last executing test programs: 1m48.176206423s ago: executing program 2 (id=1211): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) 1m48.090483646s ago: executing program 2 (id=1215): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x2, 0x1000, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000004080)=[{{0x0, 0x0, 0x0}, 0x8001}], 0x1, 0x40000100, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@random="d9ea693249ca", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, "fbddf0", 0x8, 0x3a, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2, {[], @echo_reply={0x81, 0x0, 0x0, 0x2, 0x4}}}}}}, 0x0) 1m47.241221474s ago: executing program 2 (id=1248): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000019080)=0x30) 1m45.148042834s ago: executing program 2 (id=1308): perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x7, 0x34328, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0x2}, 0x10026, 0x10003, 0xfffffff8, 0x3, 0x100008, 0x20005, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) unshare(0x8000000) r0 = semget(0x3, 0x1, 0x3c4) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x9, 0x3800}], 0x1, 0x0) 1m45.055063197s ago: executing program 2 (id=1310): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0) 1m45.023890228s ago: executing program 2 (id=1311): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newtfilter={0x60, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xb}, {0x0, 0xfff3}, {0xd, 0x4}}, [@filter_kind_options=@f_basic={{0xa}, {0x30, 0x2, [@TCA_BASIC_EMATCHES={0x2c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_META={0x1c, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x5}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x2, 0xc0}}}, @TCA_EM_META_RVALUE={0x4}]}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) 1m29.994153009s ago: executing program 32 (id=1311): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newtfilter={0x60, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xb}, {0x0, 0xfff3}, {0xd, 0x4}}, [@filter_kind_options=@f_basic={{0xa}, {0x30, 0x2, [@TCA_BASIC_EMATCHES={0x2c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_META={0x1c, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x5}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x2, 0xc0}}}, @TCA_EM_META_RVALUE={0x4}]}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) 54.540454381s ago: executing program 1 (id=2805): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000300)="72bf", 0x2, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom$inet(r0, 0x0, 0x0, 0x21, 0x0, 0x0) 53.66874636s ago: executing program 1 (id=2828): r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x3, 0x80, 0x4, 0x1, 0x7, 0xff, 0x0, 0x1c00, 0x1, 0x8, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0xfffffffffffffffb, 0x5}, 0x1000, 0x7f, 0x5, 0x1, 0xa04, 0xffff, 0x1a, 0x0, 0x401, 0x0, 0xffffffffffffd633}, 0x0, 0xd, r0, 0x2) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xff, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x6, &(0x7f0000000000)=@framed={{0x6, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0xa}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) 53.605958662s ago: executing program 1 (id=2819): set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000280)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@nombcache}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") lsetxattr$trusted_overlay_upper(&(0x7f0000000400)='./file2\x00', &(0x7f0000000340), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0) 53.457255917s ago: executing program 1 (id=2826): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000b80)='./file0\x00', 0x1008002, &(0x7f0000000d00)={[{@grpjquota}]}, 0x3, 0x5ee, &(0x7f0000000280)="$eJzs3c1vVFUbAPDnTj9oKXk7kDcqLqSJMZAoLS1gGuMCtoY0+BE3urDSgkiBhtZo0YSS4MbEuDHGxJUL8b9QIltWunLhxpUhIWpYmjjmztxbOu1Mv2jnEu7vlwxz7zlze86lfeace+acOwGU1lD6TyVif0TMJhGDyeJSXndkmUON193/+5Mz6SOJWu31P5NIsrT89Un2PJAd3BcRP/+UxL6u1eXOLVy9MDkzM30l2x+Zvzg7Mrdw9fD5i5Pnps9NXxp7cWz8+LHj46NHtnRe11qknbrx/oeDn0289d03/ySj3/82kcSJeCV74fLz2C5DMVT/P0lWZw2Mb3dhBenK/k5qtVotT0u6i60TG5f//noi4skYjK548MsbjE9fLbRywI6qJY33bqCMEvEPJZX3A/Jr+5XXwZVCeiVAJ9w72RgAWB3/3Y2xweirjw3svp/E8mGdJCK2NjLXbE9E3Lk9cePs7YkbsUPjcEBri9cj4qlW8Z/U478afVGtx3+lKf7TfsHp7DlNf22L5a8cKhb/0DmN+O9bM/6jTfy/kz5fa8Twu1ssv/pg873+pvjv3+opAQAAAAAAQGndOhkRL7T6/L+yNP8nWsz/GYiIE9tQ/tCK/dWf/1fubkMxQAv3Tka83HL+byWf/VvtWraEtRo9ydnzM9NHIuJ/EXEoenal+6NrlHH4831ft8sbyub/5Y+0/DvZXMCsHne7dzUfMzU5P/kQpwxk7l2PeLrl/N9kqf1PWrT/6TvD7AbL2PfczdPt8taPf2Cn1L6NONiy/X9w14pk7ftzjNT7AyN5r2C1Zz7+4od25W81/t1iAh5e2v7vXjv+q8ny+/XMbb6MowvdtXZ5W+3/9yZv1O8q1JulfTQ5P39lNKI3OdWVpjalj22+zvA4yuMhj5c0/g89u/b4X6v+f39ELK742clfzWuKc0/8O/B7u/ro/0Nx0vif2lT7v/mNsZvVH9uVv7H2/1i9rT+UpRj/g4av8jDtbU5vEY7drbI6XV8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBxUImJPJJXhpe1KZXg4YiAi/h+7KzOX5+afP3v5g0tTaV79+/8r+Tf9Djb2k/z7/6vL9sdW7B+NiL0R8WVXf31/+MzlmamiTx4AAAAAAAAAAAAAAAAAAAAeEQNt1v+n/ugqunbAjusuugJAYVrE/y9F1APoPO0/lJf4h/IS/1Be4h/KS/xDea0d/2+Pd6wiQMdp/6G8xD8AAAAAADxW9h649WsSEYsv9dcfqd4sr6fQmgE7rVJ0BYDCuMUPlJepP1BervGBZJ38vrYHrXfkWmbPPMTBAAAAAAAAAAAAAFA6B/db/w9lZf0/lJf1/1Be+fr/AwXXA+g81/hArLOSv+X6/3WPAgAAAAAAAAAAAAC209zC1QuTMzPTV2y8+WhUo5MbtVrtWvpX8KjUZ/s3kmyGekcKzafCd/5Mezdygvlav4395OLekwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGb/BQAA//8wviV5") mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$binfmt_register(r0, &(0x7f0000000880)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x1, 0x3a, 'usrjquota=\xb9\xc4\xd7A%S\n\x10i\xcf\x84\x93v\x02\xe4y}\xcbV\xbb\xc1\xd5\x06\v\xdc\xd8\\\xc5\xb3\ag\xa6u\xbe\xf4)\xae\xb6\xfe*\x9d?\xb2C\xf0<\xc9\x820M\x92Tzs\xba\xca\x9d\xad\x17\x1b\x84\xbc\xb3\xd8\xad\f\x17\xbe\x17\xb5}.H\x90\xc7\x0e\xb3y\xd0\xc3\xf0c\x04\xe6\fzZ\x02\xfd_W\x9a\xa7\x81\xfcr\xe9B\x95\x13\x9f\x10\'5\xc0\xf9\xb5\xe1\x15Y\x9b$\xa43\xe7F>\xb7\xa1\xb7zw\xac\xc8\x12\x94\xa7\xe5\xcb\xc0g\x865\\\x9e\xca\x8e\xe2\t\xb7\b\x00\x00\x00\x00\x00\x00\x00i7b\xad\x14oVT\xcb\xea\xd3\xad\xa9\x16\xd5\xb2\xa0 \x13^\xf6>\xd4\x8bZzl\x88\xddn\xab\xd6\x12\x1f\x06', 0x3a, '\x00\x03!\f\xee\x998r~\b\x13\x89\xae\xf1\x06hz\xcc\xd6\xbb\xb8\x19\x90\x9e\xdb\xa2F\xfa_F(\x05\b\x13\x82\x12\xad\x0f^\xdc\xf2\xb5', 0x3a, './file2', 0x3a, [0x46]}, 0x113) 53.280489893s ago: executing program 1 (id=2833): perf_event_open(&(0x7f0000000900)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x14, 0x0, 0x11004, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0xb) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x1c14744, &(0x7f0000000080), 0x2, 0x4bb, &(0x7f0000000600)="$eJzs3c9vVNUeAPDvvW35+R7te4+ngiyqaGz80dICykIXGk1cqNHoApe1LQQZqKE1EUK0GINLQ+LemLgxMf4BrlwZdWXixoXuXBgSosQEcOOYO3NvpzPMrQy0M8X5fJKBc+49ved8e+6ZOT1npg2gb41m/yQR/4qIHyNiuJ5tLjBa/+/q5bMz1y6fnUmiWn3516RW7srlszNF0eLrtueZsTQifS/JK2m2cPrM8elKZe5Unp9YPPHGxMLpM48cOzF9dO7o3MmpQ4cO7J987NGpg02XP3iTcWbxXdn99vyeXc++euH5mcMXXvvms+yCaX5+ZRxrZTQL/LdqTeu5+9e6sh77s9qIMxnsdWu4UQMRkXXXUG38D8dANDpvOJ55t6eNA9ZV9py9ufz0UhX4B0ui1y0AeqN4oc9+/s0fQ12aemwIl56s/wCUxX41f9TPDC6vDaznN2Q0Ig4v/fFR9oiWdYhqm3UDAIBb9WU2/3m4af6Xzz/SuKMotLVRfiQi/hMR/42I/0XEzoj4f0St7J0RcVeH9bduDV2/D5Ne7DioDmTzv8fzva3scW5F/LmRgTz371r8Q8mRY5W5fRGxIyLGYmhzlp9sd/HiEk9//0FZ/Svnf9kja0MxF8wvcnGwZYFulfW6jl06F7F7sBF/Y/6bLO8EJBGxKyJ2d3bpHUXi2IOf7ikr9Pfxr2IN9pmqH0c8UO//pWiJv5CU7E+m9f3JiS1Rmds3Ub8rBtrU8e13518sq/+W4l8DWf9vi6b+bykx/Huycr92ofM6zv/0fune6uBN3P+z04vTm5JXanu6m/Jjb00vLp6ajNiUPFfLNx2fanxtkS/KZ/GP7W13/6e157jI+//uiNgT8cNQcTLvu3si4t6I2LtK/F8/dd/rZec2Qv/PRvvxnxtp7v/OEwPHv/qirP7W+JM83yiR9f+BWmosP5L1f3F2a8l1y5uzJS9xs3czAAAA3H7S2nvjk3R8OZ2m4+P19/DvjG1pZX5h8aEj82+enK2/h34khtJi/TNdsR46mSzlV6znp/K14uL8/nzd+MOBrUkSlbnxmfnKbI9jh363vWT8Z35pt5gdEU90tYXAuvJ5LehfreM/7VE7gO7z+g/9y/iH/mX8Q/8qxv9LK46901KmZC8AuM15/Yf+1Rj/n/S0HUD3LY//c71tB9B9Hc7/X9ixXg0Buqndh+SL33fXOPLzqp+oX+vEYBfr6iDx+XXflkaiWB3dIE09czyJiPWtItKNEWlpIvJfYrFR2tN54lr1RgsXQzY/MrjK6G7+uxvlN0nXnoIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADW1V8BAAD//+zR2Tg=") syz_clone(0x1300211, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigsuspend(&(0x7f0000000080)={[0x5]}, 0x8) 52.935049295s ago: executing program 1 (id=2846): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x1000404, &(0x7f00000000c0)={[{@dmode={'dmode', 0x3d, 0x5}}, {@uid}, {}, {@check_relaxed}, {@map_acorn}, {@hide}, {@nocompress}]}, 0x5, 0x581, &(0x7f0000000380)="$eJzs3M9u3MYZAPCh/sSKWqgFgsaO4gPj5OAeonBXtQwhl24pSmKyu1yQVCCfiqCWA6NSWjQp0PhS+JK2QPsQQW99gp5y6PsEvfeigstd2ZYsRU1kKQ1+P8CeEfmR8w2xmIFW+BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBClG0nSiUI/H+7sxscthRDaXrpRFoOj44eHxyOn9/vnM80Z44YQNf/CwkK40R668cqT0z9p/rsVrrc/XQ8LTbMQHv3g1WvhlbmZ6fUnEv52fn403XP65LNHv/5wf3/vdxecyNV66dyRW9kwr4p80NvK4rwq4vW1teSd7c0q3sz7WXWvqrNBnJZZry7K+Hb607izvr4aZyv3ip3h1kavn00P3n27myRr8Xsro6xXVsXwnfdWqnQ77/fz4dY4pjndxNxtPojv53VcZ71BHD94uL+3Osll7rQkm6DOycOzk4/ak6Du1023m3S7nU6321m7s37nbpLMnTiQHBNORFz4h5b/Mxe4esO3czjZ/wEAAIDvr2j8HXvz+//8+Hv4KGzm/Sw5JfraJWcHAAAAXITxX/6vN818mA/hRoja3///eNWJAQAAABfmz09q7MYFUeMaux+/e1Rj93KoRteiL/8dynI+ejzafSs66DVxvYNJ/dTs8TvWm8vR0uQm42ZtbvJTmt2MXmuDXptGfzVpHjyv1u+pPKLoAhIIfw3Lbczy/ba9Pz3TjrK4mfezlbTov9sJvd7STJ3t1r//+OEfwnj6fxkOlqLw4OH+3sqvfrN/f7T78mTExweTAooTdRRn5PLpUd3jyRn/60ftqSxpx305tOMmT89/po2Z+R/G/Dy83sa8vti2i8/Of6GZf2fltNkvtll0RrtvLR08Pmvms2dncbONunn7zaZ58/Zzsugez+LasSy642cxyeIbPYtzZLF61rN4KYSwemoWPzxXFgBX5cEZu1BbY39i3z3XWjs9265yl7O7fx7eaGPeWB4vrHPLz1nRk6/b3ZKnV/RvsK//I9xqY25Ng0/bY5tx//bMrhodfNFc8MWp41b9btQ8wtlPD34bXv3ks0dvPzz48KO9j/Y+7nZX15KfJcmdbphvbhfaJrH3APAcWflVtFj/KSrLfPTLzvp6p1dvZ3FZpO/HZb6xlcX5sM7KdLs33MriUVnURVr0m84H+UZWxdXOaFSUdbxZlPGoqPLd8Ztf/nPYvvqlyga9YZ2n1aif9aosToth3UvreCOv0ni084t+Xm1n5fjiapSl+Wae9uq8GMZVsVOm2UocV1n2VGC+kQ3rfDNvusN4VOaDXnkv/qDo7wyyeCOr0jIf1UV7w+lY+XCzKAfj266MZ/zlVT9yALhyR2+we4Gdq54jAPAsuzQAAAAAAAAAAAAAAHz3nVa39/cXWhF4Vmea2dWM/kI6M5cynYXvwEy/B53pm6vOedXh7OUU0V565+rWJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4zX8DAAD//68kmbc=") r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 52.934977705s ago: executing program 33 (id=2846): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x1000404, &(0x7f00000000c0)={[{@dmode={'dmode', 0x3d, 0x5}}, {@uid}, {}, {@check_relaxed}, {@map_acorn}, {@hide}, {@nocompress}]}, 0x5, 0x581, &(0x7f0000000380)="$eJzs3M9u3MYZAPCh/sSKWqgFgsaO4gPj5OAeonBXtQwhl24pSmKyu1yQVCCfiqCWA6NSWjQp0PhS+JK2QPsQQW99gp5y6PsEvfeigstd2ZYsRU1kKQ1+P8CeEfmR8w2xmIFW+BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBClG0nSiUI/H+7sxscthRDaXrpRFoOj44eHxyOn9/vnM80Z44YQNf/CwkK40R668cqT0z9p/rsVrrc/XQ8LTbMQHv3g1WvhlbmZ6fUnEv52fn403XP65LNHv/5wf3/vdxecyNV66dyRW9kwr4p80NvK4rwq4vW1teSd7c0q3sz7WXWvqrNBnJZZry7K+Hb607izvr4aZyv3ip3h1kavn00P3n27myRr8Xsro6xXVsXwnfdWqnQ77/fz4dY4pjndxNxtPojv53VcZ71BHD94uL+3Osll7rQkm6DOycOzk4/ak6Du1023m3S7nU6321m7s37nbpLMnTiQHBNORFz4h5b/Mxe4esO3czjZ/wEAAIDvr2j8HXvz+//8+Hv4KGzm/Sw5JfraJWcHAAAAXITxX/6vN818mA/hRoja3///eNWJAQAAABfmz09q7MYFUeMaux+/e1Rj93KoRteiL/8dynI+ejzafSs66DVxvYNJ/dTs8TvWm8vR0uQm42ZtbvJTmt2MXmuDXptGfzVpHjyv1u+pPKLoAhIIfw3Lbczy/ba9Pz3TjrK4mfezlbTov9sJvd7STJ3t1r//+OEfwnj6fxkOlqLw4OH+3sqvfrN/f7T78mTExweTAooTdRRn5PLpUd3jyRn/60ftqSxpx305tOMmT89/po2Z+R/G/Dy83sa8vti2i8/Of6GZf2fltNkvtll0RrtvLR08Pmvms2dncbONunn7zaZ58/Zzsugez+LasSy642cxyeIbPYtzZLF61rN4KYSwemoWPzxXFgBX5cEZu1BbY39i3z3XWjs9265yl7O7fx7eaGPeWB4vrHPLz1nRk6/b3ZKnV/RvsK//I9xqY25Ng0/bY5tx//bMrhodfNFc8MWp41b9btQ8wtlPD34bXv3ks0dvPzz48KO9j/Y+7nZX15KfJcmdbphvbhfaJrH3APAcWflVtFj/KSrLfPTLzvp6p1dvZ3FZpO/HZb6xlcX5sM7KdLs33MriUVnURVr0m84H+UZWxdXOaFSUdbxZlPGoqPLd8Ztf/nPYvvqlyga9YZ2n1aif9aosToth3UvreCOv0ni084t+Xm1n5fjiapSl+Wae9uq8GMZVsVOm2UocV1n2VGC+kQ3rfDNvusN4VOaDXnkv/qDo7wyyeCOr0jIf1UV7w+lY+XCzKAfj266MZ/zlVT9yALhyR2+we4Gdq54jAPAsuzQAAAAAAAAAAAAAAHz3nVa39/cXWhF4Vmea2dWM/kI6M5cynYXvwEy/B53pm6vOedXh7OUU0V565+rWJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4zX8DAAD//68kmbc=") r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 1.280680807s ago: executing program 5 (id=4215): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) 1.243671238s ago: executing program 5 (id=4218): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x2c, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x6, 0x4, 0x2, 0x0, 0x0, {[@sack_perm={0x4, 0x2}]}}}}}}}, 0x0) 1.18246321s ago: executing program 4 (id=4223): r0 = socket$can_bcm(0x1d, 0x2, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x61, &(0x7f00000004c0)={0x20, 0x3, 0x5, 0x3}, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0}) close_range(r0, 0xffffffffffffffff, 0x0) 1.096952723s ago: executing program 4 (id=4228): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000240)=0xf4240) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000200)=0x14) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1.090821023s ago: executing program 6 (id=4229): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="010000000a0000002f4900007f"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xca, r0, 0x4}, 0x38) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7}, 0x38) 1.062135144s ago: executing program 4 (id=4231): setuid(0xee01) r0 = semget$private(0x0, 0x4, 0x29b) semop(r0, &(0x7f0000000180)=[{0x0, 0x203}, {}], 0x2) setgid(0xee01) semctl$GETNCNT(r0, 0x4, 0xe, 0x0) 1.027704105s ago: executing program 6 (id=4233): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3b}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={r2, 0x9}, 0x8) 427.582065ms ago: executing program 0 (id=4250): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x1, 0x5, @rand_addr=' \x01\x00', 0x208}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @local, 0x1}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000280)=[@in6={0xa, 0x1, 0xfffffffd, @mcast1}], 0x1c) 385.931827ms ago: executing program 0 (id=4251): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x8903, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c23003f) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110c230041) close(0x3) 385.529877ms ago: executing program 5 (id=4252): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000140), &(0x7f0000000000)=0x8) 359.695237ms ago: executing program 3 (id=4253): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'dummy0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x40530, 0x5a1b5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}, @IFLA_LINK={0x8, 0x5, r3}]}, 0x44}, 0x1, 0x0, 0x0, 0x24004804}, 0x40000) 349.086938ms ago: executing program 5 (id=4254): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0xe1045, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x1, @perf_config_ext={0x800000, 0x3fff8000}, 0x844, 0x32, 0x43a1bd76, 0x7, 0x9, 0x2, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780080008400000137906000440fff1f00006000540001c020008000640"], 0x6c}, 0x1, 0x0, 0x0, 0x90}, 0x24008000) 267.38895ms ago: executing program 0 (id=4255): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000fcffffff00000000000000008500000036000000180100006420002500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001800000850000000600000095"], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r0, r2, 0x25, 0x0, @void}, 0x25) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="178d048604bf0bfb1945d7430008", 0x0, 0x501, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 266.788771ms ago: executing program 3 (id=4256): pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) vmsplice(r0, &(0x7f0000000800)=[{&(0x7f0000000400)="fc72", 0x2}], 0x1, 0xa) splice(r1, 0x0, r0, 0x0, 0xffffffffffff7fff, 0x9) 247.744771ms ago: executing program 3 (id=4257): r0 = semget$private(0x0, 0x4000000009, 0x42a) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x63, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, @perf_config_ext={0x804b, 0x8}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0xcb, 0xffff, 0x0, 0x0, 0x0, 0xbf}, 0x0, 0xfff8000000000001, 0xffffffffffffffff, 0x1) semop(r0, &(0x7f00000002c0)=[{0x0, 0xff}, {0x0, 0x1f}, {0x4, 0x202}, {0x0, 0x8, 0x1000}, {0x0, 0xfff}], 0x26) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0xfff9, 0x1000}], 0x1, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) 236.026342ms ago: executing program 5 (id=4258): bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x3c) capset(&(0x7f0000000380)={0x19980330}, &(0x7f0000000100)={0x0, 0x0, 0x9}) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$SG_IO(r0, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0x6b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c3513000000", 0x0, 0x0, 0x30520cf7f25f0c64, 0x2, 0x0}) 204.383693ms ago: executing program 4 (id=4259): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x0, 0x2}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000140)='8', 0x1}], 0x1}, 0x10) recvmmsg(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000700)=""/199, 0xc7}], 0x1, &(0x7f0000000180)=""/86, 0x56}, 0x35}], 0x1, 0x40002121, 0x0) 191.934533ms ago: executing program 5 (id=4260): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000080) syz_open_dev$usbfs(&(0x7f0000000040), 0x75, 0x140341) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 165.861744ms ago: executing program 6 (id=4261): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8000000, 0x7fffffe, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x3, 0x0}, @mcast1, [0x0, 0x0, 0x0, 0xffffff], [0x0, 0x0, 0x4c62d6309aaa1bde, 0xff000000], 'ip6tnl0\x00', 'nicvf0\x00', {}, {0xff}, 0x3a}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x4, '\x00', 'syz1\x00'}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, [], [0x0, 0x0, 0xffffff00, 0xffffff00], 