last executing test programs: 1m15.589026452s ago: executing program 4 (id=361): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000540)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x40) r1 = dup(r0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) 1m15.520091406s ago: executing program 4 (id=362): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x40000}, 0x1c) sendto$inet6(r0, &(0x7f0000000480)="14aa3fa4ff", 0x5, 0x8000, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000340)=0x20000000, 0x4) pselect6(0x40, &(0x7f0000000100)={0x2, 0x1ea3, 0x3, 0x0, 0xfffffffffffffffc, 0x2, 0x7fff, 0x8000000000000004}, &(0x7f0000000340)={0x1f, 0x0, 0x0, 0x0, 0x10001, 0x1, 0x0, 0x6b95}, 0x0, 0x0, 0x0) 1m15.492075458s ago: executing program 4 (id=363): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[], 0x7c}}, 0x0) io_uring_setup(0x12b9, &(0x7f00000002c0)={0x0, 0x63fb, 0x810, 0xfffffffb, 0x1008168}) r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file1', [{}]}, 0x2) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0x1cb) close(r1) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) 1m15.411338012s ago: executing program 4 (id=365): socket$kcm(0x11, 0xa, 0x300) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x80, 0x0, 0x7ffc1ffb}]}) perf_event_open(&(0x7f0000000900)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x14, 0x0, 0x11004, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0xb) ppoll(&(0x7f0000000580)=[{r0, 0xd040}], 0x1, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000c00), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000580)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x8801}, 0x10) semget$private(0x0, 0x3, 0x220) 1m15.251818501s ago: executing program 4 (id=367): socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 1m15.118361779s ago: executing program 4 (id=369): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x1}, 0x10) sendmsg$tipc(r1, &(0x7f00000008c0)={&(0x7f0000000600)=@name, 0x10, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x80) r2 = dup3(r0, r1, 0x0) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) 1m0.046915266s ago: executing program 32 (id=369): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x1}, 0x10) sendmsg$tipc(r1, &(0x7f00000008c0)={&(0x7f0000000600)=@name, 0x10, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x80) r2 = dup3(r0, r1, 0x0) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) 52.49506277s ago: executing program 2 (id=743): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x9, &(0x7f00000001c0)={[{@barrier}, {@jqfmt_vfsv0}, {@nojournal_checksum}, {}, {@noquota}, {@usrjquota, 0x2e}], [], 0x2e}, 0x6, 0x48d, &(0x7f0000000e40)="$eJzs3EtvG1UbAOB3xnV6/5qv3wV6AQIFEXFJmrRAF2xAIHWDhARIZRnStCpNG9QEiVYVTREqS9RfACyR+AWsYIOAFYgtSGyQEFKFuqGwGjT2TOpcHGzHjil+HsntOTNnfM47M8c+MyfjAAbWSP5PErErIr4fithTzy4vMFL/79bNy9O/37w8nUSWvfRrUiv3283L02XRcrudRWY0jUjfTeLAGvXOX7x0dmp2duZCkR9fOPfG+PzFS4+fOTd1eub0zPnJY8eOHpl46snJJ7oS5+68rfvfnju47/ir11+YPnH9ta8+yZfvKtY3xlE33PJ7b2+yfCRGlu/LBg9F/JRlWct1/N3tbkgnW/rYENpSiYj8cFXz/h97ohK3D96eeP6dvjYO6Kksy7Ktq5ZWysRiBvyDJdF0VbqpDQE2WflFn1//lq9NHH703Y1n6hdAedy3ild9zZZIizLVFde33TQSEScW//ggf8Wa9yEAALrrs3z889ha4780/t9Q7l9Rnxsajoh/R8TeiPhPRPw3Iv4XUSt7V0Tc3Wb9Iyvyq8c/3zabXumKfPz3dDG3dXv8N1SLvzBcKXK7a/FXk1NnZmcOF/tkNKpb8/zEOnV8/tx37y9lti1f1zj+y195/eVYsC79ZcuKG3QnpxamuhB6zY2rS4GuGP8mSzMBSUTsi4j9Hbx/vs/OPPLxwWbr/zr+dXRhnin7KOLh+vFfjBXxl5L15yfHt8XszOHx8qxY7etvrr3YrP4Nxd8FN65G7Fh1/kdj/MNJ43ztfPt1XPvhvabXNJ2e/0PJy7X0ULHsramFhQsTEUPJ4urlk7e3LfNl+Tz+0UNrxZ/W3uPDYrsDEZGfxPdExL0RcV/R9vsj4oGIOLRO/F8+++DrncffW3n8J9s6/u0nKme/+LRZ/a0d/6O11GixpJXPv1YbuJF9BwAAAHeKtPY38Ek6tpRO07GxiFdq93Z3pLNz8wuPnpp78/zJ+t/KD0c1Le90pQ33QyeKe8NlfnJF/kjtvnGWZdn2Wn5sem62V3PqQGt2Nun/uZ8r/W4d0HNtzaM1e6INuCO11f9XPy0E3ME8rw2Dq9X+X+1xO4DN5/sfBtda/f9KxK0+NAXYZL7/YXDp/zC49H8YXPo/DKSNPNe/XmLv8Y43zzZUe/n7Kh1u/mNP9sZ6iUqnm29t42cOepCIdM1V1YjoS3vaSqS9qyI/+drbKj+QrRa+0umJ3XZi2cfEUD8+mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhzwAAAP//dNfhIw==") bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, 0x0) get_mempolicy(0x0, 0x0, 0x9, &(0x7f0000ffc000/0x4000)=nil, 0x7) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {0xa, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x20000880) 52.213415406s ago: executing program 2 (id=749): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x20040055}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1de0000080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x2c, 0xd, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x40000140) 52.171832109s ago: executing program 2 (id=751): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x25, &(0x7f00000000c0)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000000)={0x1}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000000300)={0x1, 0x0, 0x1, 0x2}) fcntl$lock(r2, 0x25, &(0x7f0000000140)={0x0, 0x1, 0x9, 0x17}) close_range(r0, 0xffffffffffffffff, 0x0) 52.035964407s ago: executing program 2 (id=760): socket$tipc(0x1e, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0) mount$bind(&(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x10a78c0, 0x0) 52.005165439s ago: executing program 2 (id=761): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010003283afffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a) 51.148562538s ago: executing program 2 (id=773): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r1 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x800, 0x1, 0x3}, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x133d, 0x0, 0x8, 0x0, 0x0) shutdown(r0, 0x1) 51.148330938s ago: executing program 33 (id=773): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r1 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x800, 0x1, 0x3}, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x133d, 0x0, 0x8, 0x0, 0x0) shutdown(r0, 0x1) 2.94788808s ago: executing program 3 (id=1675): bpf$ENABLE_STATS(0x20, 0x0, 0x0) perf_event_open(&(0x7f0000000900)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x14, 0x0, 0x11004, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0xb) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0xcd0b7000) openat$dir(0xffffffffffffff9c, 0x0, 0x40900, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000600100004012200a4e2000001"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000001940), 0x2000cc0, r1}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x2, r1}, 0x38) 2.246842711s ago: executing program 5 (id=1688): prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x145) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c001}, 0x40) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) chown(&(0x7f0000001840)='./file1\x00', 0x0, 0x0) fsetxattr$security_evm(r0, &(0x7f0000000040), 0x0, 0x0, 0x0) 2.159554206s ago: executing program 3 (id=1689): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r1], 0x78}}, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000340)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x30, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x12}}, {0x4e24, 0x4e20, 0x1c, 0x0, @wg=@data={0x4, 0x4, 0x3, "61814465"}}}}, 0x3e) 2.064634141s ago: executing program 3 (id=1691): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0xa0000004}) r3 = syz_io_uring_setup(0x8d6, &(0x7f00000000c0)={0x0, 0x0, 0x400, 0x0, 0x379}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) dup3(r1, r0, 0x0) 1.886558832s ago: executing program 3 (id=1694): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000a80)='./file0/file0\x00') 1.796677917s ago: executing program 3 (id=1696): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc), 0x80, 0x0, 0x0, 0x0, 0x0) prctl$PR_MCE_KILL(0x4e, 0x1, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) 1.796467607s ago: executing program 5 (id=1697): r0 = socket(0x10, 0x803, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0xffffffffffffff8d, &(0x7f0000000080)={0x0, 0xb8}, 0x1, 0x0, 0x0, 0x48040}, 0x114) getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r2, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x48050) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x53a1bd79, 0x7, 0x9, 0x86, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x9}}}, 0x24}}, 0x0) 1.763928468s ago: executing program 6 (id=1698): socket$can_raw(0x1d, 0x3, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0) 1.619967277s ago: executing program 6 (id=1702): r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) close(r1) r2 = openat$binfmt(0xffffffffffffff9c, r0, 0x2, 0x0) write(r2, &(0x7f0000000180)="01", 0x1) close(r2) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1ff) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) 1.524646943s ago: executing program 6 (id=1704): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f00000000c0)=0x800, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c) write$tun(r0, &(0x7f0000000400)={@val={0x8, 0x800}, @val={0x7, 0x3, 0x3, 0x2, 0x14}, @x25={0x2, 0x2, 0x0, "5d1131846429864fd168cd48a8f352411dd59da00749aeabf795"}}, 0x2b) 1.454493206s ago: executing program 1 (id=1705): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000000)={[{@orlov}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@nomblk_io_submit}, {@nomblk_io_submit}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nouid32}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") symlink(&(0x7f0000000b00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000940)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r0 = socket(0x29, 0x5, 0x0) ioctl$SIOCX25GFACILITIES(r0, 0x89e2, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x90000, 0x0) getdents64(r1, &(0x7f0000001400)=""/219, 0xdb) 1.358669782s ago: executing program 0 (id=1706): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0xffffffffffffffff, 0x2}, 0x106020, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r2, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r2, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd}) fcntl$lock(r2, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x90}) 1.302787045s ago: executing program 1 (id=1707): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03", 0x3}], 0x1}, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000400), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r4], 0x1c}}, 0x4008054) write$nci(r0, &(0x7f0000000240)=@NCI_OP_CORE_RESET_NTF={0x0, 0x1, 0x3, 0x0, 0x9, {0x45, 0xfe, 0x20, 0x2, 0x7, 0x4}}, 0xc) write$nci(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="5001"], 0x14) 1.301997535s ago: executing program 5 (id=1708): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x11000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0xb) r0 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2, 0x8000000000000003, {}, 0xfd}, 0x18) sendmsg$nl_route_sched(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x300, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xfff2, 0x3}, {0xd, 0x56e7de01af07971a}, {0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004845}, 0x480c5) close(r1) 1.168604723s ago: executing program 5 (id=1709): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x800) syz_clone(0x9900000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000801000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff0000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000067f000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0xc8df, 0xc000, 0xa, 0x20002f7}) 1.168440113s ago: executing program 6 (id=1710): syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) munmap(&(0x7f000045e000/0x1000)=nil, 0x1000) mremap(&(0x7f0000dde000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil) mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil) munmap(&(0x7f0000a88000/0x1000)=nil, 0x1000) mremap(&(0x7f000061c000/0x13000)=nil, 0x13000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil) mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) 951.963056ms ago: executing program 3 (id=1711): socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000100)={0x80000000, 0x0, 0xfffffffc}, 0x10) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001206", 0x2e}], 0x1}, 0x48000) 490.466332ms ago: executing program 0 (id=1712): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x6}, 0x10) write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'gretap0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x1, 0x9b, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4040c00) 460.120264ms ago: executing program 6 (id=1713): r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40) close_range(r3, 0xffffffffffffffff, 0x2) 364.550619ms ago: executing program 1 (id=1714): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@rights={{0x18, 0x1, 0x1, [r0, r1]}}], 0x18, 0x4004064}, 0x40046) process_vm_writev(0x0, &(0x7f0000000240)=[{0x0}, {0x0}, {&(0x7f0000000400)=""/150, 0x96}], 0x3, 0x0, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0x23c}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000)=0xa, 0x4) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 341.661831ms ago: executing program 5 (id=1715): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) r1 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x58ee, 0x800, 0x200, 0x13c}, &(0x7f00000003c0)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000010000000100000009"], 0x18}, 0x0, 0x20040000}) io_uring_enter(r1, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) 304.788103ms ago: executing program 6 (id=1716): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe6}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000000bc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000002c0)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c64377d503fd9a11c9e5645133ffd67a2512649c040cd61156e462b2816a1566550c7247d1b81dc872bfc085821157c8c6d", 0x102}, {&(0x7f0000000400)="145a977ce90bcec36cee68138cdb7c53108f9e6776eb08ce8c386ceb3ef2feba0afdcd6e04c99847b690d5148d8313f48a14b0418173a7b6a901d1903cd5d6eb2636c718aa1204b697a3dc", 0x4b}, {&(0x7f0000000e00)="bfaff4f4485bc73c2c14fa76a76697938161b1a54e68d0412f2c369299d3d2a6d338972f6dd839e5c3087c6e61d959386b5a29aa0e181f8da9f47a25d9b5c94f1fd45daba5169918e54c7969700fc8c0d7513b4c9df33d3dbccf8d7077b1524bc28799d782ae94e68a2f2de8097bb55ae5795c6be07af87457d9ce99e5bd440d4f096a0f74da88f2a75895b0c390e38b11b62d3977cd8cd3127721cd0241f4effe4e43f0bf6506fa44aef9de83b58ab6f93883483bb2077979d086e9e2f1802241254c7611ac38ae7ca8c823991f43ef7dd50b51195654dc2f63895c913faf1b905a8d2e5c5442196db570bee035eb4bdd98bf2398f662bd1e2a031f175633b3fc5d1d62c7692b12a0b4516ff123c99a8960151bfcae42a87a9e343a395edfcc0b8086455190bb1b827d35362c40a2a475197a44ff6b0d7aba1d5f5b5f3707c7e340eb07a254dd7a880ce2571e61e32f2be942b06cc666a64d829c7645ae97000000000000000000", 0x168}, {&(0x7f0000000ac0)="a94614d7956646f986d7830ecce6938eb5678519607fc05921701bc860f7966e6b62d17fe2b6734f056edf315d30bcd03f05cd3e4b9edb59febbe47e38ed4627bd7158575bb872231e37c847fdf717b11cec11946c4a3f8771542c25", 0x5c}], 0x4}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 268.801595ms ago: executing program 0 (id=1717): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x1000000009, 0x640b9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x8, 0x3fff8000}, 0xa00, 0x81, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0xa) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup(r3) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="0a000010ffffffffffff00000000000086dd6900040000202c00fc020000000000000000000000000001ff02000000000000000000000000000104"], 0x5a) 261.183595ms ago: executing program 5 (id=1718): syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000001080)='./bus\x00', 0x80, &(0x7f00000010c0)=ANY=[@ANYBLOB="666c7573682c6e6f646f74732c646973636172642c646d61736b3d30303030303030303030303030303030303030303030322c646d61736b3d30303030303030303030303030303030303030303137372c646f74732c6e6f646f74732c71756965742c646f74732c0023c3cb4d2e3cbf18508098fe0de2af38db67d42d1bc4ab714d52f019082433fc9ca2d7174b2c4ece31c9f4c7a4d53914e100"/167], 0x1, 0x140, &(0x7f0000000000)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) wait4(r2, 0x0, 0x8, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r3, &(0x7f0000000200)="000bda", 0x3) sendfile(r3, r0, 0x0, 0x40001) sendfile(r3, r1, 0x0, 0x7ffff000) 252.931495ms ago: executing program 1 (id=1719): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000080)=0x97f, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000100)=""/92, &(0x7f00000001c0)=0x5c) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendto$inet(0xffffffffffffffff, &(0x7f0000000100)='5', 0x1, 0x8080, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x4fed, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f3}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) io_uring_enter(r1, 0x2219, 0x7724, 0x16, 0x0, 0x13) 96.614604ms ago: executing program 1 (id=1720): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x2, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x42, 0x7, 0x3}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) sendmsg$tipc(r1, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4) 96.361274ms ago: executing program 0 (id=1721): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @broadcast}, 0x10) setsockopt$sock_int(r0, 0x1, 0x800000000f, &(0x7f0000000080)=0xa, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x2, 0x4) bind$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) listen(r0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f00000000c0)=0xc, 0x4) listen(r1, 0x0) 86.212445ms ago: executing program 1 (id=1722): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb8000) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x77f, &(0x7f0000000600)="$eJzs3c9rHFUcAPDvbJKmTauJIPjjFBA0ULoxNbYKHioeRLBQ0LPtstmGmk22ZDelCQEtIngRVDwIeunZH/Xm1R9X/S88iKVqWqx4kMhsZtpts5smbZKt7ucD07w3b7bvfffNvHm7M8wG0LNG038KEY9FxAdJxHC2PomIgWaqP+LY2nbXV5bL6ZLE6uprvyfNba6tLJej5TWp/Vnm0Yj4/t2Ig4X19dYXl2ZK1Wplfi3bFxFnx+uLS4fOzJamK9OVuSMTk5OHjz579Mj2xfrnT0sHLn/48lNfHfv7nUcuvf9DEsfiQFbWGsd2GY3R7D0ZSN/CW7y03ZV1WdLtBnBXCtnB1x/pGDAcfc0UAPB/9lZErAIAPSZx/geAHpN/D3BtZbmcL939RmJ3XXkxIvauxZ9f31wr6c+u2e1tXgcdupbccmUkiYiRbah/NCI+++aNL9Ildug6JEA7b1+IiFMjo+vH/2TdPQtb9fQGZXuyv6O3rTf+we75Np3/PNdu/le4Mf+JNvOfwTbH7t244/G/bxsq2UA6/3uh5d626y3xZ0b6stwDzTnfQHL6TLWSjm0PRsRYDAym+YkN6hi7+s/VTmWt878/Pnrz87T+9O/NLQq/9g/e+pqpUqN0LzG3unIh4vH+dvEnN/o/6TD/PbHJOl55/r1PO5Wl8afx5sv6+CO7O2lnrF6MeLJt/9+8oy1NjTdmO9yfON7cHcbznaKNr3/+ZKhT/a39ny5p/flngd2Q9v/QxvGPJK33a9bXjv2t+PHi8Hedyu4cf/v9f0/yejOdzyPOlxqN+YmIPcmr69cfvvnaPJ9vn8Y/9kT743+j/T/9THhqk/H3X/7tyw3j39/d/p/aUv+3S6SDdIeimVL10vWZvk71b67/J5upsWzNZsa/Ti29PXEv7x0AAAAAAAAAAAAAAAAAAAAAAAAAbFYhIg5EUijeSBcKxeLab3g/HEOFaq3eOHi6tjA3Fc3fyh6JgUL+qMvhluehTmTPw8/zh2/LPxMRD0XEx4P7kvw5ilNdjh0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcvs7/P5/6pfBbrcOANgxe7vdAABg1zn/A0Dvcf4HgN7j/A8Avcf5HwB6j/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO+zE8ePpsvrXynI5zU+dW1yYqZ07NFWpzxRnF8rFcm3+bHG6VpuuVorl2uyd/r9qrXZ2MuYWzo83KvXGeH1x6eRsbWGucfLMbGm6crIysCtRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDW1BeXZkrVamVe4i4Sq/dHM7qf6Mt2p/ulPbuaSO6PZmxzossDEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/xL8BAAD//7KsH7I=") r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RGETLOCK(r2, &(0x7f00000000c0)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r1, r4, 0xfffffffffffffc01, 0x8) read$msr(r3, &(0x7f0000002140)=""/102400, 0x19000) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xfffffdd6}], 0x1, 0x9c00, 0x0, 0x3) 22.446599ms ago: executing program 0 (id=1723): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0x214000, 0x800}, 0x20) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000240)=0x221130, 0x4) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000040)=0x20000, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'dummy0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, 0x0, 0x0) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) mmap$xdp(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000008, 0x12, r0, 0x100000000) 0s ago: executing program 0 (id=1724): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x1, 0x1, r0}}, 0x40) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r2, 0x0, 0x0}, 0x10) socket(0x10, 0x3, 0x0) r3 = perf_event_open(&(0x7f00000004c0)={0xa, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x840, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x8}, 0x10000, 0x3, 0x5, 0x0, 0x3, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8ac}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r3, 0x2401, 0xff) kernel console output (not intermixed with test programs): o access beyond end of device [ 44.014408][ T4373] loop3: rw=2049, sector=281, nr_sectors = 8 limit=128 [ 44.071801][ T4369] bio_check_eod: 74 callbacks suppressed [ 44.071818][ T4369] syz.3.344: attempt to access beyond end of device [ 44.071818][ T4369] loop3: rw=524288, sector=145, nr_sectors = 16 limit=128 [ 44.105747][ T4365] io-wq is not configured for unbound workers [ 44.117115][ T4369] syz.3.344: attempt to access beyond end of device [ 44.117115][ T4369] loop3: rw=524288, sector=169, nr_sectors = 8 limit=128 [ 44.167672][ T4375] syzkaller0 (unregistering): left allmulticast mode [ 44.174463][ T4375] syzkaller0 (unregistering): left promiscuous mode [ 44.252003][ T4369] syz.3.344: attempt to access beyond end of device [ 44.252003][ T4369] loop3: rw=524288, sector=185, nr_sectors = 8 limit=128 [ 44.273654][ T4369] syz.3.344: attempt to access beyond end of device [ 44.273654][ T4369] loop3: rw=524288, sector=201, nr_sectors = 8 limit=128 [ 44.287796][ T4369] syz.3.344: attempt to access beyond end of device [ 44.287796][ T4369] loop3: rw=524288, sector=217, nr_sectors = 8 limit=128 [ 44.301494][ T4369] syz.3.344: attempt to access beyond end of device [ 44.301494][ T4369] loop3: rw=524288, sector=233, nr_sectors = 8 limit=128 [ 44.315193][ T4369] syz.3.344: attempt to access beyond end of device [ 44.315193][ T4369] loop3: rw=524288, sector=249, nr_sectors = 8 limit=128 [ 44.328774][ T4369] syz.3.344: attempt to access beyond end of device [ 44.328774][ T4369] loop3: rw=524288, sector=265, nr_sectors = 8 limit=128 [ 44.347776][ T4369] syz.3.344: attempt to access beyond end of device [ 44.347776][ T4369] loop3: rw=524288, sector=281, nr_sectors = 8 limit=128 [ 44.361626][ T4369] syz.3.344: attempt to access beyond end of device [ 44.361626][ T4369] loop3: rw=524288, sector=297, nr_sectors = 8 limit=128 [ 44.430478][ T29] audit: type=1400 audit(1769599544.187:424): avc: denied { create } for pid=4385 comm="syz.4.349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 44.453343][ T4386] netlink: 16 bytes leftover after parsing attributes in process `syz.4.349'. [ 44.498086][ T29] audit: type=1400 audit(1769599544.257:425): avc: denied { ioctl } for pid=4391 comm="syz.2.353" path="socket:[9460]" dev="sockfs" ino=9460 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 44.568664][ T29] audit: type=1400 audit(1769599544.327:426): avc: denied { bind } for pid=4395 comm="syz.4.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 44.714408][ T4408] loop2: detected capacity change from 0 to 1024 [ 44.721798][ T4408] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 44.733440][ T4408] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 44.751476][ T4408] JBD2: no valid journal superblock found [ 44.757251][ T4408] EXT4-fs (loop2): Could not load journal inode [ 44.786964][ T4415] process 'syz.4.363' launched './file1' with NULL argv: empty string added [ 44.796760][ T29] audit: type=1400 audit(1769599544.557:427): avc: denied { execute_no_trans } for pid=4414 comm="syz.4.363" path="/93/file1" dev="tmpfs" ino=496 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 44.838021][ T4417] netlink: 12 bytes leftover after parsing attributes in process `syz.0.364'. [ 44.887095][ T29] audit: type=1326 audit(1769599544.647:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4418 comm="syz.4.365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47e949aeb9 code=0x7ffc0000 [ 45.102077][ T4426] loop0: detected capacity change from 0 to 512 [ 45.119829][ T4426] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 45.132901][ T4426] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 45.152416][ T4426] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 45.193670][ T4426] EXT4-fs (loop0): 1 truncate cleaned up [ 45.202008][ T4426] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.294012][ T4430] netlink: 4 bytes leftover after parsing attributes in process `syz.3.370'. [ 45.370954][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.460000][ T4438] loop3: detected capacity change from 0 to 128 [ 45.587902][ T4447] netlink: 4 bytes leftover after parsing attributes in process `syz.1.377'. [ 45.651099][ T4447] netlink: 12 bytes leftover after parsing attributes in process `syz.1.377'. [ 45.694473][ T4454] tipc: Started in network mode [ 45.699376][ T4454] tipc: Node identity 4, cluster identity 4711 [ 45.705619][ T4454] tipc: Node number set to 4 [ 45.804694][ T4461] gtp0: entered promiscuous mode [ 46.043311][ T4468] loop3: detected capacity change from 0 to 128 [ 46.074618][ T36] Process accounting resumed [ 46.079294][ T36] FAT-fs (loop3): error, corrupted file size (i_pos 548, 512) [ 46.086893][ T36] FAT-fs (loop3): Filesystem has been set read-only [ 46.491538][ T4481] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 46.686493][ T4492] netlink: 24 bytes leftover after parsing attributes in process `syz.1.397'. [ 47.362679][ T4517] netlink: 'syz.1.407': attribute type 1 has an invalid length. [ 49.003440][ T4540] netlink: 8 bytes leftover after parsing attributes in process `syz.0.416'. [ 49.012310][ T4540] netlink: 28 bytes leftover after parsing attributes in process `syz.0.416'. [ 49.043387][ T4540] geneve0: entered promiscuous mode [ 49.048645][ T4540] geneve0: entered allmulticast mode [ 49.172476][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 49.172491][ T29] audit: type=1400 audit(1769599548.937:463): avc: denied { ioctl } for pid=4543 comm="syz.2.417" path="/dev/input/event0" dev="devtmpfs" ino=242 ioctlcmd=0x4592 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 49.349627][ T29] audit: type=1400 audit(1769599549.107:464): avc: denied { cpu } for pid=4546 comm="syz.0.418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 49.714787][ T4556] loop2: detected capacity change from 0 to 512 [ 49.721391][ T4556] EXT4-fs: test_dummy_encryption option not supported [ 50.055477][ T4561] netlink: 132 bytes leftover after parsing attributes in process `syz.3.423'. [ 50.085042][ T29] audit: type=1400 audit(1769599549.847:465): avc: denied { mount } for pid=4562 comm="syz.3.424" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 50.201496][ T4570] netlink: 2028 bytes leftover after parsing attributes in process `syz.3.426'. [ 50.210606][ T4570] netlink: 24 bytes leftover after parsing attributes in process `syz.3.426'. [ 50.681559][ T29] audit: type=1400 audit(1769599550.437:466): avc: denied { name_connect } for pid=4575 comm="syz.0.430" dest=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 51.388466][ T4592] netlink: 12 bytes leftover after parsing attributes in process `syz.3.437'. [ 51.664629][ T29] audit: type=1400 audit(1769599551.427:467): avc: denied { execute } for pid=4598 comm="syz.0.440" path="/81/cpu.stat" dev="tmpfs" ino=446 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 51.741965][ T29] audit: type=1400 audit(1769599551.497:468): avc: denied { write } for pid=4600 comm="syz.0.441" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 52.139822][ T4612] netlink: 24 bytes leftover after parsing attributes in process `syz.3.445'. [ 52.304576][ T4615] loop2: detected capacity change from 0 to 1024 [ 52.320482][ T29] audit: type=1400 audit(1769599552.077:469): avc: denied { read } for pid=4613 comm="syz.3.446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 52.361761][ T4615] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 52.375605][ T29] audit: type=1326 audit(1769599552.137:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.0.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 52.398965][ T29] audit: type=1326 audit(1769599552.137:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.0.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 52.420985][ T4615] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.422215][ T29] audit: type=1326 audit(1769599552.137:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4622 comm="syz.0.449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 52.485093][ T4615] EXT4-fs error (device loop2): ext4_map_blocks:825: inode #15: comm syz.2.447: lblock 0 mapped to illegal pblock 0 (length 1) [ 52.559110][ T4615] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 52.571500][ T4615] EXT4-fs (loop2): This should not happen!! Data will be lost [ 52.571500][ T4615] [ 52.623921][ T4626] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #15: comm syz.2.447: lblock 0 mapped to illegal pblock 0 (length 1) [ 52.683175][ T4626] EXT4-fs error (device loop2): ext4_map_blocks:825: inode #15: block 3: comm syz.2.447: lblock 3 mapped to illegal pblock 3 (length 1) [ 52.730815][ T4629] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #15: comm syz.2.447: lblock 0 mapped to illegal pblock 0 (length 1) [ 52.787252][ T4633] loop0: detected capacity change from 0 to 512 [ 52.792142][ T4626] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 52.805991][ T4626] EXT4-fs (loop2): This should not happen!! Data will be lost [ 52.805991][ T4626] [ 52.818397][ T4633] EXT4-fs: Ignoring removed nobh option [ 52.833258][ T4633] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 52.855559][ T4629] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #15: comm syz.2.447: lblock 0 mapped to illegal pblock 0 (length 1) [ 52.858605][ T4633] EXT4-fs (loop0): 1 truncate cleaned up [ 52.895707][ T4633] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.909005][ T4629] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #15: comm syz.2.447: lblock 0 mapped to illegal pblock 0 (length 1) [ 52.944992][ T4629] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #15: block 3: comm syz.2.447: lblock 3 mapped to illegal pblock 3 (length 1) [ 52.962459][ T4633] netlink: 131740 bytes leftover after parsing attributes in process `syz.0.452'. [ 52.972432][ T4633] netlink: zone id is out of range [ 52.978151][ T4633] netlink: zone id is out of range [ 52.984082][ T4633] netlink: zone id is out of range [ 52.989954][ T4633] netlink: zone id is out of range [ 52.996324][ T4633] netlink: zone id is out of range [ 53.001743][ T4633] netlink: zone id is out of range [ 53.007413][ T4633] netlink: zone id is out of range [ 53.014001][ T4629] EXT4-fs error (device loop2): ext4_ext_remove_space:2955: inode #15: comm syz.2.447: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0) [ 53.014899][ T4633] netlink: zone id is out of range [ 53.040068][ T4633] netlink: zone id is out of range [ 53.045729][ T4633] netlink: zone id is out of range [ 53.064588][ T4615] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #15: comm syz.2.447: lblock 0 mapped to illegal pblock 0 (length 1) [ 53.103749][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.112919][ T4615] EXT4-fs error (device loop2): ext4_free_blocks:6728: comm syz.2.447: Freeing blocks not in datazone - block = 3, count = 1 [ 53.211193][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 53.689489][ T4667] vhci_hcd vhci_hcd.0: invalid port number 97 [ 53.695633][ T4667] vhci_hcd vhci_hcd.0: default hub control req: 4012 v004f i0061 l0 [ 54.277521][ T4689] netlink: 4 bytes leftover after parsing attributes in process `syz.2.477'. [ 54.339192][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 54.339207][ T29] audit: type=1400 audit(1769599554.097:481): avc: denied { shutdown } for pid=4686 comm="syz.0.476" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 54.525784][ T4689] team0: Port device team_slave_0 removed [ 54.918259][ T29] audit: type=1400 audit(1769599554.677:482): avc: denied { cmd } for pid=4708 comm="syz.2.484" path="socket:[10882]" dev="sockfs" ino=10882 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 55.250937][ T29] audit: type=1326 audit(1769599555.007:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4718 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f143c69aeb9 code=0x7ffc0000 [ 55.274242][ T29] audit: type=1326 audit(1769599555.007:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4718 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f143c69aeb9 code=0x7ffc0000 [ 55.297669][ T29] audit: type=1326 