last executing test programs: 30.140968475s ago: executing program 4 (id=775): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ppoll(&(0x7f00000002c0)=[{r1, 0x1666}], 0x1, 0x0, 0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/150, 0x96}], 0x1) 30.026085757s ago: executing program 4 (id=781): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x7}, 0x10000, 0x0, 0x3574, 0x0, 0x88, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/devices\x00', 0x0, 0x0) preadv(r3, &(0x7f00000004c0)=[{&(0x7f0000003800)=""/4099, 0x1003}], 0x1, 0xf0, 0x8) 29.967688758s ago: executing program 4 (id=783): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x400}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x6}, 0x18) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) 29.663099083s ago: executing program 4 (id=787): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0) 29.626233493s ago: executing program 4 (id=790): pipe(&(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x1) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x20000000005, 0x21, 0x1000000}, 0xd8) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000240)={@in={{0x2, 0x4e22, @remote}}, 0x0, 0x0, 0x23, 0x0, "a26de2b28206da9fff58b12ec74eaaa153779294948ff2d387d13720bc584b2a4eecf8f45d092e740022a36385ab92220470d90bb19a16302bb5cb6af01c73cbd95c73b04f90d403f042db4f7cd757cf"}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x240087f9, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 29.559618545s ago: executing program 4 (id=792): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet6(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10) sendto$inet6(r2, &(0x7f0000000180)="900000001c001f4d154a817393278bff0a80a578020000000404840014000100ac1414bb0542d6401051a2d708f3fac8da1a297e0099c5ac0000c5b068d0bf46d3234565a0016466fcb78dcaaf6c3efed495a46215be0000766436c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x20000000, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) 29.543741145s ago: executing program 32 (id=792): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet6(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10) sendto$inet6(r2, &(0x7f0000000180)="900000001c001f4d154a817393278bff0a80a578020000000404840014000100ac1414bb0542d6401051a2d708f3fac8da1a297e0099c5ac0000c5b068d0bf46d3234565a0016466fcb78dcaaf6c3efed495a46215be0000766436c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x20000000, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) 2.727543828s ago: executing program 2 (id=1530): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x40, &(0x7f0000000100), 0x1, 0x58a, &(0x7f0000001b40)="$eJzs3T1sG2UfAPD/neOmH3nf9JXeV3pBHSpAKlJVJ+kHFKZ2RVSq1AGJBSLHjao4cRUn0EQZ0r1CdECAupQNBkYQAwNiYWRlATEjVTQCqekARv5K09QJTohjyP1+0tnPc3f2/3nu/H/sO93JAWTW8fpDGvFURFxOIobXLRuI1sLjzfVWV5aKD1eWiknUald+TiKJiAcrS8X2+knr+UhELEfE/yPi63zEyXTtLQ+0C9WFxanxcrk026qPzE1fH6kuLJ66Nj0+WZoszZx58aVz58+eGzs9tr65D2vra/nt9fXWD7ffufXtK3dvf/LpseXie+NJXIih1rL1/dhNzW2Sjwsb5p/tRbA+SvrdAHYk18rzeir9L4Yj18r6TmrrB4fBPWke0EO1wYgakFGJ/IeMav8OqB//tqe9/P1x72LzAKQed7U1NZcMNM9NxMHGscnhX5LHjkzqx5tH97Kh7EvLNyNidGDgyc9/0vr87dzobjSQnvrqYnNHPbn/07XxJzqMP0Ptc6d/UXv8W31i/HsUP7fJ+He5yxi/vf7jh5vGvxnxdMf4yVr8pEP8NCLe7DL+nde+OL/ZstpHESeic/y2ZOvzwyNXr5VLo83HjjG+PHHs5a36f3iT+M1ztgcbXzOdtn/aZf8//+azZ5a3iP/8s1vv/07b/1BEvNtl/P88+PjVzZbdu5ncr/8K2O7+TyIfd7uM/8KF49+3is4aAgAAAAAAAADALkob17IlaWGtnKaFQvMe3v/G4bRcqc6dvFqZn5loXvN2NPJp+0qr4WY9qdfHWtfjtuunN9TP5FoBc4ca9UKxUp7oc98BAAAAAAAAAAAAAAAAAADg7+LIhvv/f8017v/f+HfVwH61+V9+A/ud/Ifsejz/k761A9h7vv8hs2ryH7JL/kN2yX/ILvkP2SX/IbvkP2SX/AcAAAAAAAAAAAAAAAAAAAAAAAAAgJ64fOlSfao9XFkq1usTAwvzU5W3Tk2UqlOF6flioViZvV6YrFQmy6VCsTL9Z++XVCrXR2Nm/sbIXKk6N1JdWHxjujI/0/5P0VK+5z0CAAAAAAAAAAAAAAAAAACAf56hxpSkhYh8s56mhULEvyLiaBLJ1Wvl0mhE/DsivsvlB+v1sX43GgAAAAAAAAAAAAAAAAAAAPaZ6sLi1Hi5XJrtXWGgFaqHIbovDGxn5YhY3t1m1N9x26/KtzZgnzedQqYKfRyUAAAAAAAAAAAAAAAAAAAgox7d9NvtK37vbYMAAAAAAAAAAAAAAAAAAAAgk9KfkoioTyeGnxvauPRAspprPEfE23euvH9jfG5udqw+//7a/LkPWvNP96P9QLfaeZpGRD2PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEeqC4tT4+VyaXaHhcEu1ul3HwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB24o8AAAD//+mR0Yo=") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) unshare(0x42000000) r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) fcntl$dupfd(r0, 0x0, r0) syz_usb_disconnect(0xffffffffffffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01010000000000000000010000000900030073797a3100000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 2.056611618s ago: executing program 1 (id=1548): syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NFC_CMD_ACTIVATE_TARGET(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0x7, 0x9) 1.8902085s ago: executing program 2 (id=1561): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000cf00000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 1.845395401s ago: executing program 5 (id=1563): r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02"], 0x48) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[], 0xfe44, 0x0) 1.814902772s ago: executing program 5 (id=1564): bpf$BPF_PROG_QUERY(0x9, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) sendto$inet6(r0, &(0x7f0000000340)="04", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffff9, @rand_addr=' \x01\x00'}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1}, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x4}, 0x8) 1.783212452s ago: executing program 2 (id=1566): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x73, 0xfffff034}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10) r1 = socket(0x2, 0x3, 0x6) bind$inet(r1, &(0x7f0000000080)={0x2, 0xfffa, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f00000000c0)=0x6, 0x4) sendto$inet(r1, 0x0, 0x0, 0x48800, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r1, &(0x7f00000023c0)="8ce2ad4d4f95e087a7846d3f81", 0x14, 0x0, &(0x7f0000002400)={0x2, 0x0, @multicast2}, 0x10) 1.738142973s ago: executing program 2 (id=1568): r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x8b) close(r0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @local}, 0x2}}, 0x2e) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my=0x0}, 0x10) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200), 0x2010000, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000600), r0) 1.208763431s ago: executing program 1 (id=1582): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x2}, 0x18) r1 = io_uring_setup(0x2e2d, &(0x7f0000000780)={0x0, 0xca8a}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0xc, 0x288}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r2, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='0'], 0x30}}) io_uring_enter(r3, 0x3516, 0x0, 0x4, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1.074215343s ago: executing program 1 (id=1584): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0x2000000000000329, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000000)) 1.043069233s ago: executing program 1 (id=1587): socket$packet(0x11, 0xa, 0x300) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0xa, 0x300) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r2, 0x0, 0x6}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) 978.521245ms ago: executing program 0 (id=1590): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2, 0x0, 0xffffffffffffffff}, 0x18) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd09032800050030000000600000001228110081e949b93897bc3b0000000040007d01ff020000000000000000000000000001"], 0xfdef) 943.318385ms ago: executing program 5 (id=1592): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = creat(&(0x7f0000000300)='./file0\x00', 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r2, &(0x7f0000000900)="9d8d645e53b6183d874f9e93a18dd009a09560ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315544fa0a1622d949faba79788908354e467989e8458e6f5f76e0e4e781bfca4c928c956321dd514877569805db6602f1584a8bd051f13bad882bea021ffb5ce918a1f87f1d439ec93772d6ecaaf8891f7678f2037ccced78ea5c1aa805f1b9f5a2c3974c5124cac5e163d9b6f5b998c1c7263fa2331d1241523986dccbd4e1f32b2f521380a2ea4732132264de6d26ce40177a780df98cbf94b96d900a2dfc5c877db675ebb1d7cbc398ca422ddbadc24ee6f3bf036f62cdb056502a6b657ff95930ea668649ad0003afe9a912179ce61631b3dab94642d2768f1f22299deb9eddb917fc0076b74406149024514d07417c6007e8cd4dc4e2295be71f412044b52b1ce32aac048cad9c413a8c19528dc1b432fe7f9fda7182a47243af427a76ede78aa5c6ef75ea1f48e2e9e9d203d4760a1ff6a0119b39a2458a050f9519d4bbd821684ef8356985e8f5b8d86346f428788fc374e7eaa0c2a2ef8478a13b4a56d0821201c37a0066fb9f5cc583005b9f71b67daa300311066bacbf43630a8388aff734a568a123a48ba1344a5500e5c6f8cef539617cd3970ffb873579a3b76bd529f1626d1f90543b2a0190df38bb1e8b6fc9bfc5c42693814665679e78ed8adce4d23b8725416101ae4113fee000cb92b32c6a74851a6c4af4625f28810ec16834a1589063af1bf0b29aa57e06dddc0fddf408fab63c536d5afd9ba5a71f9e534f99e5ea9c1eaaaad710ef30a37df0f87978894333850f4feac3740a3b010da7c250d060c8046cab40d0527234d4b4b28366bc7d5899948ddbfac66c848ef0f842eab95248e9d064c0ec4247483f0aa0cad7ca970365e474fe73cf79cf8c70fc7a015caa273ce41723453632cf5b809584d227f7e98e8ec41494518b0b8a8adbaf5ead6529451b116fab06529b653bffdd6d98f8322265305bdc0ff69f4a70dea414fcc63d149c564c834f24b8f7495cd9ccafa1e3f652cd3270935800ee0d5598afcaa41c150dac263408d77a61b5c77e2c3644dda1b8c333a36c30ce893140ce133827dde34d896d35c498bf6dda965a27cc77e2872fcedaf9dcb89614c758cf62ad769ac05a4fb9e27b421b82c1761f1322b03cc9ea586d15f7d2ffb6ed63c639cee97d9eea8f3934045e60b15eca5c13ebe002467c09815712165cee2af784f9e5db9f7227701ca9a3de588503c84c490f4986aa26e7b63d4c5a30157cdf82e433a1b64496392a1990b2a46b910d9a16429736308f71d8e78824a26f25f21829546b973c0905b20c2ef751eb0064eaf831874f0b58ef8779cafd02bcf075a212e79e07c73c49fc240d6845877fda649d1ab59ea06b907ec5031299a0e1fa2f8cbc241a8531ad241302b569d4581dcc944f27799f25593b97ea7681ba74d6cde9c8f58840ac4c4be3aa90e6273a64e549c47c7232f423406604c9c210eabe3d6a2343bd6c2ae72ab013ce2af32467bcfa8cbf0769f9156e35424", 0x45c) r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x40) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000005c0)={r4, 0x0, 0x0}, 0x10) 880.202296ms ago: executing program 2 (id=1594): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000300)) pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00!', 0x2}], 0x1, 0x20000002, 0x100000) 846.944607ms ago: executing program 5 (id=1596): syz_open_dev$evdev(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 809.169637ms ago: executing program 0 (id=1597): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="000086dd0203030009000a004000623d885d009c11fffc000000000000000000000000000000ff0200000000000000000000000000014e224e21"], 0xd2) 749.977458ms ago: executing program 2 (id=1598): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18) write(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12) write(r2, &(0x7f0000004200)='t', 0x1) sendfile(r2, r1, 0x0, 0x3ffff) sendfile(r2, r1, 0x0, 0x7ffff000) 674.3398ms ago: executing program 0 (id=1600): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x5, 0x7, 0x8, 0x5, 0x80}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r1}, &(0x7f0000000340), &(0x7f0000000580)=r2}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) 611.3769ms ago: executing program 0 (id=1601): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) io_uring_setup(0x4d3f, &(0x7f0000000240)={0x0, 0xca6a, 0x40, 0x1, 0x7d}) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) 586.94815ms ago: executing program 1 (id=1602): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xb76e}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) r3 = socket(0x25, 0x1, 0x0) sendmsg$inet6(r3, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000340)="c6", 0x1}], 0x1}, 0x800) 506.036252ms ago: executing program 0 (id=1603): r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x4b, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000100018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r3}, 0x18) dup(0xffffffffffffffff) write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x44f0) 505.673392ms ago: executing program 5 (id=1604): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ff90000000000000100000850000007b00000095"], &(0x7f0000000480)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000780)='mm_page_free\x00', r1}, 0x18) 505.406002ms ago: executing program 1 (id=1605): r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x8b) close(r0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @local}, 0x2}}, 0x2e) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x0, @my=0x0}, 0x10) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200), 0x2010000, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000600), r0) 488.684822ms ago: executing program 3 (id=1606): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000500)={[{@nodelalloc}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x10000005}}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@resgid}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@barrier_val={'barrier', 0x3d, 0x81}}], [{@flag='ro'}]}, 0xfd, 0x573, &(0x7f0000000640)="$eJzs3V9rW+UfAPDvSZP9636/djCGeiGDXTgZS9fWPxOEzUvR4UDvZ2izMpouo0nHWgduF+7GGxmCiAPxBXjv5fAN+CoGOhgyil6IUDnpSZe1Sf8tNbH5fOBsz5Nzkud58pzvyfOck/QEMLBOpv/kIl6OiK+SiJGWdfnIVp5c3W756e2pdEliZeXj35O4sO61kuz/4SzzUkT8/EXEmdzGcmuLS7OlSqU8n+XH6nM3xmqLS2evzZVmyjPl6xOTk+ffnJx45+23utbW1y//+e1HD98//+Wp5W9+fHzsfhIX42i2Lm1XF4q405o5Wfo7SxXi4roNx7tQWD9Jel0BdmUoi/NCpMeAkRjKoh7Y/z6PiBVgQCXiHwZUcxzQnNt3aR78n/HkvdUJ0Mb251fPjcShxtzoyHLy3Mwone+OdqH8tIyffntwP11i8/MQh7fIA+zInbsRcS6f33j8S7Lj3+6da5w83tz6Mgbt8wd66WE6/knuRGyI/9za+CfajH+G28Tubmwd/7nHXSimo3T8927b8e/aoWt0KMv9rzHmKyRXr1XK5yLi/xFxOgoH0/xm13POLz9a6bSudfyXLmn5zbFgVo/H+YPPP2e6VC+9SJtbPbkb8Urb8W+y1v9Jm/5P34/L2yzjRPnBq53Wbd3+vbXyQ8Rrbfv/2RWtZPPrk2ON/WGsuVds9Me9E790Kr/X7U/7/8jm7R9NWq/X1nZexveH/ip3Wrfb/f9A8kkjfSB77FapXp8fjziQfJgfXv/4xLPnNvPN7dP2nz7VPv432//Tyden22z/veP3Om7aD/0/vaP+33ni0Qeffdep/O31/xuN1Onske0c/7ZbwRd57wAAAAAAAKDf5CLiaCS54lo6lysWV7/fcTyO5CrVWv3M1erC9elo/FZ2NAq55pXukZbvQ4xn34dt5ifW5Scj4lhEfD10uJEvTlUr071uPAAAAAAAAAAAAAAAAAAAAPSJ4Q6//0/9OtTr2gF7rnFjg4O9rgXQC1ve8r8bd3oC+tKW8Q/sWzuPf2cGYL/w+Q+DS/zD4BL/MLi2G/+FkT2uCPCv8/kPg0v8AwAAAAAAAAAAAAAAAAAAAAAAAAAAQFddvnQpXVaWn96eSvPTNxcXZqs3z06Xa7PFuYWp4lR1/kZxplqdqZSLU9W5rV6vUq3eGJ+IhVtj9XKtPlZbXLoyV124Xr9yba40U75SLvhjwwAAAAAAAAAAAAAAAAAAALBBbXFptlSplOclOiYuRF9UYy8buGpXT8/3Syskupro8YEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFr8EwAA//8DDjNQ") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) truncate(&(0x7f0000000100)='./file0/file0\x00', 0x5) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000080), &(0x7f0000000000)=ANY=[], 0x835, 0x2) 413.990893ms ago: executing program 0 (id=1607): r0 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) setresuid(0x0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom(r1, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb) getsockname$packet(r0, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x34}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 326.091625ms ago: executing program 3 (id=1608): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r3}, 0x10) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x1c}, 0x1c}}, 0x0) 289.826315ms ago: executing program 3 (id=1609): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newtfilter={0x34, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x810}, 