'veth1\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', {0x1}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r2, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c000180050002000000000008000400050000000800010002000000240003"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 159.287754ms ago: executing program 4 (id=4262): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={r2, 0x8}, 0x8) 87.392426ms ago: executing program 4 (id=4263): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 87.289077ms ago: executing program 0 (id=4264): perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x7, 0x34328, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0x2}, 0x10026, 0x10003, 0xfffffff8, 0x3, 0x100008, 0x20005, 0x9, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0) 87.000177ms ago: executing program 3 (id=4265): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000f000000850000002e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0x5, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0x1, 0xb}, {0xfff2, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8021}, 0x4048800) 69.658978ms ago: executing program 6 (id=4266): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00'], 0x28}}], 0x1, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x10000, 0x0, 0x0) 67.758858ms ago: executing program 3 (id=4267): r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x2) shutdown(r0, 0x0) accept4(r0, 0x0, 0x0, 0x800) 44.393338ms ago: executing program 0 (id=4268): ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000040)={0x0, 0x0, "d607f8f9951e76c13f64323723e7eecdf40c363423eb3d259266ec9c37865c6c1a4640ce1b22bb3327ef4f001d34c09f39c3539e4f8d3ee0878ae95bc7f52363c468b257ff2424852548deb01efd54f11ed2c41d078b9cf1fc8f72566153c97e4af37017ea6b16b694bb4a6e4606c3fb19d1d2bd3c8c4e97da2213f9d5c3b90400000000000000c279f03558083906666827d61dcc3a633bffff0e0b5a293e3877adc1660edbc9a0307a25720a70e419dc44febf7ddc73fd4a5a0b6c28667f7f46c7084e17c809268103a2584ab40a68e528329d97afc3612e325c1eb4a3ab2e156a97444800", "0615e456c196e819a321fdb3690bfab19538829a732a01781564ef7738cb5b82a704b3952f81c68bb4ceeaad63206f88201638e87c4981cbf9332cbc9c4d69e392bd33237ece7ad91e44edac0da8dacad81adf2e08c21ad6b44ce1f90bd618c255ca40cdb411485fb48a51d329c816b3488c7d032ef69c502c6e1236bd381efd410165988847c1dcb98a18ca2b853910e52044fa3b3026cb88de269537c8f26ffc3b15cbf279832bfc90bd95939043182e88050dfd2a4784a5d1453610fb1f1c2bac36c3ecd3e6fb756ef8880debeef3636afd981d8af4ab119928448f90351aec113335eacf52a18c87738d9679d3acc032a16fbefc64776f363610a15b37bcd36e6a7cba931151b9c9ba5779d550e9ab21603a43a25f3b4895d8dc4f3ce0e7d5e964e888169ea79a0848e9338b3d34d62e963fbf98834f4455419907f0ffdb76373af77a34edee7789f56e7f01bdab9614a0d460f791a06e6cf5243bf2b3a1624a80ec7e1116f1c81f5ef4b895be74bf67eea9193428b58a8b62b7976d3d2e59796c46ec918c83cd49c3f43dbd2967586966c19ace7b0bef5f94eb333b362649f1bfa114f8b1f126e97ec672cff77e2130823fa7a1df6760c6a8917815e9f0a409ed32b133df7dc9afceffcd472b35145c83c9167764d25ce214133c6170adeb6653b30b226a3b6ff1363ac862a540c7fab584cd051ce7ee951e0f121d43cff75afbdec6bc6f6e8f7db58c8086751320d22ee8582e915cabc536e3767e9a9230c9ae8b92398f0ca2a7141ea4588af7afde10e5ec2a6fe85ba5712e126629d4e3998fc4721cb638f2ef8356049e3448466e2c400d5e8baf843fa399907cb526b791c5350ce29204cb6fe50b892a69ec6dbecc28f032a745738faa12c2a34222942fef0ec0511da5fe0b565ceac429da7cc25cfe0320b40a514723e2392a6a361032343edb79fd83cd0a354837153542fd61b3156b54c566036e493250c3a3214738e3cacc24a50d5dfd17d5008b4ca629c3062f3417cb69c48b8b888ae51256bb4e6c68e95a71a00383ad9df263f6a775ded64fef20ed5cb5f31c33cb86f839d00a12e40cd31219113619c4e0585454cb1776278bfd7f5c4275792afb790e83ff0fc6925355c7aee7a070477d9ec2292366e39b9dc66f7adcf449a1a718e5217183faf0f679efc5cef20bcdcf2d12ea0684084ec0d693256e280025b23b5a08b7b1ebe7d41fb045793f971d6ee066604818cb09d86c1eda98a44c35476a113fd5d1a7543f8f99424ebb78dd9e00d719502a6eafa743a061fa3fa55e4deaa0a011b6b9d633f10e0c9446b5a2e3f6d6014ab00695366c1a6bf0c32f703aebb7988c7d4d322681458e85626302c70f37628835e1fcfff1da3099c0b4afc09a98b18880c846b34d6ac0210f073765666100976ee1d928893f983580ea47a012144633b98e02c3e81869534ab985eb3a5ec0bac892dac949f85db949285a6a7a490b1075467226af23df82d8dd09b7282490fbb3ada9ed4cae8f761aefbe0701de6b132f12044c58ac1c2607c8f51361de5bed021dea13fd0a440263cf0b304522a324b581ab274e7bdae5994316657b5c0ab0220d9b08739729f7a35d436878c182aec4f08dd161c11ee5b7937fae7835e8bfe98a44c8d4bbb2e0eee0cb5d7c93517e96a9fc8132e60f3ef7c735bea1934b37df451f981c8d9210e61278c871e6dad6ceb89aa4d7245658a63e65cec7b81d307426a60a31cc917844a14e1d9ad83bef1c9f736d1836687c950d1275caece0d46ab9f3b0e95d9cf560eb8134e8346b35e0a6f60e6a87a14c4aeb3e0d06158390660a52a6e44b524c1e16de2bf99870f78fc81d267072bc63e97d3f26d23fd59799ff2c847d6a724cebc2377a582ba73d99a610a095c28d66c60910ac64b7d18847fa98fd8528b72e0a149b082c731575b2e2763e67c821ba29eecd8b8c87981c4fb1fbbaaa4e8aa077ec98de1362fc7af7a0ac5e3297fd0d924124b2e255b5cc4f6b0873f3d34418d5ae0d6f734628f38cb9b856b2db3fbb2fafb76983eabc51a348e55789e997fa25cbe6e5031bd2e33d4e2686f964a65d1abf7f96a20a8b270b1522ace4adf6fdade5cd3f101574960d13267e2382f70027ebe5ef7f9418e14e6a8a130d2aec2253c8fe21825e3295774db0c9b1340ea28a96589ba0d9f79aa61b92aea6f704ef7f716d849b8c77e6922e198a086d8133491d0bb85b925825a6d307d7cc8f09c655aa3edabf84c75560dfb279ee3e8b825323279edc58c3161e72cf9ae02ef80d500da922c0abeb8b164abd9c17ef7c02e89000d67b0c2ddd078cacbf37c4826be3845948d598980d63c1d7aade89d0637d80a4c102a35eb027a08ef90cc20d17fc514926914e68e5de54b861200ffa4ce1cbc16e4ecf342a1176cdb561f7dea38b3ae0fd81260f72d34e6f33d364cf313d3b3161410dcbf5f0f0579a1d235b49bb5d27f85825b94f1899e7846d0292ad912d934574f9d55d2152dbfb39d662e6e0f2496182d012af8b4bebbdfa1d68e3e988869fb5cd9612db97e6cc574444f4b5025ec9827bafc55341bf6ad3fd4fab2ee43f343cb9bcec0c38384b5699e5c6e5003ba591978275c51a40200d340b9ed3681f08c69f58320f538f9cd78a34eb6ed55710d2478ea4bd15813921817b42f88f1bb038033b519668f0a2e8693b9a19c7bcf96eec04bd1025b31c32f4286be922ab2c87aa30310c8f46551450d5bc26b5fbfdedaae0f756384023bb9a28d3200cfeaedd63d6afe076513e8ad73d16607cd4ede16344e60d8707357e82b1089258c56d851a435e23ce0919825e04471dd61a44c43e87c2959d4e89311a30ee8be010094d0ef109bb210dda58b21b685b9e9c078c9ded6117d9a88dd7799291969851cd4c3f22b5f870a275a692188dafcf6e89ba87b0eb61011de031fda25fb3349901d40da2bbdb76eda417c9fafd90fb23504ab150ca0033ea1d00000000000086ba3aaa79d0df4f2e4e4afa565e66d28aa167f835d080bf1d41d0e52dbf81c671f8eacae234bf4fc328302671fab46613b73daf2ace80aff2f80f6a9d84b82480178cc612aa90adfc80ab3bba7d1527fc6ab04f009011bf093494a0d329df4e53d855b1c0ff6a25d22052b3a778e1ca2fbe59c996abb48a13682d06da269560524ffa0f404b73b946edf900ee958ceba09a051e27a620fb78e7a352c182c8c2981ce822eeaf6323965b4b3f322d40d406a158b6f3cf5d74822de952fefc341d0dead6c1c8fed8e48e0a85b51c1dcc7796d3f45bb1f50467a475da76c356c9e031b096867da1dbb89c3a038d475dbcdb2df1278d5dba55c2fb5ba6a9778c2a244198491f0f711cdb2ef0332f347afffb1b098b4c59041ccb0c286bb2dd40efec713f6ffe0b1067678c748615dae3c1e090f3739a9035767fb9972580d19fdef49a5071f99c3706b8fa4991f430721cf3ca11af0e3bd7c4d0cd0ab5b7d98ee66730c20a098110e4a15ce0bfc88c41fe375f261fe3557e8456e140fbd269a0f3ed515ac03cfecce67027d579e1226bd7b7381827453550343566508d38790ee838c3bf85c6c91a45e7a44752f57313533a3e82e4042e65d346afb20c0527575f79080aef4e1aa8d5868d190c8d37bdae7592e41bed37b9d4c30d8126d3debde02df91c33681e48133e2a41cd55347bd23dcce57a0018961adb629c530dc112d22ac72bce353681264b5175be40b3ba844009000000000000006c128447be7128748e185be2640115556bac64d060207e629b0144e501c1c49c6abd15c7982b01e22da2ad04bb28df1a27f31e18040c16406071d798bb40d901d001e22cc5ed870d08702f49f0021814cdd814901a13c7ab061bb4b8172c639b3449e24f656fee58186e69e6874ea95d946da781b49ca080ffb4a3c87746c661f43e9be52d0ba2ee368b9c143687c8846abac599069decf41e69fddcadf31c5f715817df12df4eedbfcc5805fe8e4a9a442de93a15dddacf3cf52479956185a3c5000d18ddce0236d5858c0d8761bca7446e3d30f3e8f48d5e8f86a60cbe46f0381b5521c235590bdacfeebb86e28d42a923bdc3f9a307b919341a2a7dda096d41070db245c2c424aedd4a4bb9863169454d09f25fd0d9ed000000000000a886dd998e041133e07899ad48f7cda600de48ac3951152dfbe6331b8acae24cfd2dd2b14696c75040685c756942a0d049ee9863a2e480388f93876f3910ecb3a59fa16c25b2b3636a542f92744495e10a4ce37f19f5c2256e2d61775d388e2a86b52f76add2f956aa02501f5badb94da12595b2bbf88b05dc70caae6766fd3df4f299d0ff71c8787249b255ea49b3d33b3f1a8c9403cb75d64264465c3578538382b23d721f8a49134020ca2d9e887d9949624ac6d63322b6507e277a0020db9bfa2928736b96c72fa3406a95adfe6b374ffa27001d37d3bbe725e75c257834572026c511f57dce67153a4008f9e75e07ed9237f600005800ee667c137fc78bc4fd4ebf4d228979ab0ccafbcd8b8daad76fb2abcfc585377ea6e19f170db898b950a7b0f4e75466a2ba26e7d60e0a6f5c54a3fe78677f3362c5b01ae791b62ee8a5d0fd65b739ece4f3b758d05a8e4e4ea7e4866ee67750ce2769f72a9f45780eadfae73b42d4dd4c614c797c694ece8af88cc732edabfa26ace57de54835c7551154dfa3be11a0d3b5845ac97b2da84410a652e72cd563acbb2b02bb59370cebaaa80014e3ad280944eae6fbf8d5f85237257bb5b8e5ec3e52dc06f8394176b325a577804e9eb78d7015172d17ed15f905f705d56687f53988bb207c74fbeb2b03a700258e835362886239f4d8f1c2cf6d4d10ff26d2579ea40a5fb99e5b6d01cdeda050d3faa78ed674f2899be08332086c8bf0410a7d06099c50a2d949d49a0f21b43bcdfbdf435875cf5a9def46db63746574ee8a5b1fbcef411154e914dd9e5bb1b1bd2944581083fb66a017e7972df3daefc487e4198cb281d3a80637d52b417354335f8cf20d0d96ee5d72465657593339506fd0c3807cd6445eb54cfb5ca9d35ef93eec6383224ebf85197eb6ed75f6c324f6a0345a25be6bb52ed347e57ccb059b903fb7db4e9f46513a4158ce29c1f5d6081b556bbc471e89225cad81aed34dae0f90ee8e7237b3b286e29b49d7a1700c537b28571f7d7e2a55e10792d6f7779ddefa3febdea5693048372a45903c04f1035a96c6cfbe6f6c2b7545b2a0cb4c8a70e698be6e37fd411cf4b76317b47683f6b0f80dfdeef3a9767c7e5c30dff786093a21477431fea0458023953700"}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e000000000000000000140000001100"], 0x80}}, 0x0) syz_emit_ethernet(0x26, &(0x7f0000001040)=ANY=[@ANYBLOB="c92752ede134aaaaaaaaaaaa080045a70018006500004004"], 0x0) 31.498488ms ago: executing program 6 (id=4269): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000340)=0x63ba, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f00000002c0)=0x1, 0x4c) sendmmsg$inet6(r0, &(0x7f0000000480)=[{{&(0x7f0000000280)={0xa, 0x4c22, 0x4, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c, 0x0}}], 0x1, 0x14000000) recvmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}, 0xdb30}], 0x1, 0x40002142, 0x0) 28.836618ms ago: executing program 3 (id=4270): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x2, 0xf4261, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_config_ext={0x1, 0xf60e}, 0x9092, 0x0, 0x43a1bd76, 0x2, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x5, &(0x7f0000001d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000c3707bf4000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_buf(r2, 0x0, 0x4, &(0x7f0000000040)="460910bc996c301c81", 0x9) 6.173179ms ago: executing program 6 (id=4271): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000240)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x501, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 0s ago: executing program 0 (id=4272): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') unlinkat(r0, &(0x7f0000000280)='./file0\x00', 0x200) rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00') kernel console output (not intermixed with test programs): 774986220.892:11462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9477 comm="syz.1.2588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fe95712c819 code=0x7ffc0000 [ 117.703404][ T28] audit: type=1326 audit(1774986220.892:11463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9477 comm="syz.1.2588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe95712c819 code=0x7ffc0000 [ 118.099570][ T9530] netlink: 7 bytes leftover after parsing attributes in process `syz.3.2612'. [ 118.143957][ T9530] netlink: 7 bytes leftover after parsing attributes in process `syz.3.2612'. [ 118.219633][ T9540] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2617'. [ 118.256222][ T9543] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2620'. [ 118.313587][ T9549] loop5: detected capacity change from 0 to 512 [ 118.370089][ T9549] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.474248][ T9549] ext4 filesystem being mounted at /165/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 118.486564][ T9573] 9p: Bad value for 'rfdno' [ 118.507790][ T9571] bond2: invalid ARP target 0.0.0.0 specified for addition [ 118.534651][ T9571] bond2: option arp_ip_target: invalid value (0) [ 118.558684][ T9581] delete_channel: no stack [ 118.564980][ T9571] bond2 (unregistering): Released all slaves [ 118.647611][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.659854][ T9589] loop1: detected capacity change from 0 to 256 [ 118.704842][ T5870] IPVS: starting estimator thread 0... [ 118.806290][ T9597] IPVS: using max 2640 ests per chain, 132000 per kthread [ 118.860859][ T9617] netlink: 'syz.1.2650': attribute type 10 has an invalid length. [ 118.878548][ T9617] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.885803][ T9617] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.917207][ T9622] loop5: detected capacity change from 0 to 512 [ 118.931839][ T9622] EXT4-fs: Ignoring removed bh option [ 118.944421][ T9622] EXT4-fs: inline encryption not supported [ 118.958159][ T9617] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.965299][ T9617] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.972627][ T9617] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.979736][ T9617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.995413][ T9622] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 119.022734][ T9617] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 119.031934][ T9621] bridge_slave_1: left allmulticast mode [ 119.039513][ T9621] bridge_slave_1: left promiscuous mode [ 119.050074][ T9622] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1142: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 119.066136][ T9621] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.073838][ T9622] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.2649: bg 0: block 248: padding at end of block bitmap is not set [ 119.073954][ T9621] bridge_slave_0: left allmulticast mode [ 119.094116][ T9622] loop5: lost filesystem error report for type 5 error -117 [ 119.094257][ T9621] bridge_slave_0: left promiscuous mode [ 119.101585][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 119.101608][ C0] EXT4-fs (loop5): last error at time 1774986222: ext4_validate_block_bitmap:441 [ 119.122829][ T9622] EXT4-fs error (device loop5): ext4_acquire_dquot:7026: comm syz.5.2649: Failed to acquire dquot type 1 [ 119.136320][ T9622] loop5: lost filesystem error report for type 5 error -28 [ 119.136884][ T9621] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.151399][ T9622] EXT4-fs (loop5): 1 truncate cleaned up [ 119.157695][ T9622] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 119.195136][ T9621] bond0: (slave bridge0): Releasing backup interface [ 119.233802][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 119.409334][ T9652] netlink: 'syz.1.2662': attribute type 3 has an invalid length. [ 119.651514][ T9686] loop1: detected capacity change from 0 to 256 [ 119.660936][ T9687] veth0: entered promiscuous mode [ 119.670064][ T9685] veth0: left promiscuous mode [ 119.676149][ T9686] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.246398][ T9737] loop1: detected capacity change from 0 to 512 [ 120.312845][ T9737] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.387322][ T9737] ext4 filesystem being mounted at /547/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 120.601437][ T9760] loop0: detected capacity change from 0 to 1024 [ 120.644207][ T9760] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 120.675472][ T9760] ext4 filesystem being mounted at /527/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 120.758057][ T9760] EXT4-fs error (device loop0): ext4_map_blocks:828: inode #15: block 3: comm syz.0.2711: lblock 3 mapped to illegal pblock 3 (length 3) [ 120.772680][ T9760] EXT4-fs (loop0): Remounting filesystem read-only [ 120.926891][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 120.983953][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.091513][ T9756] syz.3.2710 (9756) used greatest stack depth: 8448 bytes left [ 121.274952][ T9799] program syz.5.2727 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 121.345695][ T9798] __nla_validate_parse: 8 callbacks suppressed [ 121.345712][ T9798] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2728'. [ 121.446964][ T5869] kernel read not supported for file /vcs (pid: 5869 comm: kworker/1:6) [ 121.889199][ T9866] loop4: detected capacity change from 0 to 512 [ 121.913342][ T9866] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.970290][ T9866] ext4 filesystem being mounted at /616/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 122.109133][ T9890] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2769'. [ 122.160550][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.176710][ T9890] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2769'. [ 122.244986][ T28] kauditd_printk_skb: 43 callbacks suppressed [ 122.245003][ T28] audit: type=1400 audit(1774986225.712:11505): avc: denied { ioctl } for pid=9879 comm="syz.5.2765" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 122.246044][ T9881] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.286411][ T9881] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.329927][ T28] audit: type=1326 audit(1774986225.802:11506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9904 comm="syz.3.2776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 122.362987][ T28] audit: type=1326 audit(1774986225.802:11507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9904 comm="syz.3.2776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 122.390493][ T28] audit: type=1326 audit(1774986225.802:11508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9904 comm="syz.3.2776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=192 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 122.416444][ T28] audit: type=1326 audit(1774986225.802:11509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9904 comm="syz.3.2776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 122.443542][ T9913] loop0: detected capacity change from 0 to 512 [ 122.450126][ T28] audit: type=1326 audit(1774986225.802:11510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9904 comm="syz.3.2776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 122.475842][ T28] audit: type=1326 audit(1774986225.802:11511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9904 comm="syz.3.2776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 122.481582][ T9916] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2779'. [ 122.525537][ T9913] EXT4-fs (loop0): 1 truncate cleaned up [ 122.531812][ T9913] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.543920][ T28] audit: type=1326 audit(1774986225.802:11512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9904 comm="syz.3.2776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 122.568016][ T28] audit: type=1326 audit(1774986225.802:11513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9904 comm="syz.3.2776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 122.569927][ T9913] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2781: bg 0: block 465: padding at end of block bitmap is not set [ 122.636807][ T9913] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 122.659165][ T9913] EXT4-fs (loop0): This should not happen!! Data will be lost [ 122.659165][ T9913] [ 122.669477][ T9913] EXT4-fs (loop0): Total free blocks count 0 [ 122.699081][ T9913] EXT4-fs (loop0): Free/Dirty block details [ 122.712341][ T9913] EXT4-fs (loop0): free_blocks=0 [ 122.724229][ T9913] EXT4-fs (loop0): dirty_blocks=66 [ 122.729733][ T9913] EXT4-fs (loop0): Block reservation details [ 122.735786][ T9913] EXT4-fs (loop0): i_reserved_data_blocks=66 [ 122.783276][ T1736] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 29 with max blocks 39 with error 28 [ 122.796467][ T3315] EXT4-fs warning (device loop0): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 122.948541][ T9929] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 123.186098][ T28] audit: type=1400 audit(1774986226.652:11514): avc: denied { bind } for pid=9948 comm="syz.5.2796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 123.452212][ T9965] netlink: 'syz.5.2802': attribute type 10 has an invalid length. [ 123.489308][ T9965] bridge0: port 3(syz_tun) entered disabled state [ 123.495963][ T9965] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.503225][ T9965] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.505719][ T9970] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2802'. [ 123.520208][ T9965] bridge0: port 3(syz_tun) entered blocking state [ 123.526726][ T9965] bridge0: port 3(syz_tun) entered forwarding state [ 123.533449][ T9965] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.540620][ T9965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.548002][ T9965] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.555140][ T9965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.565445][ T9965] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 123.604776][ T9970] syz_tun: left allmulticast mode [ 123.641346][ T9970] syz_tun: left promiscuous mode [ 123.649819][ T9970] bridge0: port 3(syz_tun) entered disabled state [ 123.666764][ T9970] bridge_slave_1: left allmulticast mode [ 123.672445][ T9970] bridge_slave_1: left promiscuous mode [ 123.696206][ T9970] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.704200][ T9970] bridge_slave_0: left allmulticast mode [ 123.716104][ T9970] bridge_slave_0: left promiscuous mode [ 123.721783][ T9970] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.732525][ T9970] bond0: (slave bridge0): Releasing backup interface [ 124.535094][T10008] loop1: detected capacity change from 0 to 512 [ 124.542104][T10008] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 124.564021][T10008] EXT4-fs (loop1): 1 truncate cleaned up [ 124.572151][T10008] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.685166][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.745571][T10027] loop1: detected capacity change from 0 to 1024 [ 124.769030][T10027] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 124.789688][T10027] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 124.813424][T10027] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 124.827396][T10035] netlink: 264 bytes leftover after parsing attributes in process `syz.0.2832'. [ 124.855337][ T3312] EXT4-fs error (device loop1): ext4_iget_extra_inode:5040: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 124.899009][ T3312] EXT4-fs error (device loop1): ext4_iget_extra_inode:5040: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 125.027285][ T5646] syz_tun (unregistering): left allmulticast mode [ 125.085559][T10051] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2840'. [ 125.162493][ T1736] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.235300][ T1736] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.342331][T10087] netlink: 277 bytes leftover after parsing attributes in process `syz.3.2855'. [ 125.381757][ T1736] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.403711][T10091] tipc: Enabling of bearer rejected, media not registered [ 125.463671][T10066] chnl_net:caif_netlink_parms(): no params data found [ 125.509826][T10066] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.518131][T10066] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.525415][T10066] bridge_slave_0: entered allmulticast mode [ 125.532399][T10066] bridge_slave_0: entered promiscuous mode [ 125.542082][ T1736] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.566333][T10066] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.579686][T10066] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.580569][T10104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.587252][T10066] bridge_slave_1: entered allmulticast mode [ 125.602584][T10066] bridge_slave_1: entered promiscuous mode [ 125.607092][T10104] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.628683][T10066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 125.646422][T10066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 125.684157][T10066] team0: Port device team_slave_0 added [ 125.766320][ T1736] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 125.777089][ T1736] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 125.787016][ T1736] bond0 (unregistering): Released all slaves [ 125.804208][ T1736] bond1 (unregistering): Released all slaves [ 125.823170][T10066] team0: Port device team_slave_1 added [ 125.858069][T10066] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 125.865328][T10066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 125.921582][T10066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 125.945106][ T1736] hsr_slave_0: left promiscuous mode [ 125.953282][ T1736] hsr_slave_1: left promiscuous mode [ 125.964792][ T1736] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 125.976993][ T1736] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 126.025254][ T1736] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.036114][ T1736] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 126.057742][ T1736] veth1_macvtap: left promiscuous mode [ 126.063327][ T1736] veth0_macvtap: left promiscuous mode [ 126.076182][ T1736] veth1_vlan: left promiscuous mode [ 126.081748][ T1736] veth0_vlan: left promiscuous mode [ 126.223766][T10156] loop0: detected capacity change from 0 to 128 [ 126.251291][ T1736] team0 (unregistering): Port device team_slave_1 removed [ 126.338486][T10066] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 126.345948][T10066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 126.409433][T10066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 126.426816][T10156] syz.0.2878: attempt to access beyond end of device [ 126.426816][T10156] loop0: rw=2049, sector=138, nr_sectors = 16 limit=128 [ 126.441113][T10165] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2881'. [ 126.456637][T10156] syz.0.2878: attempt to access beyond end of device [ 126.456637][T10156] loop0: rw=2049, sector=170, nr_sectors = 8 limit=128 [ 126.495684][T10066] hsr_slave_0: entered promiscuous mode [ 126.507693][T10066] hsr_slave_1: entered promiscuous mode [ 126.514041][ T1837] kworker/u8:8: attempt to access beyond end of device [ 126.514041][ T1837] loop0: rw=1, sector=138, nr_sectors = 2 limit=128 [ 126.528471][T10066] debugfs: 'hsr0' already exists in 'hsr' [ 126.534265][T10066] Cannot create hsr debugfs directory [ 126.730951][T10194] loop0: detected capacity change from 0 to 764 [ 126.748497][T10066] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 126.757922][T10194] Symlink component flag not implemented [ 126.770275][T10194] Symlink component flag not implemented (7) [ 126.778815][T10066] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 126.790367][T10066] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 126.820684][T10066] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 126.927719][T10066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.995775][T10066] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.036483][ T1736] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.043829][ T1736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.067687][ T1736] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.074917][ T1736] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.128587][T10066] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 127.156467][T10066] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 127.201129][T10235] loop4: detected capacity change from 0 to 1024 [ 127.243137][T10235] EXT4-fs (loop4): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 127.271676][T10066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 127.290726][T10235] EXT4-fs error (device loop4): ext4_map_blocks:786: inode #3: block 2: comm syz.4.2896: lblock 2 mapped to illegal pblock 2 (length 1) [ 127.306730][T10235] loop4: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 127.309240][T10235] __quota_error: 13 callbacks suppressed [ 127.309260][T10235] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 127.318351][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 127.318393][ C1] EXT4-fs (loop4): initial error at time 1774986230: ext4_map_blocks:786: inode 3: block 2 [ 127.318421][ C1] EXT4-fs (loop4): last error at time 1774986230: ext4_map_blocks:786: inode 3: block 2 [ 127.376257][T10235] EXT4-fs error (device loop4): ext4_map_blocks:786: inode #3: block 48: comm syz.4.2896: lblock 0 mapped to illegal pblock 48 (length 1) [ 127.413231][T10235] loop4: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 127.413474][T10235] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 127.445548][T10235] EXT4-fs error (device loop4): ext4_acquire_dquot:7026: comm syz.4.2896: Failed to acquire dquot type 0 [ 127.462975][T10235] loop4: lost filesystem error report for type 5 error -117 [ 127.463124][T10235] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6291: Corrupt filesystem [ 127.481155][T10235] loop4: lost filesystem error report for type 5 error -117 [ 127.481336][T10235] EXT4-fs error (device loop4): ext4_evict_inode:265: inode #11: comm syz.4.2896: mark_inode_dirty error [ 127.504210][T10235] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 127.504399][T10235] EXT4-fs warning (device loop4): ext4_evict_inode:268: couldn't mark inode dirty (err -117) [ 127.533574][T10235] EXT4-fs (loop4): 1 orphan inode deleted [ 127.548643][T10235] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.560879][ T294] EXT4-fs error (device loop4): ext4_map_blocks:786: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 127.576278][ T294] loop4: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 127.576433][ T294] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 127.594838][ T294] EXT4-fs error (device loop4): ext4_release_dquot:7062: comm kworker/u8:6: Failed to release dquot type 0 [ 127.623962][ T28] audit: type=1326 audit(1774986231.092:11528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10281 comm="syz.0.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96f2adc819 code=0x7ffc0000 [ 127.627565][T10066] veth0_vlan: entered promiscuous mode [ 127.653624][ T28] audit: type=1326 audit(1774986231.122:11529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10281 comm="syz.0.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96f2adc819 code=0x7ffc0000 [ 127.677915][ T28] audit: type=1326 audit(1774986231.122:11530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10281 comm="syz.0.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f96f2adc819 code=0x7ffc0000 [ 127.702170][ T28] audit: type=1326 audit(1774986231.122:11531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10281 comm="syz.0.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96f2adc819 code=0x7ffc0000 [ 127.706516][T10066] veth1_vlan: entered promiscuous mode [ 127.731967][ T28] audit: type=1326 audit(1774986231.122:11532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10281 comm="syz.0.2902" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96f2adc819 code=0x7ffc0000 [ 127.767779][T10066] veth0_macvtap: entered promiscuous mode [ 127.775665][T10066] veth1_macvtap: entered promiscuous mode [ 127.788471][T10066] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 127.820105][T10066] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 127.831777][ T1942] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.841970][ T1942] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.854034][ T1942] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.867094][ T1942] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.888893][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.892770][ T28] audit: type=1400 audit(1774986231.362:11533): avc: denied { mounton } for pid=10066 comm="syz-executor" path="/root/syzkaller.UI7dvS/syz-tmp" dev="sda1" ino=2049 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 127.922867][ T3311] EXT4-fs error (device loop4): __ext4_get_inode_loc:4797: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 127.923947][ T28] audit: type=1400 audit(1774986231.362:11534): avc: denied { mount } for pid=10066 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 127.938439][ T3311] loop4: lost filesystem error report for type 5 error -117 [ 127.991481][ T3311] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6291: Corrupt filesystem [ 128.018821][ T3311] loop4: lost filesystem error report for type 5 error -117 [ 128.018988][ T3311] EXT4-fs error (device loop4): ext4_quota_off:7310: inode #3: comm syz-executor: mark_inode_dirty error [ 128.038408][ T3311] loop4: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 128.401007][T10342] loop4: detected capacity change from 0 to 512 [ 128.421792][T10342] EXT4-fs: Ignoring removed mblk_io_submit option [ 128.440183][T10342] EXT4-fs: Ignoring removed mblk_io_submit option [ 128.446257][T10344] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2925'. [ 128.456820][T10342] EXT4-fs error (device loop4): ext4_map_blocks:786: inode #2: block 4: comm syz.4.2924: lblock 0 mapped to illegal pblock 4 (length 1) [ 128.496662][T10342] loop4: lost file I/O error report for ino 2 type 5 pos 0x0 len 0x0 error -117 [ 128.497897][T10342] EXT4-fs warning (device loop4): dx_probe:791: inode #2: lblock 0: comm syz.4.2924: error -117 reading directory block [ 128.507028][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 128.507049][ C1] EXT4-fs (loop4): initial error at time 1774986231: ext4_map_blocks:786: inode 2: block 4 [ 128.507106][ C1] EXT4-fs (loop4): last error at time 1774986231: ext4_map_blocks:786: inode 2: block 4 [ 128.546366][T10342] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 128.558322][T10342] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.641619][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.810832][T10371] loop6: detected capacity change from 0 to 8192 [ 128.822863][T10374] loop4: detected capacity change from 0 to 512 [ 128.841552][T10371] syz.6.2937: attempt to access beyond end of device [ 128.841552][T10371] loop6: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 128.859147][T10374] EXT4-fs warning (device loop4): ext4_enable_quotas:7261: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 128.898226][T10371] Buffer I/O error on dev loop6, logical block 57847, async page read [ 128.911442][T10371] syz.6.2937: attempt to access beyond end of device [ 128.911442][T10371] loop6: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 