last executing test programs: 1m0.994317833s ago: executing program 2 (id=27): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x0, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x0, 0x0, 0x0, 0xc}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x0, 0x20}, {}, {}, {}, {}, {}, {}, {}, {0x16}, {0xff43, 0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x9}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) 1m0.840442105s ago: executing program 2 (id=32): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newlink={0x58, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1c42}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0x2}, @IFLA_XFRM_LINK={0x8, 0x1, 0x4}]}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}]}, 0x58}}, 0x0) 1m0.788479488s ago: executing program 2 (id=35): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10) uname(&(0x7f00000004c0)=""/157) 1m0.63258833s ago: executing program 2 (id=41): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r0, 0x4008744b, &(0x7f0000000180)) 1m0.563614875s ago: executing program 2 (id=45): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x20001e, &(0x7f0000000040)={[{@nodelalloc}, {@orlov}, {@auto_da_alloc}]}, 0x1, 0x506, &(0x7f00000015c0)="$eJzs3c9vG1kdAPDvOL+cbLbJLnsABGxZFgqq6iTubrTaAywnhNBKiJW4gNQNiRtFseModpZN6CH9H5CoxAmO/AGce+LOBcGNSzkg8SMCNZU4GM14kjppnGSbxI7iz6cazbw3tr/v1Z337K9rvwAG1s2I2ImI0Yj4OCKm8vok3+KD9pbe7unug8W93QeLSbRaH/0rifRPWhcd90m9kj9mMSJ+9L2InyUvxm1sba8uVKuVjXZxfKZZW59pbG3fWaktLFeWK2vl8vzc/Ox7d98tX1hf36yN5kdffvLHnW/9Im3WZF7T2Y+L1O76yEGc1HBE/OAygvXBUN6f0X43hJdSiIjXI+Kt7PqfiqHs2QQArrNWaypaU51lAOC6K2Q5sKRQynMBk1EolErtHN4bMVGo1hvN2/frm2tL7VzZdIwU7q9UK7N5rnA6RpK0PJcdPy+Xj5TvRsRrEfHLsfGsXFqsV5f6+cIHAAbYK0fm//+Oted/AOCaK/a7AQBAz5n/AWDwmP8BYPCY/wFg8Jj/AWDwmP8BYPCY/wFgoPzwww/TrbWX//710idbm6v1T+4sVRqrpdrmYmmxvrFeWq7Xl7Pf7Kmd9njVen197p3Y/HT62+uN5kxja/terb651ryX/a73vcpIT3oFAJzktTcf/yWJiJ33x7MtOtZyMFfD9VZ4mTvduPh2AL031O8GAH1jtS8YXOd4jy89ANfEMUv0HlKMiPGjla1Wq3V5TQIu2a0vyP/DoOrI//tfwDBg5P9hcMn/w+BqtZKzrvkfZ70hAHC1yfEDXT7/fz3f/y7/cOCnS0dv8egyWwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABX2/76v6V8LfDJKBRKpYhXI2I6RpL7K9XKbETciIg/j42MpeW5PrcZADivwt+TfP2vW1NvTx49O5o8G8v2EfHzX3/0q08Xms2NP6X1/z6obz7K68v9aD8AcJr9eTrbd7yRf7r7YHF/62V7/vHdiCi24+/tjsbeQfzhGM72xRiJiIn/JHm5LenIXZzHzsOI+Pxx/U9iMsuBtFc+PRo/jf1qT+MXDsUvZOfa+/Tv4nMX0BYYNI/T8eeD466/QtzM9sdf/8VshDq/fPxLH2pxLxsDn8ffH/+Guox/N88a450/fL99NP7iuYcRXxyObNzdG4qO+MlB/KRL/Lc7Cyf465e+8la3c63fRNyKPP6h/ieHYs00a+szja3tOyu1heXKcmWtXJ6fm5997+675ZksRz3TfTb45/u3b3Q7l/Z/okv84in9//rJ3T7w2/99/JOvnhD/m187Ln4h3jghfjonfuOM8Rcmfl/sdi6Nv9Sl/6c9/7fPGP/J37ZfWDYcAOifxtb26kK1Wtno5cH+C4meBnVwDQ7SfzVXoBnHHnynV7FG4zPdq9V6qVjdRoyLyLoBV0FjK36cXfQR8azfjQEAAAAAAAAAAAAAAI51pu8DDZ3vG0v97iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADX1/8DAAD///x5zHc=") creat(&(0x7f0000000340)='./bus\x00', 0x1c) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000500)='./bus\x00', 0x0, 0x42) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x1, 0x13, 0x0, "ef359f41a4ae6dddfbd1ce5d29c2ee5e5c9d000ff8ee09e737ff0edf110ff4eb4b78c66ee677df701905b9aafab4ffffffff00", "cba3d625780820d1cb4e946ef88b31f97c1ce1a311ef14ef01060000e9009600fdff000000000000000000000000000000000004000000000200", "d300e6d6ae9ef30bea2a000000000000000800", [0x3]}) 1m0.257345618s ago: executing program 2 (id=58): r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) setsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) syz_emit_ethernet(0x66, &(0x7f0000000340)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x30, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "00641a", 0xffff, 0x88, 0x0, @mcast1, @mcast1}}}}}}}, 0x0) 45.221348831s ago: executing program 32 (id=58): r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) setsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) syz_emit_ethernet(0x66, &(0x7f0000000340)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x30, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "00641a", 0xffff, 0x88, 0x0, @mcast1, @mcast1}}}}}}}, 0x0) 33.434210054s ago: executing program 5 (id=1049): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x122) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x40, 0x0) 33.328911422s ago: executing program 5 (id=1054): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c0100001a00010000000000000000007f00000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe80000000000000000000000000000000000000330000002001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000300000000000000004c001400636d61632861657329"], 0x13c}}, 0x8000) 33.257139517s ago: executing program 5 (id=1059): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='io\x00') r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) fchown(r0, r2, 0x0) 33.197131711s ago: executing program 5 (id=1062): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_usb_disconnect(0xffffffffffffffff) 32.432680688s ago: executing program 5 (id=1101): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x21081e, &(0x7f0000000280)={[{@grpquota}, {@abort}, {@errors_remount}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) renameat2(r0, &(0x7f0000000280)='./file1\x00', r0, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) unlinkat(r0, &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 32.306068817s ago: executing program 5 (id=1110): r0 = socket(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1}, 0x10) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x4}, 0x10) write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200020000", 0x1c) 17.28167832s ago: executing program 33 (id=1110): r0 = socket(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1}, 0x10) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x4}, 0x10) write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200020000", 0x1c) 749.856954ms ago: executing program 6 (id=2464): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x56a, 0x27, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x1}}}}}]}}]}}, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x800) r0 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x4f5e, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x14}) io_uring_enter(r0, 0x567, 0x0, 0x0, 0x0, 0x0) 623.710363ms ago: executing program 3 (id=2469): sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000037fda7803a99c6ee4105f21cc1e8d49abcd78d2c4f8f5ff402937f7f38053d683b30d20729bcf5492bf9eebf004f49ba6cb66dd2a5c7e0f5171d8f2618425a61d3f74ee13c4f6a88bda7d06a4dee6013275c5ef33670fc214b05238d4c5ba7b16299b13d7a5285e8e58dd71b873df3447018ba708b209a778d0f91ad18688d20ef0f888ccd008925", @ANYRES16, @ANYBLOB="010000000000000000000100000028000180"], 0x3c}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="0c00028006"], 0x24}}, 0x0) 623.324903ms ago: executing program 3 (id=2470): ioperm(0x5, 0x1, 0x26) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000880)={[{@errors_remount}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@oldalloc}, {@nojournal_checksum}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c") bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$unlink(0x9, r0, r0) 489.448863ms ago: executing program 3 (id=2475): bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0, 0x0, 0x8000000}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB="540000000008010100000000000000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 453.726226ms ago: executing program 3 (id=2478): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='kfree\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000030000000100000008"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{r1, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000300)='%pB \x00'}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000680)={r2, 0x0}, 0x20) 418.501118ms ago: executing program 3 (id=2480): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c00)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x4a, &(0x7f0000000580)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd608a96d70014040000000000000000000000000000000000fe8000000000000000000000000000aa"], 0x0) 358.222023ms ago: executing program 3 (id=2483): pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RGETLOCK(r1, &(0x7f0000001440)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r0, r2, 0x5, 0x8) tee(r0, r2, 0x60000000000, 0x0) 317.218746ms ago: executing program 0 (id=2488): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xcf) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x9135}, 0x18) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newsa={0x138, 0x10, 0x113, 0x0, 0x0, {{@in6=@local, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@private=0x200000, 0x0, 0x32}, @in=@loopback, {}, {}, {0x0, 0x80}, 0x0, 0x0, 0x2, 0x1}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) 293.561518ms ago: executing program 1 (id=2491): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x1000000000004) 285.096038ms ago: executing program 0 (id=2492): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000100)={0x3ff, 0x0, 0xffff, 0xffff}) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x1a) 265.72785ms ago: executing program 0 (id=2493): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x4, 0x0, 0x8, 0x2}, 0x10}}, 0x0) 241.108212ms ago: executing program 1 (id=2495): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$usbfs(&(0x7f0000000380), 0x3fb8, 0x1) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {0x0, 0x1}, 0xfffffff8, 0x25, &(0x7f0000000040)={0x60, 0x11, 0x8001, 0x1}, 0x53, 0x6, 0xd0000, 0x0, 0x9e, 0x68e, 0x0}) 236.452522ms ago: executing program 0 (id=2497): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xa8}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x0) 202.223425ms ago: executing program 0 (id=2498): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1801000000001f00000000000000ea1f850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x3}, 0x18) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r1, 0x400, 0x1) fremovexattr(r1, &(0x7f0000000040)=@known='system.posix_acl_default\x00') 194.979995ms ago: executing program 1 (id=2500): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) chmod(0x0, 0x0) 190.862075ms ago: executing program 6 (id=2501): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) syz_mount_image$msdos(&(0x7f0000000300), &(0x7f0000000140)='./bus\x00', 0x1a40cc4, &(0x7f0000000a40)=ANY=[@ANYRESDEC, @ANYBLOB="4ffef8a5fe039b069f473594fba9121a07732b", @ANYRESOCT, @ANYRES8, @ANYBLOB="bab44e31f8deff1431e4636edd55f637aed9cafb33edf184a7cb1b0eba595affa9bf118a3444c4520a835f62d434ace1ccb1260ab47dfca4666b9b6a9eb0708af98c10a39bea9e5f1a3d1796dc418aba8b0800be64a012c5fe91ae8558f6594ccc0c903163045e8699ece57e70d8b03f7f9acdad754bfb0d2fda181cfcc2b9270bfab8d1a5bf11dcffb41587b97fba268864cc697e5ac812657ead20fe2b57c4c6362910cfee7f936f06c9108967c96c2cf29723a9746c91490e63a16c4480dc70d0a7105d832fc334caadfae31a67edf1ac56ca4cc7b85ca295f89a346730ef87fc89443f397b16087ae9b53e13803b4dcba22cf6af052e86c22ce41332251938493c45a5419eaf9ffcb4ed18ad875ba11b64e471656c98d0677945f509f3704c5dd43a02e7d3a9240dfb090b6d843ce48a250f29acda15a369b29e328aa16c692823ad29fca897c88fbeef9a09d5b5c163cf7b", @ANYBLOB="1263a7b959383aa0a9fa10796416da755d29640e5041a395796348a83463470c07de0fe7c8e02a1a743587f58ffb22bbd585d0a5cbead9ca0823180dad88e609da79bbd442bddae537570748f21ac461994ea7754a096f9d50951ef0a07c555e2e53a20f4a407feef4892391f639afa0eccda43b87b58452d42073ba989bbdec9a81948e1f0c9cb8c0ad00fccafaefa58aadfc71bbd61088", @ANYRESDEC, @ANYRES64, @ANYBLOB="14a8d0ca3386858350717bda500a6e0d271cba7c24404f4fdd13b1b5922dc27fae2bb7656c2c9cf00076db74ad9da398465c271f3c99f9c8b75aa628562a36eae8e60442812741be1793c1486650f74ba8ad8536070000000000000065f3bc92da1e56d7ffa95c91b5c58ba55f9245a209ef24b8348e9ff4cb9b84333e1a13"], 0xde, 0x0, &(0x7f0000000000)) mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,') 172.889316ms ago: executing program 0 (id=2502): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e21, 0xd8, @dev, 0x2}, 0x58) r1 = socket$inet6(0x10, 0x2, 0x4) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='illinois\x00', 0x9) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784004000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 169.379287ms ago: executing program 4 (id=2503): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='mm_page_alloc\x00', r0}, 0x10) r1 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 148.650438ms ago: executing program 6 (id=2504): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x2c, r2, 0xc4fc9e906872338b, 0x10000, 0x3, {{0x15}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0xffffffffffffff56, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}]}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 141.278759ms ago: executing program 4 (id=2505): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="1e000000000000000100000007"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r1}, 0x10) arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000000)) 140.133249ms ago: executing program 1 (id=2506): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2, 0x0, 0x81}, 0x18) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x520, 0x340, 0x25, 0x148, 0x0, 0x60, 0x488, 0x2a8, 0x2a8, 0x488, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x9, 0x0, 0x80ffffff, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@set={{0x40}}, @common=@unspec=@statistic={{0x38}}]}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x580) 108.985191ms ago: executing program 4 (id=2507): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fedbdf2501000000000000000b0000000014001462726f6164636e225ae7e26173742d6c"], 0x30}, 0x1, 0x0, 0x0, 0x4000851}, 0x880) 79.195934ms ago: executing program 1 (id=2508): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000160a0103000000000000000002000000540003804000038014000100626f6e645f736c6176655f300000000014000100736974300000000000000000000000001400010073697430000000000000000000000000080002400000000008000140000000000900020073797a31000000000900010073797a30"], 0xa8}}, 0x0) 78.638314ms ago: executing program 6 (id=2509): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = dup2(r1, r1) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x4, [{0x11}, {0x0, 0x100000000000000}]}, 0x68) 78.155464ms ago: executing program 4 (id=2510): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) eventfd(0x3b7e) 39.781266ms ago: executing program 6 (id=2511): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x0) unshare(0x20000400) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000280)={0x0, 0x0, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa49c, 0x0, 0x299, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8000000000000, 0x0, 0x0, 0xda15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x10, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc01, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 39.409166ms ago: executing program 4 (id=2512): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = gettid() sendmsg$unix(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)='B', 0x1}], 0x1, &(0x7f0000001040)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="1c000000000000000100000402000000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="0000000018"], 0xa0}, 0x4004881) 39.246046ms ago: executing program 6 (id=2513): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 38.874257ms ago: executing program 1 (id=2514): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1a08403, &(0x7f0000000940), 0x2, 