audit(1769599555.007:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4718 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f143c69aeb9 code=0x7ffc0000 [ 55.321227][ T29] audit: type=1326 audit(1769599555.007:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4718 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f143c69aeb9 code=0x7ffc0000 [ 55.368935][ T29] audit: type=1326 audit(1769599555.057:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4718 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f143c65b78e code=0x7ffc0000 [ 55.392247][ T29] audit: type=1326 audit(1769599555.057:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4718 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f143c65b78e code=0x7ffc0000 [ 55.415586][ T29] audit: type=1326 audit(1769599555.057:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4718 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f143c65b78e code=0x7ffc0000 [ 55.438981][ T29] audit: type=1326 audit(1769599555.057:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4718 comm="syz.2.488" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f143c65b78e code=0x7ffc0000 [ 55.756899][ T4739] netlink: 16 bytes leftover after parsing attributes in process `syz.3.496'. [ 56.271729][ T4761] tQ±6ã×\b‹¡Y­4: renamed from lo (while UP) [ 56.402063][ T4768] netlink: 'syz.3.507': attribute type 1 has an invalid length. [ 56.433226][ T4771] loop1: detected capacity change from 0 to 512 [ 56.478252][ T4768] 8021q: adding VLAN 0 to HW filter on device bond2 [ 56.501232][ T4773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.508'. [ 56.533423][ T4771] EXT4-fs: Ignoring removed bh option [ 56.693161][ T4772] bond2: (slave dummy0): making interface the new active one [ 56.756635][ T4772] bond2: (slave dummy0): Enslaving as an active interface with an up link [ 56.847168][ T4774] bond2: entered promiscuous mode [ 56.871114][ T4774] dummy0: entered promiscuous mode [ 56.877465][ T4766] bond2: left promiscuous mode [ 56.913032][ T4766] dummy0: left promiscuous mode [ 57.045259][ T4781] netlink: 24 bytes leftover after parsing attributes in process `syz.3.512'. [ 57.418112][ T4802] loop1: detected capacity change from 0 to 1024 [ 57.442496][ T4799] bond3: entered promiscuous mode [ 57.451149][ T4799] 8021q: adding VLAN 0 to HW filter on device bond3 [ 57.517832][ T4803] bridge2: entered promiscuous mode [ 57.688448][ T4807] loop1: detected capacity change from 0 to 512 [ 57.766887][ T4807] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 57.812262][ T4807] EXT4-fs (loop1): write access unavailable, skipping orphan cleanup [ 57.838860][ T4807] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 58.023222][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.857079][ T4848] loop0: detected capacity change from 0 to 512 [ 58.866259][ T4848] EXT4-fs: Ignoring removed oldalloc option [ 58.913277][ T4848] EXT4-fs error (device loop0): ext4_xattr_inode_iget:437: comm syz.0.539: Parent and EA inode have the same ino 15 [ 58.944786][ T4854] loop1: detected capacity change from 0 to 512 [ 58.952936][ T4848] EXT4-fs error (device loop0): ext4_xattr_inode_iget:437: comm syz.0.539: Parent and EA inode have the same ino 15 [ 58.972379][ T4856] ref_ctr increment failed for inode: 0x258 offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff8881274a4a40 [ 58.989043][ T4855] uprobe: syz.3.542:4855 failed to unregister, leaking uprobe [ 59.024318][ T4848] EXT4-fs (loop0): 1 orphan inode deleted [ 59.043244][ T4848] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.060153][ T4848] netlink: 20 bytes leftover after parsing attributes in process `syz.0.539'. [ 59.224450][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.511725][ T29] kauditd_printk_skb: 65 callbacks suppressed [ 59.511739][ T29] audit: type=1326 audit(1769599559.277:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 59.515513][ T4875] netlink: 83992 bytes leftover after parsing attributes in process `syz.0.550'. [ 59.518037][ T29] audit: type=1326 audit(1769599559.277:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 59.518062][ T29] audit: type=1326 audit(1769599559.277:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 59.560896][ T4875] net_ratelimit: 11 callbacks suppressed [ 59.560913][ T4875] netlink: zone id is out of range [ 59.573582][ T29] audit: type=1326 audit(1769599559.277:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 59.596689][ T4875] netlink: zone id is out of range [ 59.608179][ T4875] netlink: zone id is out of range [ 59.630743][ T29] audit: type=1326 audit(1769599559.277:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 59.630772][ T29] audit: type=1326 audit(1769599559.277:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 59.687554][ T29] audit: type=1326 audit(1769599559.277:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 59.710789][ T29] audit: type=1326 audit(1769599559.277:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 59.734022][ T29] audit: type=1326 audit(1769599559.277:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 59.775085][ T4875] netlink: set zone limit has 8 unknown bytes [ 59.902122][ T29] audit: type=1326 audit(1769599559.547:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 59.926953][ T4885] netlink: 4 bytes leftover after parsing attributes in process `syz.3.555'. [ 59.938904][ T4885] netlink: 12 bytes leftover after parsing attributes in process `syz.3.555'. [ 60.157441][ T4902] netlink: 12 bytes leftover after parsing attributes in process `syz.1.562'. [ 60.435201][ T50] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.490630][ T4928] syz.2.569 (4928) used greatest stack depth: 8944 bytes left [ 60.550558][ T50] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.593681][ T50] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.637352][ T50] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 60.669890][ T4912] chnl_net:caif_netlink_parms(): no params data found [ 60.715775][ T4959] netlink: 12 bytes leftover after parsing attributes in process `syz.1.581'. [ 60.766545][ T4912] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.773739][ T4912] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.788043][ T4912] bridge_slave_0: entered allmulticast mode [ 60.796206][ T4912] bridge_slave_0: entered promiscuous mode [ 60.806466][ T4966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.583'. [ 60.820225][ T4912] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.827379][ T4912] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.835025][ T4912] bridge_slave_1: entered allmulticast mode [ 60.841663][ T4912] bridge_slave_1: entered promiscuous mode [ 60.859231][ T4912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.874549][ T4912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.098745][ T50] bond0 (unregistering): Released all slaves [ 61.136811][ T4912] team0: Port device team_slave_0 added [ 61.156052][ T4912] team0: Port device team_slave_1 added [ 61.176243][ T50] hsr_slave_0: left promiscuous mode [ 61.192249][ T50] hsr_slave_1: left promiscuous mode [ 61.214520][ T50] veth1_macvtap: left promiscuous mode [ 61.220022][ T50] veth0_macvtap: left promiscuous mode [ 61.237854][ T50] veth1_vlan: left promiscuous mode [ 61.243210][ T50] veth0_vlan: left promiscuous mode [ 61.436445][ T4975] bridge_slave_0: left allmulticast mode [ 61.442176][ T4975] bridge_slave_0: left promiscuous mode [ 61.447877][ T4975] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.459472][ T4990] netlink: 12 bytes leftover after parsing attributes in process `syz.1.593'. [ 61.491015][ T4975] bond0: (slave bond_slave_0): Releasing backup interface [ 61.504126][ T4975] bond0: (slave bond_slave_1): Releasing backup interface [ 61.513222][ T4992] 9pnet: p9_errstr2errno: server reported unknown error ÿÿÿÿÛß% [ 61.525075][ T4975] team0: Port device team_slave_1 removed [ 61.532218][ T4975] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 61.539644][ T4975] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 61.552704][ T4975] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 61.560125][ T4975] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 61.577833][ T5000] netlink: 12 bytes leftover after parsing attributes in process `syz.0.605'. [ 61.578157][ T4975] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 61.617088][ T4912] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.624077][ T4912] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.650131][ T4912] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.684641][ T4912] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.691634][ T4912] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.717756][ T4912] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.750063][ T5000] netlink: 'syz.0.605': attribute type 1 has an invalid length. [ 61.797823][ T4912] hsr_slave_0: entered promiscuous mode [ 61.808696][ T4912] hsr_slave_1: entered promiscuous mode [ 61.814712][ T4912] debugfs: 'hsr0' already exists in 'hsr' [ 61.820461][ T4912] Cannot create hsr debugfs directory [ 62.055435][ T4912] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 62.073801][ T4912] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 62.076826][ T5055] loop1: detected capacity change from 0 to 2048 [ 62.089241][ T4912] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 62.107173][ T4912] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 62.184734][ T5055] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.611'. [ 62.208816][ T4912] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.225820][ T4912] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.242485][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.249569][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.278053][ T5074] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 62.285320][ T5074] IPv6: NLM_F_CREATE should be set when creating new route [ 62.285668][ T4912] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 62.292547][ T5074] IPv6: NLM_F_CREATE should be set when creating new route [ 62.310218][ T4912] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.325252][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.332369][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.402903][ T4912] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.432727][ T5090] netlink: 24 bytes leftover after parsing attributes in process `syz.3.615'. [ 62.469824][ T5092] loop1: detected capacity change from 0 to 2048 [ 62.644807][ T5121] netlink: 'syz.1.623': attribute type 83 has an invalid length. [ 62.656760][ T5126] veth1_macvtap: left promiscuous mode [ 62.689298][ T4912] veth0_vlan: entered promiscuous mode [ 62.716259][ T4912] veth1_vlan: entered promiscuous mode [ 62.755254][ T4912] veth0_macvtap: entered promiscuous mode [ 62.779791][ T4912] veth1_macvtap: entered promiscuous mode [ 62.816979][ T4912] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.846576][ T4912] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.858197][ T312] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.879461][ T312] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.925212][ T312] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.963668][ T312] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.991203][ T5163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 63.020871][ T5163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 63.311940][ T5165] loop0: detected capacity change from 0 to 32768 [ 63.359673][ T5165] loop0: p1 p3 < p5 p6 > [ 63.404968][ T5188] af_packet: tpacket_rcv: packet too big, clamped from 65386 to 4294967272. macoff=96 [ 63.453133][ T5192] loop1: detected capacity change from 0 to 512 [ 63.501300][ T5192] EXT4-fs: Ignoring removed oldalloc option [ 63.505357][ T5192] loop1: detected capacity change from 0 to 128 [ 63.535609][ T5200] netlink: 'syz.1.646': attribute type 4 has an invalid length. [ 63.572144][ T5200] netlink: 'syz.1.646': attribute type 4 has an invalid length. [ 63.730398][ T5214] loop0: detected capacity change from 0 to 1024 [ 63.931259][ T5214] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 63.980904][ T5214] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.177562][ T5214] EXT4-fs error (device loop0): ext4_free_blocks:6728: comm syz.0.645: Freeing blocks not in datazone - block = 0, count = 16 [ 64.264497][ T50] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm kworker/u8:3: bg 0: block 112: padding at end of block bitmap is not set [ 64.279819][ T50] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 64.292101][ T50] EXT4-fs (loop0): This should not happen!! Data will be lost [ 64.292101][ T50] [ 64.301786][ T50] EXT4-fs (loop0): Total free blocks count 0 [ 64.307768][ T50] EXT4-fs (loop0): Free/Dirty block details [ 64.313679][ T50] EXT4-fs (loop0): free_blocks=16 [ 64.318703][ T50] EXT4-fs (loop0): dirty_blocks=80 [ 64.323830][ T50] EXT4-fs (loop0): Block reservation details [ 64.329805][ T50] EXT4-fs (loop0): i_reserved_data_blocks=5 [ 64.340678][ T50] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 29 with max blocks 47 with error 28 [ 64.376450][ T5251] veth1_to_bridge: entered promiscuous mode [ 64.382617][ T5251] macsec1: entered promiscuous mode [ 64.388028][ T5251] macsec1: entered allmulticast mode [ 64.393479][ T5251] veth1_to_bridge: entered allmulticast mode [ 64.588406][ T5264] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 64.818129][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 64.818147][ T29] audit: type=1400 audit(1769599564.577:626): avc: denied { append } for pid=5269 comm="syz.2.670" name="event1" dev="devtmpfs" ino=243 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 64.854078][ T5270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 64.868020][ T5270] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 64.909105][ T5270] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.998585][ T5270] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.070008][ T5270] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.100285][ T5278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.118455][ T5278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.135104][ T5278] ref_ctr_offset mismatch. inode: 0x359 offset: 0x0 ref_ctr_offset(old): 0x100 ref_ctr_offset(new): 0x0 [ 65.182620][ T5270] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.306330][ T312] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.366244][ T31] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.403305][ T31] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.445620][ T31] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.559512][ T29] audit: type=1400 audit(1769599565.317:627): avc: denied { ioctl } for pid=5309 comm="syz.0.687" path="/dev/ppp" dev="devtmpfs" ino=139 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 65.565480][ T5310] random: crng reseeded on system resumption [ 65.588449][ T29] audit: type=1400 audit(1769599565.327:628): avc: denied { write } for pid=5309 comm="syz.0.687" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 65.612932][ T29] audit: type=1400 audit(1769599565.327:629): avc: denied { open } for pid=5309 comm="syz.0.687" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 65.636238][ T29] audit: type=1400 audit(1769599565.367:630): avc: denied { ioctl } for pid=5309 comm="syz.0.687" path="/dev/snapshot" dev="devtmpfs" ino=90 ioctlcmd=0x3309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 65.832957][ T5325] netlink: 'syz.1.691': attribute type 1 has an invalid length. [ 65.848409][ T5325] 8021q: adding VLAN 0 to HW filter on device bond2 [ 65.873123][ T5325] 8021q: adding VLAN 0 to HW filter on device bond2 [ 65.880410][ T5325] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 65.892930][ T5325] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 66.129217][ T5337] loop1: detected capacity change from 0 to 128 [ 66.227695][ T29] audit: type=1400 audit(1769599565.987:631): avc: denied { mount } for pid=5341 comm="syz.2.699" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 66.249612][ T29] audit: type=1400 audit(1769599565.997:632): avc: denied { watch watch_reads } for pid=5341 comm="syz.2.699" path="/bus" dev="sysfs" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 66.384739][ T5354] __nla_validate_parse: 7 callbacks suppressed [ 66.384759][ T5354] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.705'. [ 66.433948][ T5360] loop5: detected capacity change from 0 to 512 [ 66.464273][ T29] audit: type=1326 audit(1769599566.217:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5361 comm="syz.3.