last executing test programs: 2m57.452510205s ago: executing program 2 (id=100): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02"], 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000000000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0xa007ca, &(0x7f00000002c0)={[{@nojournal_checksum}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x483, &(0x7f0000001040)="$eJzs28tvVNUfAPDvvX0APx7tD/EBolaJSaOxpQWVhRuNJsZgNNEFLms7kIaBGlqNIJFiDG5MDImujUujf4E7Y2LUlYlb3bgyJETZALqpuXfuLdNpp1A6ZWrn80lue869Z+ac79zXuefMBNCxBrI/ScS2iPg1Ivpq2YUFBmr/rl05O379ytnxJObmXvszyctdvXJ2vCxavm5rkRlMI9IPk6KShaZPnzk+Vq1WThX54ZkTbw1Pnz7zxDsnxo5VjlVOjh46dPDAyNNPjT7ZkjizuK7ueX9q7+4X37j48viRi2/++HXW3m3F9vo4WmUgC/yvuVzd6vxjerTVlbXZ9rp00t3GhrAiXRGR7a6e/Pzvi664sfP64oUP2to4YE1l96ZNzTfPzgEbWBLtbgHQHuWNPnv+LZc71PVYFy4/W3sAyuK+Viy1Ld2RFmV6Gp5vW2kgIo7M/v15tsQajUMAANT7ePyzw70R8d71r17K+h5981vSuCf//3v+d0cxh9IfEf+PiJ0RcVdE7IqIuyPysvdGxH2rbM/i/k96aZVvuays//dMMbe1sP9X9v6iv6vIbc/j70mOTlYr+4vPZDB6NmX5kWXq+Pb5Xz5ptq2+/5ctWf1lX7Box6XuhgG6ibGZsbxT2gKXz0fs6V4q/mR+JiCJiN0RsWdlb72jTEw+9uXeZoVuHv8yWjDPNPdFFt5sFv9sNMRfSurnJycXzU8Ob45qZf9weVQs9tPPF15tVv9AzN1+/C1wuRL/xMLjv7FIf1I/Xzu98jou/PZR02ea2zz+097k9XyeubdY9+7YzMypkYje5HCeX7B+9MZry3xZPjv+B/ctff7vLF6TxX9/RGQH8QMR8WBEPFS0/eGIeCQi9i0T/w/PNd9Wxh9pm/b/+YiJJa9/88d/w/5feaLr+PffNKv/1vb/wTw1WKzJr383sVRzsstFYwNX89kBAADAf0Wafwc+SYfm02k6NFT7Dv+u+F9anZqeefzo1NsnJ2rfle+PnrQc6eorxkOrk9XKSDJbvGNtfHS0GCsux0sPFOPGn3ZtyfND41PViTbHDp1ua5PzP/NHV7tbB6yxLUuuHe294w0B2qBxHj1dmD33SrgYwEbl99rQuZqf/5tjcXcA2Ejc/6FzLXX+n2vImwuAjcn9HzqX8x86VPpdu1sAtJH7P3Sk1fyufw0Tm9dHM9qTWK87JU9ElIl0XbRHYqWJLbdWuN1XJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNb4NwAA///Xm+pu") 2m57.187786319s ago: executing program 2 (id=106): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="160000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000570000"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000bc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r2}, 0x9) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000a40)={'filter\x00', 0x7, 0x4, 0x3e8, 0xe8, 0x300, 0x0, 0xe8, 0x300, 0x300, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x1000, 0xc0, 0x3}}}, {{@uncond, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x7, 'syz0\x00', {0x10000}}}}, {{@arp={@broadcast, @rand_addr=0x64010100, 0x0, 0x0, 0x5, 0xd, {@empty, {[0xff, 0x0, 0xff, 0xff, 0x0, 0xff]}}, {@empty, {[0x0, 0x0, 0x0, 0xff]}}, 0xfffa, 0x6, 0x7, 0x0, 0xb2, 0x6, 'veth1_to_bond\x00', 'lo\x00', {}, {0xff}, 0x0, 0x210}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@multicast, @empty, @multicast1, @remote, 0xd, 0x1}}}], {{'\x00', 0xaf, 0xe8}, {0x28}}}}, 0x497) 2m56.967121229s ago: executing program 2 (id=110): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020641700000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) socket(0x2, 0x80805, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009c0000000b"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) socket$igmp6(0xa, 0x3, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) socket$netlink(0x10, 0x3, 0x0) pipe2$9p(&(0x7f0000000080), 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000010000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000ac03000000000000850000003300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r5}, &(0x7f0000000080), &(0x7f0000000280)=r6}, 0x20) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r6, r8, 0x25, 0x2}, 0x14) syz_emit_ethernet(0x7a, &(0x7f0000000580)=ANY=[], 0x0) 2m56.957048789s ago: executing program 2 (id=111): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0xc369d000) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000000c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@abort}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000020018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10) r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = socket(0x10, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r7) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="796100000000000000007e00000008000300", @ANYRES32=0x0, @ANYBLOB="fe67c90dd69e0323116f4d1d4102dc97a7626f1fc25fed2196b5acc0e3dd0b8d02c59475f2c52903b54dd94028a2fb64d0cd28c03381aad129f86d4fc1af4dea8f8addfc0590303a5c4d8af2538f6350650400000034a0bb46c9e7e3bc94f5e6334c608612a4846e1023d9b7c5c2c11e9e007a4846e9a089617cd834a6e4b16cb53fcf93d0df3e0d17ed112ba96dde5f2f853d7ca092a2082e334f3369ee0bd3"], 0x1c}}, 0x4000054) r9 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r9) ptrace$getregset(0x4204, r9, 0x202, &(0x7f0000000180)={&(0x7f00000000c0)=""/152, 0x98}) capget(&(0x7f00000001c0)={0x0, r9}, &(0x7f00000003c0)={0x6b, 0xfffffff9, 0x7, 0x8e7, 0xa, 0x1}) sendmsg$NL80211_CMD_SET_REG(r6, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000051}, 0x4008804) bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x15, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="b70000000000000007000000000000009500e200000000001e5286574356940658273ad1326fc65be4b1037a74cfb5af100fc4e94d123d9b22a7561b8850821bc1f8b5b0a3e3b79b0d96ab7cc60e0e144f0f04bfffe68fe46421a161eedd1a5cee316f68f7617859f06c8efd5da6abe446649c322209b1af93c6c999058168ad0a70992124d19c7c9cc22ff9a6b1a058039ab938480e8697f8715bcb18e1fd0773909464a783148e0e7b604a6c47b33c43a3ffff92ec8bbde1af40f29cfcf0836a70a2f6b1192ab8f24ca363492393e1c2a3b190180caafbf8cfca720074bdcc7cbd978efd8404a1c700000000d97899514e64e36cad5eba82010b2d149ac02e5f07000000000000000000000000000000000000000000009d5df0e0dbb9821d9c5402474d5866ce5eb60188d83ac741b45aeacac594cf09de9b460f48b96ae8a0eead478e46c8ca3e4c5d2b3cb4ad48c830e8003c45f5b2dcbf36b7e8be59ca4b46266cf75bea8a22ab71895d954dc6d28864144c73391770690a9301cde97565d509effc252599b26555355d7955f551df82ea475a711ec56d00000000a89c7533c9955fd63cd00cb83d1228"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x48) setsockopt$inet_int(r5, 0x0, 0xb, &(0x7f0000000000)=0x1ff, 0x4) sendto$inet(r5, 0x0, 0xffef, 0x20000000, &(0x7f0000000240)={0x2, 0x4e22, @remote}, 0x10) setsockopt$inet_int(r5, 0x0, 0xb, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2m56.245808043s ago: executing program 2 (id=120): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000001000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4c40, &(0x7f0000000000), 0xfe, 0x27a, &(0x7f0000000980)="$eJzs3TtoJHUcB/Df7CMPEyRqI4gPEBENhFgIgo02CoEQgoigQkTEShIhJthlrWwstFZJZRPEztyVxzXhmoNrc3cpcs0VF664cMVdscfs7OY2yYbsZV8h8/nAZua/+38t7Pc/m5CZCSC3JiLio4goRsRkRJQjImmu8Eb2mKgX10e3FiKq1c/uJ7V6WTnTaDcWEZWI+CCi1HhtdfOr3Yfbn77920r5rX82vxzt1/trtre7M7v/99yv/8+8t1qoPzde3za/j25KWjxXSiJe7MVg50RSGvQMaMf8z//dTHP/UkS8Wct/OQr1yP6+PHS1HO/+dVLbP+7deKWfcwW6r1otp8fAShXInULtO3BSmIqIbL9QmJrKvsPfKibxw9LyT5PfL60sfjfolQroSNNv3eMRO59cHr40diT/d4tZ/tvyfq8mCpzJcHvV0vx/Pr9xO93fL/Z4TsD58Gq2SfM/+c3aOyH/kDvyD/l1kP9Z+Ye8cfyHC+CM2ZV/uKhO//da+Yf8kn+4wMqNnUrLl+Uf8kv+Ib+e5n8kzX/jDwZDA54W0AfNx38AIF+qw4M+AxkYlEGvPwAAAAAAAAAAAAAAAAAAwHHro1sLjUe/xrz2Z8TexxFROjx+dgvTYu1+xBEjtZ/PPUjSageSrFlHvn69ww469G+Xz76ea/Perw3P3+nu+M/q+mu96feXw8UTL4a/thhRSStPl0rHP/9J/fN3qhP7f+GUhuVv2xugW5Ij5Q+/6O/4Rz3eGOz4M9sRV9L1Z7rV+leIl2vb1uvPePMlls/ox0cddgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDfPAkAAP//Z9RrGg==") r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a30000000002c000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000003a000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xa0}}, 0x8040) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000300)=ANY=[@ANYBLOB='_\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000200001800400028008000300fdffffff0e0001006574683a766c616e30"], 0x68}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001100)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local}) 2m55.806931061s ago: executing program 2 (id=126): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000001000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4c40, &(0x7f0000000000), 0xfe, 0x27a, &(0x7f0000000980)="$eJzs3TtoJHUcB/Df7CMPEyRqI4gPEBENhFgIgo02CoEQgoigQkTEShIhJthlrWwstFZJZRPEztyVxzXhmoNrc3cpcs0VF664cMVdscfs7OY2yYbsZV8h8/nAZua/+38t7Pc/m5CZCSC3JiLio4goRsRkRJQjImmu8Eb2mKgX10e3FiKq1c/uJ7V6WTnTaDcWEZWI+CCi1HhtdfOr3Yfbn77920r5rX82vxzt1/trtre7M7v/99yv/8+8t1qoPzde3za/j25KWjxXSiJe7MVg50RSGvQMaMf8z//dTHP/UkS8Wct/OQr1yP6+PHS1HO/+dVLbP+7deKWfcwW6r1otp8fAShXInULtO3BSmIqIbL9QmJrKvsPfKibxw9LyT5PfL60sfjfolQroSNNv3eMRO59cHr40diT/d4tZ/tvyfq8mCpzJcHvV0vx/Pr9xO93fL/Z4TsD58Gq2SfM/+c3aOyH/kDvyD/l1kP9Z+Ye8cfyHC+CM2ZV/uKhO//da+Yf8kn+4wMqNnUrLl+Uf8kv+Ib+e5n8kzX/jDwZDA54W0AfNx38AIF+qw4M+AxkYlEGvPwAAAAAAAAAAAAAAAAAAwHHro1sLjUe/xrz2Z8TexxFROjx+dgvTYu1+xBEjtZ/PPUjSageSrFlHvn69ww469G+Xz76ea/Perw3P3+nu+M/q+mu96feXw8UTL4a/thhRSStPl0rHP/9J/fN3qhP7f+GUhuVv2xugW5Ij5Q+/6O/4Rz3eGOz4M9sRV9L1Z7rV+leIl2vb1uvPePMlls/ox0cddgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDfPAkAAP//Z9RrGg==") r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a30000000002c000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000003a000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xa0}}, 0x8040) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000300)=ANY=[@ANYBLOB='_\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000200001800400028008000300fdffffff0e0001006574683a766c616e30"], 0x68}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001100)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local}) 2m55.774920344s ago: executing program 32 (id=126): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000001000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4c40, &(0x7f0000000000), 0xfe, 