128.926741][T10374] EXT4-fs (loop4): mount failed [ 128.940349][T10371] Buffer I/O error on dev loop6, logical block 57847, async page read [ 128.947749][T10384] netlink: 55631 bytes leftover after parsing attributes in process `syz.3.2941'. [ 128.955888][T10371] syz.6.2937: attempt to access beyond end of device [ 128.955888][T10371] loop6: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 128.965899][T10384] netlink: 6324 bytes leftover after parsing attributes in process `syz.3.2941'. [ 128.982980][T10384] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2941'. [ 129.014814][T10371] Buffer I/O error on dev loop6, logical block 57847, async page read [ 129.024285][T10371] syz.6.2937: attempt to access beyond end of device [ 129.024285][T10371] loop6: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 129.063032][T10371] Buffer I/O error on dev loop6, logical block 57847, async page read [ 129.128222][T10371] syz.6.2937: attempt to access beyond end of device [ 129.128222][T10371] loop6: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 129.147784][T10371] Buffer I/O error on dev loop6, logical block 57847, async page read [ 129.157748][T10371] syz.6.2937: attempt to access beyond end of device [ 129.157748][T10371] loop6: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 129.180375][T10371] Buffer I/O error on dev loop6, logical block 57847, async page read [ 129.180605][T10404] netlink: 'syz.4.2949': attribute type 3 has an invalid length. [ 129.189041][T10371] syz.6.2937: attempt to access beyond end of device [ 129.189041][T10371] loop6: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 129.226285][T10406] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2950'. [ 129.242878][T10371] Buffer I/O error on dev loop6, logical block 57847, async page read [ 129.251629][T10404] netlink: 13435 bytes leftover after parsing attributes in process `syz.4.2949'. [ 129.259160][T10411] loop5: detected capacity change from 0 to 128 [ 129.266511][T10371] Buffer I/O error on dev loop6, logical block 57847, async page read [ 129.346141][T10371] Buffer I/O error on dev loop6, logical block 57847, async page read [ 129.354622][T10371] Buffer I/O error on dev loop6, logical block 57847, async page read [ 129.396930][T10419] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2956'. [ 129.872204][T10449] tipc: Enabling of bearer rejected, already enabled [ 129.885624][T10449] tipc: New replicast peer: fc01:0000:0000:0000:0000:0000:0000:0001 [ 129.921424][T10456] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2974'. [ 129.948545][T10458] loop4: detected capacity change from 0 to 128 [ 130.260230][T10489] loop4: detected capacity change from 0 to 512 [ 130.273064][T10489] EXT4-fs: test_dummy_encryption option not supported [ 130.284171][T10487] 9pnet: p9_errstr2errno: server reported unknown error 00000 [ 130.408650][T10506] loop0: detected capacity change from 0 to 1764 [ 130.416384][T10506] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 130.430259][T10506] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 130.675357][T10535] loop0: detected capacity change from 0 to 2048 [ 130.707333][T10535] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 130.765422][T10534] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 130.779886][T10546] netlink: 104 bytes leftover after parsing attributes in process `syz.6.3015'. [ 130.779954][T10534] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 498 with error 28 [ 130.801651][T10534] EXT4-fs (loop0): This should not happen!! Data will be lost [ 130.801651][T10534] [ 130.813459][T10534] EXT4-fs (loop0): Total free blocks count 0 [ 130.819672][T10534] EXT4-fs (loop0): Free/Dirty block details [ 130.826277][T10534] EXT4-fs (loop0): free_blocks=4096 [ 130.834962][T10534] EXT4-fs (loop0): dirty_blocks=512 [ 130.846342][T10534] EXT4-fs (loop0): Block reservation details [ 130.852455][T10534] EXT4-fs (loop0): i_reserved_data_blocks=32 [ 130.872017][ T3315] EXT4-fs warning (device loop0): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 130.886607][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.001554][T10565] netlink: 'syz.6.3024': attribute type 7 has an invalid length. [ 131.014641][T10565] netlink: 'syz.6.3024': attribute type 8 has an invalid length. [ 131.057362][T10565] erspan0: entered promiscuous mode [ 131.067578][T10565] gretap0: entered promiscuous mode [ 131.076617][T10565] erspan0: left promiscuous mode [ 131.092926][T10565] gretap0: left promiscuous mode [ 131.413240][T10611] loop6: detected capacity change from 0 to 2048 [ 131.455635][ T5873] kernel read not supported for file /newroot/744 (pid: 5873 comm: kworker/1:8) [ 131.521950][T10626] vxcan1: tx drop: invalid sa for name 0x0000000000000001 [ 131.618825][T10640] netlink: 'syz.3.3057': attribute type 10 has an invalid length. [ 131.637495][T10640] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.644676][T10640] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.654457][T10640] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.661704][T10640] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.669126][T10640] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.676181][T10640] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.685271][T10640] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 131.696570][T10644] __nla_validate_parse: 2 callbacks suppressed [ 131.696586][T10644] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3057'. [ 131.712406][T10644] bridge_slave_1: left allmulticast mode [ 131.718320][T10644] bridge_slave_1: left promiscuous mode [ 131.724021][T10644] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.735841][T10644] bridge_slave_0: left allmulticast mode [ 131.741835][T10644] bridge_slave_0: left promiscuous mode [ 131.748181][T10644] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.758960][T10644] bond0: (slave bridge0): Releasing backup interface [ 132.369239][T10696] loop6: detected capacity change from 0 to 128 [ 132.408845][T10696] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 132.488038][T10696] ext4 filesystem being mounted at /50/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 132.570278][ T28] kauditd_printk_skb: 39 callbacks suppressed [ 132.570295][ T28] audit: type=1326 audit(1774986236.032:11573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10709 comm="syz.5.3087" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fea1d8cc819 code=0x0 [ 132.607301][ T28] audit: type=1400 audit(1774986236.042:11574): avc: denied { setattr } for pid=10695 comm="syz.6.3081" name="file0" dev="loop6" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 132.644448][T10066] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 133.198274][ T28] audit: type=1400 audit(1774986236.672:11575): avc: denied { read append } for pid=10758 comm="syz.6.3109" name="ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 133.242608][ T28] audit: type=1400 audit(1774986236.672:11576): avc: denied { open } for pid=10758 comm="syz.6.3109" path="/dev/ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 133.342418][ T28] audit: type=1400 audit(1774986236.812:11577): avc: denied { watch } for pid=10774 comm="syz.0.3115" path="/617/file0" dev="tmpfs" ino=3192 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 133.420058][ T28] audit: type=1400 audit(1774986236.882:11578): avc: denied { write } for pid=10780 comm="syz.5.3119" path="socket:[27118]" dev="sockfs" ino=27118 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 133.447124][T10783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3118'. [ 133.564820][ T28] audit: type=1326 audit(1774986237.022:11579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10792 comm="syz.0.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96f2adc819 code=0x7ffc0000 [ 133.617333][ T28] audit: type=1326 audit(1774986237.022:11580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10792 comm="syz.0.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96f2adc819 code=0x7ffc0000 [ 133.675585][ T28] audit: type=1326 audit(1774986237.022:11581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10792 comm="syz.0.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96f2adc819 code=0x7ffc0000 [ 133.711429][ T28] audit: type=1326 audit(1774986237.032:11582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10792 comm="syz.0.3123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96f2adc819 code=0x7ffc0000 [ 133.750016][T10800] loop0: detected capacity change from 0 to 8192 [ 133.778167][T10800] bio_check_eod: 6090 callbacks suppressed [ 133.778186][T10800] syz.0.3126: attempt to access beyond end of device [ 133.778186][T10800] loop0: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 133.836315][T10800] syz.0.3126: attempt to access beyond end of device [ 133.836315][T10800] loop0: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 133.852159][T10800] syz.0.3126: attempt to access beyond end of device [ 133.852159][T10800] loop0: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 133.857635][T10812] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3132'. [ 133.885172][T10800] syz.0.3126: attempt to access beyond end of device [ 133.885172][T10800] loop0: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 133.885793][T10812] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3132'. [ 133.913567][T10800] buffer_io_error: 6082 callbacks suppressed [ 133.913629][T10800] Buffer I/O error on dev loop0, logical block 57847, async page read [ 133.936044][T10800] syz.0.3126: attempt to access beyond end of device [ 133.936044][T10800] loop0: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 133.952026][T10800] Buffer I/O error on dev loop0, logical block 57847, async page read [ 133.990054][T10800] syz.0.3126: attempt to access beyond end of device [ 133.990054][T10800] loop0: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 134.004755][T10800] Buffer I/O error on dev loop0, logical block 57847, async page read [ 134.015361][T10800] syz.0.3126: attempt to access beyond end of device [ 134.015361][T10800] loop0: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 134.066199][T10800] Buffer I/O error on dev loop0, logical block 57847, async page read [ 134.084570][T10800] syz.0.3126: attempt to access beyond end of device [ 134.084570][T10800] loop0: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 134.101692][T10828] loop6: detected capacity change from 0 to 512 [ 134.107215][T10800] Buffer I/O error on dev loop0, logical block 57847, async page read [ 134.116657][T10800] syz.0.3126: attempt to access beyond end of device [ 134.116657][T10800] loop0: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 134.136445][T10800] Buffer I/O error on dev loop0, logical block 57847, async page read [ 134.151842][T10800] syz.0.3126: attempt to access beyond end of device [ 134.151842][T10800] loop0: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 134.184167][T10800] Buffer I/O error on dev loop0, logical block 57847, async page read [ 134.193013][T10800] Buffer I/O error on dev loop0, logical block 57847, async page read [ 134.201792][T10800] Buffer I/O error on dev loop0, logical block 57847, async page read [ 134.210367][T10800] Buffer I/O error on dev loop0, logical block 57847, async page read [ 134.329469][T10843] loop5: detected capacity change from 0 to 512 [ 134.363715][T10843] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.3143: bg 0: block 5: invalid block bitmap [ 134.416193][T10843] loop5: lost filesystem error report for type 5 error -117 [ 134.416368][T10843] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6685: Corrupt filesystem [ 134.432484][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 134.432504][ C1] EXT4-fs (loop5): initial error at time 1774986237: ext4_validate_block_bitmap:432 [ 134.432529][ C1] EXT4-fs (loop5): last error at time 1774986237: ext4_validate_block_bitmap:432 [ 134.458423][T10843] loop5: lost filesystem error report for type 5 error -117 [ 134.460766][T10843] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.3143: invalid indirect mapped block 3 (level 2) [ 134.481487][T10843] loop5: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 134.481863][T10843] EXT4-fs (loop5): 1 orphan inode deleted [ 134.499841][T10853] loop6: detected capacity change from 0 to 128 [ 134.506627][T10843] EXT4-fs (loop5): 1 truncate cleaned up [ 134.512794][T10843] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.627659][ T5873] IPVS: starting estimator thread 0... [ 134.633623][T10857] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 134.636716][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.714641][T10864] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 134.726146][T10859] IPVS: using max 2208 ests per chain, 110400 per kthread [ 135.046142][ T1942] Bluetooth: hci0: Frame reassembly failed (-84) [ 135.248852][T10906] ip6erspan0: entered allmulticast mode [ 135.393881][T10934] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=10934 comm=syz.5.3182 [ 135.406853][T10934] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=10934 comm=syz.5.3182 [ 135.420050][T10934] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=10934 comm=syz.5.3182 [ 135.435647][T10930] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 135.439069][T10934] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=10934 comm=syz.5.3182 [ 135.455796][T10934] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=10934 comm=syz.5.3182 [ 135.468665][T10934] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=10934 comm=syz.5.3182 [ 135.481599][T10934] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=10934 comm=syz.5.3182 [ 135.502037][T10934] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=10934 comm=syz.5.3182 [ 135.529523][T10934] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=10934 comm=syz.5.3182 [ 135.542787][T10934] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=10934 comm=syz.5.3182 [ 135.638777][ T5873] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 135.650544][ T5873] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 135.973956][T10987] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3205'. [ 136.144946][T11008] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3213'. [ 136.162844][T11008] netlink: 'syz.5.3213': attribute type 30 has an invalid length. [ 136.190083][ T50] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 136.202592][T11008] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3213'. [ 136.211555][ T50] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 136.220694][ T50] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 136.229805][T11008] netlink: 'syz.5.3213': attribute type 30 has an invalid length. [ 136.241215][ T50] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 136.328214][T11024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3221'. [ 136.339041][T11024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3221'. [ 136.348341][T11024] netlink: 504 bytes leftover after parsing attributes in process `syz.0.3221'. [ 136.383078][T11027] loop5: detected capacity change from 0 to 512 [ 136.399501][T11027] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.421320][T11027] ext4 filesystem being mounted at /277/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.665656][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.784800][T11057] netlink: 'syz.0.3236': attribute type 2 has an invalid length. [ 136.800221][T11057] __nla_validate_parse: 2 callbacks suppressed [ 136.800240][T11057] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3236'. [ 137.015652][T11091] loop0: detected capacity change from 0 to 512 [ 137.046554][ T3648] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 137.049630][T11093] netlink: 128 bytes leftover after parsing attributes in process `syz.3.3251'. [ 137.066317][T11091] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.116703][T11091] ext4 filesystem being mounted at /639/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.282651][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.444534][T11123] loop4: detected capacity change from 0 to 164 [ 137.452642][T11127] loop5: detected capacity change from 0 to 128 [ 137.462080][T11123] rock: directory entry would overflow storage [ 137.477586][T11123] rock: sig=0x66, size=4, remaining=3 [ 137.571357][T11136] loop4: detected capacity change from 0 to 512 [ 137.590765][T11136] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.603536][T11136] ext4 filesystem being mounted at /707/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.705600][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.780738][T11144] netlink: 7 bytes leftover after parsing attributes in process `syz.5.3273'. [ 137.832909][T11149] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3275'. [ 137.976749][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 138.036293][T10884] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 138.156485][T11181] loop6: detected capacity change from 0 to 512 [ 138.183402][T11181] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #16: comm syz.6.3282: invalid indirect mapped block 4294967295 (level 0) [ 138.203572][T11181] loop6: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 138.203845][T11181] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #16: comm syz.6.3282: invalid