last executing test programs: 4.443015817s ago: executing program 1 (id=325): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000100)='>', 0x1) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) splice(r0, 0x0, r3, 0x0, 0x25a5, 0x0) 4.265151156s ago: executing program 1 (id=330): r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_LOOPBACK(r0, 0x65, 0x3, 0x0, &(0x7f00000001c0)) 4.264619176s ago: executing program 1 (id=333): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r1}, &(0x7f0000000500), &(0x7f00000002c0)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20) 4.253820107s ago: executing program 1 (id=334): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e22, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xc}}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e40)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x20004880}, 0x1) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000683000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000200)=""/229, 0xe5, 0x1, 0x0}, &(0x7f00000001c0)=0x40) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0xdde1, 0xc000, 0x2c, 0xa0002f5}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0xfffffffffffffde6, 0x0, 0x0, 0xfffffffffffffee1, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000)=0xa, 0x4) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 4.18915564s ago: executing program 1 (id=336): r0 = syz_open_dev$loop(&(0x7f0000000180), 0x8, 0x80) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x3) 4.1889003s ago: executing program 1 (id=338): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88ce359bdb00143c, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) 1.453801717s ago: executing program 2 (id=431): r0 = epoll_create1(0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r1, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) close_range(r0, 0xffffffffffffffff, 0x0) 1.39645413s ago: executing program 2 (id=435): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000000c0)={[{@delalloc}, {@nodelalloc}, {@init_itable_val={'init_itable', 0x3d, 0x3}}, {@inlinecrypt}, {@data_err_ignore}, {@nodiscard}, {@jqfmt_vfsv0}, {@grpquota}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x5, 0x557, &(0x7f0000000fc0)="$eJzs3c+LG1UcAPDvZHf7W9tCKSoiCz1Yqc12d/1RwUM9ihYLeq9hM13KJk3ZZEt3Ldge7MWLFEHEgnjXu8fiP+BfUdBCkbLowUtkspNt2k266TZttubzgSnvZSZ5852Z7+ubvFkSwMiazP4pRLwcEd8kEfsjIsnXjUe+cnJtu9V7V+ayJYlm89O/ktZ2Wb39We337c0rL0XEb19FHCtsbLe+vLJQqlTSxbw+1ahenKovrxw/Xy3Np/PphZlm8+TbszPvvfvOwGJ948w/339y68OTXx9Z/e6XOwdvJHEq9uXrOuN4Alc7K5MxmR+TiTj10IbTA2hsO0mGvQNsyVie5xOR9QH7YyzPeuD/78uIaAIjKpH/MKLa44D2vf2A7oOfG3c/WLsB2hj/+Np3I7GrdW+0ZzV54M4ou989MID2szZ+/fPmjWyJwX0PAbCpq9ci4sT4+Mb+L8n7v6070cc2D7eh/4Nn51Y2/nmz2/insD7+iS7jn71dcncrNs//wp0BNNNTNv57v+v4d33S6sBYXnuhNeabSM6dr6RZ3/ZiRByNiZ1Z/VHzOSdXbzd7resc/2VL1n57LJjvx53xnQ++p1xqlJ4k5k53r0W80nX8m6yf/6TL+c+Ox5k+2zic3nyt17rN43+6mj9FvN71/N+f0Uq6zk/Ozubzk1Ot62GqfVVs9Pf1w7/3an/Y8Wfnf8+j4z+QdM7X1h+/jR93/Zv2WvdA/NH/9b8j+axV3pG/drnUaCxOR+xIPt74+sz997br7e2z+I8eeXT/1+363x0Rn/cZ//VDP7/aV/xDOv/lxzr/j1+4/dEXP/Rqv7/+761W6Wj+Sj/9X787+CTHDgAAAAAAALabQkTsi6RQXC8XCsXi2vMdh2JPoVKrN46dqy1dKMe1fWvPPxTaM937O56HmM6fh23XZx6qz0bEwYj4dmx3q16cq1XKww4eAAAAAAAAAAAAAAAAAAAAtom9Pf7+P/PH2LD3Dnjq/OQ3jK5N838Qv/QEbEv+/4fRJf9hdMl/GF3yH0aX/IfRJf9hdMl/GF3yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbqzOnT2dJcvXdlLquXLy0vLdQuHS+n9YVidWmuOFdbvFicr9XmK2lxrlbd7PMqtdrF6ZlYujzVSOuNqfryytlqbelC4+z5amk+PZtOPJOoAAAAAAAAAAAAAAAAAAAA4PlSX15ZKFUq6aKCwpYK49tjNxQGXBh2zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9/0XAAD//zWdOco=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 1.043763118s ago: executing program 2 (id=441): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x31}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x4004}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x4}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xdc}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 900.474025ms ago: executing program 2 (id=444): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x8001}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 488.893955ms ago: executing program 3 (id=457): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$sock(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="d9db6eaa2150225b55f65486edf46fb57c501843e693db41a1", 0x19}], 0x1}, 0x0) 488.626185ms ago: executing program 3 (id=458): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x2200008, &(0x7f00000003c0)={[{@stripe={'stripe', 0x3d, 0x9}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@grpquota}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@jqfmt_vfsv1}, {@nogrpid}, {@noauto_da_alloc}, {@norecovery}]}, 0x3, 0x586, &(0x7f0000000a40)="$eJzs3c9rFFccAPDvbBJ/t0YQaXsoAQ+1WDcm6Q8LBe2xtFKhvduQrEGycSW7EZMK6qFeeilSKKVC6R/Qe4/Sf6D/Qi9CK0iR0B68bJnNrFmT3WSzWUx0Ph8YfW9mNt958+b78mZnwwaQWyPpP4WI1yPiuyTicMu2wcg2jqzst/z4xlS6JFGvf/FPEkm2rrl/kv1/MKu8FhG/fxNxsrA+bnVxaXayXC7NZ/XR2tzV0eri0qnLc5MzpZnSlfGJiTPvTYx/+MH7fWvr2xf++/Hz+5+c+fb48g+/PjxyN4lzcSjb1tqObbjVWhmJkeycDMW5NTuO9SHYbpLs9AHQk4Esz4ciHQMOx0CW9cDL72ZE1IGcSuQ/5FRzHtC8t+/TffAL49HHKzdA69s/uPLeSOxr3BsdWE6euTNK73eH+xA/jfHb3/fupkts8j7EzWerA30ID+TYrdsRcXpwcP34l2TjX+9ON9483tjaGHn7/QM76X46/3mn3fyn8HT+E23mPwfb5G4vNs//wsM+hOkonf991Hb++3ToGh7Iaq805nxDyaXL5dLpiHg1Ik7E0N60vtHznDPLD+qdtrXO/9Iljd+cC2bH8XBw77OvmZ6sTW6nza0e3Y54Y3X+m8S68X9fY667tv/T83GhyxjHSvfe7LRt8/a3utl9w7pU/yXirbb9v/pEK9n4+eRo43oYbV4V6/1759gfneJvrf39l/b/gY3bP5y0Pq+tbj3Gz/uelDpt6/X635N82SjvWVn1pD5Zq82PRexJPmtdH9fT9eOrr23Wr2f7p+0/cXzj8a/d9b8/Ir7qsv13jt7puOtu6P/pLfX/1gsPPv36p07xu+v/dxulE9mabsa/bg9wO+cOAAAAAAAAdptCRByKpFB8Wi4UisWVz3ccjQOFcqVaO3mpsnBlOhp/KzscQ4Xmk+7DLZ+HGMs+D9usj6+pT0TEkYj4fmB/o16cqpSnd7rxAAAAAAAAAAAAAAAAAAAAsEsc7PD3/6m/fMMUvPx85Tfk16b5349vegJ2Jb//Ib/kP+SX/If8kv+QX/If8kv+Q37Jf8gv+Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAB9deH8+XSpLz++MZXWp68tLsxWrp2aLlVni3MLU8WpyvzV4kylMlMuFacqc5v9vHKlcnVsPBauj9ZK1dpodXHp4lxl4Urt4uW5yZnSxdLQc2kVAAAAAAAAAAAAAAAAAAAAvFiqi0uzk+VyaX5LhT+jl1etFgrbiv68C2djVxxGz4Vks/N8NuuOnkIM7nwDFbZWGMj6e8Odd2hAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA2/g8AAP//AAkuVg==") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f0000000100), &(0x7f0000001400)=ANY=[], 0x835, 0x0) open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc) 412.474649ms ago: executing program 4 (id=465): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) gettid() 284.758806ms ago: executing program 3 (id=469): bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000840)={{0xffffffffffffffff, 0xffffffffffffffff}, 0x0, 0x0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000f40)={0xffffffffffffffff, 0xe0, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000c80)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000cc0)=[0x0, 0x0], 0x0, 0x0, 0x78, &(0x7f0000000d40)=[{}], 0x8, 0x10, &(0x7f0000000d80), 0x0, 0x0, 0x72, 0x8, 0x0, 0x0}}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x3}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000011000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000008000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001010000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000400)={r3, 0x0, 0x0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x10}}], 0x10}, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001080)={{}, 0x0, &(0x7f0000001040)='%pi6 \x00'}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000010c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2}, 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001140)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x1000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x5}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0x6, &(0x7f0000000880)=@raw=[@btf_id={0x18, 0x5, 0x3, 0x0, 0x1}, @map_val={0x18, 0x4, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0xc0f}, @alu={0x4, 0x1, 0x3, 0x0, 0x5, 0x50, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0x6}], &(0x7f00000008c0)='syzkaller\x00', 0x6, 0x79, &(0x7f0000000900)=""/121, 0x41000, 0x20, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x8, &(0x7f0000000c40)={0x5, 0x2}, 0x8, 0x10, 0x0, 0x0, r1, r3, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) 284.483275ms ago: executing program 0 (id=470): sendmsg$NL802154_CMD_SET_PAN_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, 0x0, 0x200, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x1) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000327bd7000fedbdf251300000008000100706369303a30303a31302e3000000000080003000000000008000b00d009000006001100070000000800010070636900110002"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x48050) r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) 238.669668ms ago: executing program 3 (id=471): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff4000/0xa000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0x2bb}) ioctl$int_in(r0, 0x5421, &(0x7f00000004c0)=0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 227.232018ms ago: executing program 3 (id=472): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x3, &(0x7f0000002480)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) inotify_add_watch(0xffffffffffffffff, 0x0, 0x702) 164.876282ms ago: executing program 0 (id=473): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x132, 0xffffffffffffffff, 0xffffd000) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x1) syz_emit_ethernet(0x56, &(0x7f0000000140)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x1c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0xffef, {[@window={0x3, 0x3, 0x2}, @eol, @eol, @generic={0xbb13dc087fee6fa2, 0x2}]}}}}}}}}, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 164.636082ms ago: executing program 4 (id=474): r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x3, 0x40000) ioctl$BLKCRYPTOIMPORTKEY(r0, 0xc0401289, 0x0) 164.354792ms ago: executing program 0 (id=475): r0 = syz_io_uring_setup(0x33fb, &(0x7f0000000200)={0x0, 0xcfca, 0x1040, 0xfffffffd, 0x8000153}, &(0x7f0000000100), &(0x7f0000000140)) io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000080), 0x0) io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x0, 0x0) 155.552612ms ago: executing program 4 (id=476): r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000300)='.\x00', 0x100000, 0x0) flock(r2, 0x6) mknod$loop(&(0x7f0000001b80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) 138.029553ms ago: executing program 4 (id=477): r0 = socket$netlink(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7005}, 0x4) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[], 0x48}}, 0x0) 89.152275ms ago: executing program 0 (id=478): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x18, &(0x7f0000000100)=0x207, 0x4) 88.836476ms ago: executing program 4 (id=479): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x3, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x5, 0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x0, 0x3, {0x5, 0x2, 0x6}}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000880) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0xc83417c22f980b3c}, {0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x80, '\x00', 0x8, 0x461b, 0xa, 0xfffffff9}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x480d8}, 0x4000000) 88.694676ms ago: executing program 0 (id=480): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002700010000000000000000000900"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x20000800) 70.991197ms ago: executing program 0 (id=481): ioprio_set$uid(0x3, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4801}, 0x84) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c00010062726964"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000012000000000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', r4}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'macvtap0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001980)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x5001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xfff3}, {0x0, 0xfff1}, {0xfff2, 0x8}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x0, 0x11}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000) r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) 56.744197ms ago: executing program 3 (id=482): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0xfff5, 0x4}, {}, {0x8, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x80, 0x1, 0x7, 0x8}}]}, {0x4}, {0x19, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) 999.78µs ago: executing program 4 (id=483): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000100001000000000000000000000005"], 0xac}}, 0x0) 694.109µs ago: executing program 2 (id=484): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0x0) lchown(&(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000440)={0x2, 0x4e24, @remote}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @multicast1=0xac14140f}, {0x4e24, 0x4e20, 0x8}}}}}, 0x0) socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @multicast1=0xac14140f}, {0x4e24, 0x4e20, 0x8}}}}}, 0x0) 0s ago: executing program 2 (id=485): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x1070bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x20048884) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004dc0)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0xffff}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x0, 0xfff1}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.235' (ED25519) to the list of known hosts. [ 22.848944][ T30] audit: type=1400 audit(1774534997.840:64): avc: denied { mounton } for pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.849905][ T273] cgroup: Unknown subsys name 'net' [ 22.873403][ T30] audit: type=1400 audit(1774534997.840:65): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.901745][ T30] audit: type=1400 audit(1774534997.880:66): avc: denied { unmount } for pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.901945][ T273] cgroup: Unknown subsys name 'devices' [ 23.075442][ T273] cgroup: Unknown subsys name 'hugetlb' [ 23.081229][ T273] cgroup: Unknown subsys name 'rlimit' [ 23.275445][ T30] audit: type=1400 audit(1774534998.270:67): avc: denied { setattr } for pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.299888][ T30] audit: type=1400 audit(1774534998.270:68): avc: denied { mounton } for pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.325262][ T30] audit: type=1400 audit(1774534998.270:69): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 23.331278][ T275] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 23.358631][ T30] audit: type=1400 audit(1774534998.350:70): avc: denied { relabelto } for pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.385459][ T30] audit: type=1400 audit(1774534998.350:71): avc: denied { write } for pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.425052][ T30] audit: type=1400 audit(1774534998.420:72): avc: denied { read } for pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.452715][ T30] audit: type=1400 audit(1774534998.420:73): avc: denied { open } for pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.452750][ T273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.379814][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.387468][ T281] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.395245][ T281] device bridge_slave_0 entered promiscuous mode [ 24.404177][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.411481][ T281] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.419018][ T281] device bridge_slave_1 entered promiscuous mode [ 24.476021][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.483183][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.490799][ T283] device bridge_slave_0 entered promiscuous mode [ 24.498750][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.505983][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.513896][ T283] device bridge_slave_1 entered promiscuous mode [ 24.526353][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.533621][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.541032][ T282] device bridge_slave_0 entered promiscuous mode [ 24.549744][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.557212][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.564900][ T282] device bridge_slave_1 entered promiscuous mode [ 24.676180][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.684259][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.692283][ T284] device bridge_slave_0 entered promiscuous mode [ 24.699871][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.707305][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.715433][ T284] device bridge_slave_1 entered promiscuous mode [ 24.735187][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.742741][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.750478][ T285] device bridge_slave_0 entered promiscuous mode [ 24.760624][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.767984][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.775595][ T285] device bridge_slave_1 entered promiscuous mode [ 24.798685][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.806057][ T281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.813804][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.821396][ T281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.907176][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.914781][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.922507][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.929651][ T282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.938579][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.946089][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.953905][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.961205][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.971257][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.978985][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.986710][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.994141][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.001604][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.009595][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.018818][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.026850][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.065262][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.073950][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.081369][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.089182][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.097791][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.105036][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.122589][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.139404][ T281] device veth0_vlan entered promiscuous mode [ 25.155458][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.164837][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.173148][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.181166][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.189067][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.197295][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.225662][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.233630][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.242368][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.249580][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.257438][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.266294][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.273500][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.281192][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.289865][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.297536][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.304992][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.313733][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.320852][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.331505][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.347718][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.356414][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.366879][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.379938][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.388690][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.398488][ T281] device veth1_macvtap entered promiscuous mode [ 25.415462][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.423241][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.431375][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.440183][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.448933][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.456617][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.464560][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.473585][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.482120][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.489433][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.497216][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.515523][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.524043][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.532475][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.541296][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.554053][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.562897][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.578524][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.587450][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.596251][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.605211][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.618103][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.626932][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.640804][ T283] device veth0_vlan entered promiscuous mode [ 25.648115][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.656171][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.664828][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.672998][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.686431][ T284] device veth0_vlan entered promiscuous mode [ 25.694150][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.702034][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.710217][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.718275][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.741675][ T282] device veth0_vlan entered promiscuous mode [ 25.748530][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.748789][ T281] request_module fs-gadgetfs succeeded, but still no fs? [ 25.756859][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.771572][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.780443][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.789192][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.796677][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.804357][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.812729][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.821322][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.829606][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.838143][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.845970][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.854032][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.867881][ T284] device veth1_macvtap entered promiscuous mode [ 25.877324][ T283] device veth1_macvtap entered promiscuous mode [ 25.895507][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.904169][ T305] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 25.911354][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.930365][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.937910][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.946621][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.956996][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.965944][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.974472][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.984931][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.993248][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.002239][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.011670][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.021316][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.030697][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.046126][ T282] device veth1_macvtap entered promiscuous mode [ 26.067366][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.077482][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.086252][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.094329][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.102836][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.112472][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.121663][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.131161][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.140201][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.172450][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.184253][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.193187][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.202122][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.210719][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.220565][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.229289][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.238343][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.261843][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.273815][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.282610][ T312] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'. [ 26.294809][ T285] device veth0_vlan entered promiscuous mode [ 26.303655][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.311422][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.326020][ T312] loop2: detected capacity change from 0 to 1024 [ 26.352586][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.385469][ T285] device veth1_macvtap entered promiscuous mode [ 26.402615][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.413819][ T312] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 26.434892][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.462017][ T312] EXT4-fs (loop2): Test dummy encryption mode enabled [ 26.481647][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.502986][ T319] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 26.522130][ T312] EXT4-fs (loop2): mounted filesystem without journal. Opts: nomblk_io_submit,test_dummy_encryption,noblock_validity,commit=0x0000000000000005,inlinecrypt,grpjquota=,nombcache,auto_da_alloc,lazytime,noauto_da_alloc,block_validity,,errors=continue. Quota mode: writeback. [ 26.557926][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.794029][ T319] syz.1.2 (319) used greatest stack depth: 21856 bytes left [ 27.113487][ T39] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 27.377097][ T39] usb 3-1: Using ep0 maxpacket: 16 [ 27.493547][ T39] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 27.513488][ T39] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 27.673594][ T39] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 27.683409][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.701856][ T39] usb 3-1: Product: syz [ 27.713477][ T39] usb 3-1: Manufacturer: syz [ 27.723732][ T39] usb 3-1: SerialNumber: syz [ 27.925321][ T344] loop1: detected capacity change from 0 to 131072 [ 27.943674][ T335] loop4: detected capacity change from 0 to 131072 [ 28.554681][ T335] F2FS-fs (loop4): Test dummy encryption mode enabled [ 28.573904][ T335] F2FS-fs (loop4): invalid crc value [ 28.586130][ T344] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(1539) [ 28.595716][ T39] usb 3-1: 0:2 : does not exist [ 28.620151][ T335] F2FS-fs (loop4): Found nat_bits in checkpoint [ 28.620672][ T39] usb 3-1: USB disconnect, device number 2 [ 28.643764][ T344] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 28.677103][ T344] F2FS-fs (loop1): Test dummy encryption mode enabled [ 28.678451][ T30] kauditd_printk_skb: 63 callbacks suppressed [ 28.678465][ T30] audit: type=1400 audit(1774535003.670:137): avc: denied { write } for pid=382 comm="syz.0.23" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 28.694306][ T344] F2FS-fs (loop1): group quota file already specified [ 28.769138][ T335] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 28.769172][ T30] audit: type=1400 audit(1774535003.720:138): avc: denied { nlmsg_write } for pid=382 comm="syz.0.23" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 28.816866][ T30] audit: type=1400 audit(1774535003.760:139): avc: denied { create } for pid=388 comm="syz.0.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.838624][ T30] audit: type=1400 audit(1774535003.760:140): avc: denied { read } for pid=388 comm="syz.0.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.953925][ T372] udevd[372]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 29.057199][ T30] audit: type=1400 audit(1774535004.050:141): avc: denied { create } for pid=402 comm="syz.3.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 29.112047][ T30] audit: type=1400 audit(1774535004.090:142): avc: denied { write } for pid=402 comm="syz.3.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 29.288634][ T425] ======================================================= [ 29.288634][ T425] WARNING: The mand mount option has been deprecated and [ 29.288634][ T425] and is ignored by this kernel. Remove the mand [ 29.288634][ T425] option from the mount to silence this warning. [ 29.288634][ T425] ======================================================= [ 29.345572][ T30] audit: type=1400 audit(1774535004.340:143): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 29.425640][ T443] netlink: 24 bytes leftover after parsing attributes in process `syz.3.52'. [ 29.727276][ T30] audit: type=1400 audit(1774535004.720:144): avc: denied { read } for pid=496 comm="syz.2.78" name="ppp" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 29.736045][ T501] netlink: 40 bytes leftover after parsing attributes in process `syz.3.79'. [ 29.756997][ T30] audit: type=1400 audit(1774535004.720:145): avc: denied { open } for pid=496 comm="syz.2.78" path="/dev/ppp" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 29.762710][ T501] netlink: 40 bytes leftover after parsing attributes in process `syz.3.79'. [ 29.785110][ T30] audit: type=1400 audit(1774535004.720:146): avc: denied { ioctl } for pid=496 comm="syz.2.78" path="/dev/ppp" dev="devtmpfs" ino=154 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 29.845360][ T506] netlink: 272 bytes leftover after parsing attributes in process `syz.3.81'. [ 29.908335][ T518] netlink: 204 bytes leftover after parsing attributes in process `syz.3.85'. [ 29.932793][ T518] netlink: 84 bytes leftover after parsing attributes in process `syz.3.85'. [ 29.969811][ T534] netlink: 64 bytes leftover after parsing attributes in process `syz.3.92'. [ 30.330892][ T606] device syzkaller0 entered promiscuous mode [ 30.496554][ T652] Zero length message leads to an empty skb [ 30.514440][ T656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.151'. [ 30.772591][ T714] loop4: detected capacity change from 0 to 128 [ 30.786873][ T717] loop0: detected capacity change from 0 to 512 [ 30.806815][ T717] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 30.828352][ T717] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 30.833004][ T723] loop2: detected capacity change from 0 to 1024 [ 30.847362][ T725] netlink: 2 bytes leftover after parsing attributes in process `syz.1.186'. [ 30.863062][ T723] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 30.870916][ T717] EXT4-fs (loop0): mounted filesystem without journal. Opts: init_itable,dioread_nolock,abort,grpjquota=,lazytime,auto_da_alloc,mblk_io_submit,max_dir_size_kb=0x0000000000000100,min_batch_time=0x000000000000007a,auto_da_alloc=0x0000000000000008,,errors=continue. Quota mode: writeback. [ 30.904712][ T717] ext4 filesystem being mounted at /39/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 30.947633][ T723] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,nojournal_checksum,errors=remount-ro,grpquota,noblock_validity,user_xattr,nombcache,errors=remount-ro,. Quota mode: writeback. [ 31.076366][ T746] loop1: detected capacity change from 0 to 512 [ 31.094929][ T746] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 31.125434][ T746] EXT4-fs (loop1): can't mount with journal_checksum, fs mounted w/o journal [ 31.173807][ T754] mmap: syz.4.196 (754) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 31.225454][ T758] loop4: detected capacity change from 0 to 128 [ 31.264260][ T758] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 31.290968][ T766] loop1: detected capacity change from 0 to 4096 [ 31.304557][ T758] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 31.309224][ T774] netlink: 76 bytes leftover after parsing attributes in process `syz.0.206'. [ 31.386883][ T791] loop0: detected capacity change from 0 to 512 [ 31.398992][ T766] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 31.429782][ T797] loop2: detected capacity change from 0 to 512 [ 31.459773][ T797] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 31.469693][ T791] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.491115][ T797] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 31.514615][ T806] loop1: detected capacity change from 0 to 512 [ 31.531136][ T797] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.216: attempt to clear invalid blocks 2 len 1 [ 31.548499][ T797] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.216: invalid indirect mapped block 1819239214 (level 0) [ 31.563917][ T797] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.216: invalid indirect mapped block 1819239214 (level 1) [ 31.578790][ T797] EXT4-fs (loop2): 1 truncate cleaned up [ 31.585011][ T797] EXT4-fs (loop2): mounted filesystem without journal. Opts: barrier,jqfmt=vfsv0,abort,bsddf,noinit_itable,usrjquota=..,errors=continue. Quota mode: writeback. [ 31.613819][ T797] EXT4-fs error (device loop2): ext4_lookup:1855: inode #2: comm syz.2.216: 'file1' linked to parent dir [ 31.627590][ T806] EXT4-fs (loop1): Unrecognized mount option "jqfmt=vfsoldJdebug" or missing value [ 31.933829][ T39] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 31.964471][ T832] netlink: 256 bytes leftover after parsing attributes in process `syz.0.233'. [ 32.223497][ T39] usb 5-1: device descriptor read/64, error -71 [ 32.226066][ T853] loop0: detected capacity change from 0 to 128 [ 32.301687][ T853] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 32.307983][ T859] loop3: detected capacity change from 0 to 512 [ 32.313882][ T853] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.343401][ T859] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 32.358842][ T859] EXT4-fs (loop3): 1 truncate cleaned up [ 32.365602][ T859] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,noload,auto_da_alloc,noload,data_err=ignore,auto_da_alloc,,errors=continue. Quota mode: none. [ 32.427656][ T863] loop3: detected capacity change from 0 to 512 [ 32.448003][ T871] loop1: detected capacity change from 0 to 512 [ 32.458118][ T870] netlink: 16 bytes leftover after parsing attributes in process `syz.0.247'. [ 32.468158][ T870] netlink: 16 bytes leftover after parsing attributes in process `syz.0.247'. [ 32.475118][ T863] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 32.489625][ T863] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.504999][ T871] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (47215!