0x27a, &(0x7f0000000980)="$eJzs3TtoJHUcB/Df7CMPEyRqI4gPEBENhFgIgo02CoEQgoigQkTEShIhJthlrWwstFZJZRPEztyVxzXhmoNrc3cpcs0VF664cMVdscfs7OY2yYbsZV8h8/nAZua/+38t7Pc/m5CZCSC3JiLio4goRsRkRJQjImmu8Eb2mKgX10e3FiKq1c/uJ7V6WTnTaDcWEZWI+CCi1HhtdfOr3Yfbn77920r5rX82vxzt1/trtre7M7v/99yv/8+8t1qoPzde3za/j25KWjxXSiJe7MVg50RSGvQMaMf8z//dTHP/UkS8Wct/OQr1yP6+PHS1HO/+dVLbP+7deKWfcwW6r1otp8fAShXInULtO3BSmIqIbL9QmJrKvsPfKibxw9LyT5PfL60sfjfolQroSNNv3eMRO59cHr40diT/d4tZ/tvyfq8mCpzJcHvV0vx/Pr9xO93fL/Z4TsD58Gq2SfM/+c3aOyH/kDvyD/l1kP9Z+Ye8cfyHC+CM2ZV/uKhO//da+Yf8kn+4wMqNnUrLl+Uf8kv+Ib+e5n8kzX/jDwZDA54W0AfNx38AIF+qw4M+AxkYlEGvPwAAAAAAAAAAAAAAAAAAwHHro1sLjUe/xrz2Z8TexxFROjx+dgvTYu1+xBEjtZ/PPUjSageSrFlHvn69ww469G+Xz76ea/Perw3P3+nu+M/q+mu96feXw8UTL4a/thhRSStPl0rHP/9J/fN3qhP7f+GUhuVv2xugW5Ij5Q+/6O/4Rz3eGOz4M9sRV9L1Z7rV+leIl2vb1uvPePMlls/ox0cddgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDfPAkAAP//Z9RrGg==") r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a30000000002c000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000003a000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xa0}}, 0x8040) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000300)=ANY=[@ANYBLOB='_\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000200001800400028008000300fdffffff0e0001006574683a766c616e30"], 0x68}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001100)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local}) 2.57934355s ago: executing program 5 (id=3010): write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)="290000002000190f00003fffffffda060200000000e80001dd0000040d000600ea11004a35f4667d41", 0x29}], 0x1) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f138d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade5b175c0a9b2ce9c9", 0x56}], 0x1}, 0x0) write(r0, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) 2.558747062s ago: executing program 5 (id=3012): sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1c, 0x0, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008080}, 0x4000080) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b036814e0ff64000200475400f6a13bb10000000800894f4820", 0x1fffe, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 2.47133675s ago: executing program 5 (id=3017): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) r0 = dup(0xffffffffffffffff) write$UHID_INPUT(r0, &(0x7f0000000000)={0xf, {"a2e3ad21e08eeb661b5e060987f70e06d038e7ff7fc6e5539b0d650e8b089b3f373b68090890e0878f0e1ac6e7049b3646959b429a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07440936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc9d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6089ae6899d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec2c0911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8de7f4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c2715500b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017eef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f48451ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x35) 1.979156574s ago: executing program 0 (id=3036): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001000390400"/20, @ANYRES32=r3, @ANYBLOB="8106010000000200140012800b000100627269646765"], 0x34}}, 0x20044002) r4 = socket(0x10, 0x803, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x25dfdbfd, {0xa, 0x40, 0x0, 0x0, r6}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0) r7 = socket(0x10, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r8}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x681}]}, 0x34}}, 0x0) 1.951217336s ago: executing program 5 (id=3038): write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)="290000002000190f00003fffffffda060200000000e80001dd0000040d000600ea11004a35f4667d41", 0x29}], 0x1) r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f138d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade5b175c0a9b2ce9c9", 0x56}], 0x1}, 0x0) write(r0, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) 1.937894208s ago: executing program 0 (id=3039): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=@bridge_setlink={0x20, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r1}}, 0x20}}, 0x4c800) 1.886890862s ago: executing program 5 (id=3040): sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1c, 0x0, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008080}, 0x4000080) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b036814e0ff64000200475400f6a13bb10000000800894f4820", 0x1fffe, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 1.831275107s ago: executing program 5 (id=3041): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="000086dd03000a0000008d0000006c07010033d43afffe800000000000000000000000000010ff020000000000000000000000000001"], 0x340a) 1.741140975s ago: executing program 0 (id=3046): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0xffff, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000040)={r1, 0x7}, 0x0) 1.665017362s ago: executing program 0 (id=3048): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) close(0xffffffffffffffff) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newqdisc={0x5c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x0, 0xe}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xa, 0x7, 0x7, 0xfffff8d2, 0x1, 0x80, 0x1, 0x1}}, {0x6, 0x2, [0x8c]}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20008001}, 0x24004880) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 1.314997613s ago: executing program 4 (id=3059): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, 0x0, 0x0) 1.261567408s ago: executing program 4 (id=3060): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0xc4}, 0x1, 0x1000000, 0x0, 0x40488d5}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x3, &(0x7f0000000000)=[{0x20, 0x10, 0x4, 0xfffff010}, {0x30, 0x0, 0xfd, 0x5ae9}, {0x6, 0x0, 0x7, 0x2}]}, 0x10) sendmmsg$inet(r0, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0) 1.231463761s ago: executing program 4 (id=3062): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4) r1 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r1, &(0x7f0000002140)={0xa, 0x4e28, 0x8, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 1.151323127s ago: executing program 4 (id=3063): r0 = socket(0x2, 0x3, 0xff) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, 0x0) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @remote}, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000a00)="e03f0300", 0x4}, {&(0x7f0000000400)="ae20ff0cef8704836d89126863b55997", 0x10}], 0x2}, 0x140408c4) 1.149011708s ago: executing program 4 (id=3065): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0xd, 0x10, 0x0, &(0x7f00000001c0)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="adffa88800000000140012800b0001006d616373656300002a00028008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n'], 0x44}}, 0x8000) 949.236036ms ago: executing program 1 (id=3068): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0xffff}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) sendto$inet(r2, &(0x7f0000000040)="a6", 0xffffff4c, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TLS_TX(r2, 0x6, 0x19, &(0x7f0000000140)=@ccm_128={{}, "3f968a231afa0e18", "4a952e4ea416ad75f769d6386c3c044b", '\by\x00', "e4eb37b07ad86ed7"}, 0x28) 887.227851ms ago: executing program 1 (id=3069): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001000390400"/20, @ANYRES32=r2, @ANYBLOB="8106010000000200140012800b000100627269646765"], 0x34}}, 0x20044002) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x25dfdbfd, {0xa, 0x40, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0) r6 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r7}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x681}]}, 0x34}}, 0x0) 453.16413ms ago: executing program 1 (id=3070): sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1c, 0x0, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008080}, 0x4000080) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0xa, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="0b036814e0ff64000200475400f6a13bb10000000800894f4820", 0x1fffe, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14) 448.88561ms ago: executing program 4 (id=3071): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24008004) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x2, 0xa, 0x2) write$tun(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="000086dd03000a0000008d0000006c07010033d43afffe800000000000000000000000000010ff020000000000000000000000000001"], 0x340a) 363.252168ms ago: executing program 1 (id=3072): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x82, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 363.067678ms ago: executing program 1 (id=3073): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)="290000002000190f00003fffffffda060200000000e80001dd0000040d000600ea11004a35f4667d41", 0x29}], 0x1) r1 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f138d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade5b175c0a9b2ce9c9", 0x56}], 0x1}, 0x0) write(r1, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000000100f000ee1000c08000b0000000000", 0x24) 361.237528ms ago: executing program 3 (id=3074): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4) r1 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r1, &(0x7f0000002140)={0xa, 0x4e28, 0x8, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 280.004715ms ago: executing program 3 (id=3075): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001000390400"/20, @ANYRES32, @ANYBLOB="8106010000000200140012800b000100627269646765"], 0x34}}, 0x20044002) r5 = socket(0x10, 0x803, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x25dfdbfd, {0xa, 0x40, 0x0, 0x0, r7}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0) r8 = socket(0x10, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r9}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x681}]}, 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r2, @ANYBLOB="01"], 0x3c}}, 0x0) 108.429301ms ago: executing program 1 (id=3076): r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) recvmsg(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x10040) 99.663171ms ago: executing program 3 (id=3077): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="8c0000000906010200000000000000000200ffff08000940000000390900020073797a310000000005000100070000005c"], 0x8c}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080) 78.536883ms ago: executing program 3 (id=3078): socket$packet(0x11, 0x2, 0x300) r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8b", 0x1}], 0x1, 0x0, 0x0, 0x900}, 0x60) 11.340599ms ago: executing program 0 (id=3079): r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 11.100369ms ago: executing program 3 (id=3080): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001000390400"/20, @ANYRES32=r2, @ANYBLOB="8106010000000200140012800b000100627269646765"], 0x34}}, 0x20044002) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x25dfdbfd, {0xa, 0x40, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0) r6 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r7}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x681}]}, 0x34}}, 0x0) 5.18686ms ago: executing program 0 (id=3081): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03", 0x3}], 0x1}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), r0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x8090) 0s ago: executing program 3 (id=3082): r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) ppoll(&(0x7f0000000040)=[{r0, 0x108}], 0x1, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): da-4727-8c75-0525a5b65a09. [ 163.784451][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.829269][ T9119] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1933'. [ 164.007593][ T9128] set_capacity_and_notify: 6 callbacks suppressed [ 164.007612][ T9128] loop1: detected capacity change from 0 to 128 [ 164.021050][ T9128] vfat: Bad value for 'utf8' [ 164.031604][ T9128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1936'. [ 164.098086][ T9126] netlink: 'syz.0.1934': attribute type 1 has an invalid length. [ 164.171682][ T9134] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pid=9134 comm=syz.1.1937 [ 164.383219][ T9137] loop3: detected capacity change from 0 to 1024 [ 164.393515][ T9137] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.426543][ T9137] can0: slcan on ptm0. [ 164.493962][ T9140] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 164.511522][ T9137] can0 (unregistered): slcan off ptm0. [ 164.517623][ T9137] Falling back ldisc for ptm0. [ 164.641592][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.739417][ T9149] loop3: detected capacity change from 0 to 512 [ 164.749030][ T9149] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 164.754493][ T9151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.761132][ T9149] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 164.779226][ T9149] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.1939: Corrupt directory, running e2fsck is recommended [ 164.786448][ T9151] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.804170][ T9153] loop5: detected capacity change from 0 to 512 [ 164.811439][ T9153] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 164.823416][ T9149] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 164.837159][ T9153] EXT4-fs (loop5): 1 truncate cleaned up [ 164.843496][ T9153] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.858022][ T9149] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #15: comm syz.3.1939: corrupted in-inode xattr: e_name out of bounds [ 164.874473][ T9151] loop0: detected capacity change from 0 to 128 [ 164.882413][ T9151] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 164.932300][ T9151] ext4 filesystem being mounted at /406/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 164.966277][ T9149] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1939: couldn't read orphan inode 15 (err -117) [ 164.982119][ T9149] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.012275][ T9161] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1945'. [ 165.026031][ T9149] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 165.037663][ T9149] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 165.048398][ T9149] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.1939: Corrupt directory, running e2fsck is recommended [ 165.074647][ T9151] tipc: Enabling of bearer rejected, failed to enable media [ 165.085389][ T9166] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 165.096952][ T9166] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 165.107092][ T9166] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.1939: Corrupt directory, running e2fsck is recommended [ 165.130337][ T29] kauditd_printk_skb: 114 callbacks suppressed [ 165.130355][ T29] audit: type=1326 audit(1767951902.463:3314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9165 comm="syz.1.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4382a1f749 code=0x7ffc0000 [ 165.160311][ T29] audit: type=1326 audit(1767951902.463:3315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9165 comm="syz.1.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4382a1f749 code=0x7ffc0000 [ 165.183829][ T29] audit: type=1326 audit(1767951902.463:3316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9165 comm="syz.1.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4382a1f749 code=0x7ffc0000 [ 165.207511][ T29] audit: type=1326 audit(1767951902.463:3317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9165 comm="syz.1.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4382a1f749 code=0x7ffc0000 [ 165.230974][ T29] audit: type=1326 audit(1767951902.463:3318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9165 comm="syz.1.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4382a1f749 code=0x7ffc0000 [ 165.254397][ T29] audit: type=1326 audit(1767951902.463:3319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9165 comm="syz.1.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4382a1f749 code=0x7ffc0000 [ 165.277830][ T29] audit: type=1326 audit(1767951902.463:3320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9165 comm="syz.1.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4382a1f749 code=0x7ffc0000 [ 165.301325][ T29] audit: type=1326 audit(1767951902.463:3321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9165 comm="syz.1.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4382a1f749 code=0x7ffc0000 [ 165.324869][ T29] audit: type=1326 audit(1767951902.463:3322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9165 comm="syz.1.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4382a1f749 code=0x7ffc0000 [ 165.348369][ T29] audit: type=1326 audit(1767951902.463:3323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9165 comm="syz.1.1947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4382a1f749 code=0x7ffc0000 [ 165.481949][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.587714][ T3853] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.615584][ T9177] loop3: detected capacity change from 0 to 1024 [ 165.634496][ T9177] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.667397][ T9177] can0: slcan on ptm0. [ 165.731733][ T9186] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 165.751513][ T9177] can0 (unregistered): slcan off ptm0. [ 165.757817][ T9177] Falling back ldisc for ptm0. [ 165.861227][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.008234][ T3314] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 166.079569][ T9193] netlink: 'syz.3.1955': attribute type 1 has an invalid length. [ 166.250584][ T9197] syzkaller1: entered promiscuous mode [ 166.256242][ T9197] syzkaller1: entered allmulticast mode [ 166.267206][ T9197] netlink: 'syz.4.1957': attribute type 1 has an invalid length. [ 166.285258][ T9197] 8021q: adding VLAN 0 to HW filter on device bond1 [ 166.337459][ T9198] netlink: 'syz.0.1956': attribute type 1 has an invalid length. [ 166.393191][ T9204] loop4: detected capacity change from 0 to 1024 [ 166.403655][ T9204] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 166.423573][ T9204] can0: slcan on ptm0. [ 166.471432][ T9204] can0 (unregistered): slcan off ptm0. [ 166.477131][ T9204] Falling back ldisc for ptm0. [ 166.482494][ T9207] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 166.558245][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.593510][ T9213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.604019][ T9215] netlink: 'syz.4.1961': attribute type 10 has an invalid length. [ 166.626226][ T9213] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.637569][ T9213] loop5: detected capacity change from 0 to 128 [ 166.653270][ T9213] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 166.686896][ T9222] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.695625][ T9222] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.707971][ T9213] ext4 filesystem being mounted at /356/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 166.779730][ T9213] __nla_validate_parse: 3 callbacks suppressed [ 166.779750][ T9213] netlink: 26 bytes leftover after parsing attributes in process `syz.5.1962'. [ 166.800500][ T9222] loop4: detected capacity change from 0 to 128 [ 166.805843][ T9225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.813256][ T9222] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 166.815818][ T9225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.837758][ T9222] ext4 filesystem being mounted at /400/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 166.874379][ T9213] netlink: 43 bytes leftover after parsing attributes in process `syz.5.1962'. [ 166.883804][ T9213] tipc: Enabling of bearer rejected, failed to enable media [ 166.908003][ T9225] loop3: detected capacity change from 0 to 128 [ 166.925508][ T9225] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 166.950221][ T9222] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1965'. [ 166.959499][ T9225] ext4 filesystem being mounted at /344/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 166.995753][ T9225] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1966'. [ 167.009299][ T9222] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1965'. [ 167.018487][ T9222] tipc: Enabling of bearer rejected, failed to enable media [ 167.028843][ T9225] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1966'. [ 167.038015][ T9225] tipc: Enabling of bearer rejected, already enabled [ 167.473750][ T3853] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 167.565744][ T3310] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 167.614412][ T9243] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 167.626058][ T9243] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 167.636224][ T9243] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.1970: Corrupt directory, running e2fsck is recommended [ 167.667463][ T3318] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 167.693634][ T9243] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 167.704042][ T9248] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 167.745294][ T9248] can0: slcan on ptm0. [ 167.763037][ T9243] EXT4-fs error (device loop5): ext4_iget_extra_inode:5073: inode #15: comm syz.5.1970: corrupted in-inode xattr: e_name out of bounds [ 167.791610][ T9248] can0 (unregistered): slcan off ptm0. [ 167.797297][ T9248] Falling back ldisc for ptm0. [ 167.819729][ T9243] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.1970: couldn't read orphan inode 15 (err -117) [ 167.842351][ T9243] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.903537][ T9243] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 167.915219][ T9243] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 167.925622][ T9243] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.1970: Corrupt directory, running e2fsck is recommended [ 167.992954][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.012353][ T9242] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 168.024001][ T9242] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 168.034126][ T9242] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.1970: Corrupt directory, running e2fsck is recommended [ 168.061174][ T9263] syz_tun: entered allmulticast mode [ 168.076110][ T9267] vfat: Bad value for 'utf8' [ 168.091614][ T9267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1979'. [ 168.118995][ T3853] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.131058][ T9262] syz_tun: left allmulticast mode [ 168.188638][ T9271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.218641][ T9275] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1983'. [ 168.249716][ T9271] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.299975][ T9271] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 168.336948][ T9271] ext4 filesystem being mounted at /347/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 168.395865][ T9271] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1982'. [ 168.449127][ T9271] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1982'. [ 168.553030][ T9271] tipc: Enabling of bearer rejected, already enabled [ 168.627617][ T9284] vfat: Bad value for 'utf8' [ 168.774219][ T9293] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.787200][ T9294] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.809062][ T9294] can0: slcan on ptm0. [ 168.849815][ T9293] can0: slcan on ptm1. [ 168.871789][ T9294] can0 (unregistered): slcan off ptm0. [ 168.877612][ T9294] Falling back ldisc for ptm0. [ 168.877933][ T9299] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 168.901337][ T9293] can0 (unregistered): slcan off ptm1. [ 169.021916][ T9293] Falling back ldisc for ptm1. [ 169.028462][ T3853] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.037831][ T9300] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 169.123812][ T3310] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 169.158145][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.179652][ T9305] set_capacity_and_notify: 7 callbacks suppressed [ 169.179667][ T9305] loop5: detected capacity change from 0 to 512 [ 169.264857][ T9311] loop4: detected capacity change from 0 to 1024 [ 169.315618][ T9311] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.344847][ T9305] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 169.356478][ T9305] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 169.366658][ T9305] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.1990: Corrupt directory, running e2fsck is recommended [ 169.383574][ T9311] can0: slcan on ptm0. [ 169.392210][ T9305] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 169.411431][ T9305] EXT4-fs error (device loop5): ext4_iget_extra_inode:5073: inode #15: comm syz.5.1990: corrupted in-inode xattr: e_name out of bounds [ 169.431433][ T9311] can0 (unregistered): slcan off ptm0. [ 169.437183][ T9311] Falling back ldisc for ptm0. [ 169.449497][ T9305] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.1990: couldn't read orphan inode 15 (err -117) [ 169.497637][ T9305] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.523655][ T9321] loop1: detected capacity change from 0 to 128 [ 169.530338][ T9321] vfat: Bad value for 'utf8' [ 169.541332][ T9305] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 169.552930][ T9305] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 169.563115][ T9305] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.1990: Corrupt directory, running e2fsck is recommended [ 169.578663][ T9305] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 169.590268][ T9305] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 169.600418][ T9305] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.1990: Corrupt directory, running e2fsck is recommended [ 169.623536][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.872691][ T3853] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.241057][ T29] kauditd_printk_skb: 183 callbacks suppressed [ 170.241154][ T29] audit: type=1400 audit(1767951907.573:3507): avc: denied { ioctl } for pid=9345 comm="syz.3.2005" path="socket:[27400]" dev="sockfs" ino=27400 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 170.386681][ T29] audit: type=1326 audit(1767951907.633:3508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9345 comm="syz.3.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7bff4f749 code=0x7ffc0000 [ 170.410387][ T29] audit: type=1326 audit(1767951907.633:3509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9345 comm="syz.3.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7bff4f749 code=0x7ffc0000 [ 170.433930][ T29] audit: type=1326 audit(1767951907.643:3510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9345 comm="syz.3.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7ff7bff4f749 code=0x7ffc0000 [ 170.457316][ T29] audit: type=1326 audit(1767951907.643:3511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9345 comm="syz.3.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7bff4f749 code=0x7ffc0000 [ 170.480979][ T29] audit: type=1326 audit(1767951907.643:3512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9345 comm="syz.3.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7bff4f749 code=0x7ffc0000 [ 170.504378][ T29] audit: type=1326 audit(1767951907.643:3513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9345 comm="syz.3.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7bff4f749 code=0x7ffc0000 [ 170.527874][ T29] audit: type=1326 audit(1767951907.643:3514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9345 comm="syz.3.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7bff4f749 code=0x7ffc0000 [ 170.551353][ T9353] loop5: detected capacity change from 0 to 1024 [ 170.558080][ T29] audit: type=1326 audit(1767951907.643:3515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9345 comm="syz.3.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7bff4f749 code=0x7ffc0000 [ 170.581530][ T29] audit: type=1326 audit(1767951907.643:3516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9345 comm="syz.3.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff7bff4f749 code=0x7ffc0000 [ 170.595107][ T9353] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 170.715390][ T9353] can0: slcan on ptm0. [ 170.802752][ T9376] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 170.839113][ T9377] loop0: detected capacity change from 0 to 128 [ 170.854826][ T9377] vfat: Bad value for 'utf8' [ 170.882898][ T9379] loop3: detected capacity change from 0 to 1024 [ 170.891397][ T9353] can0 (unregistered): slcan off ptm0. [ 170.897268][ T9353] Falling back ldisc for ptm0. [ 170.915255][ T9379] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 170.927485][ T9379] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.2017: Invalid block bitmap block 0 in block_group 0 [ 170.941425][ T9379] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.2017: Failed to acquire dquot type 0 [ 170.955072][ T9379] EXT4-fs error (device loop3): ext4_free_blocks:6728: comm syz.3.2017: Freeing blocks not in datazone - block = 0, count = 4096 [ 170.969019][ T9379] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.2017: Invalid inode bitmap blk 0 in block_group 0 [ 170.982042][ T4051] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:10: Failed to release dquot type 0 [ 170.983478][ T9379] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 171.012695][ T9379] EXT4-fs (loop3): 1 orphan inode deleted [ 171.019324][ T9379] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.036042][ T3853] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.150472][ T9375] netlink: 'syz.3.2017': attribute type 1 has an invalid length. [ 171.254725][ T9390] loop0: detected capacity change from 0 to 512 [ 171.281575][ T9390] EXT4-fs (loop0): 1 orphan inode deleted [ 171.289517][ T9390] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.302286][ T802] EXT4-fs error (device loop0): ext4_release_dquot:7022: comm kworker/u8:7: Failed to release dquot type 1 [ 171.316201][ T9390] ext4 filesystem being mounted at /415/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.450986][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.816913][ T9407] FAULT_INJECTION: forcing a failure. [ 171.816913][ T9407] name failslab, interval 