indirect mapped block 4294967295 (level 1) [ 138.213023][ C0] EXT4-fs (loop6): error count since last fsck: 1 [ 138.213044][ C0] EXT4-fs (loop6): initial error at time 1774986241: ext4_free_branches:1023: inode 16 [ 138.213075][ C0] EXT4-fs (loop6): last error at time 1774986241: ext4_free_branches:1023: inode 16 [ 138.252994][T11181] loop6: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 138.253427][T11181] EXT4-fs (loop6): 1 orphan inode deleted [ 138.270456][T11181] EXT4-fs (loop6): 1 truncate cleaned up [ 138.277816][T11181] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.412171][T11181] EXT4-fs error (device loop6): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.6.3282: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 138.448156][ T28] kauditd_printk_skb: 95 callbacks suppressed [ 138.448175][ T28] audit: type=1400 audit(1774986241.922:11678): avc: denied { mount } for pid=11211 comm="syz.3.3289" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 138.476910][T11181] EXT4-fs error (device loop6): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.6.3282: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 138.523824][T10066] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.617907][ T28] audit: type=1400 audit(1774986242.082:11679): avc: denied { mount } for pid=11229 comm="syz.3.3295" name="/" dev="hugetlbfs" ino=28098 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 138.642323][ T28] audit: type=1400 audit(1774986242.092:11680): avc: denied { create } for pid=11229 comm="syz.3.3295" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=blk_file permissive=1 [ 138.690008][T11242] netlink: 'syz.3.3297': attribute type 6 has an invalid length. [ 138.698636][T11242] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3297'. [ 138.766847][T11223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 138.787843][T11223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 138.967331][ T28] audit: type=1326 audit(1774986242.442:11681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11270 comm="syz.3.3302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 138.991729][ T28] audit: type=1326 audit(1774986242.442:11682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11270 comm="syz.3.3302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 139.015988][ T28] audit: type=1326 audit(1774986242.442:11683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11270 comm="syz.3.3302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 139.048209][ T28] audit: type=1326 audit(1774986242.442:11684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11270 comm="syz.3.3302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 139.086769][ T28] audit: type=1326 audit(1774986242.442:11685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11270 comm="syz.3.3302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 139.340391][ T28] audit: type=1400 audit(1774986242.812:11686): avc: denied { mounton } for pid=11285 comm="syz.0.3309" path="/syzcgroup/cpu/syz0/cgroup.procs" dev="cgroup" ino=53 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1 [ 139.457233][T11295] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3312'. [ 139.557973][T11311] netlink: 'syz.3.3319': attribute type 3 has an invalid length. [ 139.565835][T11311] netlink: 'syz.3.3319': attribute type 3 has an invalid length. [ 139.624585][T11317] infiniband syz1: set active [ 139.629682][T11317] infiniband syz1: added bond_slave_1 [ 139.649163][T11317] RDS/IB: syz1: added [ 139.653248][T11317] smc: adding ib device syz1 with port count 1 [ 139.660835][T11317] smc: ib device syz1 port 1 has no pnetid [ 139.687721][ T28] audit: type=1400 audit(1774986243.162:11687): avc: denied { bind } for pid=11321 comm="syz.3.3324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 139.733330][T11325] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3325'. [ 139.897728][T11331] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 140.006199][ T6288] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 140.135911][T11355] netlink: 'syz.5.3340': attribute type 5 has an invalid length. [ 140.198755][T11361] IPv6: NLM_F_CREATE should be specified when creating new route [ 140.208645][T11361] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3343'. [ 140.227552][T11363] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3344'. [ 140.249964][T11363] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3344'. [ 140.388284][T11385] syzkaller1: entered promiscuous mode [ 140.393833][T11385] syzkaller1: entered allmulticast mode [ 140.783802][T11395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 140.793714][T11395] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.142363][T11424] macvlan0: entered allmulticast mode [ 141.157129][T11424] macvlan0 (unregistering): left allmulticast mode [ 141.288542][T11433] program syz.6.3374 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 141.380262][T11437] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 141.685338][T11455] loop4: detected capacity change from 0 to 512 [ 141.738889][T11455] EXT4-fs error (device loop4): ext4_iget_extra_inode:5040: inode #15: comm syz.4.3384: corrupted in-inode xattr: invalid ea_ino [ 141.764634][T11455] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 141.765717][T11455] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.3384: couldn't read orphan inode 15 (err -117) [ 141.775379][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 141.775398][ C0] EXT4-fs (loop4): initial error at time 1774986245: ext4_iget_extra_inode:5040: inode 15 [ 141.775430][ C0] EXT4-fs (loop4): last error at time 1774986245: ext4_iget_extra_inode:5040: inode 15 [ 141.813959][T11455] loop4: lost filesystem error report for type 5 error -117 [ 141.814957][T11455] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.922261][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.324635][T11497] __nla_validate_parse: 2 callbacks suppressed [ 142.324695][T11497] netlink: 35284 bytes leftover after parsing attributes in process `syz.6.3401'. [ 142.348290][T11497] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3401'. [ 142.398388][T11504] loop6: detected capacity change from 0 to 256 [ 142.606350][T11529] loop4: detected capacity change from 0 to 1024 [ 142.628001][T11529] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.702404][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.268338][T11594] loop0: detected capacity change from 0 to 1024 [ 143.287696][T11594] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 143.300310][T11594] ext4 filesystem being mounted at /658/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.313901][T11594] EXT4-fs error (device loop0): ext4_map_blocks:828: inode #15: comm syz.0.3442: lblock 0 mapped to illegal pblock 0 (length 1) [ 143.327809][T11594] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 143.356583][T11594] EXT4-fs (loop0): This should not happen!! Data will be lost [ 143.356583][T11594] [ 143.378984][ T3315] EXT4-fs warning (device loop0): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 143.392228][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 143.463608][T11606] loop4: detected capacity change from 0 to 512 [ 143.486957][T11606] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.3447: inode has both inline data and extents flags [ 143.500558][T11606] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 143.500745][T11606] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.3447: couldn't read orphan inode 15 (err -117) [ 143.510157][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 143.510179][ C1] EXT4-fs (loop4): initial error at time 1774986246: ext4_orphan_get:1397: inode 15 [ 143.510219][ C1] EXT4-fs (loop4): last error at time 1774986246: ext4_orphan_get:1397: inode 15 [ 143.547863][T11606] loop4: lost filesystem error report for type 5 error -117 [ 143.549960][T11606] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.617026][T11613] netlink: 'syz.5.3450': attribute type 83 has an invalid length. [ 143.661824][ T30] Bluetooth: hci0: Frame reassembly failed (-84) [ 143.671636][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.752838][T11624] Set syz1 is full, maxelem 2 reached [ 143.789026][ T28] kauditd_printk_skb: 17 callbacks suppressed [ 143.789043][ T28] audit: type=1400 audit(1774986247.262:11705): avc: denied { setopt } for pid=11626 comm="syz.6.3455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 143.874622][ T1942] Bluetooth: hci1: Frame reassembly failed (-84) [ 143.947450][T11638] netlink: 'syz.3.3460': attribute type 29 has an invalid length. [ 143.955870][T11638] netlink: 'syz.3.3460': attribute type 29 has an invalid length. [ 143.964604][T11638] netlink: 500 bytes leftover after parsing attributes in process `syz.3.3460'. [ 144.022242][T11644] netlink: 'syz.3.3464': attribute type 3 has an invalid length. [ 144.030490][T11644] netlink: 'syz.3.3464': attribute type 1 has an invalid length. [ 144.038691][T11644] netlink: 60387 bytes leftover after parsing attributes in process `syz.3.3464'. [ 144.469428][T11667] loop0: detected capacity change from 0 to 512 [ 144.484165][T11667] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.564995][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.638869][T11675] loop0: detected capacity change from 0 to 2048 [ 144.662338][T11675] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.680788][T11675] ext4 filesystem being mounted at /667/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.759699][T11679] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3477: bg 0: block 345: padding at end of block bitmap is not set [ 144.774435][T11680] loop4: detected capacity change from 0 to 512 [ 144.774576][T11679] EXT4-fs (loop0): Remounting filesystem read-only [ 144.792846][ T1736] EXT4-fs warning (device loop0): ext4_convert_unwritten_extents:5066: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30 [ 144.826176][ T28] audit: type=1400 audit(1774986248.292:11706): avc: denied { remount } for pid=11678 comm="syz.4.3478" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 144.876808][T11682] loop4: detected capacity change from 0 to 1024 [ 144.883514][T11682] EXT4-fs: Ignoring removed i_version option [ 144.906237][T11682] EXT4-fs: Ignoring removed bh option [ 144.927430][T11682] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.946271][T11682] ext4 filesystem being mounted at /764/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.967910][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.978273][T11682] EXT4-fs error (device loop4): ext4_map_blocks:828: inode #15: comm syz.4.3479: lblock 0 mapped to illegal pblock 0 (length 1) [ 144.997385][T11682] EXT4-fs (loop4): Remounting filesystem read-only [ 145.025311][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 145.170195][T11699] xt_HMARK: proto mask must be zero with L3 mode [ 145.441209][T11722] loop4: detected capacity change from 0 to 512 [ 145.452941][T11722] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 145.467542][T11722] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.3496: Invalid inode bitmap blk 4 in block_group 0 [ 145.493761][T11722] loop4: lost filesystem error report for type 5 error -117 [ 145.496480][T11722] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.555749][T11722] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters [ 145.609671][T11729] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3499'. [ 145.636698][T11729] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3499'. [ 145.658060][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.689777][T11634] Bluetooth: hci0: command 0x1003 tx timeout [ 145.695945][ T3648] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 145.726975][T11742] loop0: detected capacity change from 0 to 512 [ 145.751642][T11742] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.3505: inode has both inline data and extents flags [ 145.759812][T11746] netlink: 236 bytes leftover after parsing attributes in process `syz.4.3506'. [ 145.774449][T11746] netlink: 236 bytes leftover after parsing attributes in process `syz.4.3506'. [ 145.774650][T11742] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 145.796125][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 145.804738][T11742] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.3505: couldn't read orphan inode 15 (err -117) [ 145.805676][ C0] EXT4-fs (loop0): initial error at time 1774986249: ext4_orphan_get:1397 [ 145.812796][T11742] loop0: lost filesystem error report for type 5 error -117 [ 145.823925][ C0] : inode 15 [ 145.823946][ C0] EXT4-fs (loop0): last error at time 1774986249: ext4_orphan_get:1397: inode 15 [ 145.855599][ T28] audit: type=1400 audit(1774986249.322:11707): avc: denied { create } for pid=11747 comm="syz.3.3507" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=chr_file permissive=1 [ 145.856565][T11742] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.914113][T11752] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3509'. [ 145.923524][T11752] bond0: ARP target 8.4.0.0 is already present [ 145.929980][ T6288] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 145.936517][T11752] bond0: option arp_ip_target: invalid value (1032) [ 145.969895][T11754] netlink: 'syz.4.3510': attribute type 3 has an invalid length. [ 146.026701][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.188970][ T5870] IPVS: starting estimator thread 0... [ 146.226254][ T28] audit: type=1400 audit(1774986249.692:11708): avc: denied { kexec_image_load } for pid=11780 comm="syz.0.3521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 146.276149][T11779] IPVS: using max 2352 ests per chain, 117600 per kthread [ 146.317648][T11783] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3522'. [ 146.368069][T11785] loop0: detected capacity change from 0 to 256 [ 146.380122][T11785] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 146.654881][T11616] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 146.719658][T11793] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz.5.3527: inode has both inline data and extents flags [ 146.751763][T11793] loop5: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 146.751925][T11793] EXT4-fs error (device loop5): ext4_orphan_get:1402: comm syz.5.3527: couldn't read orphan inode 15 (err -117) [ 146.761177][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 146.761197][ C1] EXT4-fs (loop5): initial error at time 1774986250: ext4_orphan_get:1397: inode 15 [ 146.761230][ C1] EXT4-fs (loop5): last error at time 1774986250: ext4_orphan_get:1397: inode 15 [ 146.799463][T11793] loop5: lost filesystem error report for type 5 error -117 [ 146.799916][T11793] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.859838][ T28] audit: type=1326 audit(1774986250.332:11709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11762 comm="syz.4.3515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70007ac819 code=0x7fc00000 [ 146.931493][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.039068][T11804] netlink: 'syz.4.3531': attribute type 30 has an invalid length. [ 147.057915][ T12] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.066819][ T12] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.089983][ T12] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.110186][ T12] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 147.168765][ T28] audit: type=1400 audit(1774986250.642:11710): avc: denied { getopt } for pid=11814 comm="syz.4.3535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 147.276198][ T28] audit: type=1326 audit(1774986250.742:11711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11824 comm="syz.5.3540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea1d8cc819 code=0x7ffc0000 [ 147.310644][ T28] audit: type=1326 audit(1774986250.772:11712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11824 comm="syz.5.3540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea1d8cc819 code=0x7ffc0000 [ 147.347127][ T28] audit: type=1326 audit(1774986250.772:11713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11824 comm="syz.5.3540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea1d8cc819 code=0x7ffc0000 [ 147.371559][ T28] audit: type=1326 audit(1774986250.772:11714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11824 comm="syz.5.3540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fea1d8cc819 code=0x7ffc0000 [ 147.482886][T11833] netlink: 'syz.0.3544': attribute type 4 has an invalid length. [ 147.550392][T11843] __nla_validate_parse: 1 callbacks suppressed [ 147.550410][T11843] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3545'. [ 147.611102][T11843] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3545'. [ 147.716419][T11855] syzkaller1: entered promiscuous mode [ 147.751657][T11855] syzkaller1: entered allmulticast mode [ 147.863027][T11872] set_capacity_and_notify: 1 callbacks suppressed [ 147.863078][T11872] loop6: detected capacity change from 0 to 512 [ 147.890980][T11872] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.916200][T11872] ext4 filesystem being mounted at /113/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.939808][T10066] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.268145][T11889] xt_HMARK: proto mask must be zero with L3 mode [ 