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55ec81aeb9 code=0x7ffc0000 [ 66.487612][ T29] audit: type=1326 audit(1769599566.217:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5361 comm="syz.3.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55ec81aeb9 code=0x7ffc0000 [ 66.511032][ T29] audit: type=1326 audit(1769599566.217:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5361 comm="syz.3.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f55ec81aeb9 code=0x7ffc0000 [ 66.511690][ T5358] loop2: detected capacity change from 0 to 8192 [ 66.561418][ T5360] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 66.569566][ T5360] EXT4-fs (loop5): orphan cleanup on readonly fs [ 66.576214][ T5360] EXT4-fs error (device loop5): ext4_quota_enable:7173: comm syz.5.708: Bad quota inum: 5, type: 1 [ 66.606434][ T5360] EXT4-fs warning (device loop5): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=5). Please run e2fsck to fix. [ 66.628854][ T5360] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 66.637809][ T5360] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 66.750475][ T4912] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.795546][ T5376] loop0: detected capacity change from 0 to 512 [ 66.811189][ T5376] EXT4-fs: Ignoring removed nobh option [ 66.833249][ T5376] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.860837][ T5376] ext4 filesystem being mounted at /129/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 66.919237][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.934593][ T5386] macvtap1: entered promiscuous mode [ 66.940587][ T5386] team0: entered promiscuous mode [ 66.949556][ T5386] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 66.964761][ T5386] team0: Device macvtap1 is already an upper device of the team interface [ 66.980934][ T5386] team0: left promiscuous mode [ 67.123695][ T5401] netlink: 12 bytes leftover after parsing attributes in process `syz.2.723'. [ 67.132745][ T5401] netlink: 12 bytes leftover after parsing attributes in process `syz.2.723'. [ 67.143673][ T5399] loop1: detected capacity change from 0 to 128 [ 67.151968][ T5401] netlink: 8 bytes leftover after parsing attributes in process `syz.2.723'. [ 67.160966][ T5401] netlink: 8 bytes leftover after parsing attributes in process `syz.2.723'. [ 67.176610][ T5399] netlink: 'syz.1.722': attribute type 39 has an invalid length. [ 67.230563][ T5409] 8021q: adding VLAN 0 to HW filter on device bond1 [ 67.251321][ T5409] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 67.340912][ T50] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 67.471746][ T312] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 67.518357][ T5407] cgroup: fork rejected by pids controller in /syz2 [ 67.664296][ T5468] netlink: 'syz.3.739': attribute type 29 has an invalid length. [ 67.682671][ T5468] netlink: 'syz.3.739': attribute type 29 has an invalid length. [ 67.701831][ T5468] netlink: 500 bytes leftover after parsing attributes in process `syz.3.739'. [ 67.786161][ T5480] loop2: detected capacity change from 0 to 512 [ 67.812348][ T5480] EXT4-fs (loop2): orphan cleanup on readonly fs [ 67.818733][ T5480] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 67.842309][ T5480] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 67.856979][ T5480] EXT4-fs error (device loop2): ext4_clear_blocks:876: inode #13: comm syz.2.743: attempt to clear invalid blocks 2 len 1 [ 67.886295][ T5480] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.743: invalid indirect mapped block 1819239214 (level 0) [ 67.941457][ T5480] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.743: invalid indirect mapped block 1819239214 (level 1) [ 67.955931][ T5480] EXT4-fs (loop2): 1 truncate cleaned up [ 67.958295][ T5484] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 67.962806][ T5480] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 68.049414][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.138785][ T5505] netlink: 52 bytes leftover after parsing attributes in process `syz.5.754'. [ 68.163347][ T5508] netlink: 20 bytes leftover after parsing attributes in process `syz.5.755'. [ 68.809242][ T5538] SELinux: failed to load policy [ 68.851617][ T5540] loop1: detected capacity change from 0 to 1024 [ 69.354439][ T5558] chnl_net:caif_netlink_parms(): no params data found [ 69.448567][ T5558] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.455717][ T5558] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.465862][ T5558] bridge_slave_0: entered allmulticast mode [ 69.472558][ T5558] bridge_slave_0: entered promiscuous mode [ 69.479532][ T5558] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.486740][ T5558] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.494326][ T5558] bridge_slave_1: entered allmulticast mode [ 69.500892][ T5558] bridge_slave_1: entered promiscuous mode [ 69.518814][ T5558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.529483][ T5558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.550268][ T5558] team0: Port device team_slave_0 added [ 69.556854][ T5558] team0: Port device team_slave_1 added [ 69.574193][ T5558] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.581168][ T5558] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 69.607078][ T5558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.618770][ T5558] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.625781][ T5558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 69.651738][ T5558] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.678654][ T5558] hsr_slave_0: entered promiscuous mode [ 69.684840][ T5558] hsr_slave_1: entered promiscuous mode [ 69.690844][ T5558] debugfs: 'hsr0' already exists in 'hsr' [ 69.696568][ T5558] Cannot create hsr debugfs directory [ 69.827234][ T5558] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 69.836631][ T5558] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 69.846242][ T5558] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 69.855417][ T5558] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 69.917164][ T5599] veth4: entered promiscuous mode [ 69.922364][ T5599] veth4: entered allmulticast mode [ 70.010371][ T5558] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.017436][ T5558] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.024808][ T5558] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.031899][ T5558] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.106683][ T5558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.124965][ T31] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.133258][ T31] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.145551][ T5558] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.156206][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.163365][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.208705][ T5558] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 70.208731][ T5558] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 70.213745][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.237680][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.325696][ T5630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.791'. [ 70.334546][ T5630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.791'. [ 70.363897][ T5558] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.439901][ T5613] loop0: detected capacity change from 0 to 32768 [ 70.569378][ T5558] veth0_vlan: entered promiscuous mode [ 70.593652][ T5558] veth1_vlan: entered promiscuous mode [ 70.602413][ T29] kauditd_printk_skb: 50 callbacks suppressed [ 70.602428][ T29] audit: type=1400 audit(1769599570.367:686): avc: denied { create } for pid=5653 comm="syz.3.796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 70.637350][ T5558] veth0_macvtap: entered promiscuous mode [ 70.658004][ T5653] delete_channel: no stack [ 70.677272][ T5558] veth1_macvtap: entered promiscuous mode [ 70.691339][ T29] audit: type=1400 audit(1769599570.417:687): avc: denied { bind } for pid=5653 comm="syz.3.796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 70.717027][ T5558] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.738631][ T5558] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.764497][ T312] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.792146][ T312] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.813364][ T1680] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.832470][ T29] audit: type=1400 audit(1769599570.597:688): avc: denied { ioctl } for pid=5659 comm="syz.3.799" path="socket:[20083]" dev="sockfs" ino=20083 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 70.844736][ T1680] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.857033][ T29] audit: type=1400 audit(1769599570.597:689): avc: denied { write } for pid=5659 comm="syz.3.799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 70.947214][ T29] audit: type=1400 audit(1769599570.657:690): avc: denied { write } for pid=5662 comm="syz.1.800" name="001" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 70.948791][ T5665] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 71.115617][ T5665] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 71.195308][ T29] audit: type=1400 audit(1769599570.957:691): avc: denied { bind } for pid=5671 comm="syz.6.804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 71.254496][ T29] audit: type=1400 audit(1769599570.957:692): avc: denied { name_bind } for pid=5671 comm="syz.6.804" src=28196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 71.275189][ T29] audit: type=1400 audit(1769599570.957:693): avc: denied { node_bind } for pid=5671 comm="syz.6.804" src=28196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 71.324109][ T1680] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.346300][ T5676] netlink: 'syz.6.805': attribute type 2 has an invalid length. [ 71.355099][ T5676] netlink: 'syz.6.805': attribute type 8 has an invalid length. [ 71.402146][ T1680] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.532535][ T1680] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.583917][ T1680] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.876170][ T1680] bond0 (unregistering): Released all slaves [ 71.932384][ T1680] hsr_slave_0: left promiscuous mode [ 71.944717][ T1680] hsr_slave_1: left promiscuous mode [ 71.966623][ T1680] veth1_macvtap: left promiscuous mode [ 72.340885][ T29] audit: type=1400 audit(1769599572.087:694): avc: denied { create } for pid=5721 comm="syz.5.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 72.357766][ T1680] veth0_macvtap: left promiscuous mode [ 72.376086][ T1680] veth1_vlan: left promiscuous mode [ 72.386120][ T1680] veth0_vlan: left promiscuous mode [ 72.686969][ T5720] team_slave_0: entered promiscuous mode [ 72.692743][ T5720] team_slave_1: entered promiscuous mode [ 72.699606][ T5720] macvtap1: entered promiscuous mode [ 72.704990][ T5720] team0: entered promiscuous mode [ 72.712780][ T5720] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 72.722597][ T5720] team0: Device macvtap1 is already an upper device of the team interface [ 72.841710][ T5720] team0: left promiscuous mode [ 72.846841][ T5720] team_slave_0: left promiscuous mode [ 72.852270][ T5720] team_slave_1: left promiscuous mode [ 73.117837][ T5797] __nla_validate_parse: 1 callbacks suppressed [ 73.117856][ T5797] netlink: 1304 bytes leftover after parsing attributes in process `syz.3.819'. [ 73.318385][ T5852] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.341695][ T29] audit: type=1400 audit(1769599573.097:695): avc: denied { mount } for pid=5851 comm="syz.1.825" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 73.412377][ T5864] netlink: 12 bytes leftover after parsing attributes in process `syz.1.826'. [ 73.655571][ T5895] loop1: detected capacity change from 0 to 164 [ 73.678652][ T5895] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 73.730833][ T5895] netlink: 16 bytes leftover after parsing attributes in process `syz.1.839'. [ 73.796831][ T5893] loop5: detected capacity change from 0 to 512 [ 73.863909][ T5893] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 73.894958][ T5893] EXT4-fs (loop5): orphan cleanup on readonly fs [ 73.910977][ T5893] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4215: comm syz.5.829: Allocating blocks 41-42 which overlap fs metadata [ 73.928638][ T5893] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4215: comm syz.5.829: Allocating blocks 41-42 which overlap fs metadata [ 73.946389][ T5893] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.829: Failed to acquire dquot type 1 [ 73.961098][ T5893] EXT4-fs error (device loop5): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 73.977884][ T5893] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #12: comm syz.5.829: corrupted inode contents [ 73.996051][ T5893] EXT4-fs error (device loop5): ext4_dirty_inode:6502: inode #12: comm syz.5.829: mark_inode_dirty error [ 74.018903][ T5893] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #12: comm syz.5.829: corrupted inode contents [ 74.033216][ T5893] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #12: comm syz.5.829: mark_inode_dirty error [ 74.053804][ T5893] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #12: comm syz.5.829: corrupted inode contents [ 74.071818][ T5893] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem [ 74.087011][ T5893] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #12: comm syz.5.829: corrupted inode contents [ 74.112090][ T5893] EXT4-fs error (device loop5): ext4_truncate:4635: inode #12: comm syz.5.829: mark_inode_dirty error [ 74.127832][ T5893] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem [ 74.139907][ T5893] EXT4-fs (loop5): 1 truncate cleaned up [ 74.157241][ T5893] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 74.237246][ T4912] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.265160][ T5944] netlink: 28 bytes leftover after parsing attributes in process `syz.5.835'. [ 74.303126][ T5948] netlink: 16 bytes leftover after parsing attributes in process `syz.1.837'. [ 74.433450][ T5852] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.493665][ T5852] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.536172][ T5964] netlink: 'syz.0.844': attribute type 1 has an invalid length. [ 74.554212][ T5852] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.608608][ T50] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.622163][ T1680] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.659134][ T1680] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.680261][ T1680] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.727790][ T5976] loop6: detected capacity change from 0 to 512 [ 74.781431][ T5976] EXT4-fs: Ignoring removed orlov option [ 74.816336][ T5976] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.959126][ T5980] loop0: detected capacity change from 0 to 512 [ 74.973931][ T5980] ext4: Unknown parameter 'noacl' [ 74.991659][ T5558] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.090406][ T6024] loop0: detected capacity change from 0 to 1024 [ 75.099228][ T6024] EXT4-fs: test_dummy_encryption option not supported [ 75.194384][ T6041] netlink: 12 bytes leftover after parsing attributes in process `syz.0.858'. [ 75.291684][ T6046] loop6: detected capacity change from 0 to 512 [ 75.317202][ T6046] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.330143][ T6046] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.414718][ T5558] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.472403][ T6056] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 75.558368][ T6066] netlink: 8 bytes leftover after parsing attributes in process `syz.0.868'. [ 75.567357][ T6066] netlink: 8 bytes leftover after parsing attributes in process `syz.0.868'. [ 75.621030][ T29] kauditd_printk_skb: 29 callbacks suppressed [ 75.621122][ T29] audit: type=1326 audit(1769599575.377:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6068 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 75.663489][ T29] audit: type=1326 audit(1769599575.387:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6068 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 75.686814][ T29] audit: type=1326 audit(1769599575.387:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6068 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 75.710370][ T29] audit: type=1326 audit(1769599575.387:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6068 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 75.733711][ T29] audit: type=1326 audit(1769599575.387:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6068 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 75.757012][ T29] audit: type=1326 audit(1769599575.387:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6068 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 75.780373][ T29] audit: type=1326 audit(1769599575.387:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6068 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 75.804006][ T29] audit: type=1326 audit(1769599575.387:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6068 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 75.827624][ T29] audit: type=1326 audit(1769599575.387:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6068 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 75.850848][ T29] audit: type=1326 audit(1769599575.387:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6068 comm="syz.0.