0x48c0) 234.055096ms ago: executing program 3 (id=1610): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0x8}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000a636000000007fffffff8500000050000000850000000700000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r2}, 0x18) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 193.895207ms ago: executing program 3 (id=1611): r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x140, 0x0) r1 = syz_io_uring_setup(0x2421, &(0x7f0000000380)={0x0, 0x0, 0x13090}, &(0x7f0000000100), &(0x7f0000000080)) close(0x3) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) sendto$inet(r2, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000040), 0x4) shutdown(r2, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 132.416508ms ago: executing program 3 (id=1612): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x10) sendmsg$tipc(r2, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4080000}, 0x0) 0s ago: executing program 5 (id=1613): socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000300)={0x0, 0x989680}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) unlinkat(0xffffffffffffffff, 0x0, 0x200) signalfd4(r1, 0x0, 0x0, 0x0) unshare(0x40000000) kernel console output (not intermixed with test programs): T3485] loop3: detected capacity change from 0 to 512 [ 34.879062][ T29] audit: type=1326 audit(1751064918.508:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 34.908491][ T29] audit: type=1326 audit(1751064918.508:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 34.909723][ T3485] ext4: Unknown parameter 'noacl' [ 34.931565][ T29] audit: type=1326 audit(1751064918.508:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 34.959898][ T29] audit: type=1326 audit(1751064918.508:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3480 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 34.987225][ T3486] x_tables: ip6_tables: tcpmss match: only valid for protocol 6 [ 35.202915][ T3499] loop3: detected capacity change from 0 to 128 [ 35.240646][ T3499] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 35.266881][ T3499] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 35.283801][ T3499] ./file0: Can't lookup blockdev [ 35.305124][ T3309] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 35.951988][ T3520] veth0: entered promiscuous mode [ 35.958112][ T3520] netlink: 4 bytes leftover after parsing attributes in process `syz.0.17'. [ 36.140257][ T3526] loop2: detected capacity change from 0 to 1024 [ 36.147204][ T3526] ======================================================= [ 36.147204][ T3526] WARNING: The mand mount option has been deprecated and [ 36.147204][ T3526] and is ignored by this kernel. Remove the mand [ 36.147204][ T3526] option from the mount to silence this warning. [ 36.147204][ T3526] ======================================================= [ 36.213336][ T3526] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.241386][ T3526] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.19: Allocating blocks 449-513 which overlap fs metadata [ 36.264928][ T3525] EXT4-fs (loop2): pa ffff888106ab6070: logic 48, phys. 177, len 21 [ 36.273140][ T3525] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4 [ 36.308952][ T3526] syz.2.19 (3526) used greatest stack depth: 10640 bytes left [ 36.323623][ T3533] process 'syz.3.21' launched '/dev/fd/3' with NULL argv: empty string added [ 36.338420][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.390005][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.397987][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.405825][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.413754][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.421564][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.429410][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.437261][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.445136][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.452958][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.460795][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.468680][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.476606][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.484401][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.492211][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.500071][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.507880][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.515687][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.523631][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.531401][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.539227][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.547018][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.554822][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.562677][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.570478][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.578370][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.586187][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.593999][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.601850][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.609626][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.617441][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.625249][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.633136][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.641118][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.649019][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.656973][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.664796][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.672649][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.680412][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.688303][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.696138][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.704036][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.711872][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.719657][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: unknown main item tag 0x0 [ 36.729533][ T3544] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 36.730385][ T3516] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 36.751796][ T3393] hid-generic 0000:007F:FFFFFFFE.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 36.838344][ T3551] fido_id[3551]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 36.906246][ T3562] program syz.2.31 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 36.926133][ T3562] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 36.969100][ T3566] ip6_vti0: mtu greater than device maximum [ 37.049963][ C1] hrtimer: interrupt took 27036 ns [ 37.132391][ T3417] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 37.192207][ T3584] loop0: detected capacity change from 0 to 128 [ 37.327930][ T3584] syz.0.41: attempt to access beyond end of device [ 37.327930][ T3584] loop0: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 37.358896][ T3584] syz.0.41: attempt to access beyond end of device [ 37.358896][ T3584] loop0: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 37.381634][ T3584] syz.0.41: attempt to access beyond end of device [ 37.381634][ T3584] loop0: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 37.396692][ T3584] syz.0.41: attempt to access beyond end of device [ 37.396692][ T3584] loop0: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 37.413527][ T3584] syz.0.41: attempt to access beyond end of device [ 37.413527][ T3584] loop0: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 37.427158][ T3584] syz.0.41: attempt to access beyond end of device [ 37.427158][ T3584] loop0: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 37.447717][ T3584] syz.0.41: attempt to access beyond end of device [ 37.447717][ T3584] loop0: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 37.463000][ T3584] syz.0.41: attempt to access beyond end of device [ 37.463000][ T3584] loop0: rw=2049, sector=265, nr_sectors = 8 limit=128 [ 37.491081][ T3584] syz.0.41: attempt to access beyond end of device [ 37.491081][ T3584] loop0: rw=2049, sector=281, nr_sectors = 8 limit=128 [ 37.506123][ T3584] syz.0.41: attempt to access beyond end of device [ 37.506123][ T3584] loop0: rw=2049, sector=297, nr_sectors = 8 limit=128 [ 37.533379][ T3597] syz.3.46 uses obsolete (PF_INET,SOCK_PACKET) [ 37.571717][ T3599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 37.582345][ T3599] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 37.598067][ T3599] ref_ctr_offset mismatch. inode: 0x27 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8 [ 37.671151][ T3603] Driver unsupported XDP return value 0 on prog (id 43) dev N/A, expect packet loss! [ 37.701837][ T3386] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 37.726921][ T3607] loop2: detected capacity change from 0 to 512 [ 37.771692][ T2960] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 37.822406][ T3609] netlink: 12 bytes leftover after parsing attributes in process `syz.4.52'. [ 37.976498][ T3616] bridge: RTM_NEWNEIGH with invalid ether address [ 38.295085][ T3655] loop4: detected capacity change from 0 to 1024 [ 38.324024][ T3655] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.344190][ T3655] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.366602][ T3668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.66'. [ 38.437457][ T3679] loop1: detected capacity change from 0 to 1024 [ 38.456086][ T3679] EXT4-fs: Ignoring removed oldalloc option [ 38.506421][ T3679] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.533392][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.571957][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 38.614594][ T3694] loop2: detected capacity change from 0 to 2048 [ 38.644447][ T3694] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.799762][ T3715] loop3: detected capacity change from 0 to 512 [ 38.812172][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 38.820741][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 38.843687][ T3715] EXT4-fs: Ignoring removed bh option [ 38.870246][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.881761][ T3715] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 38.895243][ T3715] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 38.904713][ T3715] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 38.921515][ T3715] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 38.954428][ T3715] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 38.970410][ T3715] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.008094][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.052380][ T3386] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 39.199426][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.461932][ T3773] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 40.347309][ T29] kauditd_printk_skb: 148 callbacks suppressed [ 40.347327][ T29] audit: type=1400 audit(2000000000.600:257): avc: denied { write } for pid=3869 comm="syz.1.98" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 40.411332][ T3881] loop3: detected capacity change from 0 to 1024 [ 40.439725][ T3881] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 40.450867][ T3881] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 40.493421][ T3881] JBD2: no valid journal superblock found [ 40.499232][ T3881] EXT4-fs (loop3): Could not load journal inode [ 40.527274][ T29] audit: type=1400 audit(2000000000.780:258): avc: denied { validate_trans } for pid=3880 comm="syz.3.103" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 40.557809][ T29] audit: type=1400 audit(2000000000.810:259): avc: denied { read } for pid=3889 comm="syz.1.106" path="socket:[4594]" dev="sockfs" ino=4594 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 40.679499][ T29] audit: type=1400 audit(2000000000.930:260): avc: denied { mount } for pid=3900 comm="syz.2.111" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 40.707844][ T29] audit: type=1326 audit(2000000000.930:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3899 comm="syz.4.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 40.731306][ T29] audit: type=1326 audit(2000000000.930:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3899 comm="syz.4.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 40.754825][ T29] audit: type=1326 audit(2000000000.940:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3899 comm="syz.4.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 40.778199][ T29] audit: type=1326 audit(2000000000.940:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3899 comm="syz.4.110" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 40.804088][ T3906] netlink: 24 bytes leftover after parsing attributes in process `syz.1.106'. [ 40.851298][ T29] audit: type=1400 audit(2000000001.100:265): avc: denied { unmount } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 40.928486][ T29] audit: type=1400 audit(2000000001.180:266): avc: denied { write } for pid=3911 comm="syz.4.113" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 40.975292][ T3920] loop1: detected capacity change from 0 to 128 [ 41.017599][ T3920] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 41.053853][ T3929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.121'. [ 41.073024][ T3920] ext4 filesystem being mounted at /22/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 41.126365][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 41.226422][ T3941] netlink: 100 bytes leftover after parsing attributes in process `+}[@'. [ 41.349199][ T3947] SELinux: failed to load policy [ 41.483048][ T3962] loop2: detected capacity change from 0 to 164 [ 41.529879][ T3962] Unable to read rock-ridge attributes [ 41.547312][ T3968] netlink: 'syz.3.138': attribute type 32 has an invalid length. [ 41.547424][ T3962] Unable to read rock-ridge attributes [ 41.555276][ T3968] netlink: 12 bytes leftover after parsing attributes in process `syz.3.138'. [ 41.782384][ T3992] bridge: RTM_NEWNEIGH with invalid ether address [ 41.797653][ T3993] loop2: detected capacity change from 0 to 512 [ 41.805900][ T3990] netlink: 256 bytes leftover after parsing attributes in process `syz.3.143'. [ 41.854215][ T3993] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.900271][ T4004] serio: Serial port ptm0 [ 41.913844][ T3993] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 41.933767][ T2960] net_ratelimit: 20 callbacks suppressed [ 41.933786][ T2960] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 42.018749][ T4012] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 42.084598][ T4020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 42.139256][ T4025] tipc: Failed to remove unknown binding: 66,1,1/0:742598058/742598060 [ 42.179179][ T4025] tipc: Failed to remove unknown binding: 66,1,1/0:742598058/742598060 [ 42.187736][ T4025] tipc: Failed to remove unknown binding: 66,1,1/0:742598058/742598060 [ 42.236373][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.258071][ T4030] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 42.284287][ T4030] bond_slave_1: entered promiscuous mode [ 42.311950][ T4029] bond_slave_1: left promiscuous mode [ 42.354180][ T4043] netlink: 52 bytes leftover after parsing attributes in process `syz.1.164'. [ 42.450961][ T4039] loop2: detected capacity change from 0 to 8192 [ 42.907156][ T4124] netlink: 'syz.1.183': attribute type 1 has an invalid length. [ 42.937597][ T4124] 8021q: adding VLAN 0 to HW filter on device bond1 [ 42.964373][ T4124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.183'. [ 42.976222][ T2960] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 43.006985][ T4124] bond1 (unregistering): Released all slaves [ 43.104082][ T4154] veth0_vlan: entered allmulticast mode [ 43.131942][ T4154] ÿÿÿÿÿÿ: renamed from vlan1 [ 43.188578][ T4160] netlink: 20 bytes leftover after parsing attributes in process `syz.4.190'. [ 43.197660][ T4160] netlink: 20 bytes leftover after parsing attributes in process `syz.4.190'. [ 43.443053][ T4183] wg2: entered promiscuous mode [ 43.448085][ T4183] wg2: entered allmulticast mode [ 43.578753][ T4195] loop4: detected capacity change from 0 to 2048 [ 43.606789][ T4195] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 43.689244][ T4208] mmap: syz.2.206 (4208) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 43.765650][ T4209] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 43.781218][ T4209] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1914 with error 28 [ 43.793785][ T4209] EXT4-fs (loop4): This should not happen!! Data will be lost [ 43.793785][ T4209] [ 43.803559][ T4209] EXT4-fs (loop4): Total free blocks count 0 [ 43.809631][ T4209] EXT4-fs (loop4): Free/Dirty block details [ 43.815577][ T4209] EXT4-fs (loop4): free_blocks=2415919104 [ 43.821329][ T4209] EXT4-fs (loop4): dirty_blocks=1920 [ 43.826712][ T4209] EXT4-fs (loop4): Block reservation details [ 43.832879][ T4209] EXT4-fs (loop4): i_reserved_data_blocks=120 [ 43.912730][ T4209] syz.4.205 (4209) used greatest stack depth: 10120 bytes left [ 43.941425][ T58] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 44.013511][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 44.074141][ T4226] Zero length message leads to an empty skb [ 44.108609][ T4226] loop4: detected capacity change from 0 to 1024 [ 44.154895][ T4226] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.202499][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.361313][ T4251] loop1: detected capacity change from 0 to 2048 [ 44.369572][ T4251] EXT4-fs: Ignoring removed mblk_io_submit option [ 44.406263][ T4251] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.545018][ T4270] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.225: bg 0: block 234: padding at end of block bitmap is not set [ 44.568836][ T4269] vlan2: entered allmulticast mode [ 44.579868][ T4270] EXT4-fs (loop1): Remounting filesystem read-only [ 44.631701][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.655572][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 44.669831][ T4277] netlink: 'syz.1.235': attribute type 1 has an invalid length. [ 44.684873][ T4277] 8021q: adding VLAN 0 to HW filter on device bond1 [ 44.708684][ T4277] bond1: (slave gretap1): making interface the new active one [ 44.717562][ T4277] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 44.758857][ T4277] bond1 (unregistering): (slave gretap1): Releasing active interface [ 44.769777][ T4277] bond1 (unregistering): Released all slaves [ 44.860196][ T4334] loop1: detected capacity change from 0 to 1024 [ 44.880012][ T4334] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.067269][ T2960] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 45.180384][ T4342] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4342 comm=syz.3.238 [ 45.193635][ T4342] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4342 comm=syz.3.238 [ 45.215867][ T2960] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 45.324551][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.424834][ T29] kauditd_printk_skb: 235 callbacks suppressed [ 45.424847][ T29] audit: type=1400 audit(2000000005.680:502): avc: denied { mount } for pid=4357 comm="syz.4.246" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 45.532372][ T29] audit: type=1400 audit(2000000005.790:503): avc: denied { unmount } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 45.590862][ T29] audit: type=1400 audit(2000000005.840:504): avc: denied { mounton } for pid=4362 comm="syz.4.248" path="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 45.650689][ T29] audit: type=1400 audit(2000000005.890:505): avc: denied { unmount } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 45.712539][ T29] audit: type=1400 audit(2000000005.970:506): avc: denied { name_bind } for pid=4370 comm="syz.1.252" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 45.743416][ T4375] loop4: detected capacity change from 0 to 512 [ 45.784213][ T4375] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.786918][ T4379] vlan2: entered allmulticast mode [ 45.803000][ T4379] dummy0: entered allmulticast mode [ 45.832084][ T4375] ext4 filesystem being mounted at /64/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.855292][ T29] audit: type=1400 audit(2000000006.110:507): avc: denied { setattr } for pid=4374 comm="syz.4.254" path="/64/bus/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 46.011750][ T29] audit: type=1400 audit(2000000006.190:508): avc: denied { ioctl } for pid=4374 comm="syz.4.254" path="/64/bus/file1" dev="loop4" ino=15 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 46.102997][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 46.236953][ T29] audit: type=1326 audit(2000000006.490:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4389 comm="syz.2.257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63c160e929 code=0x7ffc0000 [ 46.260485][ T29] audit: type=1326 audit(2000000006.490:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4389 comm="syz.2.257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63c160e929 code=0x7ffc0000 [ 46.284189][ T29] audit: type=1326 audit(2000000006.490:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4389 comm="syz.2.257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f63c160e929 code=0x7ffc0000 [ 46.315774][ T4392] netlink: 'syz.3.258': attribute type 4 has an invalid length. [ 46.377237][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.788397][ T4429] loop2: detected capacity change from 0 to 512 [ 46.807793][ T4429] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.826536][ T4429] ext4 filesystem being mounted at /48/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 47.035120][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.137067][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 47.145269][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 47.438224][ T4447] loop1: detected capacity change from 0 to 2048 [ 47.475127][ T4447] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 47.490831][ T4450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.531188][ T4450] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.565561][ T4458] __nla_validate_parse: 4 callbacks suppressed [ 47.565579][ T4458] netlink: 2 bytes leftover after parsing attributes in process `syz.0.281'. [ 47.647165][ T4459] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 47.663240][ T4459] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1510 with error 28 [ 47.675855][ T4459] EXT4-fs (loop1): This should not happen!! Data will be lost [ 47.675855][ T4459] [ 47.685547][ T4459] EXT4-fs (loop1): Total free blocks count 0 [ 47.691615][ T4459] EXT4-fs (loop1): Free/Dirty block details [ 47.697754][ T4459] EXT4-fs (loop1): free_blocks=2415919104 [ 47.703638][ T4459] EXT4-fs (loop1): dirty_blocks=1520 [ 47.709049][ T4459] EXT4-fs (loop1): Block reservation details [ 47.715202][ T4459] EXT4-fs (loop1): i_reserved_data_blocks=95 [ 47.777462][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 47.787935][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 47.796659][ T3386] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 47.920533][ T4324] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 47.966004][ T4480] netlink: 4 bytes leftover after parsing attributes in process `syz.4.287'. [ 48.055458][ T4492] netlink: zone id is out of range [ 48.060673][ T4492] netlink: zone id is out of range [ 48.065963][ T4492] netlink: zone id is out of range [ 48.071153][ T4492] netlink: zone id is out of range [ 48.076348][ T4492] netlink: zone id is out of range [ 48.113222][ T4496] netlink: 96 bytes leftover after parsing attributes in process `syz.1.295'. [ 48.374568][ T4519] netlink: 52 bytes leftover after parsing attributes in process `syz.2.307'. [ 48.399211][ T4522] netlink: 4 bytes leftover after parsing attributes in process `syz.0.308'. [ 48.409753][ T4522] netlink: 12 bytes leftover after parsing attributes in process `syz.0.308'. [ 48.516876][ T4522] netlink: 156 bytes leftover after parsing attributes in process `syz.0.308'. [ 48.707075][ T4547] 9pnet: p9_errstr2errno: server reported unknown error [ 48.751232][ T4550] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 48.918949][ T4569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.329'. [ 49.067450][ T4576] netlink: 12 bytes leftover after parsing attributes in process `syz.1.331'. [ 49.705578][ T4628] netlink: 24 bytes leftover after parsing attributes in process `syz.2.352'. [ 49.774608][ T4636] blktrace: Concurrent blktraces are not allowed on loop5 [ 49.909521][ T4642] vlan0: entered promiscuous mode [ 49.958756][ T4649] netlink: 'syz.0.363': attribute type 7 has an invalid length. [ 50.503403][ T29] kauditd_printk_skb: 211 callbacks suppressed [ 50.503422][ T29] audit: type=1326 audit(2000000010.760:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4660 comm="syz.4.368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 50.515412][ T4662] loop3: detected capacity change from 0 to 2048 [ 50.549908][ T4666] syz.1.369 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 50.588653][ T29] audit: type=1326 audit(2000000010.790:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4660 comm="syz.4.368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 50.591313][ T4662] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 50.612183][ T29] audit: type=1326 audit(2000000010.790:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4660 comm="syz.4.368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 50.612219][ T29] audit: type=1326 audit(2000000010.790:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4660 comm="syz.4.368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 50.671211][ T29] audit: type=1326 audit(2000000010.790:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4660 comm="syz.4.368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 50.694662][ T29] audit: type=1326 audit(2000000010.790:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4660 comm="syz.4.368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 50.717912][ T29] audit: type=1326 audit(2000000010.790:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4660 comm="syz.4.368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 50.741305][ T29] audit: type=1326 audit(2000000010.840:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4673 comm="syz.4.372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 50.764818][ T29] audit: type=1326 audit(2000000010.840:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4673 comm="syz.4.372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 50.788161][ T29] audit: type=1326 audit(2000000010.840:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4673 comm="syz.4.372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 50.863665][ T4688] 9pnet: p9_errstr2errno: server reported unknown error [ 50.886796][ T4681] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 50.902523][ T4681] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 792 with error 28 [ 50.914979][ T4681] EXT4-fs (loop3): This should not happen!! Data will be lost [ 50.914979][ T4681] [ 50.924689][ T4681] EXT4-fs (loop3): Total free blocks count 0 [ 50.930693][ T4681] EXT4-fs (loop3): Free/Dirty block details [ 50.936652][ T4681] EXT4-fs (loop3): free_blocks=2415919104 [ 50.942454][ T4681] EXT4-fs (loop3): dirty_blocks=800 [ 50.947698][ T4681] EXT4-fs (loop3): Block reservation details [ 50.953760][ T4681] EXT4-fs (loop3): i_reserved_data_blocks=50 [ 51.121695][ T4324] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 51.279985][ T4723] loop4: detected capacity change from 0 to 512 [ 51.284063][ T4721] team1: entered promiscuous mode [ 51.311324][ T4723] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.395: corrupted in-inode xattr: invalid ea_ino [ 51.317871][ T4721] team1: entered allmulticast mode [ 51.337397][ T4723] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.395: couldn't read orphan inode 15 (err -117) [ 51.350523][ T4723] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.413117][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.493410][ T4740] netlink: 'syz.3.401': attribute type 1 has an invalid length. [ 51.518493][ T4740] 8021q: adding VLAN 0 to HW filter on device bond1 [ 51.551538][ T4740] 8021q: adding VLAN 0 to HW filter on device bond1 [ 51.563168][ T4740] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 51.574805][ T4740] bond1: (slave vti0): Error -95 calling set_mac_address [ 51.619794][ T4753] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 51.619794][ T4753] The task syz.0.402 (4753) triggered the difference, watch for misbehavior. [ 51.659243][ T1036] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 51.677606][ T1036] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 51.687732][ T4755] loop4: detected capacity change from 0 to 1024 [ 51.696157][ T4755] EXT4-fs: Ignoring removed nomblk_io_submit option [ 51.710267][ T4755] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 51.730354][ T4755] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.777827][ T1036] kernel write not supported for file /uhid (pid: 1036 comm: kworker/0:2) [ 51.813170][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.026217][ T4791] loop4: detected capacity change from 0 to 512 [ 52.035874][ T4791] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 52.048714][ T4791] EXT4-fs (loop4): 1 truncate cleaned up [ 52.056011][ T4791] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.119901][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.165620][ T4803] capability: warning: `syz.3.426' uses deprecated v2 capabilities in a way that may be insecure [ 52.165759][ T4800] team1: entered promiscuous mode [ 52.188661][ T4800] team1: entered allmulticast mode [ 52.334320][ T3413] net_ratelimit: 8 callbacks suppressed [ 52.334339][ T3413] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 52.400306][ T4823] loop3: detected capacity change from 0 to 512 [ 52.408532][ T4823] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.436: iget: bad extended attribute block 1 [ 52.423976][ T4823] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.436: couldn't read orphan inode 15 (err -117) [ 52.436610][ T4823] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.512072][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.585760][ T4838] batman_adv: batadv0: Adding interface: dummy0 [ 52.592368][ T4838] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 52.620625][ T4842] loop4: detected capacity change from 0 to 256 [ 52.631626][ T4842] FAT-fs (loop4): bogus number of FAT sectors [ 52.637857][ T4842] FAT-fs (loop4): Can't find a valid FAT filesystem [ 52.649487][ T4838] batman_adv: batadv0: Interface activated: dummy0 [ 52.668943][ T4842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 52.669422][ T4845] batadv0: mtu less than device minimum [ 52.683497][ T4845] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 52.684487][ T4842] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 52.694235][ T4845] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 52.712542][ T4845] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 52.723235][ T4845] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 52.734181][ T4845] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 52.745004][ T4845] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 52.755806][ T4845] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 52.766677][ T4845] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 52.792748][ T4847] loop1: detected capacity change from 0 to 164 [ 52.811072][ T4847] __nla_validate_parse: 13 callbacks suppressed [ 52.811092][ T4847] netlink: 12 bytes leftover after parsing attributes in process `syz.1.445'. [ 52.968011][ T4858] loop3: detected capacity change from 0 to 2048 [ 52.997688][ T4858] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.053762][ T3309] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 53.088852][ T3309] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 53.136660][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.153807][ T4868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.455'. [ 53.190710][ T4868] netlink: 12 bytes leftover after parsing attributes in process `syz.2.455'. [ 53.339407][ T4878] loop4: detected capacity change from 0 to 512 [ 53.350193][ T4878] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.458: iget: bad extended attribute block 1 [ 53.363548][ T4878] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.458: couldn't read orphan inode 15 (err -117) [ 53.379219][ T4878] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.417048][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.537605][ T4895] tipc: Started in network mode [ 53.542587][ T4895] tipc: Node identity 7e04c2e38c0b, cluster identity 4711 [ 53.549869][ T4895] tipc: Enabled bearer , priority 0 [ 53.589133][ T4895] tipc: Disabling bearer [ 53.653318][ T4900] netlink: 532 bytes leftover after parsing attributes in process `syz.1.468'. [ 53.765049][ T4908] sch_fq: defrate 2048 ignored. [ 53.791033][ T4911] netlink: 96 bytes leftover after parsing attributes in process `syz.1.473'. [ 53.914158][ T4927] netlink: 8 bytes leftover after parsing attributes in process `syz.4.479'. [ 54.440228][ T4983] netlink: 16 bytes leftover after parsing attributes in process `syz.0.504'. [ 54.455255][ T4987] tipc: Started in network mode [ 54.455284][ T4987] tipc: Node identity ac14140f, cluster identity 4711 [ 54.455449][ T4987] tipc: New replicast peer: 255.255.255.255 [ 54.455645][ T4987] tipc: Enabled bearer , priority 10 [ 54.488194][ T4983] netlink: 16 bytes leftover after parsing attributes in process `syz.0.504'. [ 54.527513][ T4993] loop4: detected capacity change from 0 to 256 [ 54.533989][ T4995] loop1: detected capacity change from 0 to 512 [ 54.540773][ T4995] EXT4-fs: Ignoring removed i_version option [ 54.562680][ T4995] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.512: corrupted in-inode xattr: overlapping e_value [ 54.584298][ T4995] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.512: couldn't read orphan inode 15 (err -117) [ 54.596759][ T4995] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.651777][ T4995] EXT4-fs error (device loop1): ext4_add_entry:2417: inode #2: comm syz.1.512: Directory hole found for htree leaf block 0 [ 54.683376][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.743380][ T5018] SET target dimension over the limit! [ 54.823545][ T5030] netlink: 'syz.0.527': attribute type 4 has an invalid length. [ 54.842667][ T5032] netlink: 96 bytes leftover after parsing attributes in process `syz.4.529'. [ 54.921052][ T5044] tipc: Enabled bearer , priority 0 [ 54.934408][ T5044] tipc: Disabling bearer [ 55.991509][ T3413] tipc: Node number set to 2886997007 [ 55.997812][ T29] kauditd_printk_skb: 140 callbacks suppressed [ 55.997876][ T29] audit: type=1326 audit(2000000016.250:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5125 comm="syz.1.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 56.029341][ T29] audit: type=1326 audit(2000000016.280:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5125 comm="syz.1.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 56.041223][ T5126] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 56.059150][ T5126] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 56.066896][ T5126] vhci_hcd vhci_hcd.0: Device attached [ 56.081896][ T5126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.573'. [ 56.092992][ T5127] vhci_hcd: connection closed [ 56.093039][ T29] audit: type=1326 audit(2000000016.290:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5125 comm="syz.1.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f88f8cb087a code=0x7ffc0000 [ 56.098646][ T4295] vhci_hcd: stop threads [ 56.121051][ T29] audit: type=1326 audit(2000000016.290:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5125 comm="syz.1.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f88f8cad290 code=0x7ffc0000 [ 56.125368][ T4295] vhci_hcd: release socket [ 56.148596][ T29] audit: type=1326 audit(2000000016.290:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5125 comm="syz.1.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f88f8cad3df code=0x7ffc0000 [ 56.148632][ T29] audit: type=1326 audit(2000000016.290:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5090 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 56.148754][ T29] audit: type=1326 audit(2000000016.290:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5090 comm="syz.4.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947f2ae929 code=0x7ffc0000 [ 56.153219][ T4295] vhci_hcd: disconnect device [ 56.228070][ T29] audit: type=1326 audit(2000000016.330:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5125 comm="syz.1.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f88f8cad58a code=0x7ffc0000 [ 56.251425][ T29] audit: type=1326 audit(2000000016.330:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5125 comm="syz.1.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 56.274759][ T29] audit: type=1326 audit(2000000016.330:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5125 comm="syz.1.573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 56.298998][ T5132] wg2: left promiscuous mode [ 56.303697][ T5132] wg2: left allmulticast mode [ 56.318997][ T5132] wg2: entered promiscuous mode [ 56.323961][ T5132] wg2: entered allmulticast mode [ 56.363205][ T5139] loop4: detected capacity change from 0 to 512 [ 56.369912][ T5139] EXT4-fs: Ignoring removed i_version option [ 56.394816][ T5139] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.578: corrupted in-inode xattr: overlapping e_value [ 56.423868][ T5139] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.578: couldn't read orphan inode 15 (err -117) [ 56.436919][ T5139] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.451012][ T5145] SELinux: Context system_u:object_r:hald_sonypic_exec_t:s0 is not valid (left unmapped). [ 56.454248][ T5139] EXT4-fs error (device loop4): ext4_add_entry:2417: inode #2: comm syz.4.578: Directory hole found for htree leaf block 0 [ 56.508035][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.620695][ T5162] loop4: detected capacity change from 0 to 128 [ 56.633020][ T5162] EXT4-fs: Ignoring removed nobh option [ 56.661150][ T5162] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 56.676420][ T5162] ext4 filesystem being mounted at /136/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 56.686883][ T5164] kernel read not supported for file /policy (pid: 5164 comm: syz.3.588) [ 56.729276][ T3306] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 56.758615][ T5177] loop4: detected capacity change from 0 to 512 [ 56.770953][ T5177] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 56.781001][ T5177] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002] [ 56.791146][ T5177] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.594: corrupted in-inode xattr: e_value size too large [ 56.806971][ T5179] atomic_op ffff88811984bd28 conn xmit_atomic 0000000000000000 [ 56.807196][ T5177] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.594: couldn't read orphan inode 15 (err -117) [ 56.828481][ T5177] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.895197][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.073004][ T5199] loop3: detected capacity change from 0 to 2048 [ 57.093700][ T5199] EXT4-fs (loop3): mounted filesystem 00000000-0000-00ff-0000-000000000000 r/w without journal. Quota mode: none. [ 57.118310][ T5199] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.171689][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-00ff-0000-000000000000. [ 57.310738][ T5229] loop4: detected capacity change from 0 to 512 [ 57.323888][ T5229] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 57.362064][ T5229] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.381801][ T3417] net_ratelimit: 17 callbacks suppressed [ 57.381887][ T3417] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 57.395691][ T3393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 57.398086][ T5229] ext4 filesystem being mounted at /140/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.438978][ T5244] loop1: detected capacity change from 0 to 512 [ 57.466018][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.485573][ T5244] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.498789][ T5244] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.530283][ T5244] syz.1.614 (5244) used greatest stack depth: 10096 bytes left [ 57.538367][ T3413] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 57.570737][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.607721][ T5257] loop1: detected capacity change from 0 to 1024 [ 57.656651][ T5257] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.736475][ T5257] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 15: block 433:freeing already freed block (bit 27); block bitmap corrupt. [ 57.806447][ T5257] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28 [ 57.818945][ T5257] EXT4-fs (loop1): This should not happen!! Data will be lost [ 57.818945][ T5257] [ 57.828703][ T5257] EXT4-fs (loop1): Total free blocks count 0 [ 57.834796][ T5257] EXT4-fs (loop1): Free/Dirty block details [ 57.840804][ T5257] EXT4-fs (loop1): free_blocks=16 [ 57.845883][ T5257] EXT4-fs (loop1): dirty_blocks=0 [ 57.850942][ T5257] EXT4-fs (loop1): Block reservation details [ 57.857027][ T5257] EXT4-fs (loop1): i_reserved_data_blocks=0 [ 57.886820][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.919642][ T5267] bond1: entered promiscuous mode [ 57.925274][ T5267] bond1: entered allmulticast mode [ 57.931994][ T5267] 8021q: adding VLAN 0 to HW filter on device bond1 [ 57.960861][ T5267] bond1 (unregistering): Released all slaves [ 58.025279][ T3386] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 58.198734][ T5305] SET target dimension over the limit! [ 58.332225][ T5323] loop3: detected capacity change from 0 to 128 [ 58.350015][ T5323] EXT4-fs: Ignoring removed nobh option [ 58.377096][ T5323] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 58.389601][ T5323] ext4 filesystem being mounted at /108/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 58.428522][ T5338] tipc: Enabled bearer , priority 0 [ 58.458261][ T5338] tipc: Disabling bearer [ 58.486388][ T5344] __nla_validate_parse: 9 callbacks suppressed [ 58.486406][ T5344] netlink: 4 bytes leftover after parsing attributes in process `syz.0.649'. [ 58.506429][ T3309] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 58.523651][ T5344] team1: entered promiscuous mode [ 58.536953][ T5344] team1: entered allmulticast mode [ 58.573866][ T3393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 58.605589][ T5356] netlink: 8 bytes leftover after parsing attributes in process `syz.3.655'. [ 58.614732][ T5356] netlink: 4 bytes leftover after parsing attributes in process `syz.3.655'. [ 58.626968][ T5356] wireguard0: entered promiscuous mode [ 58.632538][ T5356] wireguard0: entered allmulticast mode [ 58.676876][ T5364] loop4: detected capacity change from 0 to 128 [ 58.689624][ T5364] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 58.701886][ T5368] loop3: detected capacity change from 0 to 128 [ 58.706130][ T5364] ext4 filesystem being mounted at /152/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 58.708708][ T5368] vfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿ' [ 58.766501][ T3306] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 59.041115][ T5391] netlink: 14528 bytes leftover after parsing attributes in process `syz.1.669'. [ 59.090380][ T5395] netlink: 20 bytes leftover after parsing attributes in process `kfree'. [ 59.118919][ T5398] netlink: 1276 bytes leftover after parsing attributes in process `syz.1.670'. [ 59.194207][ T5406] SELinux: Context @ is not valid (left unmapped). [ 59.225109][ T5408] netlink: 100 bytes leftover after parsing attributes in process `syz.2.677'. [ 59.245624][ T5410] loop4: detected capacity change from 0 to 164 [ 59.254795][ T5410] bio_check_eod: 27 callbacks suppressed [ 59.254813][ T5410] syz.4.678: attempt to access beyond end of device [ 59.254813][ T5410] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 59.276090][ T5410] syz.4.678: attempt to access beyond end of device [ 59.276090][ T5410] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 59.315054][ T5416] netlink: 52 bytes leftover after parsing attributes in process `syz.4.681'. [ 59.370091][ T5420] loop4: detected capacity change from 0 to 2048 [ 59.529887][ T5443] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5443 comm=syz.2.693 [ 59.603836][ T5451] netlink: 8 bytes leftover after parsing attributes in process `syz.4.697'. [ 59.614638][ T2960] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 59.669192][ T5458] loop4: detected capacity change from 0 to 512 [ 59.676100][ T5458] EXT4-fs: Ignoring removed orlov option [ 59.682943][ T5458] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 59.692774][ T5458] EXT4-fs (loop4): orphan cleanup on readonly fs [ 59.701587][ T5456] syzkaller0: entered promiscuous mode [ 59.707144][ T5456] syzkaller0: entered allmulticast mode [ 59.713698][ T5458] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.700: bg 0: block 248: padding at end of block bitmap is not set [ 59.741444][ T3830] syzkaller0: tun_net_xmit 48 [ 59.749750][ T5456] syzkaller0: tun_net_xmit 1280 [ 59.754715][ T5456] syzkaller0: create flow: hash 2591304010 index 1 [ 59.766466][ T5455] syzkaller0: delete flow: hash 