036006][ C0] kobject_uevent_env+0x43d/0x570 [ 148.041075][ C0] kobject_uevent+0x1d/0x30 [ 148.045600][ C0] netdev_queue_update_kobjects+0x263/0x4c0 [ 148.051540][ C0] netdev_register_kobject+0x1b7/0x230 [ 148.057036][ C0] register_netdevice+0x8cf/0xdd0 [ 148.062101][ C0] ipcaif_newlink+0x14f/0x2a0 [ 148.066822][ C0] rtnl_newlink_create+0x1e4/0x650 [ 148.071974][ C0] rtnl_newlink+0xf5b/0x1370 [ 148.076607][ C0] rtnetlink_rcv_msg+0x64b/0x720 [ 148.081585][ C0] netlink_rcv_skb+0x123/0x220 [ 148.086390][ C0] rtnetlink_rcv+0x1c/0x30 [ 148.090845][ C0] netlink_unicast+0x5c0/0x690 [ 148.095642][ C0] netlink_sendmsg+0x5c8/0x6f0 [ 148.100447][ C0] __sock_sendmsg+0x145/0x170 [ 148.105169][ C0] __sys_sendto+0x2b2/0x380 [ 148.109718][ C0] __x64_sys_sendto+0x76/0x90 [ 148.114434][ C0] x64_sys_call+0x29a7/0x3000 [ 148.119145][ C0] do_syscall_64+0xc0/0x2a0 [ 148.123684][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.129608][ C0] [ 148.131982][ C0] read-write to 0xffff888104788080 of 4 bytes by interrupt on cpu 0: [ 148.140077][ C0] can_can_gw_rcv+0x807/0x820 [ 148.144805][ C0] can_rcv_filter+0xc7/0x4f0 [ 148.149433][ C0] can_receive+0x163/0x1c0 [ 148.153881][ C0] can_rcv+0xed/0x190 [ 148.157900][ C0] __netif_receive_skb+0x120/0x270 [ 148.163059][ C0] process_backlog+0x228/0x420 [ 148.167852][ C0] __napi_poll+0x5f/0x300 [ 148.172205][ C0] net_rx_action+0x452/0x930 [ 148.176831][ C0] handle_softirqs+0xb9/0x280 [ 148.181563][ C0] do_softirq+0x45/0x60 [ 148.185747][ C0] __local_bh_enable_ip+0x70/0x80 [ 148.190805][ C0] _raw_spin_unlock_bh+0x18/0x20 [ 148.195771][ C0] hash_ipport4_gc_do+0x5fc/0x630 [ 148.200827][ C0] hash_ipport4_gc+0xfe/0x250 [ 148.205532][ C0] process_scheduled_works+0x4cd/0x9d0 [ 148.211037][ C0] worker_thread+0x581/0x770 [ 148.215651][ C0] kthread+0x488/0x510 [ 148.219753][ C0] ret_from_fork+0x148/0x280 [ 148.224367][ C0] ret_from_fork_asm+0x1a/0x30 [ 148.229161][ C0] [ 148.231500][ C0] value changed: 0x0001e6a6 -> 0x0001e6a7 [ 148.237239][ C0] [ 148.239581][ C0] Reported by Kernel Concurrency Sanitizer on: [ 148.245746][ C0] CPU: 0 UID: 0 PID: 6945 Comm: kworker/0:9 Not tainted syzkaller #0 PREEMPT(voluntary) [ 148.255606][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 148.265687][ C0] Workqueue: events_power_efficient hash_ipport4_gc [ 148.272319][ C0] ================================================================== [ 148.349845][ C0] ================================================================== [ 148.358010][ C0] BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter [ 148.365270][ C0] [ 148.367646][ C0] read-write to 0xffff8881009c5158 of 8 bytes by interrupt on cpu 1: [ 148.375731][ C0] can_rcv_filter+0xd9/0x4f0 [ 148.380450][ C0] can_receive+0x163/0x1c0 [ 148.384901][ C0] can_rcv+0xed/0x190 [ 148.388917][ C0] __netif_receive_skb+0x120/0x270 [ 148.394067][ C0] process_backlog+0x228/0x420 [ 148.398870][ C0] __napi_poll+0x5f/0x300 [ 148.403228][ C0] net_rx_action+0x452/0x930 [ 148.407848][ C0] handle_softirqs+0xb9/0x280 [ 148.412572][ C0] do_softirq+0x45/0x60 [ 148.416763][ C0] __local_bh_enable_ip+0x70/0x80 [ 148.421842][ C0] _raw_spin_unlock_bh+0x18/0x20 [ 148.426819][ C0] hash_ipport4_gc+0xec/0x250 [ 148.431533][ C0] process_scheduled_works+0x4cd/0x9d0 [ 148.437017][ C0] worker_thread+0x581/0x770 [ 148.441648][ C0] kthread+0x488/0x510 [ 148.445749][ C0] ret_from_fork+0x148/0x280 [ 148.450375][ C0] ret_from_fork_asm+0x1a/0x30 [ 148.455165][ C0] [ 148.457514][ C0] read-write to 0xffff8881009c5158 of 8 bytes by interrupt on cpu 0: [ 148.465606][ C0] can_rcv_filter+0xd9/0x4f0 [ 148.470240][ C0] can_receive+0x163/0x1c0 [ 148.474684][ C0] can_rcv+0xed/0x190 [ 148.478699][ C0] __netif_receive_skb+0x120/0x270 [ 148.483844][ C0] process_backlog+0x228/0x420 [ 148.488667][ C0] __napi_poll+0x5f/0x300 [ 148.493028][ C0] net_rx_action+0x452/0x930 [ 148.497650][ C0] handle_softirqs+0xb9/0x280 [ 148.502374][ C0] do_softirq+0x45/0x60 [ 148.506561][ C0] __local_bh_enable_ip+0x70/0x80 [ 148.511629][ C0] __alloc_skb+0x477/0x4b0 [ 148.516061][ C0] alloc_skb_with_frags+0x7d/0x470 [ 148.521203][ C0] sock_alloc_send_pskb+0x44d/0x500 [ 148.526427][ C0] j1939_sk_sendmsg+0x517/0xc00 [ 148.531498][ C0] __sock_sendmsg+0x145/0x170 [ 148.536211][ C0] ____sys_sendmsg+0x345/0x4a0 [ 148.541048][ C0] ___sys_sendmsg+0x195/0x1e0 [ 148.545747][ C0] __sys_sendmmsg+0x185/0x320 [ 148.550455][ C0] __x64_sys_sendmmsg+0x57/0x70 [ 148.555329][ C0] x64_sys_call+0x1e28/0x3000 [ 148.560057][ C0] do_syscall_64+0xc0/0x2a0 [ 148.564591][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.570522][ C0] [ 148.572864][ C0] value changed: 0x00000000000205e1 -> 0x00000000000205e2 [ 148.579984][ C0] [ 148.582316][ C0] Reported by Kernel Concurrency Sanitizer on: [ 148.588481][ C0] CPU: 0 UID: 0 PID: 10127 Comm: syz.3.2598 Not tainted syzkaller #0 PREEMPT(voluntary) [ 148.598490][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 148.608573][ C0] ================================================================== [ 149.001787][ C1] ================================================================== [ 149.009943][ C1] BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter [ 149.017190][ C1] [ 149.019539][ C1] read-write to 0xffff8881019d74c8 of 8 bytes by interrupt on cpu 0: [ 149.027630][ C1] can_rcv_filter+0x242/0x4f0 [ 149.032343][ C1] can_receive+0x163/0x1c0 [ 149.036814][ C1] can_rcv+0xed/0x190 [ 149.040830][ C1] __netif_receive_skb+0x120/0x270 [ 149.045977][ C1] process_backlog+0x228/0x420 [ 149.050785][ C1] __napi_poll+0x5f/0x300 [ 149.055162][ C1] net_rx_action+0x452/0x930 [ 149.059794][ C1] handle_softirqs+0xb9/0x280 [ 149.064506][ C1] run_ksoftirqd+0x1c/0x30 [ 149.068951][ C1] smpboot_thread_fn+0x32a/0x510 [ 149.073924][ C1] kthread+0x488/0x510 [ 149.078032][ C1] ret_from_fork+0x148/0x280 [ 149.082659][ C1] ret_from_fork_asm+0x1a/0x30 [ 149.087444][ C1] [ 149.089784][ C1] read-write to 0xffff8881019d74c8 of 8 bytes by interrupt on cpu 1: [ 149.097888][ C1] can_rcv_filter+0x242/0x4f0 [ 149.102601][ C1] can_receive+0x163/0x1c0 [ 149.107047][ C1] can_rcv+0xed/0x190 [ 149.111062][ C1] __netif_receive_skb+0x120/0x270 [ 149.116203][ C1] process_backlog+0x228/0x420 [ 149.121006][ C1] __napi_poll+0x5f/0x300 [ 149.125384][ C1] net_rx_action+0x452/0x930 [ 149.130365][ C1] handle_softirqs+0xb9/0x280 [ 149.135079][ C1] do_softirq+0x45/0x60 [ 149.139291][ C1] __local_bh_enable_ip+0x70/0x80 [ 149.144365][ C1] _raw_spin_unlock_bh+0x18/0x20 [ 149.149357][ C1] j1939_sk_sendmsg+0x906/0xc00 [ 149.154254][ C1] __sock_sendmsg+0x145/0x170 [ 149.158968][ C1] ____sys_sendmsg+0x345/0x4a0 [ 149.163758][ C1] ___sys_sendmsg+0x195/0x1e0 [ 149.168471][ C1] __sys_sendmmsg+0x185/0x320 [ 149.173170][ C1] __x64_sys_sendmmsg+0x57/0x70 [ 149.178041][ C1] x64_sys_call+0x1e28/0x3000 [ 149.182748][ C1] do_syscall_64+0xc0/0x2a0 [ 149.187287][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.193211][ C1] [ 149.195552][ C1] value changed: 0x00000000000262a5 -> 0x00000000000262a6 [ 149.202675][ C1] [ 149.205010][ C1] Reported by Kernel Concurrency Sanitizer on: [ 149.211204][ C1] CPU: 1 UID: 0 PID: 10127 Comm: syz.3.2598 Not tainted syzkaller #0 PREEMPT(voluntary) [ 149.221125][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 149.231204][ C1] ================================================================== [ 149.382869][ C1] ================================================================== [ 