0x5c9, &(0x7f0000001000)="$eJzs3c1vVFUbAPDnTqfTlr6vrcSouDCNhkCitLSAqR8L2BOCHxvjxkoLQYaP0BotmlgS3JgYNy5IXLkQ/wR3SnTrysSFCzeuDAkaw0ZjcMyduTMMZaadlk5v6fx+yfSec8+9PedCn54z957TCaBnjaVfChG7IuJCEjHSVFaMrHCsdtytPz84kb6SqFRe/SOJJNtXPz7JtsPZybdHIn78LomdfffWO7946cxMuTx3MctPLJy9MDG/eGnf6bMzp+ZOzZ2bem5q+nbl0PTk/vu6vkJT+uiVt98d+fjYG19+/k8y+dUvx5I4HL+frJU1X8dGGYux+KtS+XD5/vTfdXqjK8tJX+Pn5I5k+Q62rGIWI6WIeCxGoq/pf3MkPno518YBXVVJIipAj0rEP/So+jig/t6+s/fBhS6PSoDNcPNI+rW/RfwXa/cGYzT6I2L3svNa3NJbl7SOH74/diV9RZfuwwGtLV0eyFLL4z+pxuZoDFZzO24V7rrPm44AjmfbdP8r66x/bFle/MPmWbocEY+3Gv+vHv9vNsX/W+usX/wDAAAAAADAxrl+JCKebfX8r5A9mxuMp6rP/5La87+f7qwQPLwB9a/+/K9wYwOqAVq4eSTipZbzfxtzfEf7stz/a7MBk5Ony3P7I+KhiNgb/QNpfnKFOvZ9svNqu7Lm+X/pK62/Phcwa8eN4sDd58zOLMzczzUDNTcvRzxRbD//J+3/k+b+P5P+PrjQYR07d1873q5s9fgHuqXyRcSelv1/0jgmaff3OQ4dPDQ9uX+iOh6YqI8K7vXk+59+065+8Q/5Sfv/HSvH/2jS/Pd65tf2/UsRcWCxWGlXvt7xfyl5ra/+/VPvzSwsXJyMKCVH790/tbY2w3ZVj4d6vKTxv/fple//Ncb/TXE4FBFLHdb56L/Dv7YrWyH+++/vSoHVpPE/u6b+f+2JqWuj37arv7P+/2C1T9+b7XH/D1bWaYDm3U4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBAVIuJ/kRTGG+lCYXw8YjgiHokdhfL5+YVnTp5/59xsWlb9/P9C/ZN+R2r5pP75/6NN+all+QMR8XBEfNY3VM2Pnzhfns374gEAAAAAAAAAAAAAAAAAAGCLGG6z/j/1W1+7swY2sYVAVxWzbdt4B7atYt4NAHIj/qF3iX/oXeIfepf4h961zvj3uAC2Af0/9Kr+zg4brG2+rnS1McAm0/8DAAAAAMC2cv3F568mEbH0wlD1lSplZY0Hg0N5tQ7opkLeDQByYw4v9C5Tf6B3dTj5F9jGkkbq75YT/Ac7OBMAAAAAAAAAAAAA6K49u67/vOr6f2Bbsv4fepf1/9C7rP+H3uU9PrDaKn7r/wEAAAAAAAAAAAAgf/OLl87MlMtzFx+0xOulLdEMiS4m+iNiCzQjh0Qp//DM+RcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ8F8AAAD//+L5J9k=") 0s ago: executing program 4 (id=2515): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0xa, 0x1000, 0x3fd, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000001c0)=@generic={&(0x7f00000000c0)='./file0/file0\x00', r0}, 0x18) bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000440)='./file0/file0\x00'}, 0x18) kernel console output (not intermixed with test programs): a:6596:9ff5:7b00 with DS=0x31 [ 40.497336][ T4195] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 40.497449][ T4195] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 40.497487][ T4195] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 40.497515][ T4195] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31 [ 41.110184][ T4240] loop1: detected capacity change from 0 to 256 [ 41.176999][ T4244] ref_ctr_offset mismatch. inode: 0x1f6 offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0 [ 41.414683][ T4260] loop1: detected capacity change from 0 to 1024 [ 41.418041][ T4261] loop0: detected capacity change from 0 to 256 [ 41.433941][ T4260] EXT4-fs: Ignoring removed orlov option [ 41.439792][ T4260] EXT4-fs: Ignoring removed orlov option [ 41.519305][ T4260] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.566036][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.752142][ T4292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.378'. [ 41.846427][ T4292] netlink: 180 bytes leftover after parsing attributes in process `syz.0.378'. [ 42.106415][ T29] kauditd_printk_skb: 129 callbacks suppressed [ 42.106439][ T29] audit: type=1400 audit(1739402585.016:555): avc: denied { watch_reads } for pid=4307 comm="syz.3.386" path="/85" dev="tmpfs" ino=452 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 42.174090][ T29] audit: type=1400 audit(1739402585.076:556): avc: denied { create } for pid=4309 comm="gtp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 42.214905][ T29] audit: type=1400 audit(1739402585.106:557): avc: denied { write } for pid=4309 comm="gtp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 42.260832][ T29] audit: type=1400 audit(1739402585.166:558): avc: denied { bind } for pid=4311 comm="syz.3.388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 42.304670][ T29] audit: type=1400 audit(1739402585.166:559): avc: denied { node_bind } for pid=4311 comm="syz.3.388" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 42.335752][ T4314] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 42.566813][ T29] audit: type=1326 audit(1739402585.476:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4326 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 42.602973][ T4331] syz.1.397 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 42.626810][ T29] audit: type=1326 audit(1739402585.506:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4326 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 42.650071][ T29] audit: type=1326 audit(1739402585.506:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4326 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 42.673324][ T29] audit: type=1326 audit(1739402585.506:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4326 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 42.696519][ T29] audit: type=1326 audit(1739402585.506:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4326 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 42.724243][ T4333] netlink: 104 bytes leftover after parsing attributes in process `syz.1.398'. [ 42.733964][ T4335] xt_CT: You must specify a L4 protocol and not use inversions on it [ 42.828192][ T4351] netlink: 12 bytes leftover after parsing attributes in process `syz.3.407'. [ 42.837185][ T4351] netlink: 112 bytes leftover after parsing attributes in process `syz.3.407'. [ 42.899652][ T4358] loop0: detected capacity change from 0 to 128 [ 42.908402][ T4351] netlink: 12 bytes leftover after parsing attributes in process `syz.3.407'. [ 42.920121][ T4358] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 42.933997][ T4358] ext4 filesystem being mounted at /106/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 42.986325][ T3296] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 43.031792][ T4370] netlink: 'syz.4.416': attribute type 3 has an invalid length. [ 43.070978][ T4375] random: crng reseeded on system resumption [ 43.219769][ T4383] loop0: detected capacity change from 0 to 1024 [ 43.234981][ T4383] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 43.245985][ T4383] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 43.261198][ T4383] JBD2: no valid journal superblock found [ 43.267115][ T4383] EXT4-fs (loop0): Could not load journal inode [ 43.621521][ T4433] netlink: 'syz.3.444': attribute type 2 has an invalid length. [ 43.821180][ T4462] loop4: detected capacity change from 0 to 1024 [ 43.849751][ T4462] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.915648][ T4466] loop1: detected capacity change from 0 to 8192 [ 44.034435][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.042342][ T4466] FAT-fs (loop1): Filesystem has been set read-only [ 44.049014][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.056902][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.065237][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.104041][ T4466] syz.1.458: attempt to access beyond end of device [ 44.104041][ T4466] loop1: rw=0, sector=35211, nr_sectors = 1 limit=8192 [ 44.117498][ T4466] Buffer I/O error on dev loop1, logical block 35211, async page read [ 44.125753][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.163926][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.171923][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.179784][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.187650][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.195529][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.203349][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.211332][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.219297][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.227156][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.431523][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.439535][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.471031][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.479043][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.487032][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.494970][ T4466] FAT-fs (loop1): error, invalid access to FAT (entry 0x00008945) [ 44.553202][ T4466] syz.1.458: attempt to access beyond end of device [ 44.553202][ T4466] loop1: rw=0, sector=35211, nr_sectors = 1 limit=8192 [ 44.566658][ T4466] Buffer I/O error on dev loop1, logical block 35211, async page read [ 44.590296][ T4483] loop3: detected capacity change from 0 to 128 [ 44.601320][ T4483] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 44.689487][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.717967][ T4488] capability: warning: `syz.4.468' uses deprecated v2 capabilities in a way that may be insecure [ 45.253821][ T4512] sd 0:0:1:0: device reset [ 45.465487][ T4523] loop0: detected capacity change from 0 to 128 [ 45.472218][ T4523] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 45.485870][ T4523] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 45.500804][ T4523] process 'syz.0.483' launched './file0' with NULL argv: empty string added [ 45.522949][ T55] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 45.596842][ T4532] loop3: detected capacity change from 0 to 512 [ 45.603616][ T4532] EXT4-fs: Ignoring removed mblk_io_submit option [ 45.611303][ T4532] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 45.632065][ T4532] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c118, mo2=0002] [ 45.645735][ T4532] System zones: 1-12 [ 45.661904][ T4532] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.487: corrupted in-inode xattr: e_value size too large [ 45.677520][ T4532] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.487: couldn't read orphan inode 15 (err -117) [ 45.690134][ T4532] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.730118][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.784911][ T4545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.491'. [ 46.147043][ T4590] netlink: 'syz.4.515': attribute type 3 has an invalid length. [ 46.312750][ T4612] netlink: 16 bytes leftover after parsing attributes in process `syz.4.523'. [ 46.324458][ T4612] netlink: 16 bytes leftover after parsing attributes in process `syz.4.523'. [ 46.482814][ T4629] loop4: detected capacity change from 0 to 128 [ 46.491130][ T4629] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 46.505386][ T4629] ext4 filesystem being mounted at /145/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.531527][ T3304] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 46.872378][ T4635] hub 9-0:1.0: USB hub found [ 46.877198][ T4635] hub 9-0:1.0: 8 ports detected [ 47.067282][ T3305] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.087964][ T50] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.127938][ T4669] loop3: detected capacity change from 0 to 256 [ 47.149235][ T4671] binfmt_misc: register: failed to install interpreter file ./file2 [ 47.192910][ T50] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.206825][ T29] kauditd_printk_skb: 111 callbacks suppressed [ 47.206842][ T29] audit: type=1400 audit(1739402590.116:676): avc: denied { read } for pid=4678 comm="syz.4.551" name="usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 47.236897][ T29] audit: type=1400 audit(1739402590.116:677): avc: denied { open } for pid=4678 comm="syz.4.551" path="/dev/usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 47.261390][ T29] audit: type=1400 audit(1739402590.116:678): avc: denied { write } for pid=4679 comm="syz.0.549" name="event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 47.284680][ T29] audit: type=1400 audit(1739402590.116:679): avc: denied { open } for pid=4679 comm="syz.0.549" path="/dev/input/event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 47.308727][ T29] audit: type=1400 audit(1739402590.116:680): avc: denied { ioctl } for pid=4678 comm="syz.4.551" path="/dev/usbmon7" dev="devtmpfs" ino=163 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 47.311184][ T4641] chnl_net:caif_netlink_parms(): no params data found [ 47.334072][ T29] audit: type=1400 audit(1739402590.116:681): avc: denied { bind } for pid=4679 comm="syz.0.549" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 47.415801][ T29] audit: type=1400 audit(1739402590.326:682): avc: denied { append } for pid=4678 comm="syz.4.551" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 47.455774][ T50] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.476350][ T4641] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.483719][ T4641] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.499820][ T4641] bridge_slave_0: entered allmulticast mode [ 47.508774][ T29] audit: type=1326 audit(1739402590.416:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4703 comm="syz.4.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002612cde9 code=0x7ffc0000 [ 47.532102][ T29] audit: type=1326 audit(1739402590.416:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4703 comm="syz.4.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002612cde9 code=0x7ffc0000 [ 47.535532][ T4641] bridge_slave_0: entered promiscuous mode [ 47.556426][ T29] audit: type=1326 audit(1739402590.416:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4703 comm="syz.4.559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f002612cde9 code=0x7ffc0000 [ 47.588201][ T4698] netlink: 'syz.1.556': attribute type 1 has an invalid length. [ 47.595930][ T4698] netlink: 16 bytes leftover after parsing attributes in process `syz.1.556'. [ 47.616650][ T50] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.631891][ T4641] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.639061][ T4641] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.647543][ T4641] bridge_slave_1: entered allmulticast mode [ 47.656130][ T4641] bridge_slave_1: entered promiscuous mode [ 47.686143][ T4641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.739513][ T4716] program syz.1.565 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 47.750111][ T4641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.762034][ T50] bridge_slave_1: left allmulticast mode [ 47.767863][ T50] bridge_slave_1: left promiscuous mode [ 47.773592][ T50] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.822321][ T50] bridge_slave_0: left allmulticast mode [ 47.828035][ T50] bridge_slave_0: left promiscuous mode [ 47.833804][ T50] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.966971][ T50] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 47.978833][ T50] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 47.988842][ T50] bond0 (unregistering): Released all slaves [ 48.016212][ T4729] netlink: 16 bytes leftover after parsing attributes in process `syz.4.571'. [ 48.031600][ T4738] loop1: detected capacity change from 0 to 128 [ 48.043979][ T4641] team0: Port device team_slave_0 added [ 48.051328][ T4738] syz.1.575: attempt to access beyond end of device [ 48.051328][ T4738] loop1: rw=2049, sector=145, nr_sectors = 3 limit=128 [ 48.067624][ T4740] tmpfs: Bad value for 'mpol' [ 48.079479][ T50] hsr_slave_0: left promiscuous mode [ 48.107231][ T50] hsr_slave_1: left promiscuous mode [ 48.112876][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.120445][ T50] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 48.130344][ T4747] loop1: detected capacity change from 0 to 512 [ 48.146844][ T50] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 48.154290][ T50] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 48.162020][ T4747] EXT4-fs: Ignoring removed oldalloc option [ 48.174743][ T4747] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 48.187147][ T50] veth1_macvtap: left promiscuous mode [ 48.187599][ T4753] loop3: detected capacity change from 0 to 2048 [ 48.192707][ T50] veth0_macvtap: left promiscuous mode [ 48.200449][ T4747] EXT4-fs (loop1): 1 truncate cleaned up [ 48.212443][ T4747] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.212954][ T50] veth1_vlan: left promiscuous mode [ 48.244049][ T50] veth0_vlan: left promiscuous mode [ 48.251338][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.265297][ T4753] loop3: p1 < > p4 [ 48.269926][ T4753] loop3: p4 size 8388608 extends beyond EOD, truncated [ 48.359036][ T50] team0 (unregistering): Port device team_slave_1 removed [ 48.370686][ T50] team0 (unregistering): Port device team_slave_0 removed [ 48.391473][ T4772] netlink: 20 bytes leftover after parsing attributes in process `syz.3.591'. [ 48.409387][ T4641] team0: Port device team_slave_1 added [ 48.420375][ T4751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.581'. [ 48.430659][ T4766] netlink: 'syz.4.588': attribute type 1 has an invalid length. [ 48.439983][ T4641] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.447094][ T4641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.473303][ T4641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.539444][ T4641] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.546585][ T4641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 48.572615][ T4641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.596124][ T4786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.604772][ T4786] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.635205][ T4641] hsr_slave_0: entered promiscuous mode [ 48.641414][ T4641] hsr_slave_1: entered promiscuous mode [ 48.650817][ T4641] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 48.658826][ T4788] loop4: detected capacity change from 0 to 512 [ 48.667248][ T4641] Cannot create hsr debugfs directory [ 48.684648][ T4788] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.599: bg 0: block 248: padding at end of block bitmap is not set [ 48.706854][ T4788] EXT4-fs error (device loop4): ext4_acquire_dquot:6927: comm syz.4.599: Failed to acquire dquot type 1 [ 48.734974][ T4788] EXT4-fs (loop4): 1 truncate cleaned up [ 48.741149][ T4788] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.764007][ T4788] ext4 filesystem being mounted at /165/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.787208][ T4788] syz.4.599 (4788) used greatest stack depth: 9272 bytes left [ 48.795474][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.834000][ T4786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.854205][ T4786] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.883293][ T4641] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 48.900445][ T4641] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 48.924275][ T4641] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 48.933784][ T4641] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 48.947493][ T4810] netlink: 'syz.4.607': attribute type 8 has an invalid length. [ 48.992269][ T4641] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.015840][ T4641] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.030762][ T55] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.037975][ T55] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.049743][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.056867][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.068224][ T4819] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 49.118022][ T4824] loop4: detected capacity change from 0 to 1024 [ 49.138305][ T4824] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.160509][ T4641] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.177195][ T4824] EXT4-fs (loop4): shut down requested (0) [ 49.199413][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.234022][ T4842] ALSA: seq fatal error: cannot create timer (-22) [ 49.310255][ T4641] veth0_vlan: entered promiscuous mode [ 49.321063][ T4641] veth1_vlan: entered promiscuous mode [ 49.343678][ T4641] veth0_macvtap: entered promiscuous mode [ 49.362898][ T4641] veth1_macvtap: entered promiscuous mode [ 49.366057][ T4866] loop1: detected capacity change from 0 to 512 [ 49.374074][ T4641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.385527][ T4641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.395467][ T4641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.405970][ T4641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.415856][ T4641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.426547][ T4641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.436546][ T4641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.447452][ T4641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.475454][ T4641] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.479223][ T4866] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.483779][ T4641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.505701][ T4641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.515618][ T4641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.526162][ T4641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.535286][ T4866] ext4 filesystem being mounted at /134/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.536000][ T4641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.556983][ T4641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.567170][ T4641] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.577724][ T4641] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.588404][ T4641] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.603327][ T4641] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.612166][ T4641] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.621185][ T4641] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.630022][ T4641] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.660399][ T4878] loop0: detected capacity change from 0 to 128 [ 49.684076][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.686354][ T4881] loop4: detected capacity change from 0 to 128 [ 49.699932][ T4878] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 49.713276][ T4881] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 49.791948][ T4891] loop0: detected capacity change from 0 to 2048 [ 49.801227][ T4899] netlink: 12 bytes leftover after parsing attributes in process `syz.1.637'. [ 49.813053][ T4899] vlan2: entered promiscuous mode [ 49.818226][ T4899] bridge0: entered promiscuous mode [ 49.822356][ T4891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.835703][ T4899] bridge0: left promiscuous mode [ 50.032457][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.073980][ T4919] netlink: 'syz.4.645': attribute type 1 has an invalid length. [ 50.132264][ T4932] netlink: 28 bytes leftover after parsing attributes in process `syz.5.652'. [ 50.141357][ T4932] netlink: 28 bytes leftover after parsing attributes in process `syz.5.652'. [ 50.529175][ T4976] loop3: detected capacity change from 0 to 128 [ 50.603555][ T4990] netlink: 'syz.0.678': attribute type 3 has an invalid length. [ 50.932825][ T5029] vlan2: entered promiscuous mode [ 50.950707][ T5027] loop1: detected capacity change from 0 to 256 [ 50.969612][ T5031] __nla_validate_parse: 1 callbacks suppressed [ 50.969632][ T5031] netlink: 8 bytes leftover after parsing attributes in process `syz.3.700'. [ 50.992699][ T5031] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 51.098440][ T5045] netlink: 28 bytes leftover after parsing attributes in process `syz.5.705'. [ 51.107547][ T5045] netlink: 28 bytes leftover after parsing attributes in process `syz.5.705'. [ 51.455420][ T5086] loop5: detected capacity change from 0 to 1024 [ 51.489050][ T5086] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.577298][ T4641] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.649726][ T5107] loop1: detected capacity change from 0 to 512 [ 51.660783][ T5111] loop0: detected capacity change from 0 to 512 [ 51.667824][ T5107] EXT4-fs: Ignoring removed nomblk_io_submit option [ 51.674627][ T5107] EXT4-fs: Ignoring removed i_version option [ 51.681737][ T5111] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 51.703881][ T5111] EXT4-fs (loop0): orphan cleanup on readonly fs [ 51.711729][ T5107] EXT4-fs (loop1): 1 orphan inode deleted [ 51.719318][ T5107] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.754561][ T5111] EXT4-fs error (device loop0): ext4_orphan_get:1415: comm syz.0.736: bad orphan inode 15 [ 51.765189][ T5111] ext4_test_bit(bit=14, block=18) = 1 [ 51.770604][ T5111] is_bad_inode(inode)=0 [ 51.774831][ T5111] NEXT_ORPHAN(inode)=1023 [ 51.779217][ T5111] max_ino=32 [ 51.782429][ T5111] i_nlink=0 [ 51.786345][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.789610][ T5111] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2977: inode #15: comm syz.0.736: corrupted xattr block 19: e_value size too large [ 51.811794][ T5111] EXT4-fs warning (device loop0): ext4_evict_inode:276: xattr delete (err -117) [ 51.835186][ T5111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 51.838924][ T5119] program syz.5.739 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 51.902757][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.950611][ T5131] netlink: 4 bytes leftover after parsing attributes in process `syz.4.746'. [ 52.144708][ T5167] loop5: detected capacity change from 0 to 2048 [ 52.156217][ T5167] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.193111][ T4641] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.216357][ T29] kauditd_printk_skb: 274 callbacks suppressed [ 52.216370][ T29] audit: type=1400 audit(1739402595.126:958): avc: denied { create } for pid=5171 comm="syz.5.763" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 52.246504][ T29] audit: type=1400 audit(1739402595.156:959): avc: denied { setopt } for pid=5171 comm="syz.5.763" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 52.247450][ T5172] pimreg: entered allmulticast mode [ 52.282598][ T5172] pimreg: left allmulticast mode [ 52.407656][ T5187] netlink: 'syz.5.770': attribute type 3 has an invalid length. [ 52.433732][ T5190] loop3: detected capacity change from 0 to 1024 [ 52.441031][ T5190] EXT4-fs: Ignoring removed orlov option [ 52.443477][ T29] audit: type=1400 audit(1739402595.346:960): avc: denied { create } for pid=5191 comm="syz.4.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 52.466849][ T29] audit: type=1400 audit(1739402595.346:961): avc: denied { write } for pid=5191 comm="syz.4.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 52.486894][ T29] audit: type=1400 audit(1739402595.346:962): avc: denied { nlmsg_write } for pid=5191 comm="syz.4.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 52.507532][ T29] audit: type=1400 audit(1739402595.346:963): avc: denied { module_request } for pid=5191 comm="syz.4.773" kmod="crypto-authencesn(digest_null,ecb(cipher_null))" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 52.532701][ T29] audit: type=1400 audit(1739402595.416:964): avc: denied { create } for pid=5194 comm="syz.5.774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 52.538744][ T5190] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.553130][ T29] audit: type=1400 audit(1739402595.416:965): avc: denied { write } for pid=5194 comm="syz.5.774" path="socket:[10754]" dev="sockfs" ino=10754 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 52.589777][ T29] audit: type=1400 audit(1739402595.416:966): avc: denied { nlmsg_read } for pid=5194 comm="syz.5.774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 52.690735][ T29] audit: type=1400 audit(1739402595.596:967): avc: denied { create } for pid=5205 comm="syz.4.778" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 52.875920][ T5221] loop5: detected capacity change from 0 to 1024 [ 52.898559][ T5221] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.932837][ T1080] kernel write not supported for file /395/loginuid (pid: 1080 comm: kworker/0:2) [ 52.994682][ T4641] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.051630][ T5243] netlink: 4 bytes leftover after parsing attributes in process `syz.0.804'. [ 53.080215][ T5247] loop5: detected capacity change from 0 to 2048 [ 53.097634][ T5247] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.189013][ T4641] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.404864][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.419632][ T5282] loop0: detected capacity change from 0 to 512 [ 53.457766][ T5282] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.476528][ T5282] ext4 filesystem being mounted at /193/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.504599][ T5298] loop4: detected capacity change from 0 to 128 [ 53.511416][ T5298] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 53.527670][ T5298] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 53.555536][ T5302] loop3: detected capacity change from 0 to 512 [ 53.562264][ T5302] EXT4-fs: Ignoring removed oldalloc option [ 53.575979][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.592522][ T5302] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 53.603040][ T1821] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 53.615721][ T5308] netlink: '\': attribute type 10 has an invalid length. [ 53.629168][ T5312] netlink: 36 bytes leftover after parsing attributes in process `syz.4.827'. [ 53.639539][ T5302] EXT4-fs (loop3): 1 truncate cleaned up [ 53.639967][ T5308] team0: Device hsr_slave_0 failed to register rx_handler [ 53.650021][ T5302] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.714202][ T5317] loop5: detected capacity change from 0 to 512 [ 53.724039][ T5319] loop4: detected capacity change from 0 to 164 [ 53.727669][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.741778][ T5319] Unable to read rock-ridge attributes [ 53.750836][ T5317] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.828: bg 0: block 35: padding at end of block bitmap is not set [ 53.765668][ T5317] EXT4-fs (loop5): Remounting filesystem read-only [ 53.772267][ T5317] EXT4-fs (loop5): 1 truncate cleaned up [ 53.778632][ T5319] Unable to read rock-ridge attributes [ 53.779911][ T5317] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.797099][ T5319] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 53.798026][ T5317] SELinux: (dev loop5, type ext4) getxattr errno 5 [ 53.812064][ T5317] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.848685][ T5326] loop3: detected capacity change from 0 to 2048 [ 53.852191][ T5329] loop0: detected capacity change from 0 to 1024 [ 53.876003][ T5329] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 53.890319][ T5329] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 53.901931][ T5329] EXT4-fs error (device loop0): ext4_get_journal_inode:5798: inode #32: comm syz.0.836: iget: special inode unallocated [ 53.918208][ T5329] EXT4-fs (loop0): no journal found [ 53.923489][ T5329] EXT4-fs (loop0): can't get journal size [ 53.931556][ T5326] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.951814][ T5329] EXT4-fs error (device loop0): ext4_protect_reserved_inode:160: inode #32: comm syz.0.836: iget: special inode unallocated [ 53.973402][ T5329] EXT4-fs (loop0): failed to initialize system zone (-117) [ 53.980765][ T5329] EXT4-fs (loop0): mount failed [ 53.993762][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.011933][ T5337] netlink: 36 bytes leftover after parsing attributes in process `syz.5.838'. [ 54.037725][ T5341] hub 2-0:1.0: USB hub found [ 54.042433][ T5341] hub 2-0:1.0: 8 ports detected [ 54.052299][ T5343] loop3: detected capacity change from 0 to 512 [ 54.059331][ T5343] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 54.079416][ T5343] EXT4-fs (loop3): 1 truncate cleaned up [ 54.088906][ T5343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.170002][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.223642][ T5366] loop5: detected capacity change from 0 to 1764 [ 54.283625][ T5376] loop0: detected capacity change from 0 to 2048 [ 54.335320][ T5386] xt_hashlimit: max too large, truncated to 1048576 [ 54.343223][ T5389] program syz.5.860 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 54.343473][ T5376] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.394660][ T5396] SELinux: ebitmap: empty map [ 54.399428][ T5396] SELinux: failed to load policy [ 54.412844][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.649814][ T5415] loop3: detected capacity change from 0 to 512 [ 54.665344][ T5415] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 54.682846][ T5421] netlink: 4 bytes leftover after parsing attributes in process `syz.4.876'. [ 54.685677][ T5415] EXT4-fs (loop3): orphan cleanup on readonly fs [ 54.720388][ T5415] EXT4-fs error (device loop3): ext4_orphan_get:1415: comm syz.3.872: bad orphan inode 15 [ 54.744073][ T5415] ext4_test_bit(bit=14, block=18) = 1 [ 54.749609][ T5415] is_bad_inode(inode)=0 [ 54.753848][ T5415] NEXT_ORPHAN(inode)=1023 [ 54.758314][ T5415] max_ino=32 [ 54.761520][ T5415] i_nlink=0 [ 54.773277][ T5425] loop1: detected capacity change from 0 to 512 [ 54.809189][ T5425] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 54.818410][ T5425] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 54.831716][ T5415] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2977: inode #15: comm syz.3.872: corrupted xattr block 19: e_value size too large [ 54.849799][ T5425] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended [ 54.858717][ T5415] EXT4-fs warning (device loop3): ext4_evict_inode:276: xattr delete (err -117) [ 54.880599][ T5425] EXT4-fs error (device loop1): ext4_orphan_get:1389: comm syz.1.877: inode #15: comm syz.1.877: iget: illegal inode # [ 54.895014][ T5415] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 54.943160][ T5425] EXT4-fs (loop1): Remounting filesystem read-only [ 54.960602][ T5425] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.983280][ T5425] SELinux: (dev loop1, type ext2) getxattr errno 5 [ 54.990216][ T5425] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.005359][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.127738][ T5455] mmap: syz.5.889 (5455): VmData 29085696 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 55.256516][ T5464] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 55.387189][ T5473] SELinux: Context Ü is not valid (left unmapped). [ 55.443934][ T5477] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 55.504954][ T5485] block device autoloading is deprecated and will be removed. [ 55.513337][ T5485] syz.4.904: attempt to access beyond end of device [ 55.513337][ T5485] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 55.612654][ T5493] sd 0:0:1:0: device reset [ 55.656868][ T5505] netlink: 36 bytes leftover after parsing attributes in process `syz.0.912'. [ 55.691709][ T5503] loop3: detected capacity change from 0 to 128 [ 55.754436][ T5512] netlink: 8 bytes leftover after parsing attributes in process `syz.3.916'. [ 55.766075][ T5513] loop4: detected capacity change from 0 to 256 [ 55.772621][ T5513] vfat: Unknown parameter 'flu95' [ 56.118419][ T5557] netlink: 'syz.1.944': attribute type 10 has an invalid length. [ 56.134759][ T5557] veth1_macvtap: left promiscuous mode [ 56.260015][ T5566] loop1: detected capacity change from 0 to 512 [ 56.277661][ T5566] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 56.303265][ T5566] EXT4-fs (loop1): orphan cleanup on readonly fs [ 56.310069][ T5566] EXT4-fs error (device loop1): ext4_orphan_get:1415: comm syz.1.938: bad orphan inode 15 [ 56.321295][ T5566] ext4_test_bit(bit=14, block=18) = 1 [ 56.326741][ T5566] is_bad_inode(inode)=0 [ 56.330965][ T5566] NEXT_ORPHAN(inode)=1023 [ 56.334689][ T5570] netlink: 'syz.4.940': attribute type 1 has an invalid length. [ 56.335373][ T5566] max_ino=32 [ 56.346287][ T5566] i_nlink=0 [ 56.350671][ T5566] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2977: inode #15: comm syz.1.938: corrupted xattr block 19: e_value size too large [ 56.388748][ T5566] EXT4-fs warning (device loop1): ext4_evict_inode:276: xattr delete (err -117) [ 56.413998][ T5566] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 56.443434][ T5576] loop0: detected capacity change from 0 to 2048 [ 56.530464][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.642159][ T5607] loop0: detected capacity change from 0 to 512 [ 56.661379][ T5607] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.674436][ T5607] ext4 filesystem being mounted at /217/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.728188][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.859754][ T5632] loop3: detected capacity change from 0 to 512 [ 56.892806][ T5638] nfs4: Bad value for 'source' [ 56.899186][ T5632] EXT4-fs (loop3): orphan cleanup on readonly fs [ 56.921677][ T5641] SELinux: policydb version 1534894435 does not match my version range 15-34 [ 56.932444][ T5632] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.966: bg 0: block 248: padding at end of block bitmap is not set [ 56.972661][ T5641] SELinux: failed to load policy [ 56.997191][ T5632] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.966: Failed to acquire dquot type 1 [ 57.033324][ T5632] EXT4-fs (loop3): 1 truncate cleaned up [ 57.042751][ T5632] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 57.101156][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.229147][ T5669] hub 3-0:1.0: USB hub found [ 57.242534][ T5669] hub 3-0:1.0: 8 ports detected [ 57.289424][ T5675] tipc: Started in network mode [ 57.291689][ T5679] loop5: detected capacity change from 0 to 128 [ 57.294384][ T5675] tipc: Node identity ac1414aa, cluster identity 4711 [ 57.302455][ T5679] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 57.309061][ T5675] tipc: Enabled bearer , priority 10 [ 57.321134][ T5679] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 57.353512][ T50] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 57.496095][ T29] kauditd_printk_skb: 151 callbacks suppressed [ 57.496113][ T29] audit: type=1400 audit(1739402600.406:1117): avc: denied { create } for pid=5690 comm="syz.3.994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 57.533265][ T29] audit: type=1400 audit(1739402600.436:1118): avc: denied { read } for pid=5690 comm="syz.3.994" path="socket:[12555]" dev="sockfs" ino=12555 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 57.569962][ T29] audit: type=1400 audit(1739402600.476:1119): avc: denied { mount } for pid=5692 comm="syz.3.995" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 57.592081][ T29] audit: type=1400 audit(1739402600.476:1120): avc: denied { unmount } for pid=5692 comm="syz.3.995" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 57.666515][ T29] audit: type=1400 audit(1739402600.576:1121): avc: denied { ioctl } for pid=5702 comm="syz.3.1000" path="socket:[12585]" dev="sockfs" ino=12585 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 57.667125][ T5703] netlink: 'syz.3.1000': attribute type 1 has an invalid length. [ 57.724739][ T29] audit: type=1400 audit(1739402600.576:1122): avc: denied { ioctl } for pid=5702 comm="syz.3.1000" path="socket:[12586]" dev="sockfs" ino=12586 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 57.749690][ T29] audit: type=1400 audit(1739402600.626:1123): avc: denied { read } for pid=5700 comm="syz.4.999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 57.772508][ T29] audit: type=1326 audit(1739402600.656:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5705 comm="syz.3.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 57.796051][ T29] audit: type=1326 audit(1739402600.656:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5705 comm="syz.3.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 57.819542][ T29] audit: type=1326 audit(1739402600.656:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5705 comm="syz.3.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 57.878061][ T5715] loop1: detected capacity change from 0 to 512 [ 57.897506][ T5715] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.910564][ T5715] ext4 filesystem being mounted at /209/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.949059][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.160927][ T5749] SELinux: \ (5749) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 58.347578][ T5773] loop3: detected capacity change from 0 to 128 [ 58.369314][ T5773] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 58.386333][ T5773] ext4 filesystem being mounted at /229/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 58.424617][ T3376] tipc: Node number set to 2886997162 [ 58.607805][ T5824] __nla_validate_parse: 1 callbacks suppressed [ 58.607825][ T5824] netlink: 312 bytes leftover after parsing attributes in process `syz.4.1046'. [ 58.610737][ T5822] IPv6: NLM_F_CREATE should be specified when creating new route [ 58.653733][ T5831] loop4: detected capacity change from 0 to 256 [ 59.049889][ T5892] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1066'. [ 59.151098][ T5901] loop4: detected capacity change from 0 to 2048 [ 59.159053][ T5901] EXT4-fs: Ignoring removed nomblk_io_submit option [ 59.190059][ T5901] EXT4-fs error (device loop4): empty_inline_dir:1850: inode #12: block 5: comm syz.4.1071: bad entry in directory: directory entry overrun - offset=4, inode=13, rec_len=7952, size=60 fake=0 [ 59.225050][ T5901] EXT4-fs (loop4): Remounting filesystem read-only [ 59.231680][ T5901] EXT4-fs warning (device loop4): empty_inline_dir:1857: bad inline directory (dir #12) - inode 13, rec_len 7952, name_len 0inline size 60 [ 59.380775][ T5938] loop3: detected capacity change from 0 to 2048 [ 59.419947][ T5938] loop3: p2 p3 p7 [ 59.526876][ T5963] lo: entered promiscuous mode [ 59.531727][ T5963] lo: entered allmulticast mode [ 59.706977][ T5983] loop5: detected capacity change from 0 to 512 [ 59.743097][ T5983] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.795601][ T4641] EXT4-fs error (device loop5): ext4_readdir:261: inode #12: block 32: comm syz-executor: path /82/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 59.820110][ T4641] EXT4-fs (loop5): Remounting filesystem read-only [ 59.836449][ T6003] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1111'. [ 60.085850][ T6036] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1125'. [ 60.195193][ T6046] 9pnet_fd: Insufficient options for proto=fd [ 60.277501][ T6059] loop3: detected capacity change from 0 to 164 [ 60.539319][ T6085] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 60.551832][ T6086] loop4: detected capacity change from 0 to 1024 [ 60.576239][ T6086] EXT4-fs: Ignoring removed nobh option [ 60.581903][ T6086] EXT4-fs: Ignoring removed bh option [ 60.658068][ T6086] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4115: comm syz.4.1148: Allocating blocks 497-513 which overlap fs metadata [ 60.689653][ T6086] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4115: comm syz.4.1148: Allocating blocks 497-513 which overlap fs metadata [ 60.727473][ T6083] EXT4-fs (loop4): pa ffff888104e800e0: logic 32, phys. 177, len 21 [ 60.735584][ T6083] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5366: group 0, free 0, pa_free 1 [ 60.802682][ T6094] IPv6: Can't replace route, no match found [ 61.008218][ T6118] loop1: detected capacity change from 0 to 164 [ 61.206025][ T6139] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 61.269059][ T6149] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.1177'. [ 61.624347][ T6183] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1193'. [ 61.649114][ T6183] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1193'. [ 61.745838][ T6193] loop4: detected capacity change from 0 to 512 [ 61.797347][ T6193] ext4 filesystem being mounted at /320/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 61.887034][ T6207] Invalid ELF header magic: != ELF [ 62.012641][ T6224] loop4: detected capacity change from 0 to 1024 [ 62.101826][ T6234] loop4: detected capacity change from 0 to 512 [ 62.126716][ T6234] ext4 filesystem being mounted at /325/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 62.231867][ T6247] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1222'. [ 62.245469][ T6250] netlink: 'syz.4.1223': attribute type 3 has an invalid length. [ 62.263531][ T6247] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1222'. [ 62.358818][ T6264] loop3: detected capacity change from 0 to 2048 [ 62.558131][ T6290] loop4: detected capacity change from 0 to 128 [ 62.587140][ T29] kauditd_printk_skb: 416 callbacks suppressed [ 62.587156][ T29] audit: type=1400 audit(1739402605.496:1543): avc: denied { mount } for pid=6287 comm="syz.4.1240" name="/" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 62.651100][ T11] kworker/u8:0: attempt to access beyond end of device [ 62.651100][ T11] loop4: rw=1, sector=129, nr_sectors = 1 limit=128 [ 62.651514][ T29] audit: type=1400 audit(1739402605.556:1544): avc: denied { unmount } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 62.733493][ T29] audit: type=1400 audit(1739402605.636:1545): avc: denied { create } for pid=6297 comm="syz.3.1246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 62.767953][ T29] audit: type=1400 audit(1739402605.636:1546): avc: denied { setopt } for pid=6297 comm="syz.3.1246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 62.788723][ T6300] unsupported nla_type 52263 [ 62.813826][ T29] audit: type=1400 audit(1739402605.696:1547): avc: denied { write } for pid=6299 comm="syz.4.1244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 62.834092][ T29] audit: type=1400 audit(1739402605.696:1548): avc: denied { nlmsg_write } for pid=6299 comm="syz.4.1244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 62.854856][ T29] audit: type=1400 audit(1739402605.706:1549): avc: denied { tracepoint } for pid=6303 comm="syz.0.1248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 62.874759][ T29] audit: type=1400 audit(1739402605.716:1550): avc: denied { read } for pid=6303 comm="syz.0.1248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 62.903276][ T29] audit: type=1400 audit(1739402605.806:1551): avc: denied { mounton } for pid=6309 comm="syz.3.1251" path="/273/bus" dev="tmpfs" ino=1444 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 62.944214][ T29] audit: type=1400 audit(1739402605.846:1552): avc: denied { create } for pid=6311 comm="syz.0.1252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 63.095629][ T6331] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1262'. [ 63.108137][ T6331] netlink: 'syz.3.1262': attribute type 4 has an invalid length. [ 63.336786][ T6350] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0) [ 63.345462][ T6350] SELinux: failed to load policy [ 63.485075][ T6355] vhci_hcd: default hub control req: 1f0f v0303 i0005 l0 [ 63.513441][ T6357] loop1: detected capacity change from 0 to 512 [ 63.527406][ T6357] EXT4-fs warning (device loop1): ext4_enable_quotas:7145: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 63.542421][ T6357] EXT4-fs (loop1): mount failed [ 63.655595][ T6368] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 63.663370][ T6368] vhci_hcd: default hub control req: 2314 v0008 i0002 l0 [ 63.777251][ T6378] loop3: detected capacity change from 0 to 512 [ 63.807676][ T6378] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 248: padding at end of block bitmap is not set [ 63.853213][ T6378] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm +}[@: Failed to acquire dquot type 1 [ 63.890073][ T6378] EXT4-fs (loop3): 1 truncate cleaned up [ 63.906634][ T6378] ext4 filesystem being mounted at /281/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.247276][ T6418] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1302'. [ 64.264704][ T6418] 0ªX¹¦À: renamed from caif0 [ 64.283671][ T6418] 0ªX¹¦À: entered allmulticast mode [ 64.289148][ T6418] net_ratelimit: 3321 callbacks suppressed [ 64.289162][ T6418] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 64.311874][ T35] kernel write not supported for file /snd/seq (pid: 35 comm: kworker/1:1) [ 64.409504][ T6427] syz_tun: entered promiscuous mode [ 64.415964][ T6427] batadv_slave_0: entered promiscuous mode [ 64.432160][ T6427] syz_tun: left promiscuous mode [ 64.442569][ T6427] batadv_slave_0: left promiscuous mode [ 64.456793][ T6433] netlink: 'syz.4.1309': attribute type 1 has an invalid length. [ 64.464729][ T6433] netlink: 'syz.4.1309': attribute type 2 has an invalid length. [ 64.474204][ T6433] netlink: 'syz.4.1309': attribute type 1 has an invalid length. [ 64.482029][ T6433] netlink: 'syz.4.1309': attribute type 2 has an invalid length. [ 64.526788][ T6437] loop3: detected capacity change from 0 to 512 [ 64.568396][ T6437] EXT4-fs warning (device loop3): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 64.586054][ T6446] raw_sendmsg: syz.4.1315 forgot to set AF_INET. Fix it! [ 64.598027][ T6437] EXT4-fs (loop3): mount failed [ 64.650326][ T6452] loop4: detected capacity change from 0 to 512 [ 64.667867][ T6452] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 64.700360][ T6452] EXT4-fs (loop4): 1 truncate cleaned up [ 64.856185][ T6479] SELinux: syz.4.1330 (6479) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 65.087015][ T6511] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1337'. [ 65.105296][ T6500] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1337'. [ 65.223819][ T6527] netlink: 4796 bytes leftover after parsing attributes in process `+}[@'. [ 65.233413][ T6527] netlink: 4796 bytes leftover after parsing attributes in process `+}[@'. [ 65.578715][ T6565] loop3: detected capacity change from 0 to 1024 [ 65.585574][ T6565] EXT4-fs: Ignoring removed oldalloc option [ 65.692747][ T6575] loop1: detected capacity change from 0 to 512 [ 65.709056][ T6575] EXT4-fs warning (device loop1): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 65.740281][ T6575] EXT4-fs (loop1): mount failed [ 65.798940][ T6586] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1372'. [ 65.834996][ T6581] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1372'. [ 66.213895][ T6613] loop1: detected capacity change from 0 to 164 [ 66.223016][ T6613] Unable to read rock-ridge attributes [ 66.239471][ T6613] Unable to read rock-ridge attributes [ 66.630239][ T6661] netlink: 'syz.3.1410': attribute type 3 has an invalid length. [ 66.641690][ T6660] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1411'. [ 66.671940][ T6670] atomic_op ffff888118181128 conn xmit_atomic 0000000000000000 [ 66.775756][ T6681] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1420'. [ 67.014051][ T6707] pim6reg: entered allmulticast mode [ 67.021384][ T6703] xt_hashlimit: max too large, truncated to 1048576 [ 67.046010][ T6707] pim6reg: left allmulticast mode [ 67.157261][ T6722] loop1: detected capacity change from 0 to 512 [ 67.175079][ T6722] EXT4-fs error (device loop1): ext4_orphan_get:1415: comm syz.1.1438: bad orphan inode 15 [ 67.196311][ T6722] ext4_test_bit(bit=14, block=18) = 1 [ 67.201745][ T6722] is_bad_inode(inode)=0 [ 67.205962][ T6722] NEXT_ORPHAN(inode)=1023 [ 67.210370][ T6722] max_ino=32 [ 67.213641][ T6722] i_nlink=0 [ 67.223341][ T6722] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2977: inode #15: comm syz.1.1438: corrupted xattr block 19: bad e_name length [ 67.241145][ T6722] EXT4-fs warning (device loop1): ext4_evict_inode:276: xattr delete (err -117) [ 67.250992][ T6722] ext4 filesystem being mounted at /298/éq‰Y’3aK supports timestamps until 2038-01-19 (0x7fffffff) [ 67.411051][ T6749] SELinux: policydb version 0 does not match my version range 15-34 [ 67.426798][ T6749] SELinux: failed to load policy [ 67.873586][ T29] kauditd_printk_skb: 184 callbacks suppressed [ 67.873600][ T29] audit: type=1400 audit(1739402866.775:1734): avc: denied { bind } for pid=6779 comm="syz.1.1463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 68.034325][ T6788] Cannot find add_set index 4 as target [ 68.094146][ T6792] syzkaller1: entered promiscuous mode [ 68.099702][ T6792] syzkaller1: entered allmulticast mode [ 68.244814][ T29] audit: type=1400 audit(1739402867.155:1735): avc: denied { read } for pid=6799 comm="syz.1.1472" name="file0" dev="tmpfs" ino=1628 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 68.490274][ T29] audit: type=1400 audit(1739402867.395:1736): avc: denied { write } for pid=6812 comm="syz.1.1478" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 68.514056][ T29] audit: type=1400 audit(1739402867.395:1737): avc: denied { open } for pid=6812 comm="syz.1.1478" path="/dev/sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 68.544586][ T6813] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in; [ 68.544586][ T6813] program syz.1.1478 not setting count and/or reply_len properly [ 68.582552][ T6816] lo: entered promiscuous mode [ 68.587428][ T6816] lo: entered allmulticast mode [ 68.636151][ T29] audit: type=1400 audit(1739402867.445:1738): avc: denied { ioctl } for pid=6812 comm="syz.1.1478" path="/dev/sg0" dev="devtmpfs" ino=137 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 68.694652][ T6824] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1483'. [ 68.771521][ T29] audit: type=1326 audit(1739402867.675:1739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6832 comm="syz.3.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 68.824407][ T29] audit: type=1326 audit(1739402867.685:1740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6832 comm="syz.3.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 68.847943][ T29] audit: type=1326 audit(1739402867.685:1741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6832 comm="syz.3.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 68.923547][ T29] audit: type=1326 audit(1739402867.745:1742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6832 comm="syz.3.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c2a68cde9 code=0x7ffc0000 [ 68.956432][ T29] audit: type=1400 audit(1739402867.865:1743): avc: denied { read } for pid=6844 comm="syz.3.1492" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 69.001227][ T6848] loop3: detected capacity change from 0 to 1024 [ 69.019303][ T6848] ext4 filesystem being mounted at /339/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.264924][ T6875] loop4: detected capacity change from 0 to 512 [ 69.272908][ T6875] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.1504: corrupted in-inode xattr: invalid ea_ino [ 69.287684][ T6875] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.1504: couldn't read orphan inode 15 (err -117) [ 69.595279][ T6902] SELinux: ebitmap start bit (5259586) is not a multiple of the map unit size (64) [ 69.605636][ T6902] SELinux: failed to load policy [ 69.687007][ T6911] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=6911 comm=syz.1.1520 [ 69.699610][ T6911] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=6911 comm=syz.1.1520 [ 70.150474][ T6952] __nla_validate_parse: 3 callbacks suppressed [ 70.150493][ T6952] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1538'. [ 70.188017][ T6956] capability: warning: `syz.4.1539' uses 32-bit capabilities (legacy support in use) [ 70.347779][ T6966] loop4: detected capacity change from 0 to 512 [ 70.366750][ T6966] EXT4-fs (loop4): too many log groups per flexible block group [ 70.374467][ T6966] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 70.387678][ T6966] EXT4-fs (loop4): mount failed [ 70.403213][ T6972] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0) [ 70.423822][ T6972] SELinux: failed to load policy [ 70.522680][ T6981] netlink: '+}[@': attribute type 1 has an invalid length. [ 70.565166][ T6983] xt_CT: You must specify a L4 protocol and not use inversions on it [ 70.629427][ T6991] netlink: 'syz.0.1555': attribute type 3 has an invalid length. [ 70.871697][ T7014] IPVS: sync thread started: state = MASTER, mcast_ifn = wg1, syncid = 262145, id = 0 [ 70.898906][ T7016] netlink: 'syz.0.1565': attribute type 29 has an invalid length. [ 70.908139][ T7016] netlink: 'syz.0.1565': attribute type 29 has an invalid length. [ 70.918076][ T7016] netlink: 508 bytes leftover after parsing attributes in process `syz.0.1565'. [ 71.019799][ T7024] loop1: detected capacity change from 0 to 1024 [ 71.027270][ T7024] EXT4-fs: Ignoring removed bh option [ 71.058397][ T7024] EXT4-fs mount: 26 callbacks suppressed [ 71.058412][ T7024] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 71.131090][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 71.152410][ T7036] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1573'. [ 71.344075][ T7056] hub 9-0:1.0: USB hub found [ 71.369495][ T7056] hub 9-0:1.0: 8 ports detected [ 71.394060][ T7040] loop3: detected capacity change from 0 to 512 [ 71.417118][ T7040] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.1575: Failed to acquire dquot type 1 [ 71.433616][ T7040] EXT4-fs (loop3): 1 truncate cleaned up [ 71.442801][ T7040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.464692][ T7040] ext4 filesystem being mounted at /347/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.037600][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.106199][ T7083] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1593'. [ 72.451234][ T7116] loop1: detected capacity change from 0 to 2048 [ 72.475281][ T7116] loop1: p2 < > p3 p4 < > [ 72.480968][ T7116] loop1: p3 start 4278191618 is beyond EOD, truncated [ 72.536716][ T7124] SELinux: failed to load policy [ 72.724790][ T7145] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1621'. [ 72.733845][ T7145] netlink: 'syz.4.1621': attribute type 7 has an invalid length. [ 72.741629][ T7145] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1621'. [ 72.904047][ T29] kauditd_printk_skb: 116 callbacks suppressed [ 72.904067][ T29] audit: type=1400 audit(1739402871.805:1858): avc: denied { read write } for pid=7160 comm="syz.4.1629" name="uhid" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 72.955634][ T29] audit: type=1400 audit(1739402871.805:1859): avc: denied { open } for pid=7160 comm="syz.4.1629" path="/dev/uhid" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 73.011440][ T7169] netlink: 'syz.1.1633': attribute type 29 has an invalid length. [ 73.021599][ T7169] netlink: 'syz.1.1633': attribute type 29 has an invalid length. [ 73.030589][ T7169] netlink: 508 bytes leftover after parsing attributes in process `syz.1.1633'. [ 73.079666][ T29] audit: type=1400 audit(1739402871.985:1860): avc: denied { mount } for pid=7174 comm="syz.4.1636" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 73.166563][ T7182] netlink: 'syz.4.1639': attribute type 3 has an invalid length. [ 73.252148][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4 [ 73.260002][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2 [ 73.281703][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.289480][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.297171][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.304973][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.312640][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.320393][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.328185][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.335909][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.343652][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.351334][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.359008][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.366791][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.374451][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.382143][ T3354] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 73.415130][ T3354] hid-generic 0000:3000000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 73.417929][ T7194] batadv_slave_1: entered promiscuous mode [ 73.449031][ T7193] batadv_slave_1: left promiscuous mode [ 73.503841][ T29] audit: type=1400 audit(1739402872.405:1861): avc: denied { mount } for pid=7204 comm="syz.4.1649" name="/" dev="configfs" ino=1559 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 73.567632][ T29] audit: type=1400 audit(1739402872.475:1862): avc: denied { unmount } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 73.606371][ T7213] loop1: detected capacity change from 0 to 512 [ 73.622483][ T7213] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 73.642553][ T7219] loop3: detected capacity change from 0 to 2048 [ 73.652089][ T7219] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 73.662010][ T7219] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 73.677591][ T7213] EXT4-fs (loop1): 1 truncate cleaned up [ 73.683745][ T7213] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.685428][ T29] audit: type=1326 audit(1739402872.595:1863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7221 comm="syz.4.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002612cde9 code=0x7ffc0000 [ 73.719322][ T29] audit: type=1326 audit(1739402872.595:1864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7221 comm="syz.4.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002612cde9 code=0x7ffc0000 [ 73.744520][ T29] audit: type=1326 audit(1739402872.605:1865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7221 comm="syz.4.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f002612cde9 code=0x7ffc0000 [ 73.756357][ T7219] EXT4-fs (loop3): failed to initialize system zone (-117) [ 73.768141][ T29] audit: type=1326 audit(1739402872.605:1866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7221 comm="syz.4.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002612cde9 code=0x7ffc0000 [ 73.798893][ T29] audit: type=1326 audit(1739402872.605:1867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7221 comm="syz.4.