1, probability 0, space 0, times 0 [ 171.829789][ T9407] CPU: 1 UID: 0 PID: 9407 Comm: syz.1.2025 Not tainted syzkaller #0 PREEMPT(voluntary) [ 171.829820][ T9407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 171.829864][ T9407] Call Trace: [ 171.829873][ T9407] [ 171.829883][ T9407] __dump_stack+0x1d/0x30 [ 171.829915][ T9407] dump_stack_lvl+0x95/0xd0 [ 171.829991][ T9407] dump_stack+0x15/0x1b [ 171.830017][ T9407] should_fail_ex+0x265/0x280 [ 171.830104][ T9407] should_failslab+0x8c/0xb0 [ 171.830132][ T9407] kmem_cache_alloc_noprof+0x69/0x4b0 [ 171.830175][ T9407] ? security_file_alloc+0x32/0x100 [ 171.830232][ T9407] security_file_alloc+0x32/0x100 [ 171.830291][ T9407] init_file+0x5c/0x1c0 [ 171.830341][ T9407] alloc_empty_file+0x8b/0x200 [ 171.830367][ T9407] path_openat+0x63/0x23b0 [ 171.830396][ T9407] ? __rcu_read_unlock+0x34/0x70 [ 171.830428][ T9407] ? filemap_map_pages+0xc0e/0xe50 [ 171.830467][ T9407] ? css_rstat_updated+0xbb/0x280 [ 171.830551][ T9407] ? kstrtouint+0x76/0xc0 [ 171.830576][ T9407] do_filp_open+0x109/0x230 [ 171.830663][ T9407] do_sys_openat2+0xa6/0x150 [ 171.830696][ T9407] __x64_sys_openat+0xf2/0x120 [ 171.830735][ T9407] x64_sys_call+0x2b07/0x3000 [ 171.830772][ T9407] do_syscall_64+0xca/0x2b0 [ 171.830879][ T9407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.830905][ T9407] RIP: 0033:0x7f4382a1df90 [ 171.830937][ T9407] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 171.830956][ T9407] RSP: 002b:00007f4381486b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 171.830975][ T9407] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4382a1df90 [ 171.830987][ T9407] RDX: 0000000000000002 RSI: 00007f4381486c10 RDI: 00000000ffffff9c [ 171.831001][ T9407] RBP: 00007f4381486c10 R08: 0000000000000000 R09: 0000000000000000 [ 171.831017][ T9407] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd [ 171.831037][ T9407] R13: 00007f4382c76038 R14: 00007f4382c75fa0 R15: 00007fff87d3d428 [ 171.831062][ T9407] [ 172.173110][ T9409] __nla_validate_parse: 5 callbacks suppressed [ 172.173177][ T9409] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2027'. [ 172.295493][ T9415] loop3: detected capacity change from 0 to 512 [ 172.306134][ T9415] EXT4-fs warning (device loop3): ext4_xattr_inode_get:560: inode #11: comm syz.3.2029: EA inode hash validation failed [ 172.319750][ T9411] SELinux: ebitmap: truncated map [ 172.325697][ T9411] SELinux: failed to load policy [ 172.331095][ T9415] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #15: comm syz.3.2029: corrupted inode contents [ 172.344702][ T9415] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #15: comm syz.3.2029: mark_inode_dirty error [ 172.356473][ T9415] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #15: comm syz.3.2029: corrupted inode contents [ 172.375971][ T9415] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3000: inode #15: comm syz.3.2029: mark_inode_dirty error [ 172.388313][ T9415] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3003: inode #15: comm syz.3.2029: mark inode dirty (error -117) [ 172.401343][ T9415] EXT4-fs warning (device loop3): ext4_evict_inode:273: xattr delete (err -117) [ 172.410450][ T9415] EXT4-fs (loop3): 1 orphan inode deleted [ 172.517461][ T9424] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2031'. [ 172.598510][ T9438] loop0: detected capacity change from 0 to 512 [ 172.649374][ T9438] EXT4-fs warning (device loop0): ext4_xattr_inode_get:560: inode #11: comm syz.0.2036: EA inode hash validation failed [ 172.663169][ T9438] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #15: comm syz.0.2036: corrupted inode contents [ 172.676969][ T9438] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #15: comm syz.0.2036: mark_inode_dirty error [ 172.688757][ T9438] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #15: comm syz.0.2036: corrupted inode contents [ 172.701643][ T9441] netlink: 'syz.4.2035': attribute type 1 has an invalid length. [ 172.726332][ T9438] EXT4-fs error (device loop0): ext4_xattr_delete_inode:3000: inode #15: comm syz.0.2036: mark_inode_dirty error [ 172.738946][ T9438] EXT4-fs error (device loop0): ext4_xattr_delete_inode:3003: inode #15: comm syz.0.2036: mark inode dirty (error -117) [ 172.755866][ T9438] EXT4-fs warning (device loop0): ext4_evict_inode:273: xattr delete (err -117) [ 172.765359][ T9438] EXT4-fs (loop0): 1 orphan inode deleted [ 172.892272][ T9450] loop0: detected capacity change from 0 to 512 [ 172.923538][ T9450] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 172.935278][ T9450] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 172.945469][ T9450] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.2039: Corrupt directory, running e2fsck is recommended [ 172.964184][ T9450] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 172.978370][ T9449] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 172.978370][ T9450] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.2039: corrupted in-inode xattr: e_name out of bounds [ 172.978663][ T9450] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2039: couldn't read orphan inode 15 (err -117) [ 173.017150][ T9449] EXT4-fs (loop4): 1 truncate cleaned up [ 173.028143][ T9450] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 173.039795][ T9450] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 173.049930][ T9450] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.2039: Corrupt directory, running e2fsck is recommended [ 173.106783][ T9454] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 173.118585][ T9454] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 173.129009][ T9454] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.2039: Corrupt directory, running e2fsck is recommended [ 173.151910][ T9430] loop1: p1 p2 p3 < > p4 < p5 p6 > [ 173.159200][ T9430] loop1: p1 start 460800 is beyond EOD, truncated [ 173.165788][ T9430] loop1: p2 size 83886080 extends beyond EOD, truncated [ 173.179394][ T9430] loop1: p5 start 460800 is beyond EOD, truncated [ 173.185962][ T9430] loop1: p6 size 83886080 extends beyond EOD, truncated [ 173.336342][ T9457] EXT4-fs warning (device loop1): ext4_xattr_inode_get:560: inode #11: comm syz.1.2040: EA inode hash validation failed [ 173.351748][ T9457] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #15: comm syz.1.2040: corrupted inode contents [ 173.390159][ T9457] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #15: comm syz.1.2040: mark_inode_dirty error [ 173.483119][ T9457] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #15: comm syz.1.2040: corrupted inode contents [ 173.495384][ T9457] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3000: inode #15: comm syz.1.2040: mark_inode_dirty error [ 173.508859][ T9457] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3003: inode #15: comm syz.1.2040: mark inode dirty (error -117) [ 173.522223][ T9457] EXT4-fs warning (device loop1): ext4_evict_inode:273: xattr delete (err -117) [ 173.531553][ T9457] EXT4-fs (loop1): 1 orphan inode deleted [ 174.065695][ T9487] netlink: 'syz.0.2053': attribute type 17 has an invalid length. [ 174.073695][ T9487] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2053'. [ 174.128334][ T9478] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2051'. [ 174.138151][ T9478] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2051'. [ 174.158760][ T9489] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 174.170395][ T9489] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 174.180508][ T9489] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.2053: Corrupt directory, running e2fsck is recommended [ 174.230788][ T9488] netlink: 'syz.4.2048': attribute type 1 has an invalid length. [ 174.284059][ T9489] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 174.316143][ T9489] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.2053: corrupted in-inode xattr: e_name out of bounds [ 174.348049][ T9489] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2053: couldn't read orphan inode 15 (err -117) [ 174.364375][ T9498] set_capacity_and_notify: 4 callbacks suppressed [ 174.364392][ T9498] loop1: detected capacity change from 0 to 512 [ 174.380030][ T9497] loop3: detected capacity change from 0 to 128 [ 174.390331][ T9498] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 174.401948][ T9498] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 174.412092][ T9498] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.2055: Corrupt directory, running e2fsck is recommended [ 174.427611][ T9489] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 174.439314][ T9489] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 174.449459][ T9489] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.2053: Corrupt directory, running e2fsck is recommended [ 174.463175][ T9497] vfat: Bad value for 'utf8' [ 174.477334][ T9498] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 174.485877][ T9498] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.2055: corrupted in-inode xattr: e_name out of bounds [ 174.506484][ T9498] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2055: couldn't read orphan inode 15 (err -117) [ 174.521129][ T9498] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 174.532718][ T9498] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 174.542872][ T9498] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.2055: Corrupt directory, running e2fsck is recommended [ 174.571219][ T9498] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 174.583231][ T9498] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 174.593469][ T9498] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.2055: Corrupt directory, running e2fsck is recommended [ 174.710181][ T9506] loop3: detected capacity change from 0 to 512 [ 174.731722][ T9506] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 174.768661][ T9506] EXT4-fs (loop3): 1 truncate cleaned up [ 174.916445][ T3523] hid_parser_main: 