=33349) [ 32.508137][ T863] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 32.530986][ T863] EXT4-fs error (device loop3): ext4_acquire_dquot:6225: comm syz.3.248: Failed to acquire dquot type 0 [ 32.542987][ T871] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e02c, mo2=0002] [ 32.563842][ T871] EXT4-fs (loop1): orphan cleanup on readonly fs [ 32.570622][ T871] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.251: bad orphan inode 3 [ 32.581491][ T871] EXT4-fs (loop1): Remounting filesystem read-only [ 32.588412][ T871] EXT4-fs (loop1): mounted filesystem without journal. Opts: nojournal_checksum,noblock_validity,max_batch_time=0x0000000000000009,errors=remount-ro,user_xattr. Quota mode: none. [ 32.609717][ T871] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.251: dx entry: limit 0 != root limit 125 [ 32.622257][ T871] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.251: Corrupt directory, running e2fsck is recommended [ 32.636439][ T39] usb 5-1: device descriptor read/64, error -71 [ 32.659574][ T879] loop2: detected capacity change from 0 to 512 [ 32.675583][ T881] loop3: detected capacity change from 0 to 128 [ 32.686717][ T881] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 32.698153][ T881] ext4 filesystem being mounted at /52/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 32.740739][ T881] EXT4-fs error (device loop3): dx_make_map:1328: inode #2: block 20: comm syz.3.253: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 32.755245][ T886] loop1: detected capacity change from 0 to 512 [ 32.760936][ T881] EXT4-fs error (device loop3) in do_split:2095: Corrupt filesystem [ 32.768499][ T879] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 32.789352][ T879] ext4 filesystem being mounted at /50/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.815010][ T886] EXT4-fs (loop1): Ignoring removed orlov option [ 32.822228][ T886] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 32.841421][ T891] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=891 comm=syz.3.257 [ 32.874177][ T886] EXT4-fs error (device loop1): ext4_iget_extra_inode:4597: inode #15: comm syz.1.255: corrupted in-inode xattr [ 32.890291][ T900] SELinux: policydb string length 0 does not match expected length 8 [ 32.903542][ T896] EXT4-fs (loop0): Ignoring removed bh option [ 32.903552][ T886] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.255: couldn't read orphan inode 15 (err -117) [ 32.922436][ T900] SELinux: failed to load policy [ 32.925050][ T39] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 32.937776][ T896] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 32.952918][ T896] EXT4-fs (loop0): 1 truncate cleaned up [ 32.957329][ T886] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,inode_readahead_blks=0x0000000004000000,orlov,noload,delalloc,mblk_io_submit,commit=0x0000000000000000,noblock_validity,lazytime,init_itable=0x0000000000000fff,,errors=continue. Quota mode: none. [ 32.986517][ T896] EXT4-fs (loop0): mounted filesystem without journal. Opts: bh,,errors=continue. Quota mode: none. [ 33.015703][ T886] EXT4-fs error (device loop1): ext4_iget_extra_inode:4597: inode #15: comm syz.1.255: corrupted in-inode xattr [ 33.050542][ T896] EXT4-fs (loop0): shut down requested (2) [ 33.059887][ T896] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 33.087375][ T896] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 33.102516][ T896] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 33.107295][ T918] rtc_cmos 00:00: Alarms can be up to one day in the future [ 33.137360][ T907] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 33.233519][ T39] usb 5-1: device descriptor read/64, error -71 [ 33.257328][ T940] Illegal XDP return value 4291227648, expect packet loss! [ 33.260064][ T942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.276'. [ 33.275686][ T942] netlink: 12 bytes leftover after parsing attributes in process `syz.1.276'. [ 33.290096][ T942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.276'. [ 33.313169][ T942] netlink: 12 bytes leftover after parsing attributes in process `syz.1.276'. [ 33.405804][ T955] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 33.425956][ T955] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.438873][ T962] EXT4-fs (loop3): Ignoring removed bh option [ 33.455140][ T962] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 33.472833][ T969] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000c01c, mo2=0002] [ 33.484456][ T969] System zones: 0-1, 3-36 [ 33.490751][ T969] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.293: bad orphan inode 134217728 [ 33.495959][ T962] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,nodelalloc,init_itable=0x0000000000000003,inlinecrypt,data_err=ignore,nodiscard,jqfmt=vfsv0,grpquota,mb_optimize_scan=0x0000000000000001,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 33.529809][ T969] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000101,debug,journal_dev=0x0000000000000007,,errors=continue. Quota mode: writeback. [ 33.633566][ T39] usb 5-1: device descriptor read/64, error -71 [ 33.687243][ T1010] netlink: 84 bytes leftover after parsing attributes in process `syz.2.313'. [ 33.716144][ T1002] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 33.728103][ T1002] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.740761][ T1002] EXT4-fs error (device loop3): ext4_xattr_block_get:543: inode #15: comm syz.3.308: corrupted xattr block 33 [ 33.754106][ T1002] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop3 ino=15 [ 33.764172][ T1002] EXT4-fs error (device loop3): ext4_xattr_block_get:543: inode #15: comm syz.3.308: corrupted xattr block 33 [ 33.766034][ T30] kauditd_printk_skb: 71 callbacks suppressed [ 33.766050][ T30] audit: type=1400 audit(1774535008.750:216): avc: denied { connect } for pid=1019 comm="syz.0.317" lport=47 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 33.788580][ T1002] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop3 ino=15 [ 33.805181][ T39] usb usb5-port1: attempt power cycle [ 33.813050][ T1002] EXT4-fs error (device loop3): ext4_xattr_block_get:543: inode #15: comm syz.3.308: corrupted xattr block 33 [ 33.832197][ T30] audit: type=1400 audit(1774535008.810:217): avc: denied { write } for pid=1001 comm="syz.3.308" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 33.856705][ T1026] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 33.856892][ T1002] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop3 ino=15 [ 33.874553][ T30] audit: type=1400 audit(1774535008.880:218): avc: denied { open } for pid=1001 comm="syz.3.308" path="/70/file0/file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 33.901207][ T30] audit: type=1400 audit(1774535008.880:219): avc: denied { bind } for pid=1028 comm="syz.0.321" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 33.912495][ T1026] EXT4-fs (loop1): 1 truncate cleaned up [ 33.925570][ T30] audit: type=1400 audit(1774535008.880:220): avc: denied { name_bind } for pid=1028 comm="syz.0.321" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 33.950817][ T1002] EXT4-fs error (device loop3): ext4_xattr_block_get:543: inode #15: comm syz.3.308: corrupted xattr block 33 [ 33.951597][ T30] audit: type=1400 audit(1774535008.880:221): avc: denied { node_bind } for pid=1028 comm="syz.0.321" saddr=172.30.0.1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 33.987905][ T20] rtc_cmos 00:00: Alarms can be up to one day in the future [ 33.990372][ T1032] netlink: 5760 bytes leftover after parsing attributes in process `syz.0.322'. [ 33.996268][ T20] rtc_cmos 00:00: Alarms can be up to one day in the future [ 34.014009][ T20] rtc_cmos 00:00: Alarms can be up to one day in the future [ 34.023284][ T20] rtc_cmos 00:00: Alarms can be up to one day in the future [ 34.023961][ T1026] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,jqfmt=vfsv1,noload,inode_readahead_blks=0x0000000000008000,nomblk_io_submit,,errors=continue. Quota