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f002612cde9 code=0x7ffc0000 [ 73.822584][ T7219] EXT4-fs (loop3): mount failed [ 73.851919][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.969043][ T7241] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1664'. [ 74.028892][ T7245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 74.113247][ T7245] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 74.348437][ T7270] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1679'. [ 74.583891][ T7286] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1686'. [ 74.735014][ T7298] loop3: detected capacity change from 0 to 512 [ 74.762665][ T7298] EXT4-fs error (device loop3): ext4_orphan_get:1389: inode #15: comm syz.3.1693: casefold flag without casefold feature [ 74.776773][ T7304] Cannot find add_set index 4 as target [ 74.795196][ T7298] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.1693: couldn't read orphan inode 15 (err -117) [ 74.816857][ T7298] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.894125][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.006876][ T4641] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.020900][ T11] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.034298][ T7338] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 75.042596][ T7338] SELinux: failed to load policy [ 75.092817][ T11] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.150078][ T11] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.214265][ T11] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.266742][ T7312] chnl_net:caif_netlink_parms(): no params data found [ 75.373734][ T7376] loop1: detected capacity change from 0 to 2048 [ 75.375965][ T7385] __nla_validate_parse: 1 callbacks suppressed [ 75.375983][ T7385] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1728'. [ 75.395786][ T7378] wireguard0: entered promiscuous mode [ 75.401299][ T7378] wireguard0: entered allmulticast mode [ 75.410717][ T7376] EXT4-fs error (device loop1): ext4_orphan_get:1415: comm syz.1.1724: bad orphan inode 8192 [ 75.423377][ T7376] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.457282][ T7385] ipvlan2: entered promiscuous mode [ 75.465626][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.483346][ T11] bridge_slave_1: left allmulticast mode [ 75.489100][ T11] bridge_slave_1: left promiscuous mode [ 75.494894][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.505855][ T11] bridge_slave_0: left allmulticast mode [ 75.511553][ T11] bridge_slave_0: left promiscuous mode [ 75.517352][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.616925][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 75.626972][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 75.636558][ T11] bond0 (unregistering): Released all slaves [ 75.655429][ T7397] (unnamed net_device) (uninitialized): ARP target 242.255.255.255 is already present [ 75.665123][ T7397] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (4294967282) [ 75.684614][ T7312] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.691738][ T7312] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.712865][ T7312] bridge_slave_0: entered allmulticast mode [ 75.720712][ T7312] bridge_slave_0: entered promiscuous mode [ 75.749663][ T11] hsr_slave_0: left promiscuous mode [ 75.765564][ T11] hsr_slave_1: left promiscuous mode [ 75.776328][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 75.783831][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 75.793470][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.801255][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 75.847695][ T11] veth1_macvtap: left promiscuous mode [ 75.865074][ T11] veth0_macvtap: left promiscuous mode [ 75.870675][ T11] veth1_vlan: left promiscuous mode [ 75.876085][ T11] veth0_vlan: left promiscuous mode [ 75.929958][ T7428] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1744'. [ 75.959835][ T11] team0 (unregistering): Port device team_slave_1 removed [ 75.970545][ T11] team0 (unregistering): Port device team_slave_0 removed [ 76.006919][ T7312] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.014129][ T7312] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.021484][ T7312] bridge_slave_1: entered allmulticast mode [ 76.029482][ T7312] bridge_slave_1: entered promiscuous mode [ 76.063967][ T7312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.087136][ T7312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.113647][ T7312] team0: Port device team_slave_0 added [ 76.123954][ T7312] team0: Port device team_slave_1 added [ 76.153040][ T7312] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.160113][ T7312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.186138][ T7312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.221649][ T7312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.228743][ T7312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.254915][ T7312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.317030][ T7312] hsr_slave_0: entered promiscuous mode [ 76.323143][ T7312] hsr_slave_1: entered promiscuous mode [ 76.327346][ T7459] loop3: detected capacity change from 0 to 512 [ 76.329671][ T7312] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.336698][ T7459] EXT4-fs: Ignoring removed nobh option [ 76.349417][ T7312] Cannot create hsr debugfs directory [ 76.374132][ T7459] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.393712][ T7459] ext4 filesystem being mounted at /386/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 76.429167][ T7459] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1761: bg 0: block 224: padding at end of block bitmap is not set [ 76.444246][ T7459] EXT4-fs (loop3): Remounting filesystem read-only [ 76.462583][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.493974][ T7312] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 76.504232][ T7312] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 76.513675][ T7312] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 76.524151][ T7312] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 76.549392][ T7479] loop4: detected capacity change from 0 to 2048 [ 76.574905][ T7312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.586019][ T7479] loop4: p1 < > p4 [ 76.587355][ T7312] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.596730][ T7479] loop4: p4 size 8388608 extends beyond EOD, truncated [ 76.616783][ T5923] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.624011][ T5923] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.652309][ T5923] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.659536][ T5923] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.758423][ T7496] loop4: detected capacity change from 0 to 512 [ 76.776982][ T7496] EXT4-fs (loop4): too many log groups per flexible block group [ 76.784890][ T7496] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 76.790976][ T7312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.800223][ T7496] EXT4-fs (loop4): mount failed [ 76.829474][ T7496] 9pnet: Could not find request transport: 0xffffffffffffffff [ 76.892480][ T7513] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1777'. [ 76.941717][ T7312] veth0_vlan: entered promiscuous mode [ 76.951197][ T7312] veth1_vlan: entered promiscuous mode [ 76.970541][ T7312] veth0_macvtap: entered promiscuous mode [ 76.979841][ T7312] veth1_macvtap: entered promiscuous mode [ 76.991000][ T7312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.001709][ T7312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.011639][ T7312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.022124][ T7312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.032021][ T7312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.042495][ T7312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.052526][ T7312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.062999][ T7312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.074765][ T7312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.083161][ T7312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.093847][ T7312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.103746][ T7312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.114412][ T7312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.124455][ T7312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.134975][ T7312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.144830][ T7312] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.155303][ T7312] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.166259][ T7312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.174066][ T7528] loop3: detected capacity change from 0 to 1024 [ 77.181694][ T7312] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.190563][ T7312] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.194461][ T7528] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 77.199547][ T7312] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.212382][ T7528] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.1782: Invalid block bitmap block 0 in block_group 0 [ 77.218553][ T7312] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.241324][ T7528] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.1782: Failed to acquire dquot type 0 [ 77.253733][ T7528] EXT4-fs error (device loop3): ext4_free_blocks:6589: comm syz.3.1782: Freeing blocks not in datazone - block = 0, count = 4096 [ 77.271014][ T7528] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.1782: Invalid inode bitmap blk 0 in block_group 0 [ 77.289828][ T7528] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 77.301234][ T5921] EXT4-fs error (device loop3): ext4_release_dquot:6950: comm kworker/u8:61: Failed to release dquot type 0 [ 77.304737][ T7528] EXT4-fs (loop3): 1 orphan inode deleted [ 77.319044][ T7528] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.344972][ T7536] loop1: detected capacity change from 0 to 512 [ 77.351768][ T7536] EXT4-fs: Ignoring removed orlov option [ 77.363904][ T7536] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 77.378310][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.382846][ T7536] EXT4-fs (loop1): orphan cleanup on readonly fs [ 77.395481][ T7536] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1785: bg 0: block 248: padding at end of block bitmap is not set [ 77.410736][ T7536] EXT4-fs error (device loop1): ext4_acquire_dquot:6927: comm syz.1.1785: Failed to acquire dquot type 1 [ 77.424116][ T7536] EXT4-fs (loop1): 1 truncate cleaned up [ 77.430658][ T7536] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 77.432014][ C0] hrtimer: interrupt took 25012 ns [ 77.450412][ T7536] EXT4-fs: Ignoring removed orlov option [ 77.459027][ T7536] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 77.467757][ T7536] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 77.485486][ T7536] EXT4-fs error (device loop1): __ext4_remount:6738: comm syz.1.1785: Abort forced by user [ 77.497219][ T7536] EXT4-fs (loop1): Remounting filesystem read-only [ 77.503760][ T7536] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 77.514391][ T7536] ext4 filesystem being remounted at /383/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 77.537573][ T7550] loop6: detected capacity change from 0 to 512 [ 77.544923][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.556857][ T7550] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.570166][ T7550] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.614985][ T7558] SELinux: policydb table sizes (0,0) do not match mine (6,7) [ 77.622706][ T7558] SELinux: failed to load policy [ 77.665785][ T7312] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.700561][ T7569] loop1: detected capacity change from 0 to 512 [ 77.707551][ T7569] EXT4-fs: Ignoring removed orlov option [ 77.734183][ T7569] EXT4-fs error (device loop1): ext4_ext_check_inode:524: inode #15: comm syz.1.1797: pblk 0 bad header/extent: invalid magic - magic 7973, entries 1402, max 27648(0), depth 25964(25964) [ 77.760825][ T7569] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.1797: couldn't read orphan inode 15 (err -117) [ 77.786937][ T7569] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.823944][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.936657][ T29] kauditd_printk_skb: 120 callbacks suppressed [ 77.936674][ T29] audit: type=1400 audit(1739402876.845:1981): avc: denied { create } for pid=7604 comm="syz.1.1813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 77.939562][ T7606] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1813'. [ 77.942968][ T29] audit: type=1400 audit(1739402876.845:1982): avc: denied { write } for pid=7604 comm="syz.1.1813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 77.967697][ T7606] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 77.972316][ T29] audit: type=1400 audit(1739402876.845:1983): avc: denied { read } for pid=7604 comm="syz.1.1813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 78.025351][ T29] audit: type=1400 audit(1739402876.915:1984): avc: denied { create } for pid=7603 comm="syz.6.1815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 78.045151][ T29] audit: type=1400 audit(1739402876.915:1985): avc: denied { connect } for pid=7603 comm="syz.6.1815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 78.088349][ T7614] netlink: 'syz.6.1817': attribute type 9 has an invalid length. [ 78.096252][ T7614] netlink: 61951 bytes leftover after parsing attributes in process `syz.6.1817'. [ 78.107093][ T7608] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1814'. [ 78.135093][ T7608] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1814'. [ 78.150988][ T29] audit: type=1400 audit(1739402876.965:1986): avc: denied { read } for pid=7607 comm="syz.4.1814" dev="nsfs" ino=4026532477 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 78.172256][ T29] audit: type=1400 audit(1739402876.965:1987): avc: denied { open } for pid=7607 comm="syz.4.1814" path="net:[4026532477]" dev="nsfs" ino=4026532477 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 78.195664][ T29] audit: type=1400 audit(1739402876.965:1988): avc: denied { ioctl } for pid=7607 comm="syz.4.1814" path="socket:[17826]" dev="sockfs" ino=17826 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 78.221538][ T29] audit: type=1400 audit(1739402876.995:1989): avc: denied { create } for pid=7612 comm="syz.1.1818" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 78.243192][ T29] audit: type=1400 audit(1739402876.995:1990): avc: denied { map } for pid=7612 comm="syz.1.1818" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=18809 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 78.330095][ T7629] loop3: detected capacity change from 0 to 1024 [ 78.347447][ T7629] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.347589][ T7619] sd 0:0:1:0: device reset [ 78.366119][ T7629] ext4 filesystem being mounted at /397/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 78.392308][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.437247][ T7645] loop6: detected capacity change from 0 to 512 [ 78.451513][ T7645] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.1833: bg 0: block 35: padding at end of block bitmap is not set [ 78.468470][ T7645] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 78.492969][ T7645] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #13: comm syz.6.1833: invalid indirect mapped block 4294967295 (level 1) [ 78.531777][ T7645] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #13: comm syz.6.1833: invalid indirect mapped block 4294967295 (level 2) [ 78.548439][ T7645] EXT4-fs (loop6): 1 truncate cleaned up [ 78.554778][ T7645] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.609809][ T7664] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1840'. [ 78.640285][ T7666] sctp: [Deprecated]: syz.1.1841 (pid 7666) Use of int in max_burst socket option. [ 78.640285][ T7666] Use struct sctp_assoc_value instead [ 78.698090][ T7312] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.802064][ T7692] netlink: 'syz.6.1853': attribute type 1 has an invalid length. [ 78.809855][ T7692] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1853'. [ 78.850883][ T7699] rdma_op ffff888117164180 conn xmit_rdma 0000000000000000 [ 78.866751][ T7701] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1857'. [ 78.891729][ T7706] loop1: detected capacity change from 0 to 128 [ 78.901902][ T7708] SELinux: syz.3.1860 (7708) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 79.097101][ T7727] netlink: 'syz.6.1869': attribute type 13 has an invalid length. [ 79.126233][ T7727] gretap0: refused to change device