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 76.032189][ T6100] loop5: detected capacity change from 0 to 256 [ 76.072928][ T6100] FAT-fs (loop5): codepage cp932 not found [ 76.501861][ T6107] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 76.666240][ T6114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.682830][ T6114] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.728733][ T6114] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.822444][ T6114] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.888424][ T6119] netlink: 28 bytes leftover after parsing attributes in process `syz.5.892'. [ 76.943657][ T6114] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.122099][ T6114] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.292096][ T42] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.342353][ T42] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.414656][ T42] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.432184][ T42] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.050406][ T6160] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 78.066240][ T6161] netlink: 28 bytes leftover after parsing attributes in process `syz.0.918'. [ 78.203556][ T6176] loop0: detected capacity change from 0 to 512 [ 78.232062][ T6176] EXT4-fs: Ignoring removed oldalloc option [ 78.242159][ T6176] EXT4-fs (loop0): 1 truncate cleaned up [ 78.252855][ T6176] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.320978][ T6181] loop5: detected capacity change from 0 to 1024 [ 78.349116][ T6181] EXT4-fs: test_dummy_encryption option not supported [ 78.364284][ T6181] netlink: 12 bytes leftover after parsing attributes in process `syz.5.917'. [ 78.420317][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.553325][ T6195] loop1: detected capacity change from 0 to 256 [ 78.611125][ T6190] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 78.750586][ T6212] set_capacity_and_notify: 1 callbacks suppressed [ 78.757319][ T6212] loop1: detected capacity change from 0 to 128 [ 78.856984][ T6217] loop1: detected capacity change from 0 to 1024 [ 78.880523][ T6217] EXT4-fs: Ignoring removed orlov option [ 78.929266][ T6219] netlink: 8 bytes leftover after parsing attributes in process `syz.6.934'. [ 79.371840][ T6228] netlink: 143700 bytes leftover after parsing attributes in process `syz.6.938'. [ 79.457654][ T6236] syz_tun: entered allmulticast mode [ 79.463847][ T6235] syz_tun: left allmulticast mode [ 79.514565][ T6240] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.563096][ T6240] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.581544][ T6246] netlink: 'syz.1.946': attribute type 1 has an invalid length. [ 79.627296][ T6246] 8021q: adding VLAN 0 to HW filter on device bond3 [ 79.663287][ T6246] bond3: (slave dummy0): making interface the new active one [ 79.686725][ T6250] loop6: detected capacity change from 0 to 128 [ 79.696830][ T6246] bond3: (slave dummy0): Enslaving as an active interface with an up link [ 79.725029][ T6240] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.748598][ T6248] bond3: entered promiscuous mode [ 79.765276][ T6248] dummy0: entered promiscuous mode [ 79.773235][ T6240] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.808262][ T6244] bond3: left promiscuous mode [ 79.813316][ T6244] dummy0: left promiscuous mode [ 80.018911][ T6260] ref_ctr increment failed for inode: 0x46f offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff8881274a6540 [ 80.031191][ T6259] uprobe: syz.1.951:6259 failed to unregister, leaking uprobe [ 80.041643][ T6262] tQ±6ã×\b‹¡Y­4: renamed from lo (while UP) [ 80.568990][ T2176] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 80.884149][ T5822] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.904391][ T5822] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.938498][ T5822] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.959149][ T5822] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.053033][ T5822] Bluetooth: hci0: Frame reassembly failed (-84) [ 81.063482][ T29] kauditd_printk_skb: 61 callbacks suppressed [ 81.063498][ T29] audit: type=1400 audit(1769599580.827:792): avc: denied { ioctl } for pid=6374 comm="syz.1.962" path="socket:[22710]" dev="sockfs" ino=22710 ioctlcmd=0x48e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 81.098658][ T50] Bluetooth: hci1: Frame reassembly failed (-84) [ 81.289252][ T6422] netlink: 12 bytes leftover after parsing attributes in process `syz.6.974'. [ 81.290348][ T6423] tQ±6ã×\b‹¡Y­4: renamed from lo (while UP) [ 83.080753][ T6377] Bluetooth: hci0: command 0x1003 tx timeout [ 83.080813][ T3776] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 83.086805][ T6376] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 84.474028][ T6464] ref_ctr increment failed for inode: 0x18e offset: 0x0 ref_ctr_offset: 0x82 of mm: 0xffff8881274a6540 [ 84.485991][ T6461] uprobe: syz.5.972:6461 failed to unregister, leaking uprobe [ 84.548300][ T6468] bridge_slave_0: left allmulticast mode [ 84.554054][ T6468] bridge_slave_0: left promiscuous mode [ 84.559773][ T6468] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.573204][ T6468] bond0: (slave bond_slave_0): Releasing backup interface [ 84.601620][ T6468] bond0: (slave bond_slave_1): Releasing backup interface [ 84.635265][ T29] audit: type=1400 audit(1769599584.397:793): avc: denied { bind } for pid=6475 comm="syz.3.978" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 84.672825][ T6468] team0: Port device team_slave_0 removed [ 84.693064][ T29] audit: type=1400 audit(1769599584.437:794): avc: denied { ioctl } for pid=6473 comm="syz.5.977" path="socket:[23782]" dev="sockfs" ino=23782 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 84.721189][ T6468] team0: Port device team_slave_1 removed [ 84.736979][ T6468] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.744575][ T6468] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.772744][ T6468] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.780154][ T6468] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.813051][ T6468] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 84.905430][ T6497] netlink: 64 bytes leftover after parsing attributes in process `syz.5.986'. [ 84.920348][ T6497] syzkaller1: entered promiscuous mode [ 84.925953][ T6497] syzkaller1: entered allmulticast mode [ 85.015703][ T6505] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 85.109991][ T6510] loop5: detected capacity change from 0 to 8192 [ 85.177279][ T6510] bio_check_eod: 19 callbacks suppressed [ 85.177297][ T6510] syz.5.991: attempt to access beyond end of device [ 85.177297][ T6510] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 85.196879][ T6510] Buffer I/O error on dev loop5, logical block 57847, async page read [ 85.242911][ T29] audit: type=1326 audit(1769599584.997:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 85.266295][ T29] audit: type=1326 audit(1769599584.997:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 85.289617][ T29] audit: type=1326 audit(1769599584.997:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 85.312858][ T29] audit: type=1326 audit(1769599584.997:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 85.336149][ T29] audit: type=1326 audit(1769599584.997:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 85.359372][ T29] audit: type=1326 audit(1769599584.997:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe1a1deac22 code=0x7ffc0000 [ 85.382479][ T29] audit: type=1326 audit(1769599584.997:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.0.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe1a1deac22 code=0x7ffc0000 [ 85.456838][ T6544] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1000'. [ 85.513735][ T6544] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1000'. [ 85.574232][ T6560] netlink: 100 bytes leftover after parsing attributes in process `syz.5.1005'. [ 85.764216][ T6586] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1011'. [ 85.900492][ T6606] can: request_module (can-proto-0) failed. [ 86.060349][ T6624] loop5: detected capacity change from 0 to 512 [ 86.082668][ T6624] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1019: invalid indirect mapped block 256 (level 2) [ 86.097301][ T6624] EXT4-fs (loop5): 2 truncates cleaned up [ 86.112011][ T6624] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.207444][ T29] kauditd_printk_skb: 65 callbacks suppressed [ 86.207460][ T29] audit: type=1400 audit(1769599585.967:867): avc: denied { create } for pid=6632 comm="syz.3.1021" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 86.388968][ T6414] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm kworker/u8:14: bg 0: block 5: invalid block bitmap [ 86.402953][ T6414] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 86.415255][ T6414] EXT4-fs (loop5): This should not happen!! Data will be lost [ 86.415255][ T6414] [ 86.424892][ T6414] EXT4-fs (loop5): Total free blocks count 0 [ 86.430972][ T6414] EXT4-fs (loop5): Free/Dirty block details [ 86.436915][ T6414] EXT4-fs (loop5): free_blocks=0 [ 86.441944][ T6414] EXT4-fs (loop5): dirty_blocks=66 [ 86.447116][ T6414] EXT4-fs (loop5): Block reservation details [ 86.453197][ T6414] EXT4-fs (loop5): i_reserved_data_blocks=66 [ 86.460481][ T6414] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28 [ 86.507408][ T29] audit: type=1326 audit(1769599586.267:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6638 comm="syz.5.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 86.536838][ T29] audit: type=1326 audit(1769599586.297:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6638 comm="syz.5.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 86.560355][ T29] audit: type=1326 audit(1769599586.297:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6638 comm="syz.5.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 86.584026][ T29] audit: type=1326 audit(1769599586.297:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6638 comm="syz.5.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 86.607347][ T29] audit: type=1326 audit(1769599586.297:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6638 comm="syz.5.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 86.630615][ T29] audit: type=1326 audit(1769599586.297:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6638 comm="syz.5.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 86.654035][ T29] audit: type=1326 audit(1769599586.297:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6638 comm="syz.5.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 86.677533][ T29] audit: type=1326 audit(1769599586.297:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6638 comm="syz.5.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 86.701159][ T29] audit: type=1326 audit(1769599586.297:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6638 comm="syz.5.1023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 86.837604][ T6652] loop5: detected capacity change from 0 to 128 [ 86.844307][ T6652] vfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ' [ 87.123648][ T6675] loop5: detected capacity change from 0 to 8192 [ 87.181407][ T6675] loop5: p1 p2 p4 [ 87.188151][ T6686] loop0: detected capacity change from 0 to 512 [ 87.194766][ T6675] loop5: p4 size 262912 extends beyond EOD, truncated [ 87.237714][ T6686] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.324647][ T6686] ext4 filesystem being mounted at /198/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 87.582725][ T6704] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #18: comm syz.0.1045: corrupted inode contents [ 87.653748][ T6704] EXT4-fs (loop0): Remounting filesystem read-only [ 87.669004][ T6704] EXT4-fs warning (device loop0): ext4_evict_inode:273: xattr delete (err -30) [ 87.963215][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.266289][ T6713] netlink: 'syz.0.1053': attribute type 1 has an invalid length. [ 88.386656][ T6713] bond2: entered promiscuous mode [ 88.399904][ T6713] 8021q: adding VLAN 0 to HW filter on device bond2 [ 88.572371][ T6715] 8021q: adding VLAN 0 to HW filter on device bond3 [ 88.611709][ T6715] bond2: (slave bond3): making interface the new active one [ 88.619046][ T6715] bond3: entered promiscuous mode [ 88.655771][ T6715] bond2: (slave bond3): Enslaving as an active interface with an up link [ 88.694115][ T6725] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1058'. [ 88.753461][ T6725] 8021q: adding VLAN 0 to HW filter on device bond4 [ 88.774013][ T6725] bond2: (slave dummy0): Releasing active interface [ 88.784061][ T6725] bond4: (slave dummy0): Enslaving as an active interface with an up link [ 88.798144][ T6725] bond4: entered allmulticast mode [ 88.803449][ T6725] dummy0: entered allmulticast mode [ 88.845510][ T6737] loop1: detected capacity change from 0 to 128 [ 88.892270][ T6731] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.899447][ T6731] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.936078][ T6740] loop0: detected capacity change from 0 to 512 [ 88.991345][ T6740] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 89.034082][ T6740] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 89.042053][ T6740] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e118, mo2=0002] [ 89.047316][ T6731] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 89.061183][ T6740] System zones: 0-1, 15-15, 18-18, 34-34 [ 89.082110][ T6731] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 89.090974][ T6740] EXT4-fs (loop0): orphan cleanup on readonly fs [ 89.104939][ T6740] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 89.119675][ T6740] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 89.191136][ T6740] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.1062: bg 0: block 40: padding at end of block bitmap is not set [ 89.213589][ T6740] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 89.232375][ T6740] EXT4-fs (loop0): 1 truncate cleaned up [ 89.238527][ T6740] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 89.267323][ T31] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.276315][ T31] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.280947][ T6740] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 89.286793][ T31] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.293189][ T6740] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e118, mo2=0002] [ 89.302970][ T31] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.690353][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.723176][ T6768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.740904][ T6768] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.759896][ T6768] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1068'. [ 89.829277][ T6775] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.872702][ T6775] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.922495][ T6775] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.982362][ T6775] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.027638][ T6782] kernel read not supported for file /s (pid: 6782 comm: syz.6.1074) [ 90.044175][ T5822] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.060026][ T5822] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.073010][ T5822] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.081296][ T5822] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.213465][ T6790] loop0: detected capacity change from 0 to 1024 [ 90.220206][ T6790] EXT4-fs: Ignoring removed orlov option [ 90.228599][ T6790] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 90.251172][ T6793] workqueue: Failed to create a rescuer kthread for wq "dio/loop0": -EINTR [ 90.251250][ T6793] workqueue: Failed to create a rescuer kthread for wq "dio/loop0": -EINTR [ 90.260102][ T6793] workqueue: Failed to create a rescuer kthread for wq "dio/loop0": -EINTR [ 90.269287][ T6793] workqueue: Failed to create a rescuer kthread for wq "dio/loop0": -EINTR [ 90.310343][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.382082][ T6808] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1082'. [ 90.399085][ T6808] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1082'. [ 90.511783][ T6818] loop1: detected capacity change from 0 to 1024 [ 90.518750][ T6818] EXT4-fs: Ignoring removed bh option [ 90.997088][ T6855] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1102'. [ 91.307680][ T29] kauditd_printk_skb: 41 callbacks suppressed [ 91.307694][ T29] audit: type=1326 audit(1769599591.067:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6870 comm="syz.6.1108" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7898d6aeb9 code=0x0 [ 91.352248][ T29] audit: type=1400 audit(1769599591.117:918): avc: denied { mount } for pid=6872 comm="syz.1.1109" name="/" dev="hugetlbfs" ino=24615 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 91.381093][ T29] audit: type=1400 audit(1769599591.147:919): avc: denied { watch watch_reads } for pid=6872 comm="syz.1.1109" path="/" dev="hugetlbfs" ino=24615 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=dir permissive=1 [ 91.461015][ T29] audit: type=1400 audit(1769599591.227:920): avc: denied { ioctl } for pid=6870 comm="syz.6.1108" path="socket:[24617]" dev="sockfs" ino=24617 ioctlcmd=0x8918 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 91.695195][ T6890] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1113'. [ 91.705058][ T6890] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1113'. [ 91.745041][ T6896] netlink: 'syz.0.1116': attribute type 10 has an invalid length. [ 91.752950][ T6896] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1116'. [ 91.780846][ T6896] dummy0: entered promiscuous mode [ 91.786066][ T6896] dummy0: entered allmulticast mode [ 91.836125][ T6896] bridge0: port 1(dummy0) entered blocking state [ 91.842531][ T6896] bridge0: port 1(dummy0) entered disabled state [ 91.853096][ T6896] bridge0: port 1(dummy0) entered blocking state [ 91.859548][ T6896] bridge0: port 1(dummy0) entered forwarding state [ 92.014706][ T29] audit: type=1400 audit(1769599591.777:921): avc: denied { load_policy } for pid=6904 comm="syz.0.1119" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 92.088509][ T6905] SELinux: failed to load policy [ 92.181345][ T6921] netlink: 'syz.6.1127': attribute type 4 has an invalid length. [ 92.216637][ T6921] netlink: 'syz.6.1127': attribute type 4 has an invalid length. [ 92.339991][ T6933] team0 (unregistering): Port device team_slave_0 removed [ 92.350355][ T6933] team0 (unregistering): Port device team_slave_1 removed [ 92.986041][ T29] audit: type=1400 audit(1769599592.747:922): avc: denied { unmount } for pid=6953 comm="syz.3.1140" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 93.005908][ T6957] loop0: detected capacity change from 0 to 128 [ 93.113141][ T6965] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1144'. [ 93.218578][ T29] audit: type=1400 audit(1769599592.977:923): avc: denied { watch watch_reads } for pid=6971 comm="syz.6.1148" path="/file0" dev="ramfs" ino=23417 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 93.243357][ T6950] syz.0.1138: attempt to access beyond end of device [ 93.243357][ T6950] loop0: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 93.326830][ T6950] syz.0.1138: attempt to access beyond end of device [ 93.326830][ T6950] loop0: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 93.341023][ T6950] syz.0.1138: attempt to access beyond end of device [ 93.341023][ T6950] loop0: rw=8388608, sector=145, nr_sectors = 8 limit=128 [ 93.355157][ T6950] syz.0.1138: attempt to access beyond end of device [ 93.355157][ T6950] loop0: rw=8388608, sector=145, nr_sectors = 8 limit=128 [ 93.383390][ T6950] syz.0.1138: attempt to access beyond end of device [ 93.383390][ T6950] loop0: rw=8388608, sector=145, nr_sectors = 8 limit=128 [ 93.410352][ T6950] syz.0.1138: attempt to access beyond end of device [ 93.410352][ T6950] loop0: rw=8388608, sector=145, nr_sectors = 8 limit=128 [ 93.430209][ T6983] SELinux: failed to load policy [ 93.441082][ T6950] syz.0.1138: attempt to access beyond end of device [ 93.441082][ T6950] loop0: rw=8388608, sector=145, nr_sectors = 8 limit=128 [ 93.470397][ T6950] syz.0.1138: attempt to access beyond end of device [ 93.470397][ T6950] loop0: rw=8388608, sector=145, nr_sectors = 8 limit=128 [ 93.484499][ T6950] syz.0.1138: attempt to access beyond end of device [ 93.484499][ T6950] loop0: rw=8388608, sector=145, nr_sectors = 8 limit=128 [ 93.498314][ T6950] syz.0.1138: attempt to access beyond end of device [ 93.498314][ T6950] loop0: rw=8388608, sector=145, nr_sectors = 8 limit=128 [ 93.910821][ T7007] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1162'. [ 94.012520][ T7018] bridge0: entered promiscuous mode [ 94.021050][ T7018] bridge0: left promiscuous mode [ 94.246812][ T7032] loop0: detected capacity change from 0 to 256 [ 94.264020][ T7019] SELinux: failed to load policy [ 94.506807][ T7058] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1180'. [ 94.565657][ T7063] netlink: 'syz.0.1182': attribute type 4 has an invalid length. [ 94.619005][ T7064] IPv6: sit1: Disabled Multicast RS [ 94.630773][ T7063] netlink: 'syz.0.1182': attribute type 4 has an invalid length. [ 94.666849][ T29] audit: type=1400 audit(1769599594.427:924): avc: denied { setopt } for pid=7067 comm="syz.5.1184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 94.837129][ T7075] macvlan2: entered promiscuous mode [ 94.869412][ T7075] batman_adv: batadv0: Adding interface: macvlan2 [ 94.875913][ T7075] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.901352][ T7075] batman_adv: batadv0: Not using interface macvlan2 (retrying later): interface not active [ 94.964469][ T7091] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1188'. [ 95.271779][ T7122] loop5: detected capacity change from 0 to 128 [ 95.283631][ T7122] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 95.296450][ T7122] ext4 filesystem being mounted at /135/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.324010][ T4912] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 95.857897][ T29] audit: type=1326 audit(1769599595.617:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7155 comm="syz.3.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f55ec81aeb9 code=0x7ffc0000 [ 95.907682][ T7158] openvswitch: netlink: Missing key (keys=40, expected=100) [ 95.924127][ T29] audit: type=1326 audit(1769599595.647:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7155 comm="syz.3.1217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f55ec81aeb9 code=0x7ffc0000 [ 96.196243][ T7180] loop1: detected capacity change from 0 to 128 [ 96.261366][ T7180] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.268641][ T7180] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.351315][ T7185] __nla_validate_parse: 1 callbacks suppressed [ 96.351332][ T7185] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1229'. [ 96.379823][ T7180] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 96.393615][ T7180] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 96.403254][ T7188] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1229'. [ 96.531262][ T5822] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.540300][ T5822] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.569632][ T5822] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.590786][ T5822] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.625015][ T7205] netlink: 1335 bytes leftover after parsing attributes in process `syz.6.1236'. [ 96.868217][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 96.868237][ T29] audit: type=1326 audit(1769599596.627:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7223 comm="syz.5.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 96.897695][ T29] audit: type=1326 audit(1769599596.627:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7223 comm="syz.5.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 96.921085][ T29] audit: type=1326 audit(1769599596.627:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7223 comm="syz.5.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 96.944406][ T29] audit: type=1326 audit(1769599596.627:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7223 comm="syz.5.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 96.967704][ T29] audit: type=1326 audit(1769599596.627:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7223 comm="syz.5.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 96.991373][ T29] audit: type=1400 audit(1769599596.707:945): avc: denied { ioctl } for pid=7225 comm="syz.6.1242" path="socket:[25367]" dev="sockfs" ino=25367 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 97.284530][ T7239] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1247'. [ 97.541934][ T29] audit: type=1400 audit(1769599597.307:946): avc: denied { watch watch_reads } for pid=7246 comm="syz.0.1252" path="/bus" dev="proc" ino=4026531853 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 97.603343][ T7250] bridge0: entered allmulticast mode [ 97.635922][ T7250] bridge_slave_1: left allmulticast mode [ 97.641668][ T7250] bridge_slave_1: left promiscuous mode [ 97.647380][ T7250] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.661360][ T7250] bridge_slave_0: left allmulticast mode [ 97.667033][ T7250] bridge_slave_0: left promiscuous mode [ 97.672841][ T7250] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.887432][ T29] audit: type=1400 audit(1769599597.597:947): avc: denied { watch } for pid=7257 comm="syz.3.1257" path="/262/file1" dev="tmpfs" ino=1380 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 98.101784][ T7274] netlink: 199828 bytes leftover after parsing attributes in process `syz.3.1264'. [ 98.296187][ T29] audit: type=1400 audit(1769599598.057:948): avc: denied { unmount } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 98.335649][ T7290] netlink: 'syz.3.1270': attribute type 10 has an invalid length. [ 98.365941][ T7291] loop0: detected capacity change from 0 to 1024 [ 98.375399][ T7290] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.403463][ T7243] syz.5.1250 (7243) used greatest stack depth: 6104 bytes left [ 98.422609][ T7290] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 98.425539][ T7292] netlink: 'syz.3.1270': attribute type 10 has an invalid length. [ 98.439265][ T7292] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1270'. [ 98.456657][ T29] audit: type=1326 audit(1769599598.217:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7297 comm="syz.5.1273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fecb638aeb9 code=0x7ffc0000 [ 98.510487][ T7291] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.552950][ T7292] batadv0: entered promiscuous mode [ 98.558229][ T7292] batadv0: entered allmulticast mode [ 98.572020][ T7292] bond0: (slave batadv0): Releasing backup interface [ 98.582389][ T7292] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 98.781820][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.093306][ T7336] syzkaller0: entered promiscuous mode [ 99.098882][ T7336] syzkaller0: entered allmulticast mode [ 99.128741][ T7341] loop1: detected capacity change from 0 to 1024 [ 99.189131][ T7349] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 99.220918][ T7349] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 99.294157][ T7363] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1298'. [ 99.303075][ T7363] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1298'. [ 99.641653][ T7380] loop5: detected capacity change from 0 to 512 [ 99.683983][ T7380] EXT4-fs (loop5): 1 orphan inode deleted [ 99.700445][ T7380] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.714182][ T5822] EXT4-fs error (device loop5): ext4_release_dquot:7022: comm kworker/u8:10: Failed to release dquot type 1 [ 99.740413][ T7380] ext4 filesystem being mounted at /156/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.799823][ T4912] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.841907][ T7394] loop5: detected capacity change from 0 to 1024 [ 99.851139][ T7394] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.903204][ T7400] netlink: 1335 bytes leftover after parsing attributes in process `syz.3.1311'. [ 99.917903][ T7404] netlink: 'syz.0.1312': attribute type 1 has an invalid length. [ 99.975318][ T7404] 8021q: adding VLAN 0 to HW filter on device bond4 [ 99.986299][ T4912] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.030964][ T7404] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1312'. [ 100.053927][ T7416] loop6: detected capacity change from 0 to 128 [ 100.065592][ T7404] macsec0: entered promiscuous mode [ 100.070845][ T7404] bond4: entered promiscuous mode [ 100.075962][ T7404] macsec0: entered allmulticast mode [ 100.081349][ T7404] bond4: entered allmulticast mode [ 100.104009][ T7416] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 100.136923][ T7416] ext4 filesystem being mounted at /94/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.230971][ T7416] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.238204][ T7416] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.352851][ T7416] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 100.364030][ T7416] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 100.425082][ T6414] netdevsim netdevsim6 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.441281][ T6414] netdevsim netdevsim6 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.477617][ T6414] netdevsim netdevsim6 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.496217][ T6414] netdevsim netdevsim6 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.038489][ T5558] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 101.669491][ T7505] __nla_validate_parse: 2 callbacks suppressed [ 101.669509][ T7505] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1353'. [ 101.731515][ T7515] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1358'. [ 101.801125][ T7518] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1359'. [ 101.810046][ T7518] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1359'. [ 101.871336][ T29] kauditd_printk_skb: 58 callbacks suppressed [ 101.871352][ T29] audit: type=1326 audit(1769599601.637:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7524 comm="syz.6.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7898d6aeb9 code=0x7ffc0000 [ 101.900958][ T29] audit: type=1326 audit(1769599601.637:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7524 comm="syz.6.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7898d6aeb9 code=0x7ffc0000 [ 101.942910][ T29] audit: type=1326 audit(1769599601.637:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7524 comm="syz.6.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7898d6aeb9 code=0x7ffc0000 [ 101.966363][ T29] audit: type=1326 audit(1769599601.637:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7524 comm="syz.6.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7898d6aeb9 code=0x7ffc0000 [ 101.989772][ T29] audit: type=1326 audit(1769599601.637:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7524 comm="syz.6.