mode: none. [ 34.031760][ T20] rtc rtc0: __rtc_set_alarm: err=-22 [ 34.063629][ T1002] EXT4-fs error (device loop3): ext4_xattr_block_get:543: inode #15: comm syz.3.308: corrupted xattr block 33 [ 34.081643][ T1017] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable,quota,noinit_itable,grpjquota=,lazytime,block_validity,bsddf,,errors=continue. Quota mode: writeback. [ 34.103335][ T1002] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop3 ino=15 [ 34.114556][ T1017] ext4 filesystem being mounted at /67/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 34.163997][ T1038] EXT4-fs (loop0): Invalid log block size: 1282 [ 34.202696][ T30] audit: type=1400 audit(1774535009.190:222): avc: denied { getopt } for pid=1042 comm="syz.3.326" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 34.258952][ T1051] capability: warning: `syz.0.328' uses deprecated v2 capabilities in a way that may be insecure [ 34.267916][ T30] audit: type=1400 audit(1774535009.240:223): avc: denied { getopt } for pid=1048 comm="syz.1.330" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 34.293466][ T39] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 34.346065][ T30] audit: type=1400 audit(1774535009.340:224): avc: denied { append } for pid=1065 comm="syz.0.337" name="vga_arbiter" dev="devtmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 34.427502][ T1080] ------------[ cut here ]------------ [ 34.443116][ T1080] trace type BPF program uses run-time allocation [ 34.453676][ T1080] WARNING: CPU: 0 PID: 1080 at kernel/bpf/verifier.c:11718 check_map_prog_compatibility+0x6cd/0x870 [ 34.457870][ T30] audit: type=1400 audit(1774535009.450:225): avc: denied { nlmsg_read } for pid=1086 comm="syz.0.347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 34.486986][ T1080] Modules linked in: [ 34.490945][ T1080] CPU: 1 PID: 1080 Comm: syz.2.345 Not tainted syzkaller #0 [ 34.499015][ T1080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 34.510945][ T39] usb 5-1: device descriptor read/8, error -71 [ 34.520465][ T1080] RIP: 0010:check_map_prog_compatibility+0x6cd/0x870 [ 34.528359][ T1080] Code: ee ff 48 c7 c6 80 44 48 85 4c 8b 65 d0 e9 fd fc ff ff e8 96 1c ee ff c6 05 b4 7d 6a 05 01 48 c7 c7 e0 40 48 85 e8 a3 33 2f 03 <0f> 0b e9 88 fb ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ac f9 ff [ 34.549392][ T1080] RSP: 0018:ffffc90000ee7428 EFLAGS: 00010246 [ 34.556778][ T1080] RAX: ac1a29914f6f4f00 RBX: 0000000000000001 RCX: 0000000000080000 [ 34.565737][ T1080] RDX: ffffc90001f8e000 RSI: 0000000000002ba9 RDI: 0000000000002baa [ 34.581190][ T1090] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 34.588358][ T1080] RBP: ffffc90000ee7470 R08: ffff8881f7032f3f R09: 1ffff1103ee065e7 [ 34.602112][ T1080] R10: dffffc0000000000 R11: ffffed103ee065e8 R12: ffff88810f850000 [ 34.610522][ T1080] R13: 0000000000000011 R14: dffffc0000000000 R15: ffff8881142d0800 [ 34.619679][ T1080] FS: 00007f8bd05cf6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 34.636058][ T1080] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.643195][ T1080] CR2: 00007f7f797c6000 CR3: 000000011e155000 CR4: 00000000003506b0 [ 34.648925][ T1090] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,nojournal_checksum,errors=remount-ro,grpquota,noblock_validity,abort,nombcache,errors=remount-ro,. Quota mode: writeback. [ 34.673498][ T1080] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.692714][ T1080] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.702390][ T1080] Call Trace: [ 34.709879][ T1080] [ 34.713138][ T1080] resolve_pseudo_ldimm64+0x656/0x1180 [ 34.720743][ T1080] ? check_attach_btf_id+0xd70/0xd70 [ 34.726901][ T1080] ? __mark_reg_known+0x1b0/0x1b0 [ 34.737007][ T39] usb 5-1: device descriptor read/8, error -71 [ 34.743609][ T1080] ? security_capable+0x87/0xb0 [ 34.748854][ T1080] bpf_check+0x32c7/0xf370 [ 34.754007][ T1080] ? 0xffffffffa002a000 [ 34.758696][ T1080] ? is_bpf_text_address+0x177/0x190 [ 34.766023][ T1080] ? bpf_get_btf_vmlinux+0x60/0x60 [ 34.780990][ T1080] ? unwind_get_return_address+0x4d/0x90 [ 34.789492][ T1080] ? stack_trace_save+0xf0/0xf0 [ 34.794934][ T1080] ? arch_stack_walk+0xee/0x140 [ 34.800586][ T1080] ? stack_trace_save+0xa6/0xf0 [ 34.806193][ T1080] ? __stack_depot_save+0x34/0x480 [ 34.811516][ T1080] ? __kasan_slab_alloc+0x69/0xf0 [ 34.818241][ T1080] ? __kasan_kmalloc+0xec/0x110 [ 34.823266][ T1080] ? __kasan_kmalloc+0xda/0x110 [ 34.828763][ T1080] ? kmem_cache_alloc_trace+0x119/0x270 [ 34.836292][ T1080] ? selinux_bpf_prog_alloc+0x51/0x140 [ 34.836998][ T1109] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 34.842786][ T1080] ? security_bpf_prog_alloc+0x62/0x90 [ 34.860653][ T1080] ? bpf_prog_load+0x9f4/0x1640 [ 34.866064][ T1080] ? __sys_bpf+0x51d/0x7d0 [ 34.870705][ T1080] ? __x64_sys_bpf+0x7c/0x90 [ 34.875720][ T1080] ? x64_sys_call+0x4b9/0x9a0 [ 34.880601][ T1080] ? do_syscall_64+0x4c/0xa0 [ 34.885420][ T1080] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 34.891779][ T1080] ? check_stack_object+0x81/0x140 [ 34.897422][ T1080] ? memset+0x35/0x40 [ 34.901784][ T1080] ? bpf_obj_name_cpy+0x193/0x1e0 [ 34.906986][ T1080] bpf_prog_load+0x10c4/0x1640 [ 34.911960][ T1080] ? __kasan_check_write+0x14/0x20 [ 34.917467][ T1080] ? map_freeze+0x360/0x360 [ 34.917949][ T1109] EXT4-fs error (device loop3): ext4_generic_delete_entry:2729: inode #12: block 80: comm syz.3.357: bad entry in directory: inode out of bounds - offset=12, inode=64, rec_len=12, size=4096 fake=1 [ 34.922096][ T1080] ? selinux_bpf+0xc7/0xf0 [ 34.922121][ T1080] ? security_bpf+0x82/0xa0 [ 34.951485][ T1080] __sys_bpf+0x51d/0x7d0 [ 34.955980][ T1080] ? bpf_link_show_fdinfo+0x330/0x330 [ 34.961747][ T1080] ? __kasan_check_write+0x14/0x20 [ 34.964729][ T1109] EXT4-fs error (device loop3) in ext4_delete_entry:2800: Corrupt filesystem [ 34.968354][ T1080] ? switch_fpu_return+0x15d/0x2c0 [ 34.982013][ T1080] __x64_sys_bpf+0x7c/0x90 [ 34.990601][ T1080] x64_sys_call+0x4b9/0x9a0 [ 34.995550][ T1080] do_syscall_64+0x4c/0xa0 [ 35.000163][ T1080] ? clear_bhb_loop+0x50/0xa0 [ 35.005226][ T1080] ? clear_bhb_loop+0x50/0xa0 [ 35.008449][ T1109] EXT4-fs warning (device loop3): ext4_rename_delete:3792: inode #12: comm syz.3.357: Deleting old file: nlink 2, error=-117 [ 35.011941][ T1080] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 35.031690][ T1080] RIP: 0033:0x7f8bd1b74799 [ 35.036756][ T1080] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 35.063501][ T1080] RSP: 002b:00007f8bd05cf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 35.072297][ T1080] RAX: ffffffffffffffda RBX: 00007f8bd1dedfa0 RCX: 00007f8bd1b74799 [ 35.082565][ T1080] RDX: 0000000000000094 RSI: 0000200000000180 RDI: 0000000000000005 [ 35.092248][ T1080] RBP: 00007f8bd1c0ac99 R08: 0000000000000000 R09: 0000000000000000 [ 35.102022][ T1080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 35.110435][ T1080] R13: 00007f8bd1dee038 R14: 00007f8bd1dedfa0 R15: 00007fff75fbfb78 [ 35.128582][ T1080] [ 35.138813][ T1080] ---[ end trace ffd895714ad18130 ]--- [ 35.201092][ T1133] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 35.214704][ T1137] FAT-fs (loop2): error, invalid access to FAT (entry 0x000000c8) [ 35.228197][ T1137] FAT-fs (loop2): Filesystem has been set read-only [ 35.256870][ T1133] FAT-fs (loop4): error, invalid FAT chain (i_pos 548, last_block 8) [ 35.271529][ T1133] FAT-fs (loop4): Filesystem has been set read-only [ 35.280567][ T1133] FAT-fs (loop4): error, corrupted file size (i_pos 548, 522) [ 35.347995][ T1152] SELinux: failed to load policy [ 35.362893][ T1147] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 35.423014][ T1147] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,journal_dev=0x0000000000000007,journal_ioprio=0x0000000000000006,noinit_itable,nogrpid,nodiscard,jqfmt=vfsv0,noinit_itable,mb_optimize_scan=0x0000000000000000,usrquota,dioread_nolock,,errors=continue. Quota mode: writeback. [ 35.453169][ T1147] ext4 filesystem being mounted at /86/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.472873][ T1147] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.375: bg 0: block 112: padding at end of block bitmap is not set [ 35.489605][ T1167] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 35.499499][ T1147] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 52 with error 117 [ 35.515634][ T1167] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.381: iget: bogus i_mode (2) [ 35.524659][ T1147] EXT4-fs (loop3): This should not happen!! Data will be lost [ 35.524659][ T1147] [ 35.541886][ T1167] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.381: couldn't read orphan inode 15 (err -117) [ 35.591005][ T1167] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 35.628260][ T1167] EXT4-fs error (device