tx_queue_len [ 79.137408][ T7732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 79.146532][ T7727] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 79.147974][ T7732] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 79.311523][ T7747] loop3: detected capacity change from 0 to 164 [ 79.318735][ T7747] Unable to read rock-ridge attributes [ 79.326283][ T7747] Unable to read rock-ridge attributes [ 79.452659][ T7762] dvmrp0: entered allmulticast mode [ 79.459770][ T7762] dvmrp0: left allmulticast mode [ 79.710273][ T7789] netlink: 'syz.3.1897': attribute type 2 has an invalid length. [ 79.731648][ T7791] loop1: detected capacity change from 0 to 1024 [ 79.740631][ T7766] vhci_hcd: default hub control req: 0000 v0000 i0000 l0 [ 79.755233][ T7791] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 79.849725][ T7791] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.1896: Invalid block bitmap block 0 in block_group 0 [ 79.883629][ T7791] EXT4-fs error (device loop1): ext4_acquire_dquot:6927: comm syz.1.1896: Failed to acquire dquot type 0 [ 79.895697][ T7791] EXT4-fs error (device loop1): ext4_free_blocks:6589: comm syz.1.1896: Freeing blocks not in datazone - block = 0, count = 4096 [ 79.910999][ T7791] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.1896: Invalid inode bitmap blk 0 in block_group 0 [ 79.923860][ T5923] EXT4-fs error (device loop1): ext4_release_dquot:6950: comm kworker/u8:62: Failed to release dquot type 0 [ 79.935642][ T7791] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem [ 79.944309][ T7791] EXT4-fs (loop1): 1 orphan inode deleted [ 79.950576][ T7791] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.985951][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.088175][ T7818] atomic_op ffff888116e54928 conn xmit_atomic 0000000000000000 [ 80.142197][ T7824] loop1: detected capacity change from 0 to 1024 [ 80.151404][ T7826] geneve0: entered allmulticast mode [ 80.178572][ T7824] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.207088][ T7824] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 80.228952][ T7833] loop4: detected capacity change from 0 to 1024 [ 80.239591][ T7833] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 80.263780][ T7824] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 80.276082][ T7824] EXT4-fs (loop1): This should not happen!! Data will be lost [ 80.276082][ T7824] [ 80.285834][ T7824] EXT4-fs (loop1): Total free blocks count 0 [ 80.291838][ T7824] EXT4-fs (loop1): Free/Dirty block details [ 80.292646][ T7833] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.1915: Invalid block bitmap block 0 in block_group 0 [ 80.297899][ T7824] EXT4-fs (loop1): free_blocks=68451041280 [ 80.313875][ T7833] EXT4-fs error (device loop4): ext4_acquire_dquot:6927: comm syz.4.1915: Failed to acquire dquot type 0 [ 80.317177][ T7824] EXT4-fs (loop1): dirty_blocks=16 [ 80.317193][ T7824] EXT4-fs (loop1): Block reservation details [ 80.330349][ T7833] EXT4-fs error (device loop4): ext4_free_blocks:6589: comm syz.4.1915: Freeing blocks not in datazone - block = 0, count = 4096 [ 80.333530][ T7824] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 80.361151][ T7833] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.1915: Invalid inode bitmap blk 0 in block_group 0 [ 80.377022][ T7833] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 80.385688][ T5816] EXT4-fs error (device loop4): ext4_release_dquot:6950: comm kworker/u8:25: Failed to release dquot type 0 [ 80.411627][ T7833] EXT4-fs (loop4): 1 orphan inode deleted [ 80.420151][ T7833] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.452527][ T5816] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 80.505298][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.643255][ T7868] loop3: detected capacity change from 0 to 256 [ 80.694235][ T7877] loop6: detected capacity change from 0 to 1024 [ 80.713664][ T7877] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 80.738960][ T7881] sd 0:0:1:0: device reset [ 80.739113][ T7877] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.1934: Invalid block bitmap block 0 in block_group 0 [ 80.776475][ T7877] EXT4-fs error (device loop6): ext4_acquire_dquot:6927: comm syz.6.1934: Failed to acquire dquot type 0 [ 80.809571][ T7877] EXT4-fs error (device loop6): ext4_free_blocks:6589: comm syz.6.1934: Freeing blocks not in datazone - block = 0, count = 4096 [ 80.836222][ T7877] EXT4-fs error (device loop6): ext4_read_inode_bitmap:139: comm syz.6.1934: Invalid inode bitmap blk 0 in block_group 0 [ 80.852689][ T7877] EXT4-fs error (device loop6) in ext4_free_inode:361: Corrupt filesystem [ 80.861407][ T5921] EXT4-fs error (device loop6): ext4_release_dquot:6950: comm kworker/u8:61: Failed to release dquot type 0 [ 80.873510][ T7877] EXT4-fs (loop6): 1 orphan inode deleted [ 80.879660][ T7877] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.939565][ T7312] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.981243][ T7896] geneve0: left allmulticast mode [ 81.009597][ T7900] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=7900 comm=syz.6.1943 [ 81.022187][ T7900] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=7900 comm=syz.6.1943 [ 81.092750][ T7906] SELinux: security_context_str_to_sid ({ÿ) failed with errno=-22 [ 81.189487][ T7925] netlink: 'syz.3.1957': attribute type 4 has an invalid length. [ 81.197345][ T7925] __nla_validate_parse: 1 callbacks suppressed [ 81.197357][ T7925] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.1957'. [ 81.338224][ T7949] SELinux: Context system_u:object_r:net_conf_t:s0 is not valid (left unmapped). [ 81.508962][ T7974] loop3: detected capacity change from 0 to 512 [ 81.516478][ T7974] EXT4-fs: Ignoring removed orlov option [ 81.526427][ T7974] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 81.537977][ T7974] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it [ 81.548115][ T7974] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.1982: Corrupt directory, running e2fsck is recommended [ 81.578418][ T7974] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 81.587042][ T7974] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.1982: corrupted in-inode xattr: invalid ea_ino [ 81.602199][ T7974] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.1982: couldn't read orphan inode 15 (err -117) [ 81.615097][ T7974] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.651281][ T7974] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 81.676654][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.719033][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4 [ 81.727101][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2 [ 81.735329][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.743018][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.750802][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.758620][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.766661][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.774794][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.782655][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.790460][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.798252][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.805990][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.813668][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.821436][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.829380][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.837078][ T3376] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 81.853343][ T3376] hid-generic 0000:3000000:0000.0003: hidraw0: HID v0.00 Device [sy] on syz0 [ 81.996921][ T8015] netlink: 64859 bytes leftover after parsing attributes in process `syz.0.2000'. [ 82.006742][ T8016] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2001'. [ 82.015874][ T8016] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2001'. [ 82.025118][ T8016] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2001'. [ 82.056902][ T8020] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2003'. [ 82.323232][ T8049] netlink: 'syz.1.2016': attribute type 21 has an invalid length. [ 82.335305][ T8051] SELinux: policydb version 0 does not match my version range 15-34 [ 82.343446][ T8051] SELinux: failed to load policy [ 82.574009][ T8093] vhci_hcd: default hub control req: 800c v0000 i0000 l0 [ 82.606371][ T8097] loop6: detected capacity change from 0 to 512 [ 82.619106][ T8097] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.632504][ T8097] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.704786][ T7312] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.717613][ T8116] loop3: detected capacity change from 0 to 164 [ 82.850212][ T8141] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2060'. [ 82.990028][ T29] kauditd_printk_skb: 153 callbacks suppressed [ 82.990044][ T29] audit: type=1326 audit(1739402881.895:2135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8161 comm="syz.3.2070" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0c2a68cde9 code=0x0 [ 83.102502][ T8178] netlink: 12 bytes leftover after parsing attributes in process `\'. [ 83.195376][ T29] audit: type=1326 audit(1739402882.105:2136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8183 comm="syz.6.2078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 83.218882][ T29] audit: type=1326 audit(1739402882.105:2137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8183 comm="syz.6.2078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 83.242561][ T29] audit: type=1326 audit(1739402882.105:2138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8183 comm="syz.6.2078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 83.266304][ T29] audit: type=1326 audit(1739402882.105:2139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8183 comm="syz.6.2078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 83.290057][ T29] audit: type=1326 audit(1739402882.105:2140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8183 comm="syz.6.2078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 83.313507][ T29] audit: type=1326 audit(1739402882.105:2141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8183 comm="syz.6.2078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 83.337109][ T29] audit: type=1326 audit(1739402882.105:2142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8183 comm="syz.6.2078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 83.360721][ T29] audit: type=1326 audit(1739402882.205:2143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8183 comm="syz.6.2078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 83.384218][ T29] audit: type=1326 audit(1739402882.205:2144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8183 comm="syz.6.2078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 83.404057][ T8186] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2079'. [ 83.416808][ T8188] loop6: detected capacity change from 0 to 128 [ 83.426641][ T8188] FAT-fs (loop6): Directory bread(block 32) failed [ 83.433167][ T8188] FAT-fs (loop6): Directory bread(block 33) failed [ 83.439784][ T8188] FAT-fs (loop6): Directory bread(block 34) failed [ 83.446472][ T8188] FAT-fs (loop6): Directory bread(block 35) failed [ 83.452995][ T8188] FAT-fs (loop6): Directory bread(block 36) failed [ 83.459606][ T8188] FAT-fs (loop6): Directory bread(block 37) failed [ 83.466161][ T8188] FAT-fs (loop6): Directory bread(block 38) failed [ 83.472713][ T8188] FAT-fs (loop6): Directory bread(block 39) failed [ 83.479282][ T8188] FAT-fs (loop6): Directory bread(block 40) failed [ 83.486438][ T8188] FAT-fs (loop6): Directory bread(block 41) failed [ 83.611846][ T8205] binfmt_misc: register: failed to install interpreter file ./file2 [ 83.667081][ T8213] loop1: detected capacity change from 0 to 256 [ 83.674047][ T8213] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 83.686797][ T8213] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 83.738823][ T8224] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2097'. [ 83.863340][ T8242] syzkaller1: entered promiscuous mode [ 83.868886][ T8242] syzkaller1: entered allmulticast mode [ 83.899206][ T8250] loop4: detected capacity change from 0 to 128 [ 83.991292][ T3376] kernel write not supported for file /snd/seq (pid: 3376 comm: kworker/0:4) [ 84.118527][ T8281] loop4: detected capacity change from 0 to 736 [ 84.162782][ T8287] loop1: detected capacity change from 0 to 1024 [ 84.182431][ T8287] EXT4-fs: Ignoring removed orlov option [ 84.208729][ T8287] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.258516][ T3300] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.437779][ T8320] netlink: 'syz.3.2142': attribute type 1 has an invalid length. [ 84.505874][ T8330] vlan2: entered promiscuous mode [ 84.511033][ T8330] hsr0: entered promiscuous mode [ 84.559185][ T8337] bridge0: port 3(macvlan2) entered blocking state [ 84.566004][ T8337] bridge0: port 3(macvlan2) entered disabled state [ 84.576624][ T8337] macvlan2: entered allmulticast mode [ 84.582469][ T8337] macvlan2: left allmulticast mode [ 84.621743][ T8340] infiniband syz!: set active [ 84.626505][ T8340] infiniband syz!: added team_slave_0 [ 84.638039][ T8340] RDS/IB: syz!: added [ 84.642189][ T8340] smc: adding ib device syz! with port count 1 [ 84.649621][ T8340] smc: ib device syz! port 1 has pnetid [ 85.310688][ T8385] netlink: 'syz.0.2171': attribute type 3 has an invalid length. [ 85.596833][ T8423] SELinux: security_context_str_to_sid (u) failed with errno=-22 [ 85.654384][ T8425] loop3: detected capacity change from 0 to 1024 [ 85.671097][ T8429] block device autoloading is deprecated and will be removed. [ 85.686001][ T8429] syz.6.2194: attempt to access beyond end of device [ 85.686001][ T8429] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 85.705744][ T8425] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 85.733802][ T8425] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.2191: Invalid block bitmap block 0 in block_group 0 [ 85.774733][ T8425] EXT4-fs error (device loop3): ext4_acquire_dquot:6927: comm syz.3.2191: Failed to acquire dquot type 0 [ 85.822472][ T8425] EXT4-fs error (device loop3): ext4_free_blocks:6589: comm syz.3.2191: Freeing blocks not in datazone - block = 0, count = 4096 [ 85.867883][ T8425] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.2191: Invalid inode bitmap blk 0 in block_group 0 [ 85.884583][ T5816] EXT4-fs error (device loop3): ext4_release_dquot:6950: comm kworker/u8:25: Failed to release dquot type 0 [ 85.917442][ T8425] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 85.944718][ T8425] EXT4-fs (loop3): 1 orphan inode deleted [ 85.962970][ T8425] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.017400][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.055153][ T8456] tipc: Started in network mode [ 86.060162][ T8456] tipc: Node identity ac14140f, cluster identity 4711 [ 86.075733][ T8456] tipc: New replicast peer: 255.255.255.255 [ 86.081972][ T8456] tipc: Enabled bearer , priority 10 [ 86.151815][ T8462] +}[@: attempt to access beyond end of device [ 86.151815][ T8462] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 86.377131][ T8472] netlink: 'syz.1.2211': attribute type 2 has an invalid length. [ 86.428140][ T8476] loop6: detected capacity change from 0 to 2048 [ 86.485074][ T8476] loop6: p1 < > p3 p4 < > [ 86.490248][ T8476] loop6: p3 start 4284289 is beyond EOD, truncated [ 86.553888][ T8492] __nla_validate_parse: 12 callbacks suppressed [ 86.553907][ T8492] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2221'. [ 