76 callbacks suppressed [ 174.916469][ T3523] hid-generic 0000:0000:FFFFFFFC.0015: unknown main item tag 0x0 [ 174.930329][ T3523] hid-generic 0000:0000:FFFFFFFC.0015: unknown main item tag 0x0 [ 174.938250][ T3523] hid-generic 0000:0000:FFFFFFFC.0015: unknown main item tag 0x0 [ 175.024175][ T9524] netlink: 'syz.0.2059': attribute type 1 has an invalid length. [ 175.041931][ T9526] FAULT_INJECTION: forcing a failure. [ 175.041931][ T9526] name failslab, interval 1, probability 0, space 0, times 0 [ 175.055058][ T9526] CPU: 0 UID: 0 PID: 9526 Comm: syz.1.2061 Not tainted syzkaller #0 PREEMPT(voluntary) [ 175.055088][ T9526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 175.055107][ T9526] Call Trace: [ 175.055115][ T9526] [ 175.055123][ T9526] __dump_stack+0x1d/0x30 [ 175.055153][ T9526] dump_stack_lvl+0x95/0xd0 [ 175.055181][ T9526] dump_stack+0x15/0x1b [ 175.055206][ T9526] should_fail_ex+0x265/0x280 [ 175.055236][ T9526] should_failslab+0x8c/0xb0 [ 175.055261][ T9526] kmem_cache_alloc_noprof+0x69/0x4b0 [ 175.055283][ T9526] ? vm_area_dup+0x33/0x2c0 [ 175.055313][ T9526] vm_area_dup+0x33/0x2c0 [ 175.055343][ T9526] copy_vma+0x2cb/0x560 [ 175.055389][ T9526] move_vma+0x433/0xcf0 [ 175.055408][ T9526] ? arch_get_unmapped_area_topdown+0x153/0x550 [ 175.055449][ T9526] ? __get_unmapped_area+0x2c9/0x2f0 [ 175.055492][ T9526] mremap_to+0x3d8/0x430 [ 175.055518][ T9526] ? check_prep_vma+0x5d6/0x660 [ 175.055546][ T9526] __se_sys_mremap+0x632/0xb30 [ 175.055574][ T9526] ? mutex_unlock+0x4f/0x90 [ 175.055607][ T9526] ? fput+0x8f/0xc0 [ 175.055639][ T9526] ? ksys_write+0x192/0x1a0 [ 175.055673][ T9526] __x64_sys_mremap+0x67/0x80 [ 175.055699][ T9526] x64_sys_call+0x2944/0x3000 [ 175.055726][ T9526] do_syscall_64+0xca/0x2b0 [ 175.055769][ T9526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.055790][ T9526] RIP: 0033:0x7f4382a1f749 [ 175.055809][ T9526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.055833][ T9526] RSP: 002b:00007f4381487038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 175.055858][ T9526] RAX: ffffffffffffffda RBX: 00007f4382c75fa0 RCX: 00007f4382a1f749 [ 175.055875][ T9526] RDX: 0000000005000000 RSI: 0000000000002000 RDI: 0000200000ff5000 [ 175.055891][ T9526] RBP: 00007f4381487090 R08: 0000200000ffd000 R09: 0000000000000000 [ 175.055906][ T9526] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 175.055919][ T9526] R13: 00007f4382c76038 R14: 00007f4382c75fa0 R15: 00007fff87d3d428 [ 175.055938][ T9526] [ 175.062258][ T3523] hid-generic 0000:0000:FFFFFFFC.0015: unknown main item tag 0x0 [ 175.207678][ T9528] loop5: detected capacity change from 0 to 128 [ 175.212539][ T3523] hid-generic 0000:0000:FFFFFFFC.0015: unknown main item tag 0x0 [ 175.285577][ T3523] hid-generic 0000:0000:FFFFFFFC.0015: unknown main item tag 0x0 [ 175.293369][ T3523] hid-generic 0000:0000:FFFFFFFC.0015: unknown main item tag 0x1 [ 175.301121][ T3523] hid-generic 0000:0000:FFFFFFFC.0015: unknown main item tag 0x0 [ 175.308992][ T3523] hid-generic 0000:0000:FFFFFFFC.0015: unknown main item tag 0x0 [ 175.316872][ T3523] hid-generic 0000:0000:FFFFFFFC.0015: unknown main item tag 0x0 [ 175.326201][ T3523] hid-generic 0000:0000:FFFFFFFC.0015: hidraw0: HID v8.00 Device [syz0] on syz0 [ 175.364649][ T9534] loop0: detected capacity change from 0 to 1024 [ 175.401184][ T9539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.425353][ T9534] can0: slcan on ptm0. [ 175.429932][ T9539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.444219][ T9539] loop1: detected capacity change from 0 to 128 [ 175.447922][ T9528] ext4 filesystem being mounted at /381/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.462804][ T9539] ext4 filesystem being mounted at /453/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 175.501369][ T9534] can0 (unregistered): slcan off ptm0. [ 175.507375][ T29] kauditd_printk_skb: 1647 callbacks suppressed [ 175.507400][ T29] audit: type=1400 audit(1767951912.843:5160): avc: denied { read } for pid=9521 comm="syz.5.2064" path="/381/file1/file1" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 175.514363][ T9539] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2069'. [ 175.556657][ T9534] Falling back ldisc for ptm0. [ 175.564773][ T29] audit: type=1400 audit(1767951912.843:5161): avc: denied { setattr } for pid=9521 comm="syz.5.2064" path="/381/file1/file1" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 175.565197][ T9543] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 175.601791][ T9539] netlink: 43 bytes leftover after parsing attributes in process `syz.1.2069'. [ 175.610834][ T29] audit: type=1400 audit(1767951912.943:5162): avc: denied { ioctl } for pid=9521 comm="syz.5.2064" path="/381/file1/file1" dev="loop5" ino=12 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 175.815587][ T9550] loop4: detected capacity change from 0 to 1024 [ 175.838539][ T29] audit: type=1400 audit(1767951913.173:5163): avc: denied { kexec_image_load } for pid=9551 comm="syz.0.2073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 175.875856][ T9550] can0: slcan on ptm0. [ 175.887889][ T9552] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2073'. [ 175.930166][ T9556] loop5: detected capacity change from 0 to 1024 [ 175.936701][ T9550] can0 (unregistered): slcan off ptm0. [ 175.942854][ T9550] Falling back ldisc for ptm0. [ 175.945990][ T9557] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=9557 comm=syz.0.2074 [ 175.948756][ T9556] EXT4-fs: Ignoring removed bh option [ 175.960179][ T9557] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=9557 comm=syz.0.2074 [ 175.972058][ T9558] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 175.993699][ T29] audit: type=1326 audit(1767951913.313:5164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9555 comm="syz.0.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21ffc2f749 code=0x7ffc0000 [ 176.017272][ T29] audit: type=1326 audit(1767951913.313:5165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9555 comm="syz.0.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21ffc2f749 code=0x7ffc0000 [ 176.040778][ T29] audit: type=1326 audit(1767951913.313:5166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9555 comm="syz.0.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f21ffc2f749 code=0x7ffc0000 [ 176.064228][ T29] audit: type=1326 audit(1767951913.313:5167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9555 comm="syz.0.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21ffc2f749 code=0x7ffc0000 [ 176.087708][ T29] audit: type=1326 audit(1767951913.313:5168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9555 comm="syz.0.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21ffc2f749 code=0x7ffc0000 [ 176.111243][ T29] audit: type=1326 audit(1767951913.313:5169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9555 comm="syz.0.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f21ffc2f749 code=0x7ffc0000 [ 176.238053][ T9570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.247200][ T9570] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.256431][ T9567] sch_fq: defrate 0 ignored. [ 176.259956][ T9570] loop1: detected capacity change from 0 to 128 [ 176.270593][ T9571] loop4: detected capacity change from 0 to 128 [ 176.277157][ T9570] ext4 filesystem being mounted at /454/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 176.309881][ T9567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.319335][ T9571] vfat: Bad value for 'utf8' [ 176.325745][ T9567] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.333925][ T9570] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2077'. [ 176.363433][ T9570] netlink: 43 bytes leftover after parsing attributes in process `syz.1.2077'. [ 176.374007][ T9570] tipc: Enabling of bearer rejected, already enabled [ 176.460196][ T9579] can0: slcan on ptm0. [ 176.501413][ T9579] can0 (unregistered): slcan off ptm0. [ 176.507087][ T9579] Falling back ldisc for ptm0. [ 176.535734][ T9585] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 176.547440][ T9585] EXT4-fs (loop4): 1 truncate cleaned up [ 177.068950][ T9598] EXT4-fs: Ignoring removed bh option [ 177.218288][ T9603] netlink: 'syz.0.2087': attribute type 17 has an invalid length. [ 177.226271][ T9603] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2087'. [ 177.378876][ T9606] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 177.390470][ T9606] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 177.400635][ T9606] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.2087: Corrupt directory, running e2fsck is recommended [ 177.559166][ T9606] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 177.573852][ T9606] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.2087: corrupted in-inode xattr: e_name out of bounds [ 177.593116][ T9620] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9620 comm=syz.3.2093 [ 177.606150][ T9620] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2093'. [ 177.641874][ T9622] EXT4-fs warning (device loop5): ext4_xattr_inode_get:560: inode #11: comm syz.5.2094: EA inode hash validation failed [ 177.753786][ T9622] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #15: comm syz.5.2094: corrupted inode contents [ 177.774482][ T9606] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2087: couldn't read orphan inode 15 (err -117) [ 177.787712][ T9610] ext4 filesystem being mounted at /424/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 177.809377][ T9622] EXT4-fs error (device loop5): ext4_dirty_inode:6502: inode #15: comm syz.5.2094: mark_inode_dirty error [ 177.839504][ T9622] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #15: comm syz.5.2094: corrupted inode contents [ 177.863128][ T9622] EXT4-fs error (device loop5): ext4_xattr_delete_inode:3000: inode #15: comm syz.5.2094: mark_inode_dirty error [ 177.875947][ T9622] EXT4-fs error (device loop5): ext4_xattr_delete_inode:3003: inode #15: comm