148.355085][T11897] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3572'. [ 148.556450][T11913] selinux_netlink_send: 7 callbacks suppressed [ 148.556496][T11913] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1547 sclass=netlink_route_socket pid=11913 comm=syz.3.3579 [ 148.700237][T11923] loop0: detected capacity change from 0 to 512 [ 149.390803][T11964] xt_HMARK: proto mask must be zero with L3 mode [ 149.409498][T11967] netlink: 'syz.4.3603': attribute type 4 has an invalid length. [ 149.713907][T11993] loop5: detected capacity change from 0 to 512 [ 149.725048][T11993] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz.5.3613: inode has both inline data and extents flags [ 149.738958][T11993] loop5: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 149.746099][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 149.761967][ C1] EXT4-fs (loop5): initial error at time 1774986253: ext4_orphan_get:1397: inode 15 [ 149.766152][T11993] EXT4-fs error (device loop5): ext4_orphan_get:1402: comm syz.5.3613: couldn't read orphan inode 15 (err -117) [ 149.771397][ C1] EXT4-fs (loop5): last error at time 1774986253: ext4_orphan_get:1397: inode 15 [ 149.793413][T11993] loop5: lost filesystem error report for type 5 error -117 [ 149.794536][T11993] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.822479][ T28] kauditd_printk_skb: 32 callbacks suppressed [ 149.822497][ T28] audit: type=1400 audit(1774986253.292:11747): avc: denied { add_name } for pid=11992 comm="syz.5.3613" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 149.866594][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.058993][T12004] loop5: detected capacity change from 0 to 512 [ 150.091844][T12006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3618'. [ 150.126920][T12006] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.134563][T12004] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.279443][T12014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3622'. [ 150.347472][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.649957][ T28] audit: type=1400 audit(1774986254.122:11748): avc: denied { wake_alarm } for pid=12035 comm="syz.3.3632" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 151.846126][ T28] audit: type=1400 audit(1774986255.312:11749): avc: denied { execute } for pid=12084 comm="syz.0.3652" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=31196 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 152.524017][T12106] loop6: detected capacity change from 0 to 128 [ 152.690356][T12122] netlink: 'syz.5.3668': attribute type 6 has an invalid length. [ 152.717724][T12126] pimreg: entered allmulticast mode [ 152.725469][T12126] pimreg: left allmulticast mode [ 152.754372][ T28] audit: type=1400 audit(1774986256.222:11750): avc: denied { read write } for pid=12127 comm="syz.5.3671" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 152.792654][ T28] audit: type=1400 audit(1774986256.252:11751): avc: denied { open } for pid=12127 comm="syz.5.3671" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 152.945235][T12144] loop6: detected capacity change from 0 to 512 [ 152.958244][T12144] EXT4-fs (loop6): 1 truncate cleaned up [ 152.964801][T12144] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.989040][T12144] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #13: comm syz.6.3679: invalid indirect mapped block 4294901760 (level 0) [ 152.991130][ T28] audit: type=1400 audit(1774986256.462:11752): avc: denied { rename } for pid=12143 comm="syz.6.3679" name="file0" dev="loop6" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 153.026147][ T28] audit: type=1400 audit(1774986256.462:11753): avc: denied { unlink } for pid=12143 comm="syz.6.3679" name="file1" dev="loop6" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 153.050480][T10066] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.348424][ T28] audit: type=1400 audit(1774986256.812:11754): avc: denied { write } for pid=12155 comm="syz.4.3684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 153.404179][T12160] loop4: detected capacity change from 0 to 256 [ 153.423248][ T5873] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 153.456600][ T5873] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 153.823379][ T28] audit: type=1326 audit(1774986257.292:11755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.5.3693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea1d8cc819 code=0x7ffc0000 [ 153.873448][ T28] audit: type=1326 audit(1774986257.292:11756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.5.3693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea1d8cc819 code=0x7ffc0000 [ 153.908636][T12181] syzkaller1: entered promiscuous mode [ 153.914133][T12181] syzkaller1: entered allmulticast mode [ 154.003687][T12188] loop5: detected capacity change from 0 to 1024 [ 154.028330][T12188] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.063722][T12194] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3700'. [ 154.112358][T12196] loop6: detected capacity change from 0 to 8192 [ 154.204949][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.214204][ T6288] Bluetooth: hci0: sending frame failed (-49) [ 154.220369][ T3648] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 154.342970][T12214] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3709'. [ 154.360163][T12214] bond1: Invalid ad_actor_system MAC address. [ 154.366474][T12214] bond1: option ad_actor_system: invalid value (4294967295) [ 154.374832][T12214] bond1 (unregistering): Released all slaves [ 154.554629][T12240] program syz.5.3721 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 154.667419][T12248] loop5: detected capacity change from 0 to 736 [ 155.593140][T12305] loop5: detected capacity change from 0 to 512 [ 155.668440][T12305] EXT4-fs error (device loop5): ext4_do_update_inode:5602: inode #3: comm syz.5.3747: corrupted inode contents [ 155.742815][T12305] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 155.743172][T12305] EXT4-fs error (device loop5): ext4_dirty_inode:6495: inode #3: comm syz.5.3747: mark_inode_dirty error [ 155.752808][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 155.752828][ C0] EXT4-fs (loop5): initial error at time 1774986259: ext4_do_update_inode:5602: inode 3 [ 155.752874][ C0] EXT4-fs (loop5): last error at time 1774986259: ext4_do_update_inode:5602: inode 3 [ 155.808009][T12305] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 155.818330][T12305] EXT4-fs error (device loop5): ext4_do_update_inode:5602: inode #3: comm syz.5.3747: corrupted inode contents [ 155.856638][T12305] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 155.856793][T12305] EXT4-fs error (device loop5): __ext4_ext_dirty:207: inode #3: comm syz.5.3747: mark_inode_dirty error [ 155.896123][T12305] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 155.897627][T12305] __quota_error: 7 callbacks suppressed [ 155.897642][T12305] Quota error (device loop5): write_blk: dquota write failed [ 155.979006][T12305] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 156.002740][T12305] EXT4-fs error (device loop5): ext4_acquire_dquot:7026: comm syz.5.3747: Failed to acquire dquot type 0 [ 156.014361][T12305] loop5: lost filesystem error report for type 5 error -117 [ 156.026773][T12305] EXT4-fs error (device loop5): ext4_do_update_inode:5602: inode #16: comm syz.5.3747: corrupted inode contents [ 156.046468][T12305] loop5: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 156.048792][T12305] EXT4-fs error (device loop5): ext4_dirty_inode:6495: inode #16: comm syz.5.3747: mark_inode_dirty error [ 156.073826][T12305] loop5: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 156.074944][T12305] EXT4-fs error (device loop5): ext4_do_update_inode:5602: inode #16: comm syz.5.3747: corrupted inode contents [ 156.108287][T12305] loop5: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 156.108674][T12305] EXT4-fs error (device loop5): __ext4_ext_dirty:207: inode #16: comm syz.5.3747: mark_inode_dirty error [ 156.134390][T12305] loop5: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 156.134593][T12305] EXT4-fs error (device loop5): ext4_do_update_inode:5602: inode #16: comm syz.5.3747: corrupted inode contents [ 156.155914][T12305] loop5: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 156.156128][T12305] EXT4-fs error (device loop5) in ext4_orphan_del:303: Corrupt filesystem [ 156.174311][T12305] loop5: lost filesystem error report for type 5 error -117 [ 156.174486][T12305] EXT4-fs error (device loop5): ext4_do_update_inode:5602: inode #16: comm syz.5.3747: corrupted inode contents [ 156.194171][T12305] loop5: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 156.194365][T12305] EXT4-fs error (device loop5): ext4_truncate:4602: inode #16: comm syz.5.3747: mark_inode_dirty error [ 156.261688][T12305] EXT4-fs error (device loop5) in ext4_process_orphan:345: Corrupt filesystem [ 156.270842][T12305] loop5: lost filesystem error report for type 5 error -117 [ 156.271281][T12305] EXT4-fs (loop5): 1 truncate cleaned up [ 156.293424][T12305] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.324977][T12305] ext4 filesystem being mounted at /368/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 156.372043][ T28] audit: type=1400 audit(1774986259.842:11764): avc: denied { create } for pid=12304 comm="syz.5.3747" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 156.414361][T12305] EXT4-fs warning (device loop5): ext4_es_cache_extent:1082: inode #3: comm syz.5.3747: ES cache extent failed: add [1,1,41,0x1] conflict with existing [1,-2,576460752303423487,0x18] [ 156.414361][T12305] [ 156.455288][ T28] audit: type=1400 audit(1774986259.922:11765): avc: denied { link } for pid=12304 comm="syz.5.3747" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop5" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 156.501048][ T28] audit: type=1400 audit(1774986259.972:11766): avc: denied { unlink } for pid=12304 comm="syz.5.3747" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop5" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 156.548785][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.690731][T12348] loop0: detected capacity change from 0 to 1024 [ 156.730417][T12348] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.743491][T12355] all (unregistering): Released all slaves [ 156.780643][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.850709][T12361] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3768'. [ 157.024165][ T6288] Bluetooth: hci0: sending frame failed (-49) [ 157.030471][ T3648] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 157.049913][T12379] netlink: 'syz.4.3775': attribute type 1 has an invalid length. [ 157.229365][T12393] sctp: [Deprecated]: syz.6.3782 (pid 12393) Use of int in max_burst socket option. [ 157.229365][T12393] Use struct sctp_assoc_value instead [ 157.259945][T12398] openvswitch: netlink: Missing key (keys=40, expected=100) [ 157.348755][T12405] loop5: detected capacity change from 0 to 512 [ 157.396264][T12405] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.445948][T12405] ext4 filesystem being mounted at /374/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 157.515001][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.850479][ T28] audit: type=1326 audit(1774986261.322:11767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12455 comm="syz.6.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f964e3dc819 code=0x7ffc0000 [ 157.890963][ T28] audit: type=1326 audit(1774986261.322:11768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12455 comm="syz.6.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7f964e3dc819 code=0x7ffc0000 [ 157.932499][ T28] audit: type=1326 audit(1774986261.322:11769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12455 comm="syz.6.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f964e3dc819 code=0x7ffc0000 [ 157.958332][ T28] audit: type=1326 audit(1774986261.322:11770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12455 comm="syz.6.3810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f964e3dc819 code=0x7ffc0000 [ 157.986868][T12459] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3811'. [ 157.995965][T12459] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3811'. [ 158.149013][T12466] loop6: detected capacity change from 0 to 256 [ 158.179862][T12468] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.255991][T12468] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.325138][T12468] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.417991][T12468] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.445117][ T1942] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.456988][ T1942] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.468830][ T1942] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.480290][ T1942] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.665094][T12486] loop0: detected capacity change from 0 to 4096 [ 158.686862][T12486] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 158.733231][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.777087][T12493] loop0: detected capacity change from 0 to 512 [ 158.785591][T12493] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 158.794200][T12493] EXT4-fs error (device loop0): ext4_iget_extra_inode:5040: inode #15: comm syz.0.3825: corrupted in-inode xattr: e_value size too large [ 158.809033][T12493] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.3825: couldn't read orphan inode 15 (err -117) [ 158.820896][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 158.820918][ C0] EXT4-fs (loop0): initial error at time 1774986262: ext4_iget_extra_inode:5040: inode 15 [ 158.820947][ C0] EXT4-fs (loop0): last error at time 1774986262: ext4_iget_extra_inode:5040: inode 15 [ 158.847136][T12493] loop0: lost filesystem error report for type 5 error -117 [ 158.848184][T12493] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 158.871083][T12493] EXT4-fs error (device loop0): ext4_check_dx_root:2201: inode #2: comm syz.0.3825: Corrupt dir, invalid name_len for '..', running e2fsck is recommended [ 158.895949][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.149014][ T28] audit: type=1400 audit(1774986262.622:11771): avc: denied { setopt } for pid=12498 comm="syz.0.3827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 159.330140][T12517] loop0: detected capacity change from 0 to 1024 [ 159.344910][T12517] EXT4-fs (loop0): bad geometry: bigalloc file system with non-zero first_data_block [ 159.344910][T12517] [ 160.288184][T12590] loop6: detected capacity change from 0 to 764 [ 161.174886][T12695] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3871'. [ 161.289355][T12700] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3873'. [ 161.364451][T12703] loop5: detected capacity change from 0 to 2048 [ 161.386884][T12703] EXT4-fs: Ignoring removed nomblk_io_submit option [ 161.477553][T12703] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.493966][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 161.493981][ T28] audit: type=1400 audit(1774986264.962:11775): avc: denied { setattr } for pid=12702 comm="syz.5.3875" name="file0" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 161.534320][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.623497][T12632] syz.4.3865 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 161.726147][T12632] CPU: 0 UID: 0 PID: 12632 Comm: syz.4.3865 Tainted: G W syzkaller #0 PREEMPT(full) [ 161.726179][T12632] Tainted: [W]=WARN [ 161.726187][T12632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 161.726201][T12632] Call Trace: [ 161.726208][T12632] [ 161.726216][T12632] __dump_stack+0x1d/0x30 [ 161.726334][T12632] dump_stack_lvl+0x95/0xd0 [ 161.726360][T12632] dump_stack+0x15/0x1b [ 161.726383][T12632] dump_header+0x80/0x240 [ 161.726406][T12632] oom_kill_process+0x295/0x350 [ 161.726495][T12632] out_of_memory+0x97d/0xb80 [ 161.726516][T12632] try_charge_memcg+0x62e/0xa10 [ 161.726554][T12632] mem_cgroup_swapin_charge_folio+0x103/0x1f0 [ 161.726649][T12632] __swap_cache_prepare_and_add+0x67/0x460 [ 161.726684][T12632] ? alloc_pages_mpol+0x217/0x260 [ 161.726727][T12632] swap_cache_alloc_folio+0xa2/0x120 [ 161.726838][T12632] swap_cluster_readahead+0x26e/0x3d0 [ 161.726874][T12632] swapin_readahead+0xde/0x840 [ 161.726903][T12632] ? _raw_spin_unlock+0x9/0x30 [ 161.726969][T12632] ? swap_put_entries_cluster+0x385/0x3a0 [ 161.727005][T12632] ? swap_put_entries_cluster+0x71/0x3a0 [ 161.727103][T12632] ? __rcu_read_unlock+0x4e/0x70 [ 161.727125][T12632] ? swap_cache_get_folio+0x26f/0x280 [ 161.727155][T12632] do_swap_page+0x2fe/0x21e0 [ 161.727254][T12632] ? css_rstat_updated+0xbb/0x280 [ 161.727274][T12632] ? __rcu_read_lock+0x36/0x50 [ 161.727292][T12632] ? pte_offset_map_rw_nolock+0x19e/0x200 [ 161.727317][T12632] handle_mm_fault+0xb46/0x3020 [ 161.727463][T12632] ? vma_start_read+0x1c7/0x2c0 [ 161.727494][T12632] do_user_addr_fault+0x62f/0x1050 [ 161.727539][T12632] ? arch_exit_to_user_mode_prepare+0x26/0x80 [ 161.727566][T12632] ? trace_page_fault_user+0x1f/0xe0 [ 161.727595][T12632] exc_page_fault+0x62/0xa0 [ 161.727614][T12632] asm_exc_page_fault+0x26/0x30 [ 161.727647][T12632] RIP: 0033:0x7f700067a1cc [ 161.727724][T12632] Code: 8a 31 13 00 eb 24 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 81 c3 f0 00 00 00 48 39 dd 