149.391107][ C1] BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit [ 149.397669][ C1] [ 149.400008][ C1] read-write to 0xffff888109ce8228 of 8 bytes by interrupt on cpu 0: [ 149.408086][ C1] vxcan_xmit+0x28b/0x340 [ 149.412461][ C1] dev_hard_start_xmit+0x125/0x3e0 [ 149.417604][ C1] __dev_queue_xmit+0xdb1/0x1f20 [ 149.422571][ C1] can_send+0x589/0x720 [ 149.426753][ C1] can_can_gw_rcv+0x7bb/0x820 [ 149.431481][ C1] can_rcv_filter+0xc7/0x4f0 [ 149.436093][ C1] can_receive+0x163/0x1c0 [ 149.440548][ C1] can_rcv+0xed/0x190 [ 149.444557][ C1] __netif_receive_skb+0x120/0x270 [ 149.449709][ C1] process_backlog+0x228/0x420 [ 149.454525][ C1] __napi_poll+0x5f/0x300 [ 149.458881][ C1] net_rx_action+0x452/0x930 [ 149.463499][ C1] handle_softirqs+0xb9/0x280 [ 149.468204][ C1] do_softirq+0x45/0x60 [ 149.472385][ C1] __local_bh_enable_ip+0x70/0x80 [ 149.477438][ C1] _raw_spin_unlock_bh+0x18/0x20 [ 149.482414][ C1] nsim_dev_trap_report_work+0x52b/0x630 [ 149.488092][ C1] process_scheduled_works+0x4cd/0x9d0 [ 149.493586][ C1] worker_thread+0x581/0x770 [ 149.498199][ C1] kthread+0x488/0x510 [ 149.502335][ C1] ret_from_fork+0x148/0x280 [ 149.506947][ C1] ret_from_fork_asm+0x1a/0x30 [ 149.511717][ C1] [ 149.514059][ C1] read-write to 0xffff888109ce8228 of 8 bytes by interrupt on cpu 1: [ 149.522138][ C1] vxcan_xmit+0x28b/0x340 [ 149.526482][ C1] dev_hard_start_xmit+0x125/0x3e0 [ 149.531607][ C1] __dev_queue_xmit+0xdb1/0x1f20 [ 149.536558][ C1] can_send+0x589/0x720 [ 149.540726][ C1] can_can_gw_rcv+0x7bb/0x820 [ 149.545421][ C1] can_rcv_filter+0xc7/0x4f0 [ 149.550038][ C1] can_receive+0x163/0x1c0 [ 149.554738][ C1] can_rcv+0xed/0x190 [ 149.558736][ C1] __netif_receive_skb+0x120/0x270 [ 149.563877][ C1] process_backlog+0x228/0x420 [ 149.568676][ C1] __napi_poll+0x5f/0x300 [ 149.573024][ C1] net_rx_action+0x452/0x930 [ 149.577623][ C1] handle_softirqs+0xb9/0x280 [ 149.582324][ C1] do_softirq+0x45/0x60 [ 149.586496][ C1] __local_bh_enable_ip+0x70/0x80 [ 149.591551][ C1] _raw_spin_unlock_bh+0x18/0x20 [ 149.596510][ C1] batadv_tt_local_purge+0x1a8/0x1f0 [ 149.601831][ C1] batadv_tt_purge+0x2b/0x610 [ 149.606526][ C1] process_scheduled_works+0x4cd/0x9d0 [ 149.611999][ C1] worker_thread+0x581/0x770 [ 149.616594][ C1] kthread+0x488/0x510 [ 149.620686][ C1] ret_from_fork+0x148/0x280 [ 149.625294][ C1] ret_from_fork_asm+0x1a/0x30 [ 149.630082][ C1] [ 149.632421][ C1] value changed: 0x000000000002a655 -> 0x000000000002a656 [ 149.639526][ C1] [ 149.641871][ C1] Reported by Kernel Concurrency Sanitizer on: [ 149.648027][ C1] CPU: 1 UID: 0 PID: 8481 Comm: kworker/u8:28 Not tainted syzkaller #0 PREEMPT(voluntary) [ 149.658027][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 149.668110][ C1] Workqueue: bat_events batadv_tt_purge [ 149.673783][ C1] ================================================================== [ 149.687768][ C0] ================================================================== [ 149.695898][ C0] BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit [ 149.702435][ C0] [ 149.704761][ C0] read-write to 0xffff888109cf0220 of 8 bytes by interrupt on cpu 1: [ 149.712836][ C0] vxcan_xmit+0x2c8/0x340 [ 149.717201][ C0] dev_hard_start_xmit+0x125/0x3e0 [ 149.722332][ C0] __dev_queue_xmit+0xdb1/0x1f20 [ 149.727297][ C0] can_send+0x589/0x720 [ 149.731466][ C0] can_can_gw_rcv+0x7bb/0x820 [ 149.736155][ C0] can_rcv_filter+0xc7/0x4f0 [ 149.740762][ C0] can_receive+0x163/0x1c0 [ 149.745190][ C0] can_rcv+0xed/0x190 [ 149.749200][ C0] __netif_receive_skb+0x120/0x270 [ 149.754361][ C0] process_backlog+0x228/0x420 [ 149.759154][ C0] __napi_poll+0x5f/0x300 [ 149.763524][ C0] net_rx_action+0x452/0x930 [ 149.768125][ C0] handle_softirqs+0xb9/0x280 [ 149.772829][ C0] do_softirq+0x45/0x60 [ 149.777001][ C0] __local_bh_enable_ip+0x70/0x80 [ 149.782055][ C0] _raw_spin_unlock_bh+0x18/0x20 [ 149.787005][ C0] batadv_tt_local_purge+0x1a8/0x1f0 [ 149.792315][ C0] batadv_tt_purge+0x2b/0x610 [ 149.797005][ C0] process_scheduled_works+0x4cd/0x9d0 [ 149.802483][ C0] worker_thread+0x581/0x770 [ 149.807081][ C0] kthread+0x488/0x510 [ 149.811182][ C0] ret_from_fork+0x148/0x280 [ 149.815785][ C0] ret_from_fork_asm+0x1a/0x30 [ 149.820574][ C0] [ 149.822897][ C0] read-write to 0xffff888109cf0220 of 8 bytes by interrupt on cpu 0: [ 149.830953][ C0] vxcan_xmit+0x2c8/0x340 [ 149.835306][ C0] dev_hard_start_xmit+0x125/0x3e0 [ 149.840429][ C0] __dev_queue_xmit+0xdb1/0x1f20 [ 149.845370][ C0] can_send+0x589/0x720 [ 149.849557][ C0] can_can_gw_rcv+0x7bb/0x820 [ 149.854263][ C0] can_rcv_filter+0xc7/0x4f0 [ 149.858877][ C0] can_receive+0x163/0x1c0 [ 149.863307][ C0] can_rcv+0xed/0x190 [ 149.867315][ C0] __netif_receive_skb+0x120/0x270 [ 149.872454][ C0] process_backlog+0x228/0x420 [ 149.877229][ C0] __napi_poll+0x5f/0x300 [ 149.881576][ C0] net_rx_action+0x452/0x930 [ 149.886176][ C0] handle_softirqs+0xb9/0x280 [ 149.890876][ C0] do_softirq+0x45/0x60 [ 149.895053][ C0] __local_bh_enable_ip+0x70/0x80 [ 149.900119][ C0] _raw_spin_unlock_bh+0x18/0x20 [ 149.905097][ C0] wg_packet_encrypt_worker+0x169/0xde0 [ 149.910656][ C0] process_scheduled_works+0x4cd/0x9d0 [ 149.916127][ C0] worker_thread+0x581/0x770 [ 149.920745][ C0] kthread+0x488/0x510 [ 149.924824][ C0] ret_from_fork+0x148/0x280 [ 149.929440][ C0] ret_from_fork_asm+0x1a/0x30 [ 149.934239][ C0] [ 149.936582][ C0] value changed: 0x000000000002aace -> 0x000000000002aacf [ 149.943713][ C0] [ 149.946045][ C0] Reported by Kernel Concurrency Sanitizer on: [ 149.952203][ C0] CPU: 0 UID: 0 PID: 2970 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(voluntary) [ 149.962004][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 149.972316][ C0] Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker [ 149.978825][ C0] ================================================================== [ 150.973306][ C0] ================================================================== [ 150.981469][ C0] BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv [ 150.988737][ C0] [ 150.991084][ C0] read-write to 0xffff8881047880e0 of 4 bytes by interrupt on cpu 1: [ 150.999177][ C0] can_can_gw_rcv+0x807/0x820 [ 151.003897][ C0] can_rcv_filter+0xc7/0x4f0 [ 151.008519][ C0] can_receive+0x163/0x1c0 [ 151.012971][ C0] can_rcv+0xed/0x190 [ 151.016994][ C0] __netif_receive_skb+0x120/0x270 [ 151.022146][ C0] process_backlog+0x228/0x420 [ 151.026973][ C0] __napi_poll+0x5f/0x300 [ 151.031345][ C0] net_rx_action+0x452/0x930 [ 151.035958][ C0] handle_softirqs+0xb9/0x280 [ 151.040684][ C0] do_softirq+0x45/0x60 [ 151.044868][ C0] __local_bh_enable_ip+0x70/0x80 [ 151.049924][ C0] _raw_spin_unlock_bh+0x18/0x20 [ 151.054908][ C0] batadv_tt_local_purge+0x1a8/0x1f0 [ 151.060257][ C0] batadv_tt_purge+0x2b/0x610 [ 151.064993][ C0] process_scheduled_works+0x4cd/0x9d0 [ 151.070487][ C0] worker_thread+0x581/0x770 [ 151.075126][ C0] kthread+0x488/0x510 [ 151.079221][ C0] ret_from_fork+0x148/0x280 [ 151.083841][ C0] ret_from_fork_asm+0x1a/0x30 [ 151.088638][ C0] [ 151.091003][ C0] read-write to 0xffff8881047880e0 of 4 bytes by interrupt on cpu 0: [ 151.099086][ C0] can_can_gw_rcv+0x807/0x820 [ 151.103814][ C0] can_rcv_filter+0xc7/0x4f0 [ 151.108435][ C0] can_receive+0x163/0x1c0 [ 151.112879][ C0] can_rcv+0xed/0x190 [ 151.116889][ C0] __netif_receive_skb+0x120/0x270 [ 151.122066][ C0] process_backlog+0x228/0x420 [ 151.126865][ C0] __napi_poll+0x5f/0x300 [ 151.131235][ C0] net_rx_action+0x452/0x930 [ 151.135865][ C0] handle_softirqs+0xb9/0x280 [ 151.140599][ C0] do_softirq+0x45/0x60 [ 151.144814][ C0] __local_bh_enable_ip+0x70/0x80 [ 151.149883][ C0] __alloc_skb+0x477/0x4b0 [ 151.154325][ C0] alloc_skb_with_frags+0x7d/0x470 [ 151.159486][ C0] sock_alloc_send_pskb+0x44d/0x500 [ 151.164745][ C0] unix_dgram_sendmsg+0x397/0x1000 [ 151.170078][ C0] __sock_sendmsg+0x145/0x170 [ 151.174806][ C0] __sys_sendto+0x2b2/0x380 [ 151.179344][ C0] __x64_sys_sendto+0x76/0x90 [ 151.184053][ C0] x64_sys_call+0x29a7/0x3000 [ 151.188771][ C0] do_syscall_64+0xc0/0x2a0 [ 151.193310][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.199236][ C0] [ 151.201576][ C0] value changed: 0x0003a280 -> 0x0003a281 [ 151.207350][ C0] [ 151.209699][ C0] Reported by Kernel Concurrency Sanitizer on: [ 151.215871][ C0] CPU: 0 UID: 0 PID: 2996 Comm: klogd Not tainted syzkaller #0 PREEMPT(voluntary) [ 151.225191][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 151.235275][ C0] ================================================================== [ 151.403146][ C1] ================================================================== [ 151.411288][ C1] BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter [ 151.418532][ C1] [ 151.420881][ C1] read-write to 0xffff8881009c5158 of 8 bytes by interrupt on cpu 0: [ 151.428966][ C1] can_rcv_filter+0xd9/0x4f0 [ 151.433590][ C1] can_receive+0x163/0x1c0 [ 151.438037][ C1] can_rcv+0xed/0x190 [ 151.442052][ C1] __netif_receive_skb+0x120/0x270 [ 151.447208][ C1] process_backlog+0x228/0x420 [ 151.452033][ C1] __napi_poll+0x5f/0x300 [ 151.456401][ C1] net_rx_action+0x452/0x930 [ 151.461030][ C1] handle_softirqs+0xb9/0x280 [ 151.465754][ C1] do_softirq+0x45/0x60 [ 151.469947][ C1] __local_bh_enable_ip+0x70/0x80 [ 151.475018][ C1] _raw_spin_unlock_bh+0x18/0x20 [ 151.480086][ C1] j1939_sk_sendmsg+0x906/0xc00 [ 151.484979][ C1] __sock_sendmsg+0x145/0x170 [ 151.489705][ C1] ____sys_sendmsg+0x345/0x4a0 [ 151.494501][ C1] ___sys_sendmsg+0x195/0x1e0 [ 151.499218][ C1] __sys_sendmmsg+0x185/0x320 [ 151.503929][ C1] __x64_sys_sendmmsg+0x57/0x70 [ 151.508816][ C1] x64_sys_call+0x1e28/0x3000 [ 151.513534][ C1] do_syscall_64+0xc0/0x2a0 [ 151.518106][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.524035][ C1] [ 151.526396][ C1] read-write to 0xffff8881009c5158 of 8 bytes by interrupt on cpu 1: [ 151.534484][ C1] can_rcv_filter+0xd9/0x4f0 [ 151.539114][ C1] can_receive+0x163/0x1c0 [ 151.543552][ C1] can_rcv+0xed/0x190 [ 151.547567][ C1] __netif_receive_skb+0x120/0x270 [ 151.552722][ C1] process_backlog+0x228/0x420 [ 151.557533][ C1] __napi_poll+0x5f/0x300 [ 151.561900][ C1] net_rx_action+0x452/0x930 [ 151.566528][ C1] handle_softirqs+0xb9/0x280 [ 151.571249][ C1] do_softirq+0x45/0x60 [ 151.575461][ C1] __local_bh_enable_ip+0x70/0x80 [ 151.580519][ C1] _raw_spin_unlock_bh+0x18/0x20 [ 151.585493][ C1] batadv_tt_local_purge+0x1a8/0x1f0 [ 151.590818][ C1] batadv_tt_purge+0x2b/0x610 [ 151.595545][ C1] process_scheduled_works+0x4cd/0x9d0 [ 151.601039][ C1] worker_thread+0x581/0x770 [ 151.605664][ C1] kthread+0x488/0x510 [ 151.609779][ C1] ret_from_fork+0x148/0x280 [ 151.614403][ C1] ret_from_fork_asm+0x1a/0x30 [ 151.619297][ C1] [ 151.621630][ C1] value changed: 0x000000000003c994 -> 0x000000000003c995 [ 151.628759][ C1] [ 151.631127][ C1] Reported by Kernel Concurrency Sanitizer on: [ 151.637301][ C1] CPU: 1 UID: 0 PID: 8481 Comm: kworker/u8:28 Not tainted syzkaller #0 PREEMPT(voluntary) [ 151.647320][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 151.657402][ C1] Workqueue: bat_events batadv_tt_purge [ 151.662997][ C1] ================================================================== [ 152.083468][ C1] ================================================================== [ 152.091610][ C1] BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter [ 152.098856][ C1] [ 152.101203][ C1] read-write to 0xffff8881019d74c8 of 8 bytes by interrupt on cpu 0: [ 152.109291][ C1] can_rcv_filter+0x242/0x4f0 [ 152.114012][ C1] can_receive+0x163/0x1c0 [ 152.118465][ C1] can_rcv+0xed/0x190 [ 152.122488][ C1] __netif_receive_skb+0x120/0x270 [ 152.127644][ C1] process_backlog+0x228/0x420 [ 152.132446][ C1] __napi_poll+0x5f/0x300 [ 152.136809][ C1] net_rx_action+0x452/0x930 [ 152.141445][ C1] handle_softirqs+0xb9/0x280 [ 152.146176][ C1] do_softirq+0x45/0x60 [ 152.150385][ C1] __local_bh_enable_ip+0x70/0x80 [ 152.155458][ C1] __alloc_skb+0x477/0x4b0 [ 152.159903][ C1] nsim_dev_trap_report_work+0x18a/0x630 [ 152.165581][ C1] process_scheduled_works+0x4cd/0x9d0 [ 152.171074][ C1] worker_thread+0x581/0x770 [ 152.175701][ C1] kthread+0x488/0x510 [ 152.179814][ C1] ret_from_fork+0x148/0x280 [ 152.184468][ C1] ret_from_fork_asm+0x1a/0x30 [ 152.189273][ C1] [ 152.191643][ C1] read-write to 0xffff8881019d74c8 of 8 bytes by interrupt on cpu 1: [ 152.199732][ C1] can_rcv_filter+0x242/0x4f0 [ 152.204451][ C1] can_receive+0x163/0x1c0 [ 152.208908][ C1] can_rcv+0xed/0x190 [ 152.212934][ C1] __netif_receive_skb+0x120/0x270 [ 152.218117][ C1] process_backlog+0x228/0x420 [ 152.223095][ C1] __napi_poll+0x5f/0x300 [ 152.227471][ C1] net_rx_action+0x452/0x930 [ 152.232104][ C1] handle_softirqs+0xb9/0x280 [ 152.236821][ C1] do_softirq+0x45/0x60 [ 152.241016][ C1] __local_bh_enable_ip+0x70/0x80 [ 152.246116][ C1] _raw_spin_unlock_bh+0x18/0x20 [ 152.251118][ C1] batadv_tt_local_purge+0x1a8/0x1f0 [ 152.256458][ C1] batadv_tt_purge+0x2b/0x610 [ 152.261180][ C1] process_scheduled_works+0x4cd/0x9d0 [ 152.266675][ C1] worker_thread+0x581/0x770 [ 152.271311][ C1] kthread+0x488/0x510 [ 152.275425][ C1] ret_from_fork+0x148/0x280 [ 152.280067][ C1] ret_from_fork_asm+0x1a/0x30 [ 152.284876][ C1] [ 152.287222][ C1] value changed: 0x000000000004403c -> 0x000000000004403d [ 152.294354][ C1] [ 152.296700][ C1] Reported by Kernel Concurrency Sanitizer on: [ 152.302873][ C1] CPU: 1 UID: 0 PID: 8481 Comm: kworker/u8:28 Not tainted syzkaller #0 PREEMPT(voluntary) [ 152.312889][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 152.323067][ C1] Workqueue: bat_events batadv_tt_purge [ 152.328665][ C1] ================================================================== [ 153.695802][ C1] ================================================================== [ 153.703956][ C1] BUG: KCSAN: data-race in vxcan_xmit / vxcan_xmit [ 153.710512][ C1] [ 153.712866][ C1] read-write to 0xffff888109ce8228 of 8 bytes by interrupt on cpu 0: [ 153.720952][ C1] vxcan_xmit+0x28b/0x340 [ 153.725338][ C1] dev_hard_start_xmit+0x125/0x3e0 [ 153.730488][ C1] __dev_queue_xmit+0xdb1/0x1f20 [ 153.735485][ C1] can_send+0x589/0x720 [ 153.739677][ C1] can_can_gw_rcv+0x7bb/0x820 [ 153.744401][ C1] can_rcv_filter+0xc7/0x4f0 [ 153.749024][ C1] can_receive+0x163/0x1c0 [ 153.753477][ C1] can_rcv+0xed/0x190 [ 153.757478][ C1] __netif_receive_skb+0x120/0x270 [ 153.762631][ C1] process_backlog+0x228/0x420 [ 153.767411][ C1] __napi_poll+0x5f/0x300 [ 153.771768][ C1] net_rx_action+0x452/0x930 [ 153.776384][ C1] handle_softirqs+0xb9/0x280 [ 153.781090][ C1] do_softirq+0x45/0x60 [ 153.785259][ C1] __local_bh_enable_ip+0x70/0x80 [ 153.790318][ C1] _raw_spin_unlock_bh+0x18/0x20 [ 153.795286][ C1] j1939_session_activate+0x1d3/0x220 [ 153.800720][ C1] j1939_sk_sendmsg+0x96a/0xc00 [ 153.805589][ C1] __sock_sendmsg+0x145/0x170 [ 153.810308][ C1] ____sys_sendmsg+0x345/0x4a0 [ 153.815094][ C1] ___sys_sendmsg+0x195/0x1e0 [ 153.819793][ C1] __sys_sendmmsg+0x185/0x320 [ 153.824503][ C1] __x64_sys_sendmmsg+0x57/0x70 [ 153.829376][ C1] x64_sys_call+0x1e28/0x3000 [ 153.834130][ C1] do_syscall_64+0xc0/0x2a0 [ 153.838663][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.844579][ C1] [ 153.846935][ C1] read-write to 0xffff888109ce8228 of 8 bytes by interrupt on cpu 1: [ 153.855011][ C1] vxcan_xmit+0x28b/0x340 [ 153.859414][ C1] dev_hard_start_xmit+0x125/0x3e0 [ 153.864548][ C1] __dev_queue_xmit+0xdb1/0x1f20 [ 153.869508][ C1] can_send+0x589/0x720 [ 153.873685][ C1] can_can_gw_rcv+0x7bb/0x820 [ 153.878386][ C1] can_rcv_filter+0xc7/0x4f0 [ 153.882996][ C1] can_receive+0x163/0x1c0 [ 153.887417][ C1] can_rcv+0xed/0x190 [ 153.891424][ C1] __netif_receive_skb+0x120/0x270 [ 153.896547][ C1] process_backlog+0x228/0x420 [ 153.901335][ C1] __napi_poll+0x5f/0x300 [ 153.905671][ C1] net_rx_action+0x452/0x930 [ 153.910285][ C1] handle_softirqs+0xb9/0x280 [ 153.914976][ C1] do_softirq+0x45/0x60 [ 153.919172][ C1] __local_bh_enable_ip+0x70/0x80 [ 153.924220][ C1] _raw_spin_unlock_bh+0x18/0x20 [ 153.929185][ C1] batadv_tt_purge+0x2cd/0x610 [ 153.933979][ C1] process_scheduled_works+0x4cd/0x9d0 [ 153.939483][ C1] worker_thread+0x581/0x770 [ 153.944101][ C1] kthread+0x488/0x510 [ 153.948202][ C1] ret_from_fork+0x148/0x280 [ 153.952812][ C1] ret_from_fork_asm+0x1a/0x30 [ 153.957583][ C1] [ 153.959917][ C1] value changed: 0x000000000005c7af -> 0x000000000005c7b0 [ 153.967062][ C1] [ 153.969402][ C1] Reported by Kernel Concurrency Sanitizer on: [ 153.975586][ C1] CPU: 1 UID: 0 PID: 8481 Comm: kworker/u8:28 Not tainted syzkaller #0 PREEMPT(voluntary) [ 153.985585][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 153.995657][ C1] Workqueue: bat_events batadv_tt_purge [ 154.001234][ C1] ================================================================== [ 154.036956][ C0] ================================================================== [ 154.045109][ C0] BUG: KCSAN: data-race in can_can_gw_rcv / can_can_gw_rcv [ 154.052371][ C0] [ 154.054724][ C0] read-write to 0xffff888104788080 of 4 bytes by interrupt on cpu 1: [ 154.062818][ C0] can_can_gw_rcv+0x807/0x820 [ 154.067568][ C0] can_rcv_filter+0xc7/0x4f0 [ 154.072205][ C0] can_receive+0x163/0x1c0 [ 154.076659][ C0] can_rcv+0xed/0x190 [ 154.080681][ C0] __netif_receive_skb+0x120/0x270 [ 154.085853][ C0] process_backlog+0x228/0x420 [ 154.090661][ C0] __napi_poll+0x5f/0x300 [ 154.095042][ C0] net_rx_action+0x452/0x930 [ 154.099666][ C0] handle_softirqs+0xb9/0x280 [ 154.104393][ C0] do_softirq+0x45/0x60 [ 154.108586][ C0] __local_bh_enable_ip+0x70/0x80 [ 154.113655][ C0] _raw_spin_unlock_bh+0x18/0x20 [ 154.118644][ C0] batadv_tt_purge+0x2cd/0x610 [ 154.123450][ C0] process_scheduled_works+0x4cd/0x9d0 [ 154.128959][ C0] worker_thread+0x581/0x770 [ 154.133595][ C0] kthread+0x488/0x510 [ 154.137716][ C0] ret_from_fork+0x148/0x280 [ 154.142343][ C0] ret_from_fork_asm+0x1a/0x30 [ 154.147138][ C0] [ 154.149489][ C0] read-write to 0xffff888104788080 of 4 bytes by interrupt on cpu 0: [ 154.157584][ C0] can_can_gw_rcv+0x807/0x820 [ 154.162308][ C0] can_rcv_filter+0xc7/0x4f0 [ 154.166952][ C0] can_receive+0x163/0x1c0 [ 154.171489][ C0] can_rcv+0xed/0x190 [ 154.175508][ C0] __netif_receive_skb+0x120/0x270 [ 154.180658][ C0] process_backlog+0x228/0x420 [ 154.185491][ C0] __napi_poll+0x5f/0x300 [ 154.189858][ C0] net_rx_action+0x452/0x930 [ 154.194488][ C0] handle_softirqs+0xb9/0x280 [ 154.199213][ C0] __irq_exit_rcu+0x39/0xc0 [ 154.203775][ C0] sysvec_apic_timer_interrupt+0x74/0x80 [ 154.209447][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 