syz.5.2094: mark inode dirty (error -117) [ 177.888942][ T9622] EXT4-fs warning (device loop5): ext4_evict_inode:273: xattr delete (err -117) [ 177.903379][ T9628] FAULT_INJECTION: forcing a failure. [ 177.903379][ T9628] name failslab, interval 1, probability 0, space 0, times 0 [ 177.916094][ T9628] CPU: 0 UID: 0 PID: 9628 Comm: syz.3.2096 Not tainted syzkaller #0 PREEMPT(voluntary) [ 177.916127][ T9628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 177.916140][ T9628] Call Trace: [ 177.916147][ T9628] [ 177.916160][ T9628] __dump_stack+0x1d/0x30 [ 177.916220][ T9628] dump_stack_lvl+0x95/0xd0 [ 177.916248][ T9628] dump_stack+0x15/0x1b [ 177.916274][ T9628] should_fail_ex+0x265/0x280 [ 177.916343][ T9628] should_failslab+0x8c/0xb0 [ 177.916364][ T9628] kmem_cache_alloc_node_noprof+0x6b/0x4c0 [ 177.916387][ T9628] ? __alloc_skb+0x2ff/0x4b0 [ 177.916418][ T9628] __alloc_skb+0x2ff/0x4b0 [ 177.916523][ T9628] ? __alloc_skb+0x228/0x4b0 [ 177.916548][ T9628] audit_log_start+0x3a0/0x720 [ 177.916570][ T9628] ? kstrtouint+0x76/0xc0 [ 177.916658][ T9628] audit_seccomp+0x48/0x100 [ 177.916706][ T9628] ? __seccomp_filter+0x832/0x1260 [ 177.916806][ T9628] __seccomp_filter+0x843/0x1260 [ 177.916913][ T9628] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 177.916947][ T9628] ? vfs_write+0x7e8/0x960 [ 177.916970][ T9628] __secure_computing+0x82/0x150 [ 177.917074][ T9628] syscall_trace_enter+0xcf/0x1e0 [ 177.917104][ T9628] do_syscall_64+0xa4/0x2b0 [ 177.917157][ T9628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.917184][ T9628] RIP: 0033:0x7ff7bff4f749 [ 177.917203][ T9628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.917232][ T9628] RSP: 002b:00007ff7be9af038 EFLAGS: 00000246 ORIG_RAX: 000000000000014c [ 177.917250][ T9628] RAX: ffffffffffffffda RBX: 00007ff7c01a5fa0 RCX: 00007ff7bff4f749 [ 177.917262][ T9628] RDX: 0000000000006000 RSI: 0000000000000000 RDI: ffffffffffffffff [ 177.917274][ T9628] RBP: 00007ff7be9af090 R08: 0000000000000000 R09: 0000000000000000 [ 177.917286][ T9628] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 177.917300][ T9628] R13: 00007ff7c01a6038 R14: 00007ff7c01a5fa0 R15: 00007ffebb686218 [ 177.917323][ T9628] [ 177.951673][ T9606] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 177.956418][ T9622] EXT4-fs (loop5): 1 orphan inode deleted [ 177.960378][ T9606] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 178.148148][ T9606] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.2087: Corrupt directory, running e2fsck is recommended [ 178.291848][ T9634] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 178.303542][ T9634] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 178.313694][ T9634] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.2099: Corrupt directory, running e2fsck is recommended [ 178.326854][ T9637] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 178.328424][ T9634] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 178.345090][ T9634] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #15: comm syz.3.2099: corrupted in-inode xattr: e_name out of bounds [ 178.359146][ T9634] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2099: couldn't read orphan inode 15 (err -117) [ 178.376547][ T9634] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 178.388172][ T9634] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 178.398381][ T9634] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.2099: Corrupt directory, running e2fsck is recommended [ 178.413159][ T9634] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 178.424863][ T9634] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 178.434989][ T9634] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.2099: Corrupt directory, running e2fsck is recommended [ 178.448921][ T9637] EXT4-fs (loop5): 1 truncate cleaned up [ 178.672924][ T9645] EXT4-fs: Ignoring removed bh option [ 178.740306][ T9638] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 178.747807][ T9638] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 178.756482][ T9638] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 178.764001][ T9638] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 178.823218][ T9657] can0: slcan on ptm0. [ 178.881593][ T9664] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 178.892481][ T9657] can0 (unregistered): slcan off ptm0. [ 178.898215][ T9657] Falling back ldisc for ptm0. [ 178.898903][ T9663] EXT4-fs warning (device loop3): ext4_xattr_inode_get:560: inode #11: comm syz.3.2108: EA inode hash validation failed [ 178.917539][ T9663] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #15: comm syz.3.2108: corrupted inode contents [ 178.941479][ T9663] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #15: comm syz.3.2108: mark_inode_dirty error [ 178.956997][ T9663] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #15: comm syz.3.2108: corrupted inode contents [ 178.972045][ T9663] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3000: inode #15: comm syz.3.2108: mark_inode_dirty error [ 178.991724][ T9663] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3003: inode #15: comm syz.3.2108: mark inode dirty (error -117) [ 179.077503][ T9663] EXT4-fs warning (device loop3): ext4_evict_inode:273: xattr delete (err -117) [ 179.093524][ T9677] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2112'. [ 179.111496][ T9663] EXT4-fs (loop3): 1 orphan inode deleted [ 179.277776][ T9692] can0: slcan on ptm0. [ 179.381790][ T9706] set_capacity_and_notify: 12 callbacks suppressed [ 179.381810][ T9706] loop3: detected capacity change from 0 to 1024 [ 179.400434][ T9703] loop1: detected capacity change from 0 to 1024 [ 179.407522][ T9703] EXT4-fs: Ignoring removed bh option [ 179.413186][ T9704] can0 (unregistered): slcan off ptm0. [ 179.419560][ T9704] Falling back ldisc for ptm0. [ 179.438635][ T9692] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 179.458277][ T9706] can0: slcan on ptm1. [ 179.511734][ T9706] can0 (unregistered): slcan off ptm1. [ 179.518009][ T9706] Falling back ldisc for ptm1. [ 179.603834][ T9717] loop1: detected capacity change from 0 to 512 [ 179.623844][ T9717] EXT4-fs warning (device loop1): ext4_xattr_inode_get:560: inode #11: comm syz.1.2127: EA inode hash validation failed [ 179.643690][ T9717] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #15: comm syz.1.2127: corrupted inode contents [ 179.656058][ T9717] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #15: comm syz.1.2127: mark_inode_dirty error [ 179.690252][ T9717] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #15: comm syz.1.2127: corrupted inode contents [ 179.702733][ T9717] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3000: inode #15: comm syz.1.2127: mark_inode_dirty error [ 179.717265][ T9717] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3003: inode #15: comm syz.1.2127: mark inode dirty (error -117) [ 179.730140][ T9717] EXT4-fs warning (device loop1): ext4_evict_inode:273: xattr delete (err -117) [ 179.730168][ T9722] loop5: detected capacity change from 0 to 512 [ 179.746015][ T9722] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 179.746032][ T9717] EXT4-fs (loop1): 1 orphan inode deleted [ 179.788239][ T9722] EXT4-fs (loop5): 1 truncate cleaned up [ 180.173502][ T9741] loop0: detected capacity change from 0 to 512 [ 180.189471][ T9741] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 180.201155][ T9741] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 180.211309][ T9741] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.2135: Corrupt directory, running e2fsck is recommended [ 180.232206][ T9741] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 180.251104][ T9741] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.2135: corrupted in-inode xattr: e_name out of bounds [ 180.301661][ T9741] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2135: couldn't read orphan inode 15 (err -117) [ 180.370575][ T9741] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 180.382367][ T9741] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 180.392497][ T9741] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.2135: Corrupt directory, running e2fsck is recommended [ 180.432820][ T9740] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 180.444387][ T9740] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it [ 180.454709][ T9740] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.2135: Corrupt directory, running e2fsck is recommended [ 180.599027][ T9748] loop5: detected capacity change from 0 to 1024 [ 180.643104][ T9748] can0: slcan on ptm0. [ 180.691424][ T9748] can0 (unregistered): slcan off ptm0. [ 180.697120][ T9748] Falling back ldisc for ptm0. [ 180.768329][ T9757] loop0: detected capacity change from 0 to 1024 [ 180.804117][ T29] kauditd_printk_skb: 168 callbacks suppressed [ 180.804134][ T29] audit: type=1400 audit(1767951918.143:5334): avc: denied { mount } for pid=9758 comm="syz.4.2141" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 180.859392][ T9757] can0: slcan on ptm0. [ 180.871117][ T9767] loop3: detected capacity change from 0 to 1024 [ 180.878027][ T9767] EXT4-fs: Ignoring removed orlov option [ 180.891440][ T9757] can0 (unregistered): slcan off ptm0. [ 180.897089][ T9757] Falling back ldisc for ptm0. [ 180.926175][ T9770] loop4: detected capacity change from 0 to 512 [ 180.944817][ T9770] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 180.987080][ T9770] EXT4-fs (loop4): too many log groups per flexible block group [ 180.995162][ T9770] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 181.012742][ T9770] EXT4-fs (loop4): mount failed [ 181.034313][ T29] audit: type=1400 audit(1767951918.373:5335): avc: denied { map } for pid=9776 comm="syz.5.2146" path="/proc/961/net/tcp" dev="proc" ino=4026533394 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 181.071775][ T29] audit: type=1400 audit(1767951918.373:5336): avc: denied { create } for pid=9776 