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7898d6aeb9 code=0x7ffc0000 [ 102.013162][ T29] audit: type=1326 audit(1769599601.637:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7524 comm="syz.6.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7898d6aeb9 code=0x7ffc0000 [ 102.036705][ T29] audit: type=1326 audit(1769599601.637:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7524 comm="syz.6.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7898d6aeb9 code=0x7ffc0000 [ 102.060252][ T29] audit: type=1326 audit(1769599601.637:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7524 comm="syz.6.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7898d6aeb9 code=0x7ffc0000 [ 102.083645][ T29] audit: type=1326 audit(1769599601.637:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7524 comm="syz.6.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7898d6aeb9 code=0x7ffc0000 [ 102.107047][ T29] audit: type=1326 audit(1769599601.637:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7524 comm="syz.6.1362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7898d6aeb9 code=0x7ffc0000 [ 102.357869][ T7547] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1370'. [ 102.367221][ T1038] IPVS: starting estimator thread 0... [ 102.470777][ T7548] IPVS: using max 2256 ests per chain, 112800 per kthread [ 102.722966][ T7568] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1 [ 102.731721][ T7568] ref_ctr increment failed for inode: 0x378 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88812ae9ec00 [ 102.767618][ T7571] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1378'. [ 102.834173][ T7575] bond5: entered promiscuous mode [ 102.843192][ T7575] macvlan3: entered promiscuous mode [ 102.848549][ T7575] macvlan3: entered allmulticast mode [ 103.002949][ T7575] bond5: (slave macvlan3): Opening slave failed [ 103.317506][ T7586] netlink: 'syz.0.1383': attribute type 10 has an invalid length. [ 103.331051][ T7586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.420559][ T7593] netlink: 'syz.0.1383': attribute type 10 has an invalid length. [ 103.428451][ T7593] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1383'. [ 103.460984][ T7592] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1386'. [ 103.470020][ T7593] batadv0: entered promiscuous mode [ 103.475361][ T7593] batadv0: entered allmulticast mode [ 103.489222][ T7593] bridge0: port 2(batadv0) entered blocking state [ 103.495768][ T7593] bridge0: port 2(batadv0) entered disabled state [ 103.660807][ T12] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 103.670103][ T12] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 103.679385][ T7617] bridge0: entered promiscuous mode [ 103.687409][ T7617] macvtap1: entered promiscuous mode [ 103.697383][ T7617] macvtap1: entered allmulticast mode [ 103.703747][ T7617] bridge0: entered allmulticast mode [ 103.728512][ T7617] bridge0: port 3(macvtap1) entered blocking state [ 103.736345][ T7617] bridge0: port 3(macvtap1) entered disabled state [ 103.757264][ T7617] bridge0: left allmulticast mode [ 103.764718][ T7617] bridge0: left promiscuous mode [ 104.166279][ T7635] bridge0: port 1(dummy0) entered disabled state [ 104.232551][ T7635] veth4: left promiscuous mode [ 104.237386][ T7635] veth4: left allmulticast mode [ 104.244058][ T7635] bond2: left promiscuous mode [ 104.248915][ T7635] bond3: left promiscuous mode [ 104.255518][ T7635] macvlan2: left promiscuous mode [ 104.261591][ T7635] bond4: left allmulticast mode [ 104.266491][ T7635] bond4: left promiscuous mode [ 104.271973][ T7635] macsec0: left promiscuous mode [ 104.276927][ T7635] macsec0: left allmulticast mode [ 104.283081][ T7635] bond5: left promiscuous mode [ 104.288047][ T1680] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.296805][ T1680] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.305271][ T1680] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.313877][ T1680] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.394885][ T7640] netlink: 'syz.1.1404': attribute type 10 has an invalid length. [ 104.404940][ T7640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.412650][ T7640] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 104.423027][ T7640] netlink: 'syz.1.1404': attribute type 10 has an invalid length. [ 104.430936][ T7640] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1404'. [ 104.439989][ T7640] batadv0: entered promiscuous mode [ 104.445438][ T7640] batadv0: entered allmulticast mode [ 104.452015][ T7640] bond0: (slave batadv0): Releasing backup interface [ 104.459873][ T7640] bridge0: port 3(batadv0) entered blocking state [ 104.466512][ T7640] bridge0: port 3(batadv0) entered disabled state [ 104.499890][ T7644] netlink: 'syz.1.1406': attribute type 2 has an invalid length. [ 104.604322][ T7656] loop5: detected capacity change from 0 to 128 [ 104.620352][ T7656] bio_check_eod: 2006 callbacks suppressed [ 104.620370][ T7656] syz.5.1412: attempt to access beyond end of device [ 104.620370][ T7656] loop5: rw=2049, sector=154, nr_sectors = 8 limit=128 [ 104.622788][ T7658] loop6: detected capacity change from 0 to 128 [ 104.646977][ T7656] syz.5.1412: attempt to access beyond end of device [ 104.646977][ T7656] loop5: rw=8390657, sector=160, nr_sectors = 2 limit=128 [ 104.660759][ T7656] Buffer I/O error on dev loop5, logical block 80, lost async page write [ 104.676555][ T7660] syz.5.1412: attempt to access beyond end of device [ 104.676555][ T7660] loop5: rw=2049, sector=154, nr_sectors = 2 limit=128 [ 104.698941][ T7658] syz.6.1413: attempt to access beyond end of device [ 104.698941][ T7658] loop6: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 104.809235][ T1680] kworker/u8:5: attempt to access beyond end of device [ 104.809235][ T1680] loop6: rw=1, sector=257, nr_sectors = 121 limit=128 [ 104.856270][ T31] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 104.865544][ T31] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 104.879298][ T7670] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 104.920632][ T7672] loop1: detected capacity change from 0 to 512 [ 104.929409][ T7672] EXT4-fs: inline encryption not supported [ 104.935462][ T7672] EXT4-fs: Ignoring removed nomblk_io_submit option [ 105.218179][ T7688] netlink: 176 bytes leftover after parsing attributes in process `syz.6.1425'. [ 105.309931][ T7692] syzkaller1: entered promiscuous mode [ 105.315543][ T7692] syzkaller1: entered allmulticast mode [ 105.324431][ T7694] loop6: detected capacity change from 0 to 2048 [ 105.363732][ T7694] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.401931][ T5558] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.711895][ T7706] loop6: detected capacity change from 0 to 128 [ 105.718569][ T7708] netlink: 'syz.3.1433': attribute type 1 has an invalid length. [ 105.733236][ T7706] syz.6.1431: attempt to access beyond end of device [ 105.733236][ T7706] loop6: rw=2049, sector=154, nr_sectors = 8 limit=128 [ 105.751091][ T7706] syz.6.1431: attempt to access beyond end of device [ 105.751091][ T7706] loop6: rw=8390657, sector=160, nr_sectors = 2 limit=128 [ 105.764819][ T7706] Buffer I/O error on dev loop6, logical block 80, lost async page write [ 105.766541][ T7708] geneve2: entered promiscuous mode [ 105.778650][ T7708] geneve2: entered allmulticast mode [ 105.784609][ T7706] syz.6.1431: attempt to access beyond end of device [ 105.784609][ T7706] loop6: rw=2049, sector=162, nr_sectors = 8 limit=128 [ 105.798709][ T7713] syz.6.1431: attempt to access beyond end of device [ 105.798709][ T7713] loop6: rw=2049, sector=154, nr_sectors = 2 limit=128 [ 105.800211][ T7708] bond5: (slave geneve2): making interface the new active one [ 105.821169][ T7708] bond5: (slave geneve2): Enslaving as an active interface with an up link [ 105.829844][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.846498][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.874386][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.883391][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.993524][ T7727] loop1: detected capacity change from 0 to 512 [ 106.014042][ T7727] EXT4-fs (loop1): write access unavailable, skipping orphan cleanup [ 106.031624][ T7727] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 106.088673][ T7727] netlink: 'syz.1.1440': attribute type 7 has an invalid length. [ 106.096569][ T7727] netlink: 'syz.1.1440': attribute type 8 has an invalid length. [ 106.221535][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.517925][ T7760] netlink: 'syz.6.1452': attribute type 32 has an invalid length. [ 106.828100][ T7753] Set syz1 is full, maxelem 65536 reached [ 106.930040][ T7790] bond3: (slave dummy0): Releasing active interface [ 106.959791][ T7790] bridge0: port 3(batadv0) entered disabled state [ 106.979965][ T7790] bridge_slave_0: left allmulticast mode [ 106.985770][ T7790] bridge_slave_0: left promiscuous mode [ 106.991555][ T7790] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.000050][ T7790] bridge_slave_1: left allmulticast mode [ 107.005788][ T7790] bridge_slave_1: left promiscuous mode [ 107.011516][ T7790] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.022508][ T7790] bond0: (slave bond_slave_0): Releasing backup interface [ 107.034186][ T7790] bond0: (slave bond_slave_1): Releasing backup interface [ 107.045371][ T7790] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 107.055741][ T29] kauditd_printk_skb: 66 callbacks suppressed [ 107.055829][ T29] audit: type=1326 audit(1769599606.817:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 107.093795][ T7790] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 107.096558][ T29] audit: type=1326 audit(1769599606.847:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 107.124347][ T29] audit: type=1326 audit(1769599606.847:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 107.148013][ T29] audit: type=1326 audit(1769599606.847:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 107.171415][ T29] audit: type=1326 audit(1769599606.847:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 107.194811][ T29] audit: type=1326 audit(1769599606.847:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 107.218264][ T29] audit: type=1326 audit(1769599606.847:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 107.241713][ T29] audit: type=1326 audit(1769599606.847:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 107.265238][ T29] audit: type=1326 audit(1769599606.847:1092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 107.288755][ T29] audit: type=1326 audit(1769599606.847:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7800 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 107.893197][ T7825] loop1: detected capacity change from 0 to 8192 [ 107.974341][ T12] tipc: Subscription rejected, illegal request [ 108.653200][ T7857] __nla_validate_parse: 6 callbacks suppressed [ 108.653217][ T7857] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1487'. [ 108.673727][ T7857] team1: entered promiscuous mode [ 108.678807][ T7857] team1: entered allmulticast mode [ 108.833787][ T7869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1493'. [ 108.843658][ T7869] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1493'. [ 109.771190][ T7900] macvtap1: entered promiscuous mode [ 109.777164][ T7900] bridge0: entered promiscuous mode [ 109.784919][ T7900] macvtap1: entered allmulticast mode [ 109.791093][ T7900] bridge0: entered allmulticast mode [ 109.849617][ T7900] bridge0: port 3(macvtap1) entered blocking state [ 109.857769][ T7900] bridge0: port 3(macvtap1) entered disabled state [ 109.932035][ T7916] loop1: detected capacity change from 0 to 1024 [ 109.938814][ T7900] bridge0: left allmulticast mode [ 109.945006][ T7900] bridge0: left promiscuous mode [ 110.049590][ T7911] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1506'. [ 110.177154][ T7926] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1514'. [ 110.186181][ T7926] netlink: 'syz.3.1514': attribute type 7 has an invalid length. [ 110.193957][ T7926] netlink: 'syz.3.1514': attribute type 8 has an invalid length. [ 110.201761][ T7926] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1514'. [ 110.323352][ T9] IPVS: starting estimator thread 0... [ 110.375092][ T7934] bridge0: entered allmulticast mode [ 110.402995][ T7937] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1519'. [ 110.412147][ T7929] IPVS: using max 2160 ests per chain, 108000 per kthread [ 110.413254][ T7937] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1519'. [ 110.629682][ T7947] macvtap1: entered promiscuous mode [ 110.636071][ T7947] bridge0: entered promiscuous mode [ 110.642534][ T7947] macvtap1: entered allmulticast mode [ 110.674026][ T7947] bridge0: port 1(macvtap1) entered blocking state [ 110.682127][ T7947] bridge0: port 1(macvtap1) entered disabled state [ 110.708304][ T7947] bridge0: left promiscuous mode [ 110.923656][ T7973] netlink: 'syz.1.1534': attribute type 1 has an invalid length. [ 110.962475][ T7973] 8021q: adding VLAN 0 to HW filter on device bond4 [ 111.019435][ T7973] bond4: (slave veth11): Enslaving as an active interface with a down link [ 111.049312][ T7985] bond4: (slave dummy0): making interface the new active one [ 111.063166][ T7985] dummy0: entered promiscuous mode [ 111.077232][ T7985] bond4: (slave dummy0): Enslaving as an active interface with an up link [ 111.130669][ T7973] bond4 (unregistering): (slave veth11): Releasing active interface [ 111.205688][ T7973] bond4 (unregistering): (slave dummy0): Releasing active interface [ 111.232018][ T7973] bond4 (unregistering): Released all slaves [ 111.499786][ T7997] bridge0: entered promiscuous mode [ 111.506886][ T7997] macvtap1: entered promiscuous mode [ 111.514813][ T7997] macvtap1: entered allmulticast mode [ 111.520684][ T7997] bridge0: entered allmulticast mode [ 111.559011][ T7997] bridge0: port 3(macvtap1) entered blocking state [ 111.566689][ T7997] bridge0: port 3(macvtap1) entered disabled state [ 111.595337][ T7997] bridge0: left allmulticast mode [ 111.602485][ T7997] bridge0: left promiscuous mode [ 111.764804][ T8014] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1547'. [ 111.773841][ T8014] netlink: 'syz.5.1547': attribute type 12 has an invalid length. [ 111.791749][ T12] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 111.811180][ T8014] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1547'. [ 111.820171][ T8014] netlink: 'syz.5.1547': attribute type 12 has an invalid length. [ 111.828148][ T12] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 111.852450][ T12] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 111.880860][ T5822] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.402164][ T8052] sctp: [Deprecated]: syz.1.1562 (pid 8052) Use of struct sctp_assoc_value in delayed_ack socket option. [ 112.402164][ T8052] Use struct sctp_sack_info instead [ 112.430060][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 112.430144][ T29] audit: type=1326 audit(1769599612.187:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8049 comm="syz.6.1563" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7898d6aeb9 code=0x0 [ 112.819143][ T29] audit: type=1400 audit(1769599612.577:1128): avc: denied { mounton } for pid=8072 comm="syz.1.1571" path="/" dev="configfs" ino=783 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 113.211956][ T8091] netlink: 'syz.3.1579': attribute type 27 has an invalid length. [ 113.228148][ T8091] batadv0: left promiscuous mode [ 113.233181][ T8091] batadv0: left allmulticast mode [ 113.242411][ T8091] bond1: left promiscuous mode [ 113.247787][ T8091] bond3: left promiscuous mode [ 113.263508][ T8091] geneve2: left promiscuous mode [ 113.268613][ T8091] geneve2: left allmulticast mode [ 113.280549][ T8091] team1: left promiscuous mode [ 113.285539][ T8091] team1: left allmulticast mode [ 113.290436][ T8091] bridge0: left allmulticast mode [ 113.295656][ T12] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.304903][ T12] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.313973][ T12] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.322961][ T12] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.362055][ T8094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.369853][ T8094] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.403075][ T8094] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 113.620639][ T8115] ref_ctr_offset mismatch. inode: 0x6db offset: 0x0 ref_ctr_offset(old): 0x100 ref_ctr_offset(new): 0x0 [ 113.716914][ T29] audit: type=1400 audit(1769599613.477:1129): avc: denied { bind } for pid=8125 comm="syz.1.1594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 113.751510][ T8128] __nla_validate_parse: 3 callbacks suppressed [ 113.751521][ T8128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1595'. [ 113.768785][ T8128] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1595'. [ 113.893797][ T8142] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1600'. [ 113.983914][ T8148] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1604'. [ 113.992851][ T8148] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1604'. [ 114.022007][ T8151] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1605'. [ 114.514863][ T8201] cgroup: No subsys list or none specified [ 114.538060][ T8203] netlink: 'syz.1.1624': attribute type 27 has an invalid length. [ 114.547123][ T8203] batadv0: left promiscuous mode [ 114.552102][ T8203] batadv0: left allmulticast mode [ 114.559893][ T8203] gtp0: left promiscuous mode [ 114.582776][ T8203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.591550][ T8203] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 114.634050][ T1680] Bluetooth: hci0: Frame reassembly failed (-84) [ 114.641189][ T3776] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 115.353420][ T8229] loop6: detected capacity change from 0 to 512 [ 115.365114][ T8229] EXT4-fs error (device loop6): ext4_xattr_inode_iget:446: comm syz.6.1633: error while reading EA inode 32 err=-116 [ 115.377672][ T8229] EXT4-fs (loop6): Remounting filesystem read-only [ 115.384304][ T8229] EXT4-fs (loop6): 1 orphan inode deleted [ 115.390438][ T8229] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.639605][ T5558] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.002996][ T8270] netlink: 'syz.6.1652': attribute type 13 has an invalid length. [ 116.097960][ T8272] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1653'. [ 116.106950][ T8272] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1653'. [ 116.193389][ T8281] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1657'. [ 116.277802][ T8288] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 116.287865][ T8288] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 116.352143][ T8292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1661'. [ 116.518490][ T29] audit: type=1400 audit(1769599616.277:1130): avc: denied { bind } for pid=8296 comm="syz.0.1663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 116.680802][ T3776] Bluetooth: hci0: command 0x1003 tx timeout [ 116.681003][ T6376] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 116.768571][ T8309] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=8309 comm=syz.1.1667 [ 116.922959][ T8316] loop1: detected capacity change from 0 to 512 [ 116.954931][ T8316] EXT4-fs: Ignoring removed bh option [ 117.139268][ T8320] loop5: detected capacity change from 0 to 4096 [ 117.156370][ T8322] 9pnet: p9_errstr2errno: server reported unknown error 0x00000000 [ 117.173038][ T8320] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.387642][ T4912] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.946170][ T29] audit: type=1400 audit(1769599617.707:1131): avc: denied { watch_reads } for pid=8358 comm="syz.1.1686" path="/" dev="configfs" ino=783 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 118.224346][ T29] audit: type=1400 audit(1769599617.987:1132): avc: denied { setattr } for pid=8381 comm="syz.0.1692" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 118.545384][ T8400] loop1: detected capacity change from 0 to 1024 [ 118.580422][ T29] audit: type=1326 audit(1769599618.337:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8404 comm="syz.0.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 118.603879][ T29] audit: type=1326 audit(1769599618.337:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8404 comm="syz.0.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 118.628637][ T8400] EXT4-fs: Ignoring removed bh option [ 118.723071][ T29] audit: type=1326 audit(1769599618.387:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8404 comm="syz.0.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 118.746598][ T29] audit: type=1326 audit(1769599618.417:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8404 comm="syz.0.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 118.769999][ T29] audit: type=1326 audit(1769599618.417:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8404 comm="syz.0.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 118.793569][ T29] audit: type=1326 audit(1769599618.417:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8404 comm="syz.0.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 118.816995][ T29] audit: type=1326 audit(1769599618.417:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8404 comm="syz.0.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 118.840377][ T29] audit: type=1326 audit(1769599618.417:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8404 comm="syz.0.1701" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1a1deaeb9 code=0x7ffc0000 [ 118.872754][ T8418] loop1: detected capacity change from 0 to 128 [ 118.879391][ T8418] EXT4-fs: Ignoring removed orlov option [ 118.888500][ T8413] syzkaller1: entered promiscuous mode [ 118.894057][ T8413] syzkaller1: entered allmulticast mode [ 118.907066][ T8418] EXT4-fs: Ignoring removed nomblk_io_submit option [ 118.913773][ T8418] EXT4-fs: Ignoring removed nomblk_io_submit option [ 119.314776][ T8438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 119.322966][ T8438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 119.323950][ T8431] syz.5.1709 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 119.344346][ T8431] CPU: 0 UID: 0 PID: 8431 Comm: syz.5.1709 Not tainted syzkaller #0 PREEMPT(voluntary) [ 119.344371][ T8431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 119.344382][ T8431] Call Trace: [ 119.344461][ T8431] [ 119.344467][ T8431] __dump_stack+0x1d/0x30 [ 119.344491][ T8431] dump_stack_lvl+0x95/0xd0 [ 119.344505][ T8431] dump_stack+0x15/0x1b [ 119.344517][ T8431] dump_header+0x80/0x240 [ 119.344530][ T8431] oom_kill_process+0x295/0x350 [ 119.344601][ T8431] out_of_memory+0x97d/0xb80 [ 119.344617][ T8431] try_charge_memcg+0x62e/0xa10 [ 119.344633][ T8431] obj_cgroup_charge_pages+0x23/0xc0 [ 119.344689][ T8431] __memcg_kmem_charge_page+0x9e/0x170 [ 119.344708][ T8431] __alloc_frozen_pages_noprof+0x18a/0x350 [ 119.344728][ T8431] alloc_pages_mpol+0xb3/0x260 [ 119.344798][ T8431] alloc_pages_noprof+0x8f/0x130 [ 119.344817][ T8431] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 119.344841][ T8431] __kvmalloc_node_noprof+0x471/0x680 [ 119.344923][ T8431] ? ip_set_alloc+0x24/0x30 [ 119.344942][ T8431] ? ip_set_alloc+0x24/0x30 [ 119.344960][ T8431] ip_set_alloc+0x24/0x30 [ 119.345057][ T8431] hash_netiface_create+0x282/0x740 [ 119.345076][ T8431] ? __pfx_hash_netiface_create+0x10/0x10 [ 119.345095][ T8431] ip_set_create+0x3cf/0x970 [ 119.345133][ T8431] ? __nla_parse+0x40/0x60 [ 119.345154][ T8431] nfnetlink_rcv_msg+0x509/0x5d0 [ 119.345192][ T8431] netlink_rcv_skb+0x123/0x220 [ 119.345275][ T8431] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 119.345366][ T8431] nfnetlink_rcv+0x167/0x1720 [ 119.345450][ T8431] ? __kfree_skb+0x109/0x150 [ 119.345512][ T8431] ? nlmon_xmit+0x4f/0x60 [ 119.345532][ T8431] ? consume_skb+0x49/0x140 [ 119.345608][ T8431] ? nlmon_xmit+0x4f/0x60 [ 119.345628][ T8431] ? dev_hard_start_xmit+0x3a8/0x3e0 [ 119.345690][ T8431] ? __dev_queue_xmit+0x139a/0x1f20 [ 119.345710][ T8431] ? __dev_queue_xmit+0x148/0x1f20 [ 119.345737][ T8431] ? ref_tracker_free+0x37d/0x3e0 [ 119.345758][ T8431] ? __netlink_deliver_tap+0x4dc/0x500 [ 119.345800][ T8431] netlink_unicast+0x5c0/0x690 [ 119.345820][ T8431] netlink_sendmsg+0x5c8/0x6f0 [ 119.345833][ T8431] ? __pfx_netlink_sendmsg+0x10/0x10 [ 119.345880][ T8431] ____sys_sendmsg+0x5af/0x600 [ 119.345894][ T8431] ___sys_sendmsg+0x195/0x1e0 [ 119.345912][ T8431] __x64_sys_sendmsg+0xd4/0x160 [ 119.345927][ T8431] x64_sys_call+0x17ba/0x3000 [ 119.345943][ T8431] do_syscall_64+0xc0/0x2a0 [ 119.346008][ T8431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.346022][ T8431] RIP: 0033:0x7fecb638aeb9 [ 119.346043][ T8431] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 119.346055][ T8431] RSP: 002b:00007fecb4de7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 119.346094][ T8431] RAX: ffffffffffffffda RBX: 00007fecb6605fa0 RCX: 00007fecb638aeb9 [ 119.346103][ T8431] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 119.346112][ T8431] RBP: 00007fecb63f8c1f R08: 0000000000000000 R09: 0000000000000000 [ 119.346120][ T8431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.346128][ T8431] R13: 00007fecb6606038 R14: 00007fecb6605fa0 R15: 00007fffac8d8d68 [ 119.346140][ T8431] [ 119.346217][ T8431] memory: usage 307200kB, limit 307200kB, failcnt 120 [ 119.664208][ T8431] memory+swap: usage 367444kB, limit 9007199254740988kB, failcnt 0 [ 119.672190][ T8431] kmem: usage 299360kB, limit 9007199254740988kB, failcnt 0 [ 119.679547][ T8431] Memory cgroup stats for /syz5: [ 119.679638][ T8431] cache 4984832 [ 119.688060][ T8431] rss 2297856 [ 119.691344][ T8431] shmem 4984832 [ 119.694868][ T8431] mapped_file 0 [ 119.698303][ T8431] dirty 0 [ 119.701297][ T8431] writeback 0 [ 119.704569][ T8431] workingset_refault_anon 768 [ 119.709246][ T8431] workingset_refault_file 0 [ 119.713749][ T8431] swap 61689856 [ 119.717721][ T8431] swapcached 643072 [ 119.721677][ T8431] pgpgin 97134 [ 119.725038][ T8431] pgpgout 95199 [ 119.728568][ T8431] pgfault 89643 [ 119.732044][ T8431] pgmajfault 99 [ 119.735509][ T8431] inactive_anon 2293760 [ 119.739692][ T8431] active_anon 5632000 [ 119.743691][ T8431] inactive_file 0 [ 119.747350][ T8431] active_file 0 [ 119.750817][ T8431] unevictable 0 [ 119.754323][ T8431] hierarchical_memory_limit 314572800 [ 119.759738][ T8431] hierarchical_memsw_limit 9223372036854771712 [ 119.765911][ T8431] total_cache 4984832 [ 119.769886][ T8431] total_rss 2297856 [ 119.773696][ T8431] total_shmem 4984832 [ 119.777665][ T8431] total_mapped_file 0 [ 119.781650][ T8431] total_dirty 0 [ 119.785316][ T8431] total_writeback 0 [ 119.789120][ T8431] total_workingset_refault_anon 768 [ 119.794357][ T8431] total_workingset_refault_file 0 [ 119.799367][ T8431] total_swap 61689856 [ 119.803408][ T8431] total_swapcached 643072 [ 119.807798][ T8431] total_pgpgin 97134 [ 119.811708][ T8431] total_pgpgout 95199 [ 119.815865][ T8431] total_pgfault 89643 [ 119.819842][ T8431] total_pgmajfault 99 [ 119.823911][ T8431] total_inactive_anon 2293760 [ 119.824839][ T8443] netlink: 'syz.0.1712': attribute type 13 has an invalid length. [ 119.828583][ T8431] total_active_anon 5632000 [ 119.828595][ T8431] total_inactive_file 0 [ 119.828604][ T8431] total_active_file 0 [ 119.828613][ T8431] total_unevictable 0 [ 119.853026][ T8431] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.1709,pid=8430,uid=0 [ 119.867643][ T8431] Memory cgroup out of memory: Killed process 8430 (syz.5.1709) total-vm:96180kB, anon-rss:3380kB, file-rss:22228kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 120.014840][ T8455] loop5: detected capacity change from 0 to 128 [ 120.204640][ T8464] loop1: detected capacity change from 0 to 2048 [ 120.283258][ T31] ================================================================== [ 120.291351][ T31] BUG: KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic [ 120.300816][ T31] [ 120.303135][ T31] write to 0xffff88811be9c86d of 9 bytes by task 8458 on cpu 1: [ 120.310754][ T31] copy_folio_from_iter_atomic+0x75f/0x1170 [ 120.316653][ T31] generic_perform_write+0x2c1/0x490 [ 120.321930][ T31] __generic_file_write_iter+0x9e/0x120 [ 120.327463][ T31] generic_file_write_iter+0x8d/0x310 [ 120.332822][ T31] iter_file_splice_write+0x6bc/0xa80 [ 120.338176][ T31] direct_splice_actor+0x156/0x2a0 [ 120.343268][ T31] splice_direct_to_actor+0x311/0x670 [ 120.348641][ T31] do_splice_direct+0x119/0x1a0 [ 120.353473][ T31] do_sendfile+0x382/0x650 [ 120.357873][ T31] __x64_sys_sendfile64+0x105/0x150 [ 120.363058][ T31] x64_sys_call+0x2db1/0x3000 [ 120.367720][ T31] do_syscall_64+0xc0/0x2a0 [ 120.372209][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.378092][ T31] [ 120.380398][ T31] read to 0xffff88811be9c800 of 2048 bytes by task 31 on cpu 0: [ 120.388004][ T31] copy_folio_from_iter_atomic+0x75f/0x1170 [ 120.393880][ T31] generic_perform_write+0x2c1/0x490 [ 120.399177][ T31] shmem_file_write_iter+0xc5/0xf0 [ 120.404299][ T31] lo_rw_aio+0x67d/0x730 [ 120.408520][ T31] loop_process_work+0x56c/0xac0 [ 120.413435][ T31] loop_workfn+0x31/0x40 [ 120.417687][ T31] process_scheduled_works+0x4cd/0x9d0 [ 120.423126][ T31] worker_thread+0x6bc/0x8b0 [ 120.427698][ T31] kthread+0x488/0x510 [ 120.431752][ T31] ret_from_fork+0x148/0x280 [ 120.436342][ T31] ret_from_fork_asm+0x1a/0x30 [ 120.441097][ T31] [ 120.443405][ T31] Reported by Kernel Concurrency Sanitizer on: [ 120.449536][ T31] CPU: 0 UID: 0 PID: 31 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(voluntary) [ 120.459243][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 120.469284][ T31] Workqueue: loop5 loop_workfn [ 120.474078][ T31] ================================================================== [ 120.775575][ T8455] ================================================================== [ 120.783705][ T8455] BUG: KCSAN: data-race in file_write_and_wait_range / xas_set_mark [ 120.791716][ T8455] [ 120.794043][ T8455] write to 0xffff88811af17b14 of 4 bytes by task 8458 on cpu 1: [ 120.801675][ T8455] xas_set_mark+0x12b/0x140 [ 120.806189][ T8455] tag_pages_for_writeback+0xe3/0x2e0 [ 120.811577][ T8455] writeback_iter+0x340/0x810 [ 120.816262][ T8455] mpage_writepages+0x87/0x1310 [ 120.821131][ T8455] fat_writepages+0x24/0x30 [ 120.825648][ T8455] do_writepages+0x1c6/0x310 [ 120.830257][ T8455] file_write_and_wait_range+0x178/0x2f0 [ 120.835918][ T8455] __generic_file_fsync+0x46/0x160 [ 120.841040][ T8455] fat_file_fsync+0x49/0x100 [ 120.845627][ T8455] vfs_fsync_range+0x10d/0x130 [ 120.850395][ T8455] generic_file_write_iter+0x1ba/0x310 [ 120.855869][ T8455] iter_file_splice_write+0x6bc/0xa80 [ 120.861241][ T8455] direct_splice_actor+0x156/0x2a0 [ 120.866356][ T8455] splice_direct_to_actor+0x311/0x670 [ 120.871732][ T8455] do_splice_direct+0x119/0x1a0 [ 120.876589][ T8455] do_sendfile+0x382/0x650 [ 120.881030][ T8455] __x64_sys_sendfile64+0x105/0x150 [ 120.886247][ T8455] x64_sys_call+0x2db1/0x3000 [ 120.890943][ T8455] do_syscall_64+0xc0/0x2a0 [ 120.895464][ T8455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.901355][ T8455] [ 120.903673][ T8455] read to 0xffff88811af17b14 of 4 bytes by task 8455 on cpu 0: [ 120.911213][ T8455] file_write_and_wait_range+0x130/0x2f0 [ 120.916853][ T8455] __generic_file_fsync+0x46/0x160 [ 120.921966][ T8455] fat_file_fsync+0x49/0x100 [ 120.926562][ T8455] vfs_fsync_range+0x10d/0x130 [ 120.931325][ T8455] generic_file_write_iter+0x1ba/0x310 [ 120.936795][ T8455] iter_file_splice_write+0x6bc/0xa80 [ 120.942167][ T8455] direct_splice_actor+0x156/0x2a0 [ 120.947274][ T8455] splice_direct_to_actor+0x311/0x670 [ 120.952993][ T8455] do_splice_direct+0x119/0x1a0 [ 120.957873][ T8455] do_sendfile+0x382/0x650 [ 120.962394][ T8455] __x64_sys_sendfile64+0x105/0x150 [ 120.967684][ T8455] x64_sys_call+0x2db1/0x3000 [ 120.972373][ T8455] do_syscall_64+0xc0/0x2a0 [ 120.976882][ T8455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.982777][ T8455] [ 120.985090][ T8455] value changed: 0x02000021 -> 0x04000021 [ 120.990807][ T8455] [ 120.993119][ T8455] Reported by Kernel Concurrency Sanitizer on: [ 120.999266][ T8455] CPU: 0 UID: 0 PID: 8455 Comm: syz.5.1718 Not tainted syzkaller #0 PREEMPT(voluntary) [ 121.008988][ T8455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 121.019035][ T8455] ==================================================================