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00 [ 161.727767][T12632] RSP: 002b:00007ffde6187620 EFLAGS: 00010202 [ 161.727788][T12632] RAX: 0000000000000000 RBX: 00007f7000a27080 RCX: 00005555866c5808 [ 161.727804][T12632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 161.727818][T12632] RBP: 00007f7000a27da0 R08: 0000000000000000 R09: 0000000000000000 [ 161.727832][T12632] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000002774b [ 161.727846][T12632] R13: 00007f7000a2609c R14: 00000000000274a0 R15: 00007ffde6187720 [ 161.727918][T12632] [ 161.980620][T12632] memory: usage 238764kB, limit 307200kB, failcnt 411 [ 162.016128][T12632] memory+swap: usage 202828kB, limit 9007199254740988kB, failcnt 0 [ 162.024057][T12632] kmem: usage 193620kB, limit 9007199254740988kB, failcnt 0 [ 162.110664][T12632] Memory cgroup stats for /syz4: [ 162.110853][T12632] cache 311296 [ 162.136448][T12632] rss 8392704 [ 162.154079][T12632] shmem 0 [ 162.182202][T12632] mapped_file 4096 [ 162.201431][T12632] dirty 0 [ 162.214544][T12632] writeback 0 [ 162.221693][T12632] workingset_refault_anon 1583 [ 162.236844][T12734] loop5: detected capacity change from 0 to 512 [ 162.249446][T12632] workingset_refault_file 256 [ 162.254617][T12732] loop6: detected capacity change from 0 to 2048 [ 162.263861][T12732] EXT4-fs: Ignoring removed nomblk_io_submit option [ 162.291932][T12632] swap 610304 [ 162.295292][T12632] swapcached 30138368 [ 162.316931][T12734] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.348174][T12734] EXT4-fs (loop5): shut down requested (0) [ 162.348463][T12732] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.359694][T12632] pgpgin 177903 [ 162.376577][ T28] audit: type=1400 audit(1774986265.842:11776): avc: denied { listen } for pid=12745 comm="syz.0.3893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 162.399505][T12632] pgpgout 175775 [ 162.403087][T12632] pgfault 244296 [ 162.407063][T12632] pgmajfault 27 [ 162.410592][T12632] inactive_anon 8192 [ 162.414516][T12632] active_anon 0 [ 162.418321][T12632] inactive_file 106496 [ 162.424172][T12632] active_file 212992 [ 162.428496][T12632] unevictable 8388608 [ 162.432536][T12632] hierarchical_memory_limit 314572800 [ 162.438090][T12632] hierarchical_memsw_limit 9223372036854771712 [ 162.444487][T12632] total_cache 311296 [ 162.448756][T12632] total_rss 8392704 [ 162.452593][T12632] total_shmem 0 [ 162.456220][T12632] total_mapped_file 4096 [ 162.460504][T12632] total_dirty 0 [ 162.464055][T12632] total_writeback 0 [ 162.469467][T12632] total_workingset_refault_anon 1583 [ 162.474814][T12632] total_workingset_refault_file 256 [ 162.480174][T12632] total_swap 610304 [ 162.484057][T12632] total_swapcached 30138368 [ 162.488661][T12632] total_pgpgin 177903 [ 162.489343][T10066] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.492769][T12632] total_pgpgout 175775 [ 162.506900][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.516524][T12632] total_pgfault 244296 [ 162.520605][T12632] total_pgmajfault 27 [ 162.541075][T12632] total_inactive_anon 8192 [ 162.545609][T12632] total_active_anon 0 [ 162.575017][T12632] total_inactive_file 106496 [ 162.576477][T12757] loop6: detected capacity change from 0 to 512 [ 162.595932][T12632] total_active_file 212992 [ 162.608847][T12759] loop5: detected capacity change from 0 to 256 [ 162.626392][T12757] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -2 [ 162.628375][ T5865] kernel write not supported for file bpf-prog (pid: 5865 comm: kworker/0:5) [ 162.643509][T12757] EXT4-fs error (device loop6): ext4_iget_extra_inode:5040: inode #15: comm syz.6.3906: corrupted in-inode xattr: e_value size too large [ 162.654969][T12632] total_unevictable 8388608 [ 162.665762][T12757] fserror_report: 2 callbacks suppressed [ 162.665816][T12757] loop6: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 162.684416][T12757] EXT4-fs error (device loop6): ext4_orphan_get:1402: comm syz.6.3906: couldn't read orphan inode 15 (err -117) [ 162.693657][ C1] EXT4-fs (loop6): error count since last fsck: 1 [ 162.693681][ C1] EXT4-fs (loop6): initial error at time 1774986266: ext4_iget_extra_inode:5040: inode 15 [ 162.693722][ C1] EXT4-fs (loop6): last error at time 1774986266: ext4_iget_extra_inode:5040: inode 15 [ 162.732321][T12757] loop6: lost filesystem error report for type 5 error -117 [ 162.734878][T12757] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.742143][T12632] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 162.748379][T12757] EXT4-fs error (device loop6): ext4_check_dx_root:2201: inode #2: comm syz.6.3906: Corrupt dir, invalid name_len for '..', running e2fsck is recommended [ 162.800703][T12632] ,cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.3865,pid=12632,uid=0 [ 162.815491][T10066] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.825229][T12632] Memory cgroup out of memory: Killed process 12632 (syz.4.3865) total-vm:96212kB, anon-rss:9420kB, file-rss:22212kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 163.082835][ T28] audit: type=1400 audit(1774986266.552:11777): avc: denied { mount } for pid=12782 comm="syz.5.3909" name="/" dev="ramfs" ino=33283 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 163.267293][T12786] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.331558][T12792] hugetlbfs: syz.5.3913 (12792): Using mlock ulimits for SHM_HUGETLB is obsolete [ 163.522633][T12803] 9pnet: p9_errstr2errno: server reported unknown error [ 163.531217][T12806] loop0: detected capacity change from 0 to 1024 [ 163.576822][T12806] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 163.606282][T12806] ext4 filesystem being mounted at /778/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.647804][T12806] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.3919: bg 0: block 112: padding at end of block bitmap is not set [ 163.697223][T12806] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 60 with max blocks 1 with error 28 [ 163.743747][T12806] EXT4-fs (loop0): This should not happen!! Data will be lost [ 163.743747][T12806] [ 163.776191][T12806] EXT4-fs (loop0): Total free blocks count 0 [ 163.782309][T12806] EXT4-fs (loop0): Free/Dirty block details [ 163.836136][T12806] EXT4-fs (loop0): free_blocks=0 [ 163.841120][T12806] EXT4-fs (loop0): dirty_blocks=16 [ 163.855191][T12806] EXT4-fs (loop0): Block reservation details [ 163.876321][T12806] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 163.909519][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 164.227195][ T28] audit: type=1400 audit(1774986267.702:11778): avc: denied { create } for pid=12828 comm="syz.0.3937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1 [ 164.380974][ T28] audit: type=1400 audit(1774986267.852:11779): avc: denied { unmount } for pid=12836 comm="syz.6.3929" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 164.907433][T12872] loop5: detected capacity change from 0 to 1024 [ 164.976885][T12872] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 164.995231][T12872] ext4 filesystem being mounted at /406/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.028639][T12872] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.3946: bg 0: block 112: padding at end of block bitmap is not set [ 165.052080][T12872] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 60 with max blocks 1 with error 28 [ 165.106244][T12872] EXT4-fs (loop5): This should not happen!! Data will be lost [ 165.106244][T12872] [ 165.126611][T12872] EXT4-fs (loop5): Total free blocks count 0 [ 165.132643][T12872] EXT4-fs (loop5): Free/Dirty block details [ 165.190462][T12872] EXT4-fs (loop5): free_blocks=0 [ 165.201107][T12872] EXT4-fs (loop5): dirty_blocks=16 [ 165.227195][T12872] EXT4-fs (loop5): Block reservation details [ 165.256124][T12872] EXT4-fs (loop5): i_reserved_data_blocks=1 [ 165.295883][T12872] syz.5.3946 (12872) used greatest stack depth: 8288 bytes left [ 165.304567][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 165.637563][T12910] loop4: detected capacity change from 0 to 1024 [ 165.647506][T12912] netlink: 'syz.5.3960': attribute type 5 has an invalid length. [ 165.655898][T12910] EXT4-fs: inline encryption not supported [ 165.770305][T12910] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 165.816405][T12910] ext4 filesystem being mounted at /837/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.833110][T12910] EXT4-fs error (device loop4): ext4_map_blocks:828: inode #15: block 3: comm syz.4.3961: lblock 3 mapped to illegal pblock 3 (length 3) [ 165.848534][T12910] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 165.863114][T12910] EXT4-fs (loop4): This should not happen!! Data will be lost [ 165.863114][T12910] [ 165.883071][T12910] EXT4-fs error (device loop4): ext4_map_blocks:828: inode #15: block 8: comm syz.4.3961: lblock 8 mapped to illegal pblock 8 (length 4) [ 165.897880][T12910] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 4 with error 117 [ 165.911879][T12910] EXT4-fs (loop4): This should not happen!! Data will be lost [ 165.911879][T12910] [ 165.922355][T12910] EXT4-fs error (device loop4): ext4_map_blocks:828: inode #15: comm syz.4.3961: lblock 0 mapped to illegal pblock 0 (length 3) [ 165.946271][T12910] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 117 [ 165.958979][T12910] EXT4-fs (loop4): This should not happen!! Data will be lost [ 165.958979][T12910] [ 165.992096][ T1837] EXT4-fs error (device loop4): ext4_map_blocks:828: inode #15: block 4: comm kworker/u8:8: lblock 4 mapped to illegal pblock 4 (length 2) [ 166.036110][ T1837] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 2 with error 117 [ 166.066157][ T1837] EXT4-fs (loop4): This should not happen!! Data will be lost [ 166.066157][ T1837] [ 166.143334][ T1837] EXT4-fs error (device loop4): ext4_map_blocks:828: inode #15: block 8: comm kworker/u8:8: lblock 8 mapped to illegal pblock 8 (length 1) [ 166.172242][ T1837] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 1 with error 117 [ 166.222699][ T3311] EXT4-fs warning (device loop4): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 166.333467][T12930] 9pnet: p9_errstr2errno: server reported unknown error  [ 166.622425][T12958] loop0: detected capacity change from 0 to 8192 [ 166.640153][T12958] FAT-fs (loop0): error, corrupted directory (invalid entries) [ 166.647814][T12958] FAT-fs (loop0): Filesystem has been set read-only [ 166.841219][ T28] audit: type=1326 audit(1774986270.312:11780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12965 comm="syz.3.3983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 166.926983][ T28] audit: type=1326 audit(1774986270.342:11781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12965 comm="syz.3.3983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 166.987801][ T28] audit: type=1326 audit(1774986270.342:11782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12965 comm="syz.3.3983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 167.041504][ T28] audit: type=1326 audit(1774986270.342:11783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12965 comm="syz.3.3983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 167.100618][ T28] audit: type=1326 audit(1774986270.352:11784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12965 comm="syz.3.3983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 167.128860][ T28] audit: type=1326 audit(1774986270.352:11785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12965 comm="syz.3.3983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 167.153226][ T28] audit: type=1326 audit(1774986270.352:11786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12965 comm="syz.3.3983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 167.177468][ T28] audit: type=1326 audit(1774986270.352:11787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12965 comm="syz.3.3983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 167.246020][ T28] audit: type=1326 audit(1774986270.352:11788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12965 comm="syz.3.3983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 167.287437][ T28] audit: type=1326 audit(1774986270.352:11789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12965 comm="syz.3.3983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547afbc819 code=0x7ffc0000 [ 167.916303][T13023] loop4: detected capacity change from 0 to 512 [ 167.931983][T13023] EXT4-fs: Ignoring removed bh option [ 167.945381][T13023] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 167.974694][T13023] EXT4-fs (loop4): 1 truncate cleaned up [ 167.984800][T13023] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.030717][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.407604][T13077] loop6: detected capacity change from 0 to 512 [ 168.416877][T13077] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 168.434840][T13077] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 168.450166][T13077] EXT4-fs (loop6): 1 truncate cleaned up [ 168.456072][ C0] EXT4-fs (loop6): error count since last fsck: 1 [ 168.462554][ C0] EXT4-fs (loop6): initial error at time 1774986271: ext4_mb_generate_buddy:1317 [ 168.471738][ C0] EXT4-fs (loop6): last error at time 1774986271: ext4_mb_generate_buddy:1317 [ 168.481863][T13077] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.515869][T10066] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.724673][T13097] loop6: detected capacity change from 0 to 4096 [ 168.738175][T13097] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.788159][T10066] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.068663][T13135] loop0: detected capacity change from 0 to 2048 [ 169.137305][ T3987] loop0: p1 < > p4 [ 169.145794][T13121] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 169.157956][ T3987] loop0: p4 start 42180 is beyond EOD, truncated [ 169.167019][T13135] loop0: p1 < > p4 [ 169.172229][T13135] loop0: p4 start 42180 is beyond EOD, truncated [ 169.179596][T13121] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 169.258022][ T3987] udevd[3987]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 169.274273][ T3987] udevd[3987]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 169.574067][T13176] blktrace: Concurrent blktraces are not allowed on loop10 [ 169.654923][T13180] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 169.665321][T13180] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.714830][T13180] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 169.725406][T13180] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.779518][T13180] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 169.790404][T13180] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.840456][T13180] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 169.851200][T13180] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.917188][ T69] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 169.926700][ T69] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.949142][ T69] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 169.957595][ T69] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.972922][ T2372] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 169.981613][ T2372] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.998223][T13202] loop4: detected capacity change from 0 to 4096 [ 170.017475][T13202] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.039733][T12667] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.056940][T12667] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.106795][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.131600][T13207] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4088'. [ 170.132670][T13205] sctp: [Deprecated]: syz.3.4086 (pid 13205) Use of int in max_burst socket option. [ 170.132670][T13205] Use struct sctp_assoc_value instead [ 170.160967][T13207] bond1: option primary_reselect: invalid value (8) [ 170.195953][T13207] bond1 (unregistering): Released all slaves [ 170.390671][T13228] loop0: detected capacity change from 0 to 4096 [ 170.398000][T13228] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 170.409042][T13228] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.637344][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.183097][T13243] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 171.195526][T13243] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.237814][T13241] loop5: detected capacity change from 0 to 8192 [ 171.387464][T13243] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 171.400907][T13243] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.526823][T13254] tipc: Started in network mode [ 171.531735][T13254] tipc: Node identity ac14140f, cluster identity 4711 [ 171.546371][T13254] tipc: Enabled bearer , priority 10 [ 172.169572][T13243] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 172.218609][T13243] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.256029][T13297] loop6: detected capacity change from 0 to 2048 [ 172.320219][T13297] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.384594][T13295] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 172.400047][ T28] kauditd_printk_skb: 52 callbacks suppressed [ 172.400101][ T28] audit: type=1400 audit(1774986275.852:11842): avc: denied { map } for pid=13295 comm="syz.6.4128" path="/206/file0/file1" dev="loop6" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 