86.614569][ T8499] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 86.621140][ T8499] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 86.628996][ T8499] vhci_hcd vhci_hcd.0: Device attached [ 86.681994][ T8502] vhci_hcd: connection closed [ 86.682930][ T5798] vhci_hcd: stop threads [ 86.692499][ T5798] vhci_hcd: release socket [ 86.696971][ T5798] vhci_hcd: disconnect device [ 86.769856][ T8517] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2232'. [ 86.778995][ T8517] 0ªX¹¦À: renamed from caif0 [ 86.804176][ T8523] loop0: detected capacity change from 0 to 512 [ 86.820628][ T8523] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 86.829039][ T8517] 0ªX¹¦À: entered allmulticast mode [ 86.834262][ T8517] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 86.851132][ T8523] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a04ec119, mo2=0002] [ 86.864579][ T8523] System zones: 1-12 [ 86.871014][ T8523] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.2235: corrupted in-inode xattr: e_value size too large [ 86.906316][ T8523] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.2235: couldn't read orphan inode 15 (err -117) [ 86.927573][ T8523] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.967315][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.068275][ T8536] loop6: detected capacity change from 0 to 512 [ 87.106918][ T8536] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.2241: bg 0: block 248: padding at end of block bitmap is not set [ 87.131764][ T8536] EXT4-fs error (device loop6): ext4_acquire_dquot:6927: comm syz.6.2241: Failed to acquire dquot type 1 [ 87.194562][ T3376] tipc: Node number set to 2886997007 [ 87.205541][ T8536] EXT4-fs (loop6): 1 truncate cleaned up [ 87.212159][ T8536] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.276782][ T8536] ext4 filesystem being mounted at /107/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 87.318298][ T8559] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 87.326882][ T8559] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 87.444601][ T8570] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2255'. [ 87.460732][ T8572] loop0: detected capacity change from 0 to 512 [ 87.479017][ T7312] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.494055][ T8572] EXT4-fs: Ignoring removed mblk_io_submit option [ 87.507226][ T8572] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 87.536773][ T8572] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e042c118, mo2=0002] [ 87.564558][ T8572] System zones: 1-12 [ 87.594585][ T8572] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.2257: corrupted in-inode xattr: e_value size too large [ 87.662645][ T8572] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.2257: couldn't read orphan inode 15 (err -117) [ 87.696636][ T8572] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.721072][ T8599] lo speed is unknown, defaulting to 1000 [ 87.729221][ T8599] lo speed is unknown, defaulting to 1000 [ 87.749828][ T8599] lo speed is unknown, defaulting to 1000 [ 87.762279][ T8599] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 87.771261][ T8599] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 87.779834][ T3296] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.783143][ T8599] lo speed is unknown, defaulting to 1000 [ 87.796688][ T8599] lo speed is unknown, defaulting to 1000 [ 87.802768][ T8599] lo speed is unknown, defaulting to 1000 [ 87.809192][ T8599] lo speed is unknown, defaulting to 1000 [ 87.816821][ T8599] lo speed is unknown, defaulting to 1000 [ 87.974323][ T8633] vxcan1: tx address claim with different name [ 88.005302][ T29] kauditd_printk_skb: 171 callbacks suppressed [ 88.005318][ T29] audit: type=1400 audit(2000000002.850:2311): avc: denied { create } for pid=8642 comm="syz.4.2289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 88.051647][ T29] audit: type=1400 audit(2000000002.880:2312): avc: denied { write } for pid=8642 comm="syz.4.2289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 88.086183][ T8649] ieee802154 phy0 wpan0: encryption failed: -22 [ 88.125172][ T29] audit: type=1400 audit(2000000002.930:2313): avc: denied { write } for pid=8646 comm="syz.6.2293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 88.165863][ T29] audit: type=1400 audit(2000000003.000:2314): avc: denied { append } for pid=8661 comm="syz.0.2299" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 88.188922][ T29] audit: type=1326 audit(2000000003.000:2315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8657 comm="syz.6.2298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 88.212527][ T29] audit: type=1326 audit(2000000003.000:2316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8657 comm="syz.6.2298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 88.236118][ T29] audit: type=1400 audit(2000000003.000:2318): avc: denied { shutdown } for pid=8661 comm="syz.0.2299" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 88.256458][ T29] audit: type=1326 audit(2000000003.000:2317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8657 comm="syz.6.2298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 88.280025][ T29] audit: type=1326 audit(2000000003.000:2319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8657 comm="syz.6.2298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 88.325671][ T29] audit: type=1326 audit(2000000003.060:2320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.6.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c016cde9 code=0x7ffc0000 [ 88.364620][ T8673] netlink: 1196 bytes leftover after parsing attributes in process `syz.1.2303'. [ 88.471862][ T8687] syzkaller1: entered promiscuous mode [ 88.477477][ T8687] syzkaller1: entered allmulticast mode [ 88.548347][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4 [ 88.556114][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2 [ 88.566022][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.573749][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.581640][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.589428][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.597213][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.605137][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.612817][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.620568][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.628397][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.636264][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.643938][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.651709][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.659419][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.667113][ T3377] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 88.705301][ T3377] hid-generic 0000:3000000:0000.0004: hidraw0: HID v0.00 Device [sy] on syz0 [ 88.765276][ T8702] bond1: entered promiscuous mode [ 88.770354][ T8702] bond1: entered allmulticast mode [ 88.784763][ T8702] 8021q: adding VLAN 0 to HW filter on device bond1 [ 88.805507][ T8702] bond1 (unregistering): Released all slaves [ 88.820508][ T8711] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2321'. [ 88.829843][ T8711] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2321'. [ 88.881106][ T8726] SELinux: policydb version 0 does not match my version range 15-34 [ 88.889481][ T8726] SELinux: failed to load policy [ 88.980309][ T8741] netlink: 104 bytes leftover after parsing attributes in process `syz.6.2336'. [ 89.032433][ T8745] syzkaller1: entered promiscuous mode [ 89.038132][ T8745] syzkaller1: entered allmulticast mode [ 89.048641][ T8749] batadv_slave_1: entered promiscuous mode [ 89.059009][ T8747] batadv_slave_1: left promiscuous mode [ 89.191575][ T8772] Driver unsupported XDP return value 0 on prog (id 1469) dev N/A, expect packet loss! [ 89.466876][ T8800] program syz.4.2364 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 89.486124][ T8803] loop0: detected capacity change from 0 to 512 [ 89.504281][ T8812] loop3: detected capacity change from 0 to 512 [ 89.522260][ T8803] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.546217][ T8803] ext4 filesystem being mounted at /541/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.555324][ T8812] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 89.567422][ T8812] EXT4-fs (loop3): orphan cleanup on readonly fs [ 89.574101][ T8812] EXT4-fs warning (device loop3): ext4_enable_quotas:7145: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 89.589026][ T8812] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 89.589531][ T8803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.596271][ T8812] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2368: bg 0: block 40: padding at end of block bitmap is not set [ 89.619458][ T8812] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 89.628518][ T8812] EXT4-fs (loop3): 1 truncate cleaned up [ 89.635069][ T8812] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 89.681897][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.760799][ T8842] loop4: detected capacity change from 0 to 2048 [ 89.785115][ T8846] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2385'. [ 89.818504][ T8842] Alternate GPT is invalid, using primary GPT. [ 89.825059][ T8842] loop4: p2 p3 p7 [ 89.858172][ T8857] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 90.010535][ T8870] lo speed is unknown, defaulting to 1000 [ 90.055148][ T8887] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.2404' sets config #0 [ 90.112410][ T8893] netlink: 'syz.0.2407': attribute type 6 has an invalid length. [ 90.256008][ T8916] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2418'. [ 90.268038][ T8916] vlan2: entered promiscuous mode [ 90.406711][ T8920] usb usb6: usbfs: process 8920 (syz.0.2419) did not claim interface 0 before use [ 90.508934][ T8932] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 90.875871][ T8944] SELinux: policydb version 0 does not match my version range 15-34 [ 90.884118][ T8944] SELinux: failed to load policy [ 90.896869][ T8946] loop6: detected capacity change from 0 to 128 [ 90.906896][ T8946] FAT-fs (loop6): Directory bread(block 32) failed [ 90.913639][ T8946] FAT-fs (loop6): Directory bread(block 33) failed [ 90.920799][ T8946] FAT-fs (loop6): Directory bread(block 34) failed [ 90.928718][ T8946] FAT-fs (loop6): Directory bread(block 35) failed [ 90.935603][ T8946] FAT-fs (loop6): Directory bread(block 36) failed [ 90.942274][ T8946] FAT-fs (loop6): Directory bread(block 37) failed [ 90.950353][ T8946] FAT-fs (loop6): Directory bread(block 38) failed [ 90.956995][ T8946] FAT-fs (loop6): Directory bread(block 39) failed [ 90.963692][ T8946] FAT-fs (loop6): Directory bread(block 40) failed [ 90.970344][ T8946] FAT-fs (loop6): Directory bread(block 41) failed [ 91.000611][ T8946] FAT-fs (loop6): error, corrupted directory (invalid entries) [ 91.008316][ T8946] FAT-fs (loop6): Filesystem has been set read-only [ 91.086461][ T8963] xt_hashlimit: max too large, truncated to 1048576 [ 91.108121][ T8965] Cannot find add_set index 4 as target [ 91.379776][ T9015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.388350][ T9015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.509757][ T9027] loop3: detected capacity change from 0 to 512 [ 91.516566][ T9027] EXT4-fs: Ignoring removed oldalloc option [ 91.534966][ T9027] EXT4-fs error (device loop3): ext4_xattr_inode_iget:436: comm syz.3.2470: Parent and EA inode have the same ino 15 [ 91.549124][ T9027] EXT4-fs (loop3): Remounting filesystem read-only [ 91.555701][ T9027] EXT4-fs warning (device loop3): ext4_evict_inode:259: couldn't mark inode dirty (err -5) [ 91.565936][ T9027] EXT4-fs (loop3): 1 orphan inode deleted [ 91.572160][ T9027] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.584232][ T9027] SELinux: (dev loop3, type ext4) getxattr errno 5 [ 91.592047][ T9027] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.648313][ T9040] netlink: 'syz.3.2475': attribute type 1 has an invalid length. [ 91.661897][ T9041] netlink: 'syz.4.2476': attribute type 1 has an invalid length. [ 91.787323][ T9063] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2487'. [ 91.895225][ T9080] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 91.904917][ T9080] vhci_hcd: default hub control req: 6011 v8001 i0001 l0 [ 91.992586][ T9101] xt_hashlimit: max too large, truncated to 1048576 [ 91.999727][ T9098] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2504'. [ 92.007577][ T9101] Cannot find set identified by id 0 to match [ 92.090813][ T9116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.104209][ T9119] loop1: detected capacity change from 0 to 1024 [ 92.111257][ T9119] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 92.122331][ T9119] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 92.122342][ T9116] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.122481][ T9119] ================================================================== [ 92.122525][ T9119] BUG: KCSAN: data-race in data_alloc / data_push_tail [ 92.122580][ T9119] [ 92.122589][ T9119] write to 0xffffffff88bbce08 of 8 bytes by task 9116 on cpu 1: [ 92.122608][ T9119] data_alloc+0x216/0x2c0 [ 92.122640][ T9119] prb_reserve+0x85e/0xb60 [ 92.122674][ T9119] vprintk_store+0x558/0x870 [ 92.122714][ T9119] vprintk_emit+0x15e/0x680 [ 92.122750][ T9119] dev_vprintk_emit+0x1df/0x210 [ 92.122770][ T9119] dev_printk_emit+0x82/0xb0 [ 92.122789][ T9119] __dev_printk+0xf6/0x110 [ 92.122816][ T9119] _dev_err+0x99/0xc0 [ 92.122840][ T9119] raw_ioctl+0x18a5/0x1b40 [ 92.122873][ T9119] __se_sys_ioctl+0xc9/0x140 [ 92.122897][ T9119] __x64_sys_ioctl+0x43/0x50 [ 92.122921][ T9119] x64_sys_call+0x1690/0x2dc0 [ 92.122953][ T9119] do_syscall_64+0xc9/0x1c0 [ 92.122985][ T9119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.123016][ T9119] [ 92.123025][ T9119] read to 0xffffffff88bbce08 of 8 bytes by task 9119 on cpu 0: [ 92.123045][ T9119] data_push_tail+0x102/0x430 [ 92.123086][ T9119] data_alloc+0xbe/0x2c0 [ 92.123118][ T9119] prb_reserve+0x85e/0xb60 [ 92.123150][ T9119] vprintk_store+0x558/0x870 [ 92.123192][ T9119] vprintk_emit+0x15e/0x680 [ 92.123234][ T9119] vprintk_default+0x26/0x30 [ 92.123278][ T9119] vprintk+0x1d/0x30 [ 92.123308][ T9119] _printk+0x7a/0xa0 [ 92.123340][ T9119] __ext4_msg+0x18e/0x1a0 [ 92.123371][ T9119] ext4_group_desc_init+0x10ab/0x12c0 [ 92.123404][ T9119] ext4_fill_super+0x21cc/0x3650 [ 92.123443][ T9119] get_tree_bdev_flags+0x29f/0x310 [ 92.123473][ T9119] get_tree_bdev+0x1f/0x30 [ 92.123498][ T9119] ext4_get_tree+0x1c/0x30 [ 92.123521][ T9119] vfs_get_tree+0x56/0x1e0 [ 92.123546][ T9119] do_new_mount+0x227/0x690 [ 92.123578][ T9119] path_mount+0x49b/0xb30 [ 92.123605][ T9119] __se_sys_mount+0x27f/0x2d0 [ 92.123632][ T9119] __x64_sys_mount+0x67/0x80 [ 92.123664][ T9119] x64_sys_call+0x2c84/0x2dc0 [ 92.123698][ T9119] do_syscall_64+0xc9/0x1c0 [ 92.123729][ T9119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.123763][ T9119] [ 92.123771][ T9119] value changed: 0x00000000ffffe013 -> 0x00000000ffffec5e [ 92.123787][ T9119] [ 92.123794][ T9119] Reported by Kernel Concurrency Sanitizer on: [ 92.123807][ T9119] CPU: 0 UID: 0 PID: 9119 Comm: syz.1.2514 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 92.123832][ T9119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 92.123846][ T9119] ================================================================== [ 92.391841][ T9119] JBD2: no valid journal superblock found [ 92.397668][ T9119] EXT4-fs (loop1): Could not load journal inode