2591304010 index 1 [ 59.773401][ T5458] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.700: Failed to acquire dquot type 1 [ 59.793515][ T5458] EXT4-fs (loop4): 1 truncate cleaned up [ 59.804047][ T5458] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 59.817060][ T5458] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.843140][ T5458] syz.4.700 (5458) used greatest stack depth: 9304 bytes left [ 59.923307][ T5466] bridge: RTM_NEWNEIGH with invalid ether address [ 59.948138][ T5468] netlink: 12 bytes leftover after parsing attributes in process `syz.1.705'. [ 59.970332][ T5468] smc: net device bond0 applied user defined pnetid SY [ 59.981884][ T5468] smc: net device bond0 erased user defined pnetid SY [ 59.992365][ T5473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 60.001554][ T5473] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 60.285184][ T5491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 60.293809][ T5491] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 60.492777][ T3386] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 60.616182][ T5513] SELinux: Context system_u:object_r:utempter_exec_t:s0 is not valid (left unmapped). [ 60.655649][ T2960] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 60.686184][ T5520] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5520 comm=syz.0.727 [ 60.824346][ T5538] loop1: detected capacity change from 0 to 128 [ 60.894752][ T5546] netlink: 'syz.1.738': attribute type 1 has an invalid length. [ 60.923218][ T5546] bond1: (slave bridge3): Enslaving as a backup interface with an up link [ 61.026444][ T5558] loop1: detected capacity change from 0 to 512 [ 61.043823][ T5558] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.057059][ T5558] ext4 filesystem being mounted at /173/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 61.172136][ T5566] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 61.368111][ T5567] No such timeout policy "syz1" [ 61.591818][ T5572] loop4: detected capacity change from 0 to 128 [ 61.605000][ T5572] EXT4-fs: Ignoring removed nobh option [ 61.619517][ T5572] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 61.646000][ T5572] ext4 filesystem being mounted at /177/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 61.693937][ T3393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.738424][ T5551] Set syz1 is full, maxelem 65536 reached [ 61.759072][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.827120][ T5579] xt_hashlimit: max too large, truncated to 1048576 [ 61.844902][ T3306] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 62.070189][ T5592] loop3: detected capacity change from 0 to 512 [ 62.086234][ T5603] loop4: detected capacity change from 0 to 2048 [ 62.094087][ T5603] EXT4-fs: Ignoring removed mblk_io_submit option [ 62.132824][ T5603] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 62.156199][ T29] kauditd_printk_skb: 132 callbacks suppressed [ 62.156216][ T29] audit: type=1326 audit(2000000022.410:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5610 comm="syz.2.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63c160e929 code=0x7ffc0000 [ 62.185927][ T29] audit: type=1326 audit(2000000022.410:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5610 comm="syz.2.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7f63c160e929 code=0x7ffc0000 [ 62.209489][ T29] audit: type=1326 audit(2000000022.410:1015): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5610 comm="syz.2.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63c160e929 code=0x7ffc0000 [ 62.233290][ T29] audit: type=1326 audit(2000000022.410:1016): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5610 comm="syz.2.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63c160e929 code=0x7ffc0000 [ 62.257066][ T29] audit: type=1326 audit(2000000022.410:1017): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5610 comm="syz.2.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f63c160e929 code=0x7ffc0000 [ 62.283487][ T29] audit: type=1326 audit(2000000022.410:1018): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5610 comm="syz.2.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63c160e929 code=0x7ffc0000 [ 62.350479][ T5592] ext4 filesystem being mounted at /117/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.369346][ T5619] netlink: 'syz.0.766': attribute type 6 has an invalid length. [ 62.378369][ T5617] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.761: bg 0: block 234: padding at end of block bitmap is not set [ 62.437728][ T5617] EXT4-fs (loop4): Remounting filesystem read-only [ 62.474708][ T29] audit: type=1326 audit(2000000022.730:1019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5623 comm="syz.0.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 62.499003][ T29] audit: type=1326 audit(2000000022.730:1020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5623 comm="syz.0.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 62.564924][ T29] audit: type=1326 audit(2000000022.730:1021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5623 comm="syz.0.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 62.588386][ T29] audit: type=1326 audit(2000000022.730:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5623 comm="syz.0.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 62.734023][ T3393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 62.955192][ T5645] bond1: entered promiscuous mode [ 62.962202][ T5645] bond1: entered allmulticast mode [ 62.975560][ T5645] 8021q: adding VLAN 0 to HW filter on device bond1 [ 63.046342][ T5645] bond1 (unregistering): Released all slaves [ 63.060470][ T5662] loop4: detected capacity change from 0 to 512 [ 63.135966][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 63.180994][ T5662] ext4 filesystem being mounted at /186/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.318713][ T4324] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.404530][ T4324] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.429457][ T5684] loop1: detected capacity change from 0 to 2048 [ 63.493843][ T5684] Alternate GPT is invalid, using primary GPT. [ 63.500244][ T5684] loop1: p1 p2 p3 [ 63.507682][ T4324] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.534439][ T3417] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 63.558299][ T4324] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 63.607320][ T5702] loop3: detected capacity change from 0 to 512 [ 63.614243][ T5703] __nla_validate_parse: 5 callbacks suppressed [ 63.614258][ T5703] netlink: 96 bytes leftover after parsing attributes in process `syz.1.799'. [ 63.614489][ T5702] EXT4-fs: Ignoring removed nobh option [ 63.652902][ T5702] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 63.669805][ T5702] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.800: attempt to clear invalid blocks 2 len 1 [ 63.715045][ T5702] EXT4-fs (loop3): Remounting filesystem read-only [ 63.725292][ T5716] loop1: detected capacity change from 0 to 128 [ 63.742588][ T5714] netlink: 'syz.2.803': attribute type 4 has an invalid length. [ 63.743242][ T5681] chnl_net:caif_netlink_parms(): no params data found [ 63.759375][ T5702] EXT4-fs (loop3): 1 truncate cleaned up [ 63.774837][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 63.783111][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 63.786166][ T5716] syz.1.804: attempt to access beyond end of device [ 63.786166][ T5716] loop1: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 63.806152][ T5716] syz.1.804: attempt to access beyond end of device [ 63.806152][ T5716] loop1: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 63.820852][ T5716] syz.1.804: attempt to access beyond end of device [ 63.820852][ T5716] loop1: rw=2049, sector=177, nr_sectors = 24 limit=128 [ 63.840934][ T5716] syz.1.804: attempt to access beyond end of device [ 63.840934][ T5716] loop1: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 63.855911][ T5716] syz.1.804: attempt to access beyond end of device [ 63.855911][ T5716] loop1: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 63.870124][ T5716] syz.1.804: attempt to access beyond end of device [ 63.870124][ T5716] loop1: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 63.874224][ T4324] bridge_slave_1: left allmulticast mode [ 63.889303][ T4324] bridge_slave_1: left promiscuous mode [ 63.889642][ T5716] syz.1.804: attempt to access beyond end of device [ 63.889642][ T5716] loop1: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 63.895080][ T4324] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.908689][ T5716] syz.1.804: attempt to access beyond end of device [ 63.908689][ T5716] loop1: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 63.960679][ T4324] bridge_slave_0: left allmulticast mode [ 63.966534][ T4324] bridge_slave_0: left promiscuous mode [ 63.972270][ T4324] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.165637][ T4324] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 64.181162][ T4324] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 64.226185][ T5739] loop1: detected capacity change from 0 to 128 [ 64.233828][ T5739] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 64.265945][ T4324] bond0 (unregistering): Released all slaves [ 64.413351][ T3417] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 64.433772][ T4324] tipc: Disabling bearer [ 64.438913][ T4324] tipc: Left network mode [ 64.444960][ T5681] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.452275][ T5681] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.466107][ T5681] bridge_slave_0: entered allmulticast mode [ 64.480905][ T5681] bridge_slave_0: entered promiscuous mode [ 64.494739][ T5681] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.502038][ T5681] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.545660][ T5681] bridge_slave_1: entered allmulticast mode [ 64.552375][ T5681] bridge_slave_1: entered promiscuous mode [ 64.560666][ T4324] hsr_slave_0: left promiscuous mode [ 64.567437][ T4324] hsr_slave_1: left promiscuous mode [ 64.575820][ T4324] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 64.583299][ T4324] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 64.628552][ T4324] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.636140][ T4324] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 64.670019][ T4324] veth1_macvtap: left promiscuous mode [ 64.675728][ T4324] veth0_macvtap: left promiscuous mode [ 64.696820][ T4324] veth1_vlan: left promiscuous mode [ 64.813690][ T2960] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 64.839630][ T4324] team0 (unregistering): Port device team_slave_1 removed [ 64.858668][ T4324] team0 (unregistering): Port device team_slave_0 removed [ 64.953305][ T5681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.977366][ T5681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.015351][ T5681] team0: Port device team_slave_0 added [ 65.032393][ T5681] team0: Port device team_slave_1 added [ 65.052747][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 65.062359][ T5681] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.069360][ T5681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.095426][ T5681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.132232][ T5681] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.139233][ T5681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.165238][ T5681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.234473][ T5681] hsr_slave_0: entered promiscuous mode [ 65.240609][ T5681] hsr_slave_1: entered promiscuous mode [ 65.258445][ T5761] loop1: detected capacity change from 0 to 128 [ 65.258899][ T5760] netlink: 20 bytes leftover after parsing attributes in process `syz.3.820'. [ 65.265380][ T5681] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.273734][ T5760] netlink: 20 bytes leftover after parsing attributes in process `syz.3.820'. [ 65.298312][ T5761] ext4 filesystem being mounted at /191/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 65.306749][ T5760] netlink: 20 bytes leftover after parsing attributes in process `syz.3.820'. [ 65.330470][ T5681] Cannot create hsr debugfs directory [ 65.339302][ T5760] netlink: 20 bytes leftover after parsing attributes in process `syz.3.820'. [ 65.440358][ T5760] netlink: 20 bytes leftover after parsing attributes in process `syz.3.820'. [ 65.449361][ T5760] netlink: 20 bytes leftover after parsing attributes in process `syz.3.820'. [ 65.534562][ T5681] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 65.547628][ T5783] loop3: detected capacity change from 0 to 164 [ 65.556316][ T5780] veth1_macvtap: left promiscuous mode [ 65.564128][ T5780] macsec0: entered promiscuous mode [ 65.567587][ T5785] netlink: 24 bytes leftover after parsing attributes in process `syz.2.828'. [ 65.571307][ T5783] bio_check_eod: 1 callbacks suppressed [ 65.571326][ T5783] syz.3.827: attempt to access beyond end of device [ 65.571326][ T5783] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 65.599856][ T5681] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 65.608982][ T5785] netlink: 'syz.2.828': attribute type 1 has an invalid length. [ 65.616895][ T5785] netlink: 'syz.2.828': attribute type 2 has an invalid length. [ 65.623254][ T5783] syz.3.827: attempt to access beyond end of device [ 65.623254][ T5783] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 65.624715][ T5785] netlink: 'syz.2.828': attribute type 3 has an invalid length. [ 65.656417][ T5681] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 65.681388][ T5681] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 65.761346][ T5681] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.793792][ T5681] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.817773][ T3830] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.825036][ T3830] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.856572][ T5681] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 65.867070][ T5681] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.878652][ T2960] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 65.899412][ T3830] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.903957][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 65.906650][ T3830] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.934760][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 65.942517][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 65.950035][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 65.957489][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 65.964937][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 65.972666][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 65.980078][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 65.987542][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 