172.400380][T13243] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 172.436644][T13312] loop5: detected capacity change from 0 to 512 [ 172.439970][T13243] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.465873][T13312] EXT4-fs: Ignoring removed orlov option [ 172.480897][T10066] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.498311][T13312] EXT4-fs: Ignoring removed mblk_io_submit option [ 172.515005][T13312] EXT4-fs: inline encryption not supported [ 172.521669][ T1837] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.546370][ T1837] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.587085][ T1837] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.595341][ T1837] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.631676][T13312] EXT4-fs error (device loop5): ext4_iget_extra_inode:5040: inode #15: comm syz.5.4133: corrupted in-inode xattr: e_value size too large [ 172.662763][ T1837] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.671089][ T1837] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.703224][ T1837] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.716346][T13312] loop5: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 172.716597][T13312] EXT4-fs error (device loop5): ext4_orphan_get:1402: comm syz.5.4133: couldn't read orphan inode 15 (err -117) [ 172.737583][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 172.737606][ C0] EXT4-fs (loop5): initial error at time 1774986276: ext4_iget_extra_inode:5040: inode 15 [ 172.737640][ C0] EXT4-fs (loop5): last error at time 1774986276: ext4_iget_extra_inode:5040: inode 15 [ 172.746413][ T1837] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.788805][T13327] loop6: detected capacity change from 0 to 1764 [ 172.806095][T13312] loop5: lost filesystem error report for type 5 error -117 [ 172.807378][T13312] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.827043][ T5865] tipc: Node number set to 2886997007 [ 172.827179][T13327] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 172.895167][T13327] isofs_fill_super: get root inode failed [ 172.933770][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.013156][ T28] audit: type=1400 audit(1774986276.482:11843): avc: denied { ioctl } for pid=13342 comm="syz.4.4146" path="socket:[35321]" dev="sockfs" ino=35321 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 173.137016][T13341] loop0: detected capacity change from 0 to 2048 [ 173.149467][T13341] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.380886][ T28] audit: type=1400 audit(1774986276.852:11844): avc: denied { ioctl } for pid=13358 comm="syz.6.4153" path="/dev/rtc0" dev="devtmpfs" ino=244 ioctlcmd=0x7007 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 173.502110][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.550742][ T28] audit: type=1400 audit(1774986277.022:11845): avc: denied { setopt } for pid=13354 comm="syz.4.4151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 173.726549][T13375] netlink: 204 bytes leftover after parsing attributes in process `syz.0.4161'. [ 173.757008][T13375] netlink: 84 bytes leftover after parsing attributes in process `syz.0.4161'. [ 173.972724][T13387] loop5: detected capacity change from 0 to 1024 [ 173.986796][T13387] EXT4-fs (loop5): bad geometry: bigalloc file system with non-zero first_data_block [ 173.986796][T13387] [ 174.364988][ T28] audit: type=1326 audit(1774986277.832:11846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13395 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70007ac819 code=0x7ffc0000 [ 174.492230][T10066] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 174.517563][ T28] audit: type=1326 audit(1774986277.832:11847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13395 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70007ac819 code=0x7ffc0000 [ 174.556438][T10066] CPU: 1 UID: 0 PID: 10066 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(full) [ 174.556539][T10066] Tainted: [W]=WARN [ 174.556547][T10066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 174.556594][T10066] Call Trace: [ 174.556601][T10066] [ 174.556608][T10066] __dump_stack+0x1d/0x30 [ 174.556639][T10066] dump_stack_lvl+0x95/0xd0 [ 174.556666][T10066] dump_stack+0x15/0x1b [ 174.556697][T10066] dump_header+0x80/0x240 [ 174.556733][T10066] oom_kill_process+0x295/0x350 [ 174.556757][T10066] out_of_memory+0x97d/0xb80 [ 174.556784][T10066] try_charge_memcg+0x62e/0xa10 [ 174.556916][T10066] mem_cgroup_swapin_charge_folio+0x103/0x1f0 [ 174.556991][T10066] __swap_cache_prepare_and_add+0x67/0x460 [ 174.557031][T10066] ? alloc_pages_mpol+0x217/0x260 [ 174.557120][T10066] swap_cache_alloc_folio+0xa2/0x120 [ 174.557164][T10066] swap_cluster_readahead+0x26e/0x3d0 [ 174.557195][T10066] swapin_readahead+0xde/0x840 [ 174.557226][T10066] ? __rcu_read_unlock+0x4e/0x70 [ 174.557248][T10066] ? __perf_event_task_sched_in+0xa65/0xad0 [ 174.557349][T10066] ? __list_add_valid_or_report+0x38/0xe0 [ 174.557371][T10066] ? __rcu_read_unlock+0x4e/0x70 [ 174.557389][T10066] ? swap_cache_get_folio+0x26f/0x280 [ 174.557428][T10066] do_swap_page+0x2fe/0x21e0 [ 174.557496][T10066] ? __schedule+0x93c/0xd40 [ 174.557523][T10066] ? __rcu_read_lock+0x36/0x50 [ 174.557544][T10066] ? pte_offset_map_rw_nolock+0x19e/0x200 [ 174.557577][T10066] handle_mm_fault+0xb46/0x3020 [ 174.557667][T10066] ? vma_start_read+0x1c7/0x2c0 [ 174.557694][T10066] do_user_addr_fault+0x62f/0x1050 [ 174.557732][T10066] ? trace_page_fault_user+0x1f/0xe0 [ 174.557798][T10066] exc_page_fault+0x62/0xa0 [ 174.557854][T10066] asm_exc_page_fault+0x26/0x30 [ 174.557873][T10066] RIP: 0033:0x7f964e397997 [ 174.557900][T10066] Code: 48 89 fa 4c 89 df e8 a8 56 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 174.557921][T10066] RSP: 002b:00007ffe767894b0 EFLAGS: 00010202 [ 174.557953][T10066] RAX: 0000000000000000 RBX: 0000555571646500 RCX: 00007f964e397997 [ 174.557970][T10066] RDX: 00007ffe767894f0 RSI: 0000000000000000 RDI: 0000000000000000 [ 174.557985][T10066] RBP: 00007ffe7678955c R08: 0000000000000000 R09: 0000000000000000 [ 174.558001][T10066] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388 [ 174.558016][T10066] R13: 00000000000927c0 R14: 000000000002a893 R15: 00007ffe767895b0 [ 174.558037][T10066] [ 174.596133][ T28] audit: type=1326 audit(1774986277.832:11848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13395 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70007ac819 code=0x7ffc0000 [ 174.607085][T10066] memory: usage 259004kB, limit 307200kB, failcnt 126 [ 174.631482][ T28] audit: type=1326 audit(1774986277.872:11849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13395 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f70007ac819 code=0x7ffc0000 [ 174.754001][T10066] memory+swap: usage 263948kB, limit 9007199254740988kB, failcnt 0 [ 174.991477][T13408] loop5: detected capacity change from 0 to 1024 [ 175.011776][T13408] EXT4-fs (loop5): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 175.025586][T13408] EXT4-fs error (device loop5): ext4_map_blocks:786: inode #3: block 2: comm syz.5.4174: lblock 2 mapped to illegal pblock 2 (length 1) [ 175.107406][T13408] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 175.107572][T13408] Quota error (device loop5): qtree_write_dquot: dquota write failed [ 175.116693][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 175.116716][ C0] EXT4-fs (loop5): initial error at time 1774986278: ext4_map_blocks:786: inode 3: block 2 [ 175.116747][ C0] EXT4-fs (loop5): last error at time 1774986278: ext4_map_blocks:786: inode 3: block 2 [ 175.152833][T10066] kmem: usage 148316kB, limit 9007199254740988kB, failcnt 0 [ 175.156093][ T28] audit: type=1326 audit(1774986277.872:11850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13395 comm="syz.4.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70007ac819 code=0x7ffc0000 [ 175.179080][T10066] Memory cgroup stats for [ 175.196197][T13408] EXT4-fs error (device loop5): ext4_map_blocks:786: inode #3: block 48: comm syz.5.4174: lblock 0 mapped to illegal pblock 48 (length 1) [ 175.217138][T10066] /syz6: [ 175.217299][T10066] cache 0 [ 175.218508][T13408] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 175.223336][T13408] EXT4-fs error (device loop5): ext4_acquire_dquot:7026: comm syz.5.4174: Failed to acquire dquot type 0 [ 175.244222][T13408] loop5: lost filesystem error report for type 5 error -117 [ 175.244371][T13408] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6291: Corrupt filesystem [ 175.262085][T10066] rss 8507392 [ 175.265515][T10066] shmem 0 [ 175.276358][T10066] mapped_file 0 [ 175.287135][T10066] dirty 0 [ 175.290093][T10066] writeback 0 [ 175.303595][T13408] loop5: lost filesystem error report for type 5 error -117 [ 175.303757][T13408] EXT4-fs error (device loop5): ext4_evict_inode:265: inode #11: comm syz.5.4174: mark_inode_dirty error [ 175.326195][T10066] workingset_refault_anon 53 [ 175.330976][T10066] workingset_refault_file 0 [ 175.339677][T13418] netlink: 'syz.3.4177': attribute type 21 has an invalid length. [ 175.351689][T13408] loop5: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 175.351868][T13408] EXT4-fs warning (device loop5): ext4_evict_inode:268: couldn't mark inode dirty (err -117) [ 175.372016][T10066] swap 430080 [ 175.375329][T10066] swapcached 774144 [ 175.379193][T13408] EXT4-fs (loop5): 1 orphan inode deleted [ 175.385488][T13408] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.398061][ T2372] EXT4-fs error (device loop5): ext4_map_blocks:786: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1) [ 175.413546][T10066] pgpgin 55485 [ 175.425990][ T2372] loop5: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 175.428034][ T2372] EXT4-fs error (device loop5): ext4_release_dquot:7062: comm kworker/u8:10: Failed to release dquot type 0 [ 175.448916][T10066] pgpgout 53406 [ 175.452947][T10066] pgfault 65608 [ 175.457170][T10066] pgmajfault 45 [ 175.460702][T10066] inactive_anon 12288 [ 175.464740][T10066] active_anon 106496 [ 175.469331][T10066] inactive_file 0 [ 175.473106][T10066] active_file 0 [ 175.477257][T13408] EXT4-fs (loop5): shut down requested (2) [ 175.483603][T10066] unevictable 8388608 [ 175.487861][T10066] hierarchical_memory_limit 314572800 [ 175.504069][T10066] hierarchical_memsw_limit 9223372036854771712 [ 175.510593][T10066] total_cache 0 [ 175.514533][T10066] total_rss 8507392 [ 175.518942][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.519553][T10066] total_shmem 0 [ 175.534631][T10066] total_mapped_file 0 [ 175.539080][T10066] total_dirty 0 [ 175.564352][T10066] total_writeback 0 [ 175.578512][T10066] total_workingset_refault_anon 53 [ 175.603930][T10066] total_workingset_refault_file 0 [ 175.614044][T10066] total_swap 430080 [ 175.624131][T10066] total_swapcached 774144 [ 175.634215][T10066] total_pgpgin 55485 [ 175.644306][T10066] total_pgpgout 53406 [ 175.649750][T10066] total_pgfault 65608 [ 175.653750][T10066] total_pgmajfault 45 [ 175.666146][T10066] total_inactive_anon 12288 [ 175.676790][T10066] total_active_anon 106496 [ 175.681749][T13435] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 175.690066][T10066] total_inactive_file 0 [ 175.694393][T10066] total_active_file 0 [ 175.704418][T10066] total_unevictable 8388608 [ 175.709264][T10066] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.4165,pid=13381,uid=0 [ 175.743958][T10066] Memory cgroup out of memory: OOM victim 13381 (syz.6.4165) is already exiting. Skip killing the task [ 175.911622][T13447] loop5: detected capacity change from 0 to 128 [ 175.937252][T13447] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 175.954981][T13447] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 176.016585][ T2372] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 176.035109][T13454] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4193'. [ 176.169478][T13461] loop6: detected capacity change from 0 to 512 [ 176.201450][T13461] EXT4-fs (loop6): mounting ext2 file system using the ext4 subsystem [ 176.223628][T13461] EXT4-fs error (device loop6): mb_free_blocks:2049: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 176.246073][ C0] EXT4-fs (loop6): error count since last fsck: 1 [ 176.252545][ C0] EXT4-fs (loop6): initial error at time 1774986279: mb_free_blocks:2049: inode 11: block 64 [ 176.262871][ C0] EXT4-fs (loop6): last error at time 1774986279: mb_free_blocks:2049: inode 11: block 64 [ 176.267142][T13461] EXT4-fs error (device loop6): ext4_do_update_inode:5602: inode #11: comm syz.6.4196: corrupted inode contents [ 176.313720][T13461] loop6: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 176.313894][T13461] EXT4-fs error (device loop6): ext4_dirty_inode:6495: inode #11: comm syz.6.4196: mark_inode_dirty error [ 176.341070][T13461] loop6: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 176.341306][T13461] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.4196: invalid indirect mapped block 1 (level 1) [ 176.350842][T13469] loop5: detected capacity change from 0 to 512 [ 176.364721][T13461] loop6: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 176.375166][T13469] EXT4-fs: Ignoring removed mblk_io_submit option [ 176.402029][T13469] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 176.420918][T13461] EXT4-fs error (device loop6): ext4_do_update_inode:5602: inode #11: comm syz.6.4196: corrupted inode contents [ 176.433350][T13461] loop6: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 176.435027][T13461] EXT4-fs error (device loop6) in ext4_orphan_del:303: Corrupt filesystem [ 176.456222][T13461] loop6: lost filesystem error report for type 5 error -117 [ 176.456995][T13472] tun0: tun_chr_ioctl cmd 1074025675 [ 176.470362][T13469] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.482943][T13461] EXT4-fs error (device loop6): ext4_do_update_inode:5602: inode #11: comm syz.6.4196: corrupted inode contents [ 176.495781][T13461] loop6: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 176.495966][T13461] EXT4-fs error (device loop6): ext4_truncate:4602: inode #11: comm syz.6.4196: mark_inode_dirty error [ 176.517520][T13472] tun0: persist enabled [ 176.521832][T13469] ext4 filesystem being mounted at /447/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 176.532298][T13478] tun0: tun_chr_ioctl cmd 1074025675 [ 176.537685][T13478] tun0: persist disabled [ 176.542319][T13461] EXT4-fs error (device loop6) in ext4_process_orphan:345: Corrupt filesystem [ 176.573408][T13461] loop6: lost filesystem error report for type 5 error -117 [ 176.574364][T13461] EXT4-fs (loop6): 1 truncate cleaned up [ 176.600789][ T7291] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.621977][T13461] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.739044][T10066] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.810236][T13501] netlink: 104 bytes leftover after parsing attributes in process `syz.5.4212'. [ 176.857073][T13507] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4214'. [ 176.935529][T13520] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4220'. [ 176.950855][T13517] tc_dump_action: action bad kind [ 176.970192][T13523] bridge0: left promiscuous mode [ 176.975293][T13526] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 176.983768][T13526] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 177.686816][T13586] netlink: 104 bytes leftover after parsing attributes in process `syz.0.4249'. [ 177.837489][T13596] dummy0: Device is already in use. [ 177.978771][ T28] kauditd_printk_skb: 58 callbacks suppressed [ 177.978845][ T28] audit: type=1326 audit(1774986281.452:11906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13607 comm="syz.5.4260" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fea1d8cc819 code=0x0 [ 178.152007][T13633] ================================================================== [ 178.160141][T13633] BUG: KCSAN: data-race in bq_flush_to_queue / cpu_map_kthread_run [ 178.168049][T13633] [ 178.170391][T13633] write to 0xffff8881283ece58 of 8 bytes by task 13635 on cpu 0: [ 178.178126][T13633] cpu_map_kthread_run+0x4fe/0x1680 [ 178.183356][T13633] kthread+0x22a/0x280 [ 178.187528][T13633] ret_from_fork+0x150/0x360 [ 178.192140][T13633] ret_from_fork_asm+0x1a/0x30 [ 178.197185][T13633] [ 178.199515][T13633] read to 0xffff8881283ece58 of 8 bytes by task 13633 on cpu 1: [ 178.207155][T13633] bq_flush_to_queue+0x124/0x360 [ 178.212092][T13633] cpu_map_enqueue+0x1ad/0x1c0 [ 178.216845][T13633] xdp_do_redirect_frame+0x27b/0x580 [ 178.222123][T13633] bpf_test_run_xdp_live+0xac3/0x1360 [ 178.227495][T13633] bpf_prog_test_run_xdp+0x57b/0xa10 [ 178.232787][T13633] bpf_prog_test_run+0x204/0x340 [ 178.237760][T13633] __sys_bpf+0x52e/0x7e0 [ 178.242008][T13633] __x64_sys_bpf+0x41/0x50 [ 178.246424][T13633] x64_sys_call+0x10cb/0x3020 [ 178.251097][T13633] do_syscall_64+0x12c/0x370 [ 178.255686][T13633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.261577][T13633] [ 178.263894][T13633] value changed: 0xffff888122921070 -> 0x0000000000000000 [ 178.270988][T13633] [ 178.273305][T13633] Reported by Kernel Concurrency Sanitizer on: [ 178.279446][T13633] CPU: 1 UID: 0 PID: 13633 Comm: syz.6.4271 Tainted: G W syzkaller #0 PREEMPT(full) [ 178.290459][T13633] Tainted: [W]=WARN [ 178.294251][T13633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 178.304399][T13633] ==================================================================