loop2): ext4_empty_dir:3145: inode #12: block 13: comm syz.2.381: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=1 [ 35.650380][ T1167] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #12: comm syz.2.381: directory missing '.' [ 35.699621][ T1180] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001) [ 35.761837][ T1178] SELinux: failed to load policy [ 35.872566][ T1191] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 35.923613][ T1191] ext4 filesystem being mounted at /88/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 36.021501][ T1191] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #2: block 18: comm syz.3.391: lblock 23 mapped to illegal pblock 18 (length 1) [ 36.043815][ T1212] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 36.067366][ T1212] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 36.076504][ T1217] EXT4-fs error (device loop3): ext4_readdir:263: inode #2: block 3: comm syz.3.391: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=2060, size=2048 fake=1 [ 36.115651][ T1217] EXT4-fs error (device loop3): ext4_readdir:263: inode #2: block 12: comm syz.3.391: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 36.137571][ T1212] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz.0.400: bg 0: block 104: invalid block bitmap [ 36.169155][ T1212] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 36.204504][ T1217] EXT4-fs error (device loop3): ext4_readdir:263: inode #2: block 13: comm syz.3.391: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 36.227990][ T1212] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.400: invalid indirect mapped block 1 (level 1) [ 36.282710][ T1212] EXT4-fs (loop0): 1 truncate cleaned up [ 36.294053][ T1212] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 36.311122][ T1217] EXT4-fs error (device loop3): ext4_readdir:263: inode #2: block 14: comm syz.3.391: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 36.373637][ T1217] EXT4-fs error (device loop3): ext4_readdir:263: inode #2: block 15: comm syz.3.391: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 36.402774][ T1217] EXT4-fs error (device loop3): ext4_readdir:263: inode #2: block 16: comm syz.3.391: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 36.406251][ T1228] set_capacity_and_notify: 20 callbacks suppressed [ 36.406267][ T1228] loop4: detected capacity change from 0 to 128 [ 36.426845][ T1217] EXT4-fs error (device loop3): ext4_readdir:263: inode #2: block 17: comm syz.3.391: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 36.463806][ T1228] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 36.472687][ T1217] EXT4-fs error (device loop3): ext4_map_blocks:630: inode #2: block 18: comm syz.3.391: lblock 23 mapped to illegal pblock 18 (length 1) [ 36.480891][ T1233] loop2: detected capacity change from 0 to 256 [ 36.497907][ T1217] EXT4-fs error (device loop3): ext4_readdir:263: inode #2: block 19: comm syz.3.391: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 36.516886][ T1235] loop0: detected capacity change from 0 to 512 [ 36.527235][ T281] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 36.537653][ T281] FAT-fs (loop4): Filesystem has been set read-only [ 36.546013][ T1233] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 36.577739][ T1235] EXT4-fs (loop0): Ignoring removed oldalloc option [ 36.591158][ T1235] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.410: invalid indirect mapped block 4294967295 (level 1) [ 36.605926][ T1235] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.410: invalid indirect mapped block 4294967295 (level 1) [ 36.637351][ T1238] loop4: detected capacity change from 0 to 512 [ 36.645807][ T1235] EXT4-fs (loop0): 2 truncates cleaned up [ 36.651819][ T1235] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,oldalloc,barrier=0x0000000000000005,,errors=continue. Quota mode: writeback. [ 36.747823][ T1244] loop4: detected capacity change from 0 to 1024 [ 36.776744][ T1248] SELinux: failed to load policy [ 36.802283][ T1250] netlink: 104 bytes leftover after parsing attributes in process `syz.2.417'. [ 36.825689][ T1244] EXT4-fs (loop4): Ignoring removed orlov option [ 36.877942][ T1244] EXT4-fs (loop4): mounted filesystem without journal. Opts: block_validity,bsddf,data_err=ignore,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,usrquota,noauto_da_alloc,norecovery,,errors=continue. Quota mode: writeback. [ 36.935385][ T1263] loop2: detected capacity change from 0 to 4096 [ 36.965128][ T1263] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 37.185992][ T1290] loop2: detected capacity change from 0 to 1024 [ 37.224191][ T1290] EXT4-fs (loop2): Ignoring removed bh option [ 37.233493][ T1290] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 37.246087][ T1298] loop0: detected capacity change from 0 to 512 [ 37.267765][ T1300] loop4: detected capacity change from 0 to 512 [ 37.278445][ T1290] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,nodelalloc,init_itable=0x0000000000000003,inlinecrypt,data_err=ignore,nodiscard,jqfmt=vfsv0,grpquota,mb_optimize_scan=0x0000000000000001,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback. [ 37.314767][ T1298] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled [ 37.324684][ T1300] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 37.328441][ T1290] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3885: comm syz.2.435: Allocating blocks 497-513 which overlap fs metadata [ 37.354828][ T1290] EXT4-fs (loop2): pa ffff888112159738: logic 256, phys. 385, len 8 [ 37.363174][ T1290] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4902: group 0, free 0, pa_free 1 [ 37.378932][ T1298] EXT4-fs (loop0): 2 truncates cleaned up [ 37.400213][ T1300] EXT4-fs (loop4): 1 orphan inode deleted [ 37.412106][ T1300] EXT4-fs (loop4): 1 truncate cleaned up [ 37.418722][ T1298] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv1,errors=remount-ro,mb_optimize_scan=0x0000000000000001,auto_da_alloc=0x000000007fffffff,min_batch_time=0x0000000000000003,. Quota mode: writeback. [ 37.423529][ T1300] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x0000000000000006,stripe=0x0000000000000005,jqfmt=vfsv0,quota,. Quota mode: writeback. [ 37.475101][ T1298] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1471: inode #12: block 7: comm syz.0.439: path /112/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0 [ 37.521664][ T1298] EXT4-fs (loop0): Remounting filesystem read-only [ 37.907065][ T1336] loop0: detected capacity change from 0 to 1024 [ 38.007413][ T1336] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 38.035902][ T1336] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,nolazytime,dioread_lock,grpquota,noblock_validity,lazytime,nomblk_io_submit,errors=remount-ro,. Quota mode: writeback. [ 38.104519][ T1355] netlink: 20 bytes leftover after parsing attributes in process `syz.4.462'. [ 38.114272][ T1355] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.121582][ T1355] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.143129][ T1355] syz.4.462 (1355) used greatest stack depth: 20352 bytes left [ 38.155301][ T1347] EXT4-fs (loop3): mounted filesystem without journal. Opts: stripe=0x0000000000000009,inode_readahead_blks=0x0000000000200000,grpquota,norecovery,debug_want_extra_isize=0x0000000000000080,jqfmt=vfsv1,nogrpid,noauto_da_alloc,norecovery,,errors=continue. Quota mode: writeback. [ 38.184694][ T1365] netlink: 536 bytes leftover after parsing attributes in process `syz.0.466'. [ 38.240487][ T1369] syz.0.468 uses obsolete (PF_INET,SOCK_PACKET) [ 38.266594][ T1372] netlink: 'syz.0.470': attribute type 12 has an invalid length. [ 38.275190][ T1372] netlink: 'syz.0.470': attribute type 29 has an invalid length. [ 38.283837][ T1372] netlink: 148 bytes leftover after parsing attributes in process `syz.0.470'. [ 38.293619][ T1372] netlink: 'syz.0.470': attribute type 2 has an invalid length. [ 38.304996][ T1372] netlink: 23 bytes leftover after parsing attributes in process `syz.0.470'. [ 38.504823][ T1399] netlink: 24 bytes leftover after parsing attributes in process `syz.3.482'. [ 38.516136][ T1399] netlink: 24 bytes leftover after parsing attributes in process `syz.3.482'. [ 38.525910][ T1399] ================================================================== [ 38.534524][ T1399] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x870/0x3240 [ 38.543852][ T1399] Read of size 8 at addr ffff8881105841c0 by task syz.3.482/1399 [ 38.551681][ T1399] [ 38.554035][ T1399] CPU: 1 PID: 1399 Comm: syz.3.482 Tainted: G W syzkaller #0 [ 38.563246][ T1399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 38.574026][ T1399] Call Trace: [ 38.577513][ T1399] [ 38.580571][ T1399] __dump_stack+0x21/0x30 [ 38.584925][ T1399] dump_stack_lvl+0x110/0x170 [ 38.590171][ T1399] ? show_regs_print_info+0x20/0x20 [ 38.595444][ T1399] ? load_image+0x3e0/0x3e0 [ 38.599983][ T1399] print_address_description+0x7f/0x2c0 [ 38.605754][ T1399] ? tc_setup_flow_action+0x870/0x3240 [ 38.611472][ T1399] kasan_report+0xf1/0x140 [ 38.615895][ T1399] ? tc_setup_flow_action+0x870/0x3240 [ 38.621439][ T1399] __asan_report_load8_noabort+0x14/0x20 [ 38.627171][ T1399] tc_setup_flow_action+0x870/0x3240 [ 38.632811][ T1399] mall_replace_hw_filter+0x2cc/0x8b0 [ 38.638175][ T1399] ? pcpu_block_update_hint_alloc+0x8c4/0xc50 [ 38.644241][ T1399] ? mall_set_parms+0x520/0x520 [ 38.649266][ T1399] ? tcf_exts_destroy+0xb0/0xb0 [ 38.654277][ T1399] ? pcpu_alloc+0x1170/0x16e0 [ 38.658962][ T1399] ? mall_set_parms+0x1e8/0x520 [ 38.664357][ T1399] mall_change+0x544/0x760 [ 38.668859][ T1399] ? __kasan_check_write+0x14/0x20 [ 38.674184][ T1399] ? mall_get+0xa0/0xa0 [ 38.678503][ T1399] ? tcf_chain_tp_insert_unique+0xac1/0xc10 [ 38.684468][ T1399] tc_new_tfilter+0x12e5/0x18e0 [ 38.690911][ T1399] ? tcf_gate_entry_destructor+0x20/0x20 [ 38.696976][ T1399] ? security_capable+0x87/0xb0 [ 38.702809][ T1399] ? ns_capable+0x8c/0xf0 [ 38.707667][ T1399] ? netlink_net_capable+0x125/0x160 [ 38.714176][ T1399] ? tcf_gate_entry_destructor+0x20/0x20 [ 38.719982][ T1399] rtnetlink_rcv_msg+0x871/0xce0 [ 38.725067][ T1399] ? rtnetlink_bind+0x80/0x80 [ 38.729965][ T1399] ? avc_has_perm_noaudit+0x391/0x490 [ 38.735745][ T1399] ? memcpy+0x56/0x70 [ 38.739999][ T1399] ? avc_has_perm_noaudit+0x30b/0x490 [ 38.745666][ T1399] ? arch_stack_walk+0xee/0x140 [ 38.750510][ T1399] ? avc_denied+0x1b0/0x1b0 [ 38.755228][ T1399] ? stack_trace_save+0xa6/0xf0 [ 38.760429][ T1399] ? avc_has_perm+0x163/0x250 [ 38.765484][ T1399] ? avc_has_perm_noaudit+0x490/0x490 [ 38.771023][ T1399] ? x64_sys_call+0x4b/0x9a0 [ 38.775594][ T1399] ? selinux_nlmsg_lookup+0x416/0x4c0 [ 38.780960][ T1399] netlink_rcv_skb+0x1f5/0x440 [ 38.786062][ T1399] ? rtnetlink_bind+0x80/0x80 [ 38.790939][ T1399] ? netlink_ack+0xb50/0xb50 [ 38.795735][ T1399] ? __netlink_lookup+0x387/0x3b0 [ 38.801377][ T1399] rtnetlink_rcv+0x1c/0x20 [ 38.806516][ T1399] netlink_unicast+0x876/0xa40 [ 38.811860][ T1399] netlink_sendmsg+0x879/0xb80 [ 38.816998][ T1399] ? netlink_getsockopt+0x530/0x530 [ 38.822385][ T1399] ? do_futex+0xde8/0x2800 [ 38.826814][ T1399] ? security_socket_sendmsg+0x82/0xa0 [ 38.832895][ T1399] ? netlink_getsockopt+0x530/0x530 [ 38.838383][ T1399] ____sys_sendmsg+0x5b7/0x8f0 [ 38.843581][ T1399] ? __sys_sendmsg_sock+0x40/0x40 [ 38.849371][ T1399] ? import_iovec+0x7c/0xb0 [ 38.854119][ T1399] ___sys_sendmsg+0x236/0x2e0 [ 38.859253][ T1399] ? __sys_sendmsg+0x280/0x280 [ 38.864632][ T1399] ? sock_show_fdinfo+0xa0/0xa0 [ 38.870021][ T1399] ? __fdget+0x1a1/0x230 [ 38.874510][ T1399] __x64_sys_sendmsg+0x206/0x2f0 [ 38.879744][ T1399] ? ___sys_sendmsg+0x2e0/0x2e0 [ 38.885274][ T1399] ? __kasan_check_write+0x14/0x20 [ 38.890893][ T1399] ? switch_fpu_return+0x15d/0x2c0 [ 38.896245][ T1399] x64_sys_call+0x4b/0x9a0 [ 38.900645][ T1399] do_syscall_64+0x4c/0xa0 [ 38.905352][ T1399] ? clear_bhb_loop+0x50/0xa0 [ 38.910215][ T1399] ? clear_bhb_loop+0x50/0xa0 [ 38.915089][ T1399] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 38.921279][ T1399] RIP: 0033:0x7f3364aaf799 [ 38.926184][ T1399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 38.946563][ T1399] RSP: 002b:00007f336350a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 38.955434][ T1399] RAX: ffffffffffffffda RBX: 00007f3364d28fa0 RCX: 00007f3364aaf799 [ 38.964222][ T1399] RDX: 0000000020000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 38.972922][ T1399] RBP: 00007f3364b45c99 R08: 0000000000000000 R09: 0000000000000000 [ 38.981299][ T1399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 38.991624][ T1399] R13: 00007f3364d29038 R14: 00007f3364d28fa0 R15: 00007ffdc61921b8 [ 39.001942][ T1399] [ 39.005415][ T1399] [ 39.007901][ T1399] Allocated by task 1399: [ 39.012771][ T1399] __kasan_kmalloc+0xda/0x110 [ 39.017821][ T1399] __kmalloc+0x13d/0x2c0 [ 39.023105][ T1399] tcf_idr_create+0x5f/0x790 [ 39.029002][ T1399] tcf_idr_create_from_flags+0x61/0x70 [ 39.034757][ T1399] tcf_gact_init+0x342/0x570 [ 39.039857][ T1399] tcf_action_init_1+0x3ff/0x6b0 [ 39.045131][ T1399] tcf_action_init+0x233/0x7a0 [ 39.050324][ T1399] tcf_exts_validate+0x24a/0x580 [ 39.055238][ T1399] mall_set_parms+0x48/0x520 [ 39.059901][ T1399] mall_change+0x478/0x760 [ 39.064307][ T1399] tc_new_tfilter+0x12e5/0x18e0 [ 39.069600][ T1399] rtnetlink_rcv_msg+0x871/0xce0 [ 39.074637][ T1399] netlink_rcv_skb+0x1f5/0x440 [ 39.079751][ T1399] rtnetlink_rcv+0x1c/0x20 [ 39.084305][ T1399] netlink_unicast+0x876/0xa40 [ 39.089630][ T1399] netlink_sendmsg+0x879/0xb80 [ 39.094738][ T1399] ____sys_sendmsg+0x5b7/0x8f0 [ 39.099829][ T1399] ___sys_sendmsg+0x236/0x2e0 [ 39.104500][ T1399] __x64_sys_sendmsg+0x206/0x2f0 [ 39.110432][ T1399] x64_sys_call+0x4b/0x9a0 [ 39.115790][ T1399] do_syscall_64+0x4c/0xa0 [ 39.120576][ T1399] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 39.126908][ T1399] [ 39.129404][ T1399] The buggy address belongs to the object at ffff888110584100 [ 39.129404][ T1399] which belongs to the cache kmalloc-192 of size 192 [ 39.144294][ T1399] The buggy address is located 0 bytes to the right of [ 39.144294][ T1399] 192-byte region [ffff888110584100, ffff8881105841c0) [ 39.159164][ T1399] The buggy address belongs to the page: [ 39.164863][ T1399] page:ffffea0004416100 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888110584400 pfn:0x110584 [ 39.177587][ T1399] flags: 0x4000000000000200(slab|zone=1) [ 39.183451][ T1399] raw: 4000000000000200 ffffea00044b1440 0000000600000006 ffff888100042c00 [ 39.192552][ T1399] raw: ffff888110584400 000000008010000e 00000001ffffffff 0000000000000000 [ 39.201526][ T1399] page dumped because: kasan: bad access detected [ 39.208207][ T1399] page_owner tracks the page as allocated [ 39.214085][ T1399] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 5172077736, free_ts 5172055929 [ 39.230688][ T1399] post_alloc_hook+0x192/0x1b0 [ 39.235639][ T1399] prep_new_page+0x1c/0x110 [ 39.240760][ T1399] get_page_from_freelist+0x2d3a/0x2dc0 [ 39.246749][ T1399] __alloc_pages+0x1a2/0x460 [ 39.251340][ T1399] new_slab+0xa1/0x4d0 [ 39.255874][ T1399] ___slab_alloc+0x381/0x810 [ 39.261653][ T1399] __slab_alloc+0x49/0x90 [ 39.266310][ T1399] kmem_cache_alloc_trace+0x146/0x270 [ 39.272725][ T1399] kernfs_fop_open+0x343/0xb30 [ 39.277810][ T1399] do_dentry_open+0x834/0x1010 [ 39.283065][ T1399] vfs_open+0x73/0x80 [ 39.287562][ T1399] path_openat+0x26a6/0x2f20 [ 39.292220][ T1399] do_filp_open+0x1e2/0x410 [ 39.297267][ T1399] do_sys_openat2+0x15e/0x7f0 [ 39.302220][ T1399] __x64_sys_openat+0x136/0x160 [ 39.307211][ T1399] x64_sys_call+0x219/0x9a0 [ 39.312176][ T1399] page last free stack trace: [ 39.316930][ T1399] free_unref_page_prepare+0x542/0x550 [ 39.322549][ T1399] free_unref_page+0xae/0x540 [ 39.327479][ T1399] __free_pages+0x6c/0x100 [ 39.332144][ T1399] free_pages+0x82/0x90 [ 39.336556][ T1399] selinux_genfs_get_sid+0x20b/0x250 [ 39.342314][ T1399] inode_doinit_with_dentry+0x87a/0xd80 [ 39.348481][ T1399] selinux_d_instantiate+0x27/0x40 [ 39.353806][ T1399] security_d_instantiate+0x9e/0xf0 [ 39.359350][ T1399] d_splice_alias+0x6d/0x390 [ 39.364310][ T1399] kernfs_iop_lookup+0x2c2/0x310 [ 39.369521][ T1399] path_openat+0xfc9/0x2f20 [ 39.374149][ T1399] do_filp_open+0x1e2/0x410 [ 39.379282][ T1399] do_sys_openat2+0x15e/0x7f0 [ 39.384304][ T1399] __x64_sys_openat+0x136/0x160 [ 39.389325][ T1399] x64_sys_call+0x219/0x9a0 [ 39.393809][ T1399] do_syscall_64+0x4c/0xa0 [ 39.398377][ T1399] [ 39.400781][ T1399] Memory state around the buggy address: [ 39.407134][ T1399] ffff888110584080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.415574][ T1399] ffff888110584100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.424245][ T1399] >ffff888110584180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 39.432557][ T1399] ^ [ 39.439052][ T1399] ffff888110584200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.447953][ T1399] ffff888110584280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 39.456748][ T1399] ================================================================== [ 39.465225][ T1399] Disabling lock debugging due to kernel taint [ 39.527489][ T1409] netlink: 12 bytes leftover after parsing attributes in process `syz.0.481'. [ 39.537784][ T30] kauditd_printk_skb: 41 callbacks suppressed [ 39.537799][ T30] audit: type=1400 audit(1774535014.530:267): avc: denied { write } for pid=1396 comm="syz.0.481" name="001" dev="devtmpfs" ino=181 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 39.578051][ T1409] hub 8-0:1.0: USB hub found [ 39.582869][ T1409] hub 8-0:1.0: 1 port detected