65.995028][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.002557][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.010010][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.018417][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.025929][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.033386][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.040830][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.048300][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.055809][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.063275][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.070703][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.078182][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.085625][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.093231][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.100797][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.108275][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.115716][ T3417] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 66.141703][ T3417] hid-generic 0000:0000:0000.0003: hidraw0: HID v8.00 Device [syz1] on syz0 [ 66.179375][ T5681] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.221101][ T5832] netlink: 5 bytes leftover after parsing attributes in process `syz.3.841'. [ 66.269746][ T5842] capability: warning: `syz.1.845' uses 32-bit capabilities (legacy support in use) [ 66.296292][ T5846] netlink: 'syz.0.844': attribute type 13 has an invalid length. [ 66.364712][ T5846] gretap0: refused to change device tx_queue_len [ 66.372215][ T5846] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 66.453707][ T5868] bridge0: entered promiscuous mode [ 66.459163][ T5868] macsec0: entered promiscuous mode [ 66.465855][ T5868] bridge0: port 3(macsec0) entered blocking state [ 66.472417][ T5868] bridge0: port 3(macsec0) entered disabled state [ 66.483924][ T5868] macsec0: entered allmulticast mode [ 66.489270][ T5868] bridge0: entered allmulticast mode [ 66.495865][ T5868] macsec0: left allmulticast mode [ 66.500982][ T5868] bridge0: left allmulticast mode [ 66.509900][ T5868] bridge0: left promiscuous mode [ 66.554940][ T5681] veth0_vlan: entered promiscuous mode [ 66.576251][ T5681] veth1_vlan: entered promiscuous mode [ 66.585357][ T5880] loop1: detected capacity change from 0 to 2048 [ 66.598924][ T5880] EXT4-fs: Ignoring removed mblk_io_submit option [ 66.613369][ T5681] veth0_macvtap: entered promiscuous mode [ 66.620061][ T5882] netlink: 96 bytes leftover after parsing attributes in process `syz.0.856'. [ 66.631057][ T5681] veth1_macvtap: entered promiscuous mode [ 66.655691][ T5681] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.678705][ T5681] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.698464][ T5681] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.707415][ T5681] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.716304][ T5681] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.725061][ T5681] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.911793][ T5900] netlink: 'syz.5.861': attribute type 10 has an invalid length. [ 66.942966][ T5900] geneve1: entered promiscuous mode [ 66.951926][ T5900] bond0: (slave geneve1): Enslaving as an active interface with an up link [ 67.183270][ T29] kauditd_printk_skb: 90 callbacks suppressed [ 67.183289][ T29] audit: type=1326 audit(2000000027.440:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5918 comm="syz.0.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 67.248746][ T29] audit: type=1326 audit(2000000027.440:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5918 comm="syz.0.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 67.272298][ T29] audit: type=1326 audit(2000000027.470:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5918 comm="syz.0.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 67.295739][ T29] audit: type=1326 audit(2000000027.470:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5918 comm="syz.0.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 67.319314][ T29] audit: type=1326 audit(2000000027.470:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5918 comm="syz.0.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 67.342751][ T29] audit: type=1326 audit(2000000027.470:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5918 comm="syz.0.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 67.366328][ T29] audit: type=1326 audit(2000000027.470:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5918 comm="syz.0.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 67.389869][ T29] audit: type=1326 audit(2000000027.470:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5918 comm="syz.0.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 67.413267][ T29] audit: type=1326 audit(2000000027.470:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5918 comm="syz.0.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 67.436707][ T29] audit: type=1326 audit(2000000027.470:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5918 comm="syz.0.871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 67.461515][ T5925] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 67.604998][ T5938] syzkaller0: entered promiscuous mode [ 67.610850][ T5938] syzkaller0: entered allmulticast mode [ 67.686920][ T5944] loop1: detected capacity change from 0 to 256 [ 67.934090][ T36] net_ratelimit: 2 callbacks suppressed [ 67.934131][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 67.946650][ T5962] loop5: detected capacity change from 0 to 512 [ 67.982771][ T5962] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.997104][ T5962] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 12: comm syz.5.888: path /4/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 68.022824][ T5962] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 13: comm syz.5.888: path /4/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 68.053295][ T5962] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 14: comm syz.5.888: path /4/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 68.083409][ T5962] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 15: comm syz.5.888: path /4/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 68.116127][ T5972] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5972 comm=syz.1.891 [ 68.130450][ T5962] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 16: comm syz.5.888: path /4/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 68.164458][ T5962] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 17: comm syz.5.888: path /4/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 68.189208][ T5962] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #2: block 18: comm syz.5.888: lblock 23 mapped to illegal pblock 18 (length 1) [ 68.205789][ T5962] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 19: comm syz.5.888: path /4/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 68.251888][ T5962] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 20: comm syz.5.888: path /4/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 68.274983][ T5981] loop3: detected capacity change from 0 to 2048 [ 68.282342][ T5962] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 21: comm syz.5.888: path /4/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 68.336210][ T5986] netlink: 'syz.0.896': attribute type 16 has an invalid length. [ 68.344111][ T5986] netlink: 'syz.0.896': attribute type 17 has an invalid length. [ 68.406736][ T5986] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 68.447567][ T5981] EXT4-fs (loop3): failed to initialize system zone (-117) [ 68.455026][ T5981] EXT4-fs (loop3): mount failed [ 68.465047][ T5994] tipc: Started in network mode [ 68.470123][ T5994] tipc: Node identity ac14140f, cluster identity 4711 [ 68.487333][ T5994] tipc: New replicast peer: 172.30.1.3 [ 68.493311][ T5994] tipc: Enabled bearer , priority 10 [ 68.556444][ T5999] wireguard0: entered promiscuous mode [ 68.562043][ T5999] wireguard0: entered allmulticast mode [ 68.871358][ T5681] EXT4-fs unmount: 12 callbacks suppressed [ 68.871376][ T5681] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.973834][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 68.993446][ T6055] loop5: detected capacity change from 0 to 1024 [ 69.002266][ T6055] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.012054][ T6056] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.012168][ T6055] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 69.039625][ T6055] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e840e01c, mo2=0000] [ 69.053694][ T6055] System zones: 0-1, 3-12 [ 69.060271][ T6055] EXT4-fs error (device loop5): ext4_map_blocks:816: inode #3: block 1: comm syz.5.922: lblock 1 mapped to illegal pblock 1 (length 1) [ 69.079682][ T6062] __nla_validate_parse: 2 callbacks suppressed [ 69.079696][ T6062] netlink: 332 bytes leftover after parsing attributes in process `syz.2.929'. [ 69.096793][ T6055] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.922: Failed to acquire dquot type 0 [ 69.108392][ T6062] netlink: 'syz.2.929': attribute type 9 has an invalid length. [ 69.116132][ T6062] netlink: 108 bytes leftover after parsing attributes in process `syz.2.929'. [ 69.125227][ T6062] netlink: 32 bytes leftover after parsing attributes in process `syz.2.929'. [ 69.151581][ T6055] EXT4-fs error (device loop5): ext4_free_blocks:6587: comm syz.5.922: Freeing blocks not in datazone - block = 0, count = 4096 [ 69.175960][ T6055] EXT4-fs error (device loop5): ext4_read_inode_bitmap:139: comm syz.5.922: Invalid inode bitmap blk 0 in block_group 0 [ 69.190154][ T6055] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem [ 69.199893][ T4288] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:22: lblock 1 mapped to illegal pblock 1 (length 1) [ 69.216442][ T4288] EXT4-fs error (device loop5): ext4_release_dquot:6969: comm kworker/u8:22: Failed to release dquot type 0 [ 69.228522][ T6055] EXT4-fs (loop5): 1 orphan inode deleted [ 69.236057][ T6055] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.265729][ T6055] usb usb1: usbfs: interface 0 claimed by hub while 'syz.5.922' sets config #0 [ 69.344466][ T6074] tipc: Enabling of bearer rejected, already enabled [ 69.559975][ T6080] loop3: detected capacity change from 0 to 164 [ 69.611788][ T3413] tipc: Node number set to 2886997007 [ 69.632081][ T6080] iso9660: Corrupted directory entry in block 2 of inode 1792 [ 69.781123][ T6092] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.789508][ T6092] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.798445][ T6092] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.808685][ T5681] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.842292][ T6092] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.850573][ T6092] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.862157][ T6092] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.870414][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 69.928781][ T6105] pimreg: entered allmulticast mode [ 69.936716][ T6105] pimreg: left allmulticast mode [ 70.208686][ T6113] netlink: 'syz.0.952': attribute type 2 has an invalid length. [ 70.584407][ T6187] netlink: 4 bytes leftover after parsing attributes in process `syz.0.971'. [ 70.676439][ T6202] netlink: 2028 bytes leftover after parsing attributes in process `syz.3.972'. [ 70.685600][ T6202] netlink: 24 bytes leftover after parsing attributes in process `syz.3.972'. [ 70.749120][ T6205] netlink: 'syz.2.974': attribute type 21 has an invalid length. [ 70.761974][ T6205] netlink: 156 bytes leftover after parsing attributes in process `syz.2.974'. [ 71.971618][ T6386] netlink: 'syz.5.992': attribute type 10 has an invalid length. [ 71.979621][ T6386] netlink: 55 bytes leftover after parsing attributes in process `syz.5.992'. [ 72.216090][ T6411] tls_set_device_offload_rx: netdev not found [ 72.400202][ T29] kauditd_printk_skb: 104 callbacks suppressed [ 72.400221][ T29] audit: type=1326 audit(2000000032.650:1224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 72.431137][ T29] audit: type=1326 audit(2000000032.650:1225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 72.454639][ T29] audit: type=1326 audit(2000000032.650:1226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 72.478274][ T29] audit: type=1326 audit(2000000032.650:1227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 72.501778][ T29] audit: type=1326 audit(2000000032.650:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 72.525592][ T29] audit: type=1326 audit(2000000032.650:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 72.549177][ T29] audit: type=1326 audit(2000000032.650:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 72.572933][ T29] audit: type=1326 audit(2000000032.650:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 72.596620][ T29] audit: type=1326 audit(2000000032.650:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 72.620311][ T29] audit: type=1326 audit(2000000032.650:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6427 comm="syz.1.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 72.666618][ T6438] bridge: RTM_NEWNEIGH with invalid state 0x31 [ 72.700155][ T6444] 9p: Unknown access argument Œ: -22 [ 72.780100][ T6450] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1017'. [ 72.791019][ T6450] netlink: 'syz.0.1017': attribute type 9 has an invalid length. [ 72.799263][ T6450] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1017'. [ 72.912508][ T6457] bridge_slave_0: left promiscuous mode [ 72.918309][ T6457] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.927564][ T6457] bridge_slave_1: left allmulticast mode [ 72.933462][ T6457] bridge_slave_1: left promiscuous mode [ 72.939281][ T6457] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.951516][ T6457] bond0: (slave bond_slave_0): Releasing backup interface [ 72.980677][ T6457] bond0: (slave bond_slave_1): Releasing backup interface [ 73.033902][ T6457] team0: Port device team_slave_0 removed [ 73.062743][ T6457] team0: Port device team_slave_1 removed [ 73.069727][ T6457] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 73.077219][ T6457] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 73.086800][ T6457] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 73.090434][ T6473] SELinux: failed to load policy [ 73.094414][ T6457] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 73.131778][ T6480] netlink: 'syz.1.1030': attribute type 16 has an invalid length. [ 73.139657][ T6480] netlink: 'syz.1.1030': attribute type 17 has an invalid length. [ 73.143884][ T3393] net_ratelimit: 12 callbacks suppressed [ 73.143956][ T3393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 73.189511][ T6485] netlink: 'syz.5.1032': attribute type 1 has an invalid length. [ 73.197970][ T6480] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 73.238612][ T6485] batadv1: entered promiscuous mode [ 73.244122][ T6485] batadv1: entered allmulticast mode [ 73.293147][ T6494] batadv1: entered promiscuous mode [ 73.298460][ T6494] batadv1: entered allmulticast mode [ 73.344346][ T6500] netlink: 'syz.1.1040': attribute type 1 has an invalid length. [ 73.357759][ T6500] 8021q: adding VLAN 0 to HW filter on device bond2 [ 73.375619][ T6500] 8021q: adding VLAN 0 to HW filter on device bond2 [ 73.383311][ T6500] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 73.395536][ T6500] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 73.484474][ T6511] vlan1: entered allmulticast mode [ 73.558168][ T6520] veth1_to_bond: entered allmulticast mode [ 73.571371][ T6520] veth1_to_bond: entered promiscuous