154.215474][ C0] _raw_spin_unlock_irqrestore+0x1a/0x30 [ 154.221178][ C0] hrtimer_start_range_ns+0x6e2/0x740 [ 154.226587][ C0] j1939_tp_schedule_txtimer+0x68/0xa0 [ 154.232095][ C0] j1939_sk_sendmsg+0x991/0xc00 [ 154.236986][ C0] __sock_sendmsg+0x145/0x170 [ 154.241707][ C0] ____sys_sendmsg+0x345/0x4a0 [ 154.246515][ C0] ___sys_sendmsg+0x195/0x1e0 [ 154.251222][ C0] __sys_sendmmsg+0x185/0x320 [ 154.255933][ C0] __x64_sys_sendmmsg+0x57/0x70 [ 154.260820][ C0] x64_sys_call+0x1e28/0x3000 [ 154.265537][ C0] do_syscall_64+0xc0/0x2a0 [ 154.270174][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.276458][ C0] [ 154.278802][ C0] value changed: 0x0005b0d6 -> 0x0005b0d7 [ 154.284544][ C0] [ 154.286889][ C0] Reported by Kernel Concurrency Sanitizer on: [ 154.293068][ C0] CPU: 0 UID: 0 PID: 10127 Comm: syz.3.2598 Not tainted syzkaller #0 PREEMPT(voluntary) [ 154.302905][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 154.312984][ C0] ================================================================== [ 154.409097][ C1] ================================================================== [ 154.417246][ C1] BUG: KCSAN: data-race in can_rcv_filter / can_rcv_filter [ 154.424497][ C1] [ 154.426844][ C1] read-write to 0xffff8881009c5388 of 8 bytes by interrupt on cpu 0: [ 154.434953][ C1] can_rcv_filter+0xd9/0x4f0 [ 154.439930][ C1] can_receive+0x163/0x1c0 [ 154.444401][ C1] can_rcv+0xed/0x190 [ 154.448442][ C1] __netif_receive_skb+0x120/0x270 [ 154.453604][ C1] process_backlog+0x228/0x420 [ 154.458522][ C1] __napi_poll+0x5f/0x300 [ 154.462902][ C1] net_rx_action+0x452/0x930 [ 154.467615][ C1] handle_softirqs+0xb9/0x280 [ 154.472347][ C1] do_softirq+0x45/0x60 [ 154.476541][ C1] __local_bh_enable_ip+0x70/0x80 [ 154.481617][ C1] kernel_fpu_end+0x6c/0x80 [ 154.486178][ C1] blake2s_compress+0x67/0x1740 [ 154.491084][ C1] blake2s_update+0xa3/0x160 [ 154.495702][ C1] hmac+0x396/0x400 [ 154.499561][ C1] message_ephemeral+0x1e6/0x260 [ 154.504540][ C1] wg_noise_handshake_create_initiation+0x15e/0x610 [ 154.511174][ C1] wg_packet_handshake_send_worker+0xb2/0x160 [ 154.517289][ C1] process_scheduled_works+0x4cd/0x9d0 [ 154.522785][ C1] worker_thread+0x581/0x770 [ 154.527442][ C1] kthread+0x488/0x510 [ 154.531560][ C1] ret_from_fork+0x148/0x280 [ 154.536194][ C1] ret_from_fork_asm+0x1a/0x30 [ 154.540993][ C1] [ 154.543343][ C1] read-write to 0xffff8881009c5388 of 8 bytes by interrupt on cpu 1: [ 154.551442][ C1] can_rcv_filter+0xd9/0x4f0 [ 154.556072][ C1] can_receive+0x163/0x1c0 [ 154.560520][ C1] can_rcv+0xed/0x190 [ 154.564531][ C1] __netif_receive_skb+0x120/0x270 [ 154.569689][ C1] process_backlog+0x228/0x420 [ 154.574499][ C1] __napi_poll+0x5f/0x300 [ 154.578867][ C1] net_rx_action+0x452/0x930 [ 154.583489][ C1] handle_softirqs+0xb9/0x280 [ 154.588209][ C1] do_softirq+0x45/0x60 [ 154.592413][ C1] __local_bh_enable_ip+0x70/0x80 [ 154.597484][ C1] _raw_spin_unlock_bh+0x18/0x20 [ 154.602476][ C1] batadv_tt_purge+0x2cd/0x610 [ 154.607284][ C1] process_scheduled_works+0x4cd/0x9d0 [ 154.612786][ C1] worker_thread+0x581/0x770 [ 154.617422][ C1] kthread+0x488/0x510 [ 154.621558][ C1] ret_from_fork+0x148/0x280 [ 154.626186][ C1] ret_from_fork_asm+0x1a/0x30 [ 154.630986][ C1] [ 154.633338][ C1] value changed: 0x000000000005f1dc -> 0x000000000005f1dd [ 154.640473][ C1] [ 154.642815][ C1] Reported by Kernel Concurrency Sanitizer on: [ 154.648995][ C1] CPU: 1 UID: 0 PID: 8481 Comm: kworker/u8:28 Not tainted syzkaller #0 PREEMPT(voluntary) [ 154.659006][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 154.669093][ C1] Workqueue: bat_events batadv_tt_purge [ 154.674701][ C1] ==================================================================