mode [ 73.593798][ T6520] veth1_to_bond: left promiscuous mode [ 73.599403][ T6520] veth1_to_bond: left allmulticast mode [ 73.706074][ T6536] 9pnet_fd: Insufficient options for proto=fd [ 73.755023][ T6541] netlink: 'syz.1.1058': attribute type 13 has an invalid length. [ 73.850343][ T6541] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.857686][ T6541] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.958200][ T6541] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 73.968945][ T6541] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 74.010654][ T6541] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.019714][ T6541] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.028896][ T6541] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.038214][ T6541] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.048896][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 74.175728][ T3413] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 74.479420][ T6566] __nla_validate_parse: 5 callbacks suppressed [ 74.479437][ T6566] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1068'. [ 74.617193][ T6581] netlink: 'syz.2.1075': attribute type 1 has an invalid length. [ 74.652604][ T3417] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 74.697089][ T6582] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 74.701633][ T6584] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1075'. [ 74.754439][ T6581] bond1: entered promiscuous mode [ 74.787074][ T6581] 8021q: adding VLAN 0 to HW filter on device bond1 [ 74.827062][ T6588] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1075'. [ 74.865820][ T6583] bridge_slave_0: left allmulticast mode [ 74.871621][ T6583] bridge_slave_0: left promiscuous mode [ 74.877313][ T6583] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.913660][ T6583] bridge_slave_1: left allmulticast mode [ 74.919447][ T6583] bridge_slave_1: left promiscuous mode [ 74.925253][ T6583] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.934645][ T6593] loop3: detected capacity change from 0 to 256 [ 74.944158][ T6593] FAT-fs (loop3): bogus number of FAT sectors [ 74.950361][ T6593] FAT-fs (loop3): Can't find a valid FAT filesystem [ 74.957558][ T6583] bond0: (slave bond_slave_0): Releasing backup interface [ 74.974985][ T6583] bond0: (slave bond_slave_1): Releasing backup interface [ 74.987707][ T6583] team0: Port device team_slave_0 removed [ 75.006687][ T6583] team0: Port device team_slave_1 removed [ 75.024899][ T6583] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 75.032592][ T6583] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 75.048689][ T6583] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.056309][ T6583] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 75.109324][ T6584] batadv1: entered promiscuous mode [ 75.114686][ T6584] batadv1: entered allmulticast mode [ 75.136745][ T6605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 75.145126][ T6605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 75.145394][ T6584] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 75.164638][ T6605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 75.180610][ T6584] bond1: (slave batadv1): making interface the new active one [ 75.190842][ T6584] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 75.197008][ T6605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 75.219643][ T6588] batadv2: entered promiscuous mode [ 75.224959][ T6588] batadv2: entered allmulticast mode [ 75.233837][ T6588] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 75.242943][ T6588] bond1: (slave batadv2): Enslaving as an active interface with an up link [ 75.340100][ T6617] SELinux: failed to load policy [ 75.405747][ T6624] loop3: detected capacity change from 0 to 2048 [ 75.424724][ T6624] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 75.440909][ T6630] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1094'. [ 75.579958][ T6624] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 75.624174][ T6624] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 334 with error 28 [ 75.636724][ T6624] EXT4-fs (loop3): This should not happen!! Data will be lost [ 75.636724][ T6624] [ 75.646461][ T6624] EXT4-fs (loop3): Total free blocks count 0 [ 75.652506][ T6624] EXT4-fs (loop3): Free/Dirty block details [ 75.658443][ T6624] EXT4-fs (loop3): free_blocks=2415919104 [ 75.664303][ T6624] EXT4-fs (loop3): dirty_blocks=336 [ 75.669689][ T6624] EXT4-fs (loop3): Block reservation details [ 75.675802][ T6624] EXT4-fs (loop3): i_reserved_data_blocks=21 [ 75.804395][ T4340] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 75.892922][ T6663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1107'. [ 75.949577][ T6663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1107'. [ 76.001249][ T6671] loop5: detected capacity change from 0 to 4096 [ 76.028618][ T6671] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.127394][ T6681] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1114'. [ 76.204989][ T6684] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1117'. [ 76.236571][ T6690] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 76.334132][ T6698] pim6reg1: entered promiscuous mode [ 76.339685][ T6698] pim6reg1: entered allmulticast mode [ 76.518794][ T5681] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.962193][ T6725] ip6gre1: entered allmulticast mode [ 76.975737][ T6729] netlink: 'syz.1.1128': attribute type 1 has an invalid length. [ 77.010911][ T6729] bond3: entered promiscuous mode [ 77.013174][ T6734] loop5: detected capacity change from 0 to 2048 [ 77.021767][ T6729] 8021q: adding VLAN 0 to HW filter on device bond3 [ 77.037088][ T6729] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1128'. [ 77.049725][ T6729] batadv1: entered promiscuous mode [ 77.055048][ T6729] batadv1: entered allmulticast mode [ 77.062169][ T6729] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 77.063201][ T6734] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 77.070639][ T6729] bond3: (slave batadv1): making interface the new active one [ 77.089993][ T6729] bond3: (slave batadv1): Enslaving as an active interface with an up link [ 77.090744][ T6739] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1128'. [ 77.144782][ T6739] batadv2: entered promiscuous mode [ 77.150081][ T6739] batadv2: entered allmulticast mode [ 77.158366][ T6739] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 77.167178][ T6739] bond3: (slave batadv2): Enslaving as an active interface with an up link [ 77.220542][ T6749] loop3: detected capacity change from 0 to 128 [ 77.249597][ T6749] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 77.263566][ T6749] ext4 filesystem being mounted at /191/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 77.280765][ T6734] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 77.296278][ T6734] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2010 with error 28 [ 77.309191][ T6734] EXT4-fs (loop5): This should not happen!! Data will be lost [ 77.309191][ T6734] [ 77.318989][ T6734] EXT4-fs (loop5): Total free blocks count 0 [ 77.325065][ T6734] EXT4-fs (loop5): Free/Dirty block details [ 77.331156][ T6734] EXT4-fs (loop5): free_blocks=2415919104 [ 77.336952][ T6734] EXT4-fs (loop5): dirty_blocks=2016 [ 77.342364][ T6734] EXT4-fs (loop5): Block reservation details [ 77.348445][ T6734] EXT4-fs (loop5): i_reserved_data_blocks=126 [ 77.410040][ T3309] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 77.464219][ T6764] syz_tun: entered allmulticast mode [ 77.470853][ T6762] syz_tun: left allmulticast mode [ 77.498153][ T29] kauditd_printk_skb: 106 callbacks suppressed [ 77.498170][ T29] audit: type=1400 audit(2000000037.750:1340): avc: denied { create } for pid=6759 comm="syz.0.1143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 77.601225][ T4319] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 77.692566][ T29] audit: type=1326 audit(2000000037.950:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6776 comm="syz.1.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 77.791343][ T29] audit: type=1326 audit(2000000038.040:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6776 comm="syz.1.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 77.814901][ T29] audit: type=1326 audit(2000000038.040:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6776 comm="syz.1.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 77.838392][ T29] audit: type=1326 audit(2000000038.040:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6776 comm="syz.1.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f88f8cae929 code=0x7ffc0000 [ 77.879966][ T6780] pim6reg1: entered promiscuous mode [ 77.885509][ T6780] pim6reg1: entered allmulticast mode [ 77.900950][ T6790] bridge_slave_0: left allmulticast mode [ 77.906917][ T6790] bridge_slave_0: left promiscuous mode [ 77.912793][ T6790] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.921001][ T6790] bridge_slave_1: left allmulticast mode [ 77.926852][ T6790] bridge_slave_1: left promiscuous mode [ 77.932637][ T6790] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.944608][ T6790] bond0: (slave bond_slave_0): Releasing backup interface [ 77.954276][ T6790] bond0: (slave bond_slave_1): Releasing backup interface [ 77.963825][ T6790] team0: Port device team_slave_0 removed [ 77.970831][ T6790] team0: Port device team_slave_1 removed [ 77.977620][ T6790] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.986555][ T6790] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.996117][ T6790] bond1: (slave bridge3): Releasing backup interface [ 78.007498][ T6790] bond3: (slave batadv1): Releasing active interface [ 78.014273][ T6790] bond3: (slave batadv1): the permanent HWaddr of slave - 2a:cb:db:1a:a0:e7 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 78.033631][ T6790] bond3: (slave batadv2): making interface the new active one [ 78.043630][ T6790] bond3: (slave batadv2): Releasing active interface [ 78.205796][ T6806] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.1161' sets config #0 [ 78.333653][ T3393] net_ratelimit: 9 callbacks suppressed [ 78.333671][ T3393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 78.356404][ T6813] netlink: 'syz.2.1164': attribute type 3 has an invalid length. [ 78.364383][ T6813] netlink: 'syz.2.1164': attribute type 3 has an invalid length. [ 78.475497][ T6828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.485533][ T6828] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 78.501089][ T6830] ªªªªªª: renamed from vlan0 (while UP) [ 78.558979][ T29] audit: type=1326 audit(2000000038.810:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6839 comm="syz.0.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 78.582679][ T29] audit: type=1326 audit(2000000038.810:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6839 comm="syz.0.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 78.606238][ T29] audit: type=1326 audit(2000000038.810:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6839 comm="syz.0.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 78.632849][ T29] audit: type=1326 audit(2000000038.810:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6839 comm="syz.0.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 78.656419][ T29] audit: type=1326 audit(2000000038.810:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6839 comm="syz.0.1177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0edfbee929 code=0x7ffc0000 [ 79.062648][ T6869] netlink: 'syz.2.1190': attribute type 4 has an invalid length. [ 79.064591][ T6869] netlink: 'syz.2.1190': attribute type 4 has an invalid length. [ 79.066873][ T6871] loop5: detected capacity change from 0 to 1024 [ 79.067244][ T6871] EXT4-fs: Ignoring removed orlov option [ 79.095554][ T6871] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.129437][ T5681] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.373993][ T3393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 79.677026][ T6898] xt_hashlimit: size too large, truncated to 1048576 [ 79.744566][ T6903] tipc: Started in network mode [ 79.749607][ T6903] tipc: Node identity 9e1e3004e764, cluster identity 4711 [ 79.756954][ T6903] tipc: Enabled bearer , priority 0 [ 79.852480][ T6903] tipc: Disabling bearer [ 80.015913][ T6909] loop5: detected capacity change from 0 to 4096 [ 80.034827][ T6909] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.054424][ T6909] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.171860][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.414242][ T3413] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 80.425049][ T6955] loop5: detected capacity change from 0 to 1024 [ 80.449552][ T6955] EXT4-fs (loop5): orphan cleanup on readonly fs [ 80.472548][ T6955] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1224: Failed to acquire dquot type 0 [ 80.511025][ T6955] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 80.531269][ T6955] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #13: comm syz.5.1224: corrupted inode contents [ 80.547540][ T6955] EXT4-fs error (device loop5): ext4_dirty_inode:6459: inode #13: comm syz.5.1224: mark_inode_dirty error [ 80.561093][ T6955] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #13: comm syz.5.1224: corrupted inode contents [ 80.621624][ T6955] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #13: comm syz.5.1224: mark_inode_dirty error [ 80.633421][ T6955] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #13: comm syz.5.1224: corrupted inode contents [ 80.648195][ T6955] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 80.658265][ T6955] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #13: comm syz.5.1224: corrupted inode contents [ 80.675664][ T6955] EXT4-fs error (device loop5): ext4_truncate:4597: inode #13: comm syz.5.1224: mark_inode_dirty error [ 80.688775][ T6955] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 80.720964][ T6955] EXT4-fs (loop5): 1 truncate cleaned up [ 80.729644][ T6955] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 80.773928][ T5681] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.126842][ T6995] pim6reg1: entered promiscuous mode [ 81.132261][ T6995] pim6reg1: entered allmulticast mode [ 81.453817][ T3393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 81.703407][ T7026] openvswitch: netlink: Message has 6 unknown bytes. [ 82.493962][ T3393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 82.570601][ T7089] loop5: detected capacity change from 0 to 8192 [ 82.607170][ T29] kauditd_printk_skb: 343 callbacks suppressed [ 82.607186][ T29] audit: type=1400 audit(2000000042.860:1691): avc: denied { mount } for pid=7088 comm="syz.5.1282" name="/" dev="loop5" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 82.734654][ T29] audit: type=1400 audit(2000000042.900:1692): avc: denied { write } for pid=7088 comm="syz.5.1282" name="rt_acct" dev="proc" ino=4026533386 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 82.757779][ T29] audit: type=1400 audit(2000000042.940:1693): avc: denied { name_connect } for pid=7095 comm="syz.0.1285" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 82.778101][ T29] audit: type=1400 audit(2000000042.960:1694): avc: denied { listen } for pid=7095 comm="syz.0.1285" lport=43061 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 82.801194][ T29] audit: type=1400 audit(2000000042.960:1695): avc: denied { accept } for pid=7095 comm="syz.0.1285" lport=43061 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 82.824212][ T29] audit: type=1400 audit(2000000042.960:1696): avc: denied { create } for pid=7097 comm="syz.2.1286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 82.843793][ T29] audit: type=1400 audit(2000000042.960:1697): avc: denied { write } for pid=7095 comm="syz.0.1285" lport=43061 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 82.867622][ T29] audit: type=1400 audit(2000000042.960:1698): avc: denied { setopt } for pid=7095 comm="syz.0.1285" lport=43061 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 82.891298][ T29] audit: type=1400 audit(2000000042.970:1699): avc: denied { unmount } for pid=5681 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 83.061505][ T29] audit: type=1400 audit(2000000043.130:1700): avc: denied { mount } for pid=7099 comm="syz.2.1287" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 83.211713][ T3417] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.534003][ T3393] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 83.655367][ T7146] netlink: 'syz.0.1307': attribute type 10 has an invalid length. [ 83.714282][ T7146] __nla_validate_parse: 6 callbacks suppressed [ 83.714300][ T7146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1307'. [ 83.835495][ T7150] loop5: detected capacity change from 0 to 128 [ 83.844655][ T7150] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 83.857855][ T7150] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.936399][ T5681] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 84.066703][ T7170] netlink: 'syz.1.1316': attribute type 4 has an invalid length. [ 84.141174][ T7181] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1322'. [ 84.239386][ T7188] bridge0: entered promiscuous mode [ 84.244926][ T7188] macsec1: entered promiscuous mode [ 84.250718][ T7188] bridge0: port 1(macsec1) entered blocking state [ 84.257357][ T7188] bridge0: port 1(macsec1) entered disabled state [ 84.264400][ T7188] macsec1: entered allmulticast mode [ 84.269738][ T7188] bridge0: entered allmulticast mode [ 84.279324][ T7188] macsec1: left allmulticast mode [ 84.284548][ T7188] bridge0: left allmulticast mode [ 84.293417][ T7188] bridge0: left promiscuous mode [ 84.521243][ T7200] loop3: detected capacity change from 0 to 128 [ 84.559985][ T7200] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 84.574400][ T3413] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 84.597848][ T1036] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 84.604341][ T7200] ext4 filesystem being mounted at /225/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 84.647613][ T7200] EXT4-fs error (device loop3): dx_make_map:1296: inode #2: block 20: comm syz.3.1327: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 84.668751][ T7200] EXT4-fs error (device loop3) in do_split:2029: Corrupt filesystem [ 84.686012][ T7200] EXT4-fs error (device loop3): htree_dirblock_to_tree:1080: inode #2: block 20: comm syz.3.1327: bad entry in directory: inode out of bounds - offset=2012, inode=128, rec_len=36, size=1024 fake=1 [ 84.772143][ T3309] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 84.863636][ T7218] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1336'. [ 84.985504][ T7225] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.992768][ T7225] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.020189][ T7225] batman_adv: batadv0: Interface deactivated: dummy0 [ 85.092304][ T7234] loop5: detected capacity change from 0 to 2048 [ 85.093246][ T7225] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.112797][ T7225] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.121354][ T7234] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.157685][ T7225] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.166820][ T7225] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.175844][ T7225] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.185242][ T7225] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.200851][ T7225] team1: left promiscuous mode [ 85.206403][ T7225] team1: left allmulticast mode [ 85.213526][ T7225] wireguard0: left promiscuous mode [ 85.218837][ T7225] wireguard0: left allmulticast mode [ 85.323644][ T5681] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.360137][ T7255] loop5: detected capacity change from 0 to 512 [ 85.378939][ T7255] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.394961][ T7255] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.439764][ T7267] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1354'. [ 85.448943][ T7267] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1354'. [ 85.488787][ T7270] loop3: detected capacity change from 0 to 1024 [ 85.513055][ T7270] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.535406][ T7270] ext4 filesystem being mounted at /229/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.566134][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.591791][ T5681] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.765883][ T7300] pim6reg1: entered promiscuous mode [ 85.771322][ T7300] pim6reg1: entered allmulticast mode [ 85.784924][ T7302] loop3: detected capacity change from 0 to 512 [ 85.838702][ T7302] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.924979][ T7302] ext4 filesystem being mounted at /232/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 86.037608][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.077632][ T7323] loop3: detected capacity change from 0 to 2048 [ 86.124942][ T7323] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 86.251830][ T7337] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 86.269195][ T7337] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 824 with error 28 [ 86.281950][ T7337] EXT4-fs (loop3): This should not happen!! Data will be lost [ 86.281950][ T7337] [ 86.291904][ T7337] EXT4-fs (loop3): Total free blocks count 0 [ 86.297928][ T7337] EXT4-fs (loop3): Free/Dirty block details [ 86.303986][ T7337] EXT4-fs (loop3): free_blocks=2415919104 [ 86.309749][ T7337] EXT4-fs (loop3): dirty_blocks=832 [ 86.315077][ T7337] EXT4-fs (loop3): Block reservation details [ 86.321086][ T7337] EXT4-fs (loop3): i_reserved_data_blocks=52 [ 86.404345][ T7355] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7355 comm=syz.1.1392 [ 86.443946][ T7358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1393'. [ 86.535315][ T7365] netlink: 'syz.0.1396': attribute type 4 has an invalid length. [ 86.546123][ T7365] netlink: 'syz.0.1396': attribute type 4 has an invalid length. [ 86.794565][ T7391] 9pnet_fd: Insufficient options for proto=fd [ 86.915933][ T4317] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 87.060885][ T7425] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1423'. [ 87.070093][ T7425] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1423'. [ 87.176783][ T7445] loop3: detected capacity change from 0 to 1024 [ 87.190832][ T7445] EXT4-fs: Ignoring removed nobh option [ 87.196623][ T7445] EXT4-fs: Ignoring removed bh option [ 87.218285][ T7445] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.315979][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.396078][ T7474] $Hÿ: renamed from bond0 (while UP) [ 87.413361][ T7474] $Hÿ: entered promiscuous mode [ 87.433344][ T7472] pim6reg1: entered promiscuous mode [ 87.438787][ T7472] pim6reg1: entered allmulticast mode [ 87.615800][ T7500] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1456'. [ 87.644156][ T7500] bridge_slave_0: default FDB implementation only supports local addresses [ 87.665965][ T7504] netlink: 'syz.5.1459': attribute type 13 has an invalid length. [ 87.678649][ T7500] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 87.836814][ T29] kauditd_printk_skb: 203 callbacks suppressed [ 87.836830][ T29] audit: type=1400 audit(2000000048.090:1904): avc: denied { read write } for pid=7524 comm="syz.3.1467" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 87.866701][ T29] audit: type=1400 audit(2000000048.090:1905): avc: denied { open } for pid=7524 comm="syz.3.1467" path="/dev/nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 87.997999][ T29] audit: type=1400 audit(2000000048.240:1906): avc: denied { create } for pid=7531 comm="syz.2.1470" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 88.018355][ T29] audit: type=1400 audit(2000000048.240:1907): avc: denied { write } for pid=7531 comm="syz.2.1470" path="socket:[15982]" dev="sockfs" ino=15982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 88.335080][ T29] audit: type=1400 audit(2000000048.590:1908): avc: denied { create } for pid=7536 comm="syz.1.1472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 88.359722][ T29] audit: type=1400 audit(2000000048.610:1909): avc: denied { write } for pid=7536 comm="syz.1.1472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 88.400521][ T7504] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.413345][ T7504] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.569498][ T7504] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 88.581430][ T7504] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.625141][ T7504] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.634227][ T7504] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.643389][ T7504] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.652521][ T7504] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.672223][ T7522] pim6reg1: entered promiscuous mode [ 88.677600][ T7522] pim6reg1: entered allmulticast mode [ 88.706065][ T7535] veth9: entered promiscuous mode [ 88.746448][ T29] audit: type=1400 audit(2000000049.000:1910): avc: denied { audit_write } for pid=7576 comm="syz.3.1475" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 88.767805][ T29] audit: type=1107 audit(2000000049.000:1911): pid=7576 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 88.833020][ T7588] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1479'. [ 89.018586][ T29] audit: type=1400 audit(2000000049.270:1912): avc: denied { write } for pid=7618 comm="syz.0.1487" path="socket:[16061]" dev="sockfs" ino=16061 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 89.068440][ T29] audit: type=1326 audit(2000000049.320:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7630 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63c160e929 code=0x7ffc0000 [ 89.121354][ T7639] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1494'. [ 89.465875][ T7693] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1505'. [ 89.713450][ T7725] openvswitch: netlink: Message has 6 unknown bytes. [ 89.757500][ T7731] IPv4: Oversized IP packet from 127.202.26.0 [ 89.870055][ T7751] pim6reg1: entered promiscuous mode [ 89.875542][ T7751] pim6reg1: entered allmulticast mode [ 89.899740][ T7755] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1519'. [ 89.952783][ T7764] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1522'. [ 90.027280][ T7775] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1526'. [ 90.039328][ T7772] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 90.807857][ T7820] SELinux: Context system_u:object is not valid (left unmapped). [ 91.027236][ T7852] pim6reg1: entered promiscuous mode [ 91.032726][ T7852] pim6reg1: entered allmulticast mode [ 91.145899][ T7865] netlink: 'syz.0.1567': attribute type 1 has an invalid length. [ 91.207077][ T7871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.530460][ T7893] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1576'. [ 91.543090][ T7893] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1576'. [ 91.580889][ T7893] wireguard0: entered promiscuous mode [ 91.587209][ T7893] wireguard0: entered allmulticast mode [ 91.639335][ T7900] tipc: Started in network mode [ 91.644397][ T7900] tipc: Node identity 7, cluster identity 4711 [ 91.650615][ T7900] tipc: Node number set to 7 [ 91.885697][ T7916] vhci_hcd: invalid port number 96 [ 91.890967][ T7916] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 92.248201][ T7945] loop3: detected capacity change from 0 to 256 [ 92.298605][ T7945] FAT-fs (loop3): bogus number of FAT sectors [ 92.304870][ T7945] FAT-fs (loop3): Can't find a valid FAT filesystem [ 92.425437][ T7958] loop3: detected capacity change from 0 to 1024 [ 92.453306][ T7953] SELinux: failed to load policy [ 92.470595][ T7958] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.491324][ T7958] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 13. Delete some EAs or run e2fsck. [ 92.530392][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.559386][ T7968] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7968 comm=syz.3.1608 [ 92.619767][ T7971] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1609'. [ 92.923040][ T7941] ================================================================== [ 92.931188][ T7941] BUG: KCSAN: data-race in shmem_file_splice_read / shmem_file_splice_read [ 92.939825][ T7941] [ 92.942183][ T7941] write to 0xffff88812318e168 of 8 bytes by task 7943 on cpu 1: [ 92.949846][ T7941] shmem_file_splice_read+0x470/0x600 [ 92.955255][ T7941] splice_direct_to_actor+0x26f/0x680 [ 92.960684][ T7941] do_splice_direct+0xda/0x150 [ 92.965502][ T7941] do_sendfile+0x380/0x650 [ 92.969966][ T7941] __x64_sys_sendfile64+0x105/0x150 [ 92.975210][ T7941] x64_sys_call+0xb39/0x2fb0 [ 92.979837][ T7941] do_syscall_64+0xd2/0x200 [ 92.984375][ T7941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.990305][ T7941] [ 92.992692][ T7941] write to 0xffff88812318e168 of 8 bytes by task 7941 on cpu 0: [ 93.000351][ T7941] shmem_file_splice_read+0x470/0x600 [ 93.005773][ T7941] splice_direct_to_actor+0x26f/0x680 [ 93.011216][ T7941] do_splice_direct+0xda/0x150 [ 93.016037][ T7941] do_sendfile+0x380/0x650 [ 93.020497][ T7941] __x64_sys_sendfile64+0x105/0x150 [ 93.025741][ T7941] x64_sys_call+0xb39/0x2fb0 [ 93.030378][ T7941] do_syscall_64+0xd2/0x200 [ 93.034926][ T7941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.040872][ T7941] [ 93.043228][ T7941] value changed: 0x0000000000007634 -> 0x000000000000763a [ 93.050373][ T7941] [ 93.052731][ T7941] Reported by Kernel Concurrency Sanitizer on: [ 93.055410][ T29] kauditd_printk_skb: 374 callbacks suppressed [ 93.055428][ T29] audit: type=1400 audit(2000000053.280:2288): avc: denied { create } for pid=7981 comm="syz.5.1614" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 93.058910][ T7941] CPU: 0 UID: 0 PID: 7941 Comm: syz.2.1598 Not tainted 6.16.0-rc3-syzkaller-00190-g67a993863163 #0 PREEMPT(voluntary) [ 93.096879][ T7941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.106972][ T7941] ================================================================== [ 93.120485][ T29] audit: type=1400 audit(2000000053.380:2289): avc: denied { ioctl } for pid=7981 comm="syz.5.1614" path="socket:[16844]" dev="sockfs" ino=16844 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 93.150154][ T29] audit: type=1400 audit(2000000053.400:2290): avc: denied { write } for pid=7981 comm="syz.5.1614" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1