comm="syz.5.2146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 181.091305][ T29] audit: type=1400 audit(1767951918.373:5337): avc: denied { setopt } for pid=9776 comm="syz.5.2146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 181.110801][ T29] audit: type=1400 audit(1767951918.373:5338): avc: denied { connect } for pid=9776 comm="syz.5.2146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 181.130447][ T29] audit: type=1400 audit(1767951918.373:5339): avc: denied { write } for pid=9776 comm="syz.5.2146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 181.155008][ T9781] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2145'. [ 181.170481][ T9784] tipc: Enabled bearer , priority 0 [ 181.177799][ T9784] syzkaller0: entered promiscuous mode [ 181.183499][ T9784] syzkaller0: entered allmulticast mode [ 181.194925][ T9784] tipc: Resetting bearer [ 181.207930][ T9783] tipc: Resetting bearer [ 181.219860][ T29] audit: type=1400 audit(1767951918.533:5340): avc: denied { shutdown } for pid=9782 comm="syz.0.2149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 181.240290][ T9783] tipc: Disabling bearer [ 181.374879][ T29] audit: type=1400 audit(1767951918.713:5341): avc: denied { create } for pid=9768 comm="syz.4.2145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 181.402223][ T9770] lo speed is unknown, defaulting to 1000 [ 181.419000][ T9770] lo speed is unknown, defaulting to 1000 [ 181.424866][ T29] audit: type=1400 audit(1767951918.743:5342): avc: denied { write } for pid=9768 comm="syz.4.2145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 181.441921][ T9770] lo speed is unknown, defaulting to 1000 [ 181.469580][ T29] audit: type=1400 audit(1767951918.803:5343): avc: denied { read } for pid=9797 comm="syz.0.2156" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 181.501411][ T9770] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 181.526582][ T9770] lo speed is unknown, defaulting to 1000 [ 181.550196][ T9770] lo speed is unknown, defaulting to 1000 [ 181.568273][ T9770] lo speed is unknown, defaulting to 1000 [ 181.578746][ T9770] lo speed is unknown, defaulting to 1000 [ 181.601706][ T9770] lo speed is unknown, defaulting to 1000 [ 181.628368][ T9809] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2160'. [ 181.656068][ T9811] netlink: 'syz.5.2161': attribute type 7 has an invalid length. [ 181.663981][ T9811] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2161'. [ 181.686221][ T9809] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2160'. [ 181.765264][ T9827] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2166'. [ 181.778744][ T9830] ucma_write: process 1105 (syz.4.2170) changed security contexts after opening file descriptor, this is not allowed. [ 181.828400][ T9834] loop6: detected capacity change from 0 to 7 [ 181.852022][ T9843] capability: warning: `syz.0.2176' uses deprecated v2 capabilities in a way that may be insecure [ 181.866007][ T9836] ip6gre1: entered promiscuous mode [ 181.871505][ T9836] ip6gre1: entered allmulticast mode [ 182.790886][ T9872] tipc: Enabled bearer , priority 0 [ 182.821759][ T9872] syzkaller0: entered promiscuous mode [ 182.827305][ T9872] syzkaller0: entered allmulticast mode [ 182.866788][ T9881] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.874092][ T9881] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.963534][ T9881] ip6gre1: left promiscuous mode [ 182.968548][ T9881] ip6gre1: left allmulticast mode [ 182.992561][ T12] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.006974][ T9872] tipc: Resetting bearer [ 183.013035][ T12] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.024582][ T9869] tipc: Resetting bearer [ 183.041019][ T9869] tipc: Disabling bearer [ 183.051627][ T12] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.071814][ T12] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.181682][ T9921] netlink: 'syz.0.2202': attribute type 1 has an invalid length. [ 183.214407][ T9931] netlink: 'syz.5.2207': attribute type 6 has an invalid length. [ 183.224334][ T9931] netlink: 'syz.5.2207': attribute type 4 has an invalid length. [ 183.232127][ T9931] netlink: 17 bytes leftover after parsing attributes in process `syz.5.2207'. [ 183.311744][ T9949] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 183.319114][ T9949] IPv6: NLM_F_CREATE should be set when creating new route [ 183.365636][ T9949] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.372971][ T9949] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.411376][ T9955] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2209'. [ 183.449101][ T9949] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 183.470823][ T9949] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 183.611610][ T802] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.725837][ T802] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.755585][ T802] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.773617][ T802] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.888334][ T9966] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2219'. [ 184.158115][ T9984] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 184.165379][ T36] IPVS: starting estimator thread 0... [ 184.263512][ T9997] IPVS: using max 1872 ests per chain, 93600 per kthread [ 184.332329][T10026] tipc: Enabled bearer , priority 0 [ 184.339232][T10026] syzkaller0: entered promiscuous mode [ 184.344787][T10026] syzkaller0: entered allmulticast mode [ 184.355785][T10026] tipc: Resetting bearer [ 184.373047][T10025] tipc: Resetting bearer [ 184.422888][T10025] tipc: Disabling bearer [ 184.499480][T10043] syzkaller0: entered promiscuous mode [ 184.505086][T10043] syzkaller0: entered allmulticast mode [ 184.527431][T10049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.560036][T10049] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.580923][T10049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.589776][T10049] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.744486][T10081] netlink: 'syz.1.2256': attribute type 15 has an invalid length. [ 185.180278][T10111] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2263'. [ 185.416420][T10124] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2268'. [ 185.459695][T10124] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2268'. [ 185.471454][T10124] bridge2: entered promiscuous mode [ 185.476783][T10124] macsec0: entered promiscuous mode [ 185.482241][T10124] macsec0: entered allmulticast mode [ 185.487774][T10124] bridge2: entered allmulticast mode [ 185.495077][T10124] bridge2: left allmulticast mode [ 185.500331][T10124] bridge2: left promiscuous mode [ 185.524756][T10130] gtp0: entered allmulticast mode [ 185.941496][ T29] kauditd_printk_skb: 33 callbacks suppressed [ 185.941587][ T29] audit: type=1400 audit(1767951923.283:5377): avc: denied { bind } for pid=10158 comm="syz.1.2280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 185.993646][ T29] audit: type=1400 audit(1767951923.303:5378): avc: denied { setopt } for pid=10158 comm="syz.1.2280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 186.037566][T10170] tipc: Enabled bearer , priority 0 [ 186.044925][T10170] syzkaller0: entered promiscuous mode [ 186.050448][T10170] syzkaller0: entered allmulticast mode [ 186.058807][T10170] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 186.068738][T10170] tipc: Resetting bearer [ 186.069615][T10176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.083221][T10169] tipc: Resetting bearer [ 186.089545][T10176] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.100674][T10169] tipc: Disabling bearer [ 186.109156][T10182] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.118067][T10182] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.232829][T10191] kernel profiling enabled (shift: 63) [ 186.238349][T10191] profiling shift: 63 too large [ 186.268541][T10193] netlink: 232 bytes leftover after parsing attributes in process `syz.0.2290'. [ 186.362097][T10201] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2293'. [ 186.666516][ T29] audit: type=1400 audit(1767951924.003:5379): avc: denied { getopt } for pid=10213 comm="syz.3.2298" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 186.702548][ T29] audit: type=1400 audit(1767951924.043:5380): avc: denied { lock } for pid=10215 comm="syz.3.2299" path="socket:[31807]" dev="sockfs" ino=31807 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 186.768383][ T29] audit: type=1400 audit(1767951924.103:5381): avc: denied { create } for pid=10218 comm="syz.5.2300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 186.788211][ T29] audit: type=1400 audit(1767951924.103:5382): avc: denied { ioctl } for pid=10218 comm="syz.5.2300" path="socket:[31808]" dev="sockfs" ino=31808 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 186.902699][ T29] audit: type=1326 audit(1767951924.243:5383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10227 comm="syz.5.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff35253f749 code=0x7ffc0000 [ 186.930833][ T29] audit: type=1326 audit(1767951924.243:5384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10227 comm="syz.5.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff35253f749 code=0x7ffc0000 [ 186.954461][ T29] audit: type=1326 audit(1767951924.243:5385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10227 comm="syz.5.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff35253f749 code=0x7ffc0000 [ 186.978120][ T29] audit: type=1326 audit(1767951924.243:5386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10227 comm="syz.5.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ff35253f749 code=0x7ffc0000 [ 187.231286][T10249] lo speed is unknown, defaulting to 1000 [ 187.302508][T10265] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2311'. [ 187.360167][T10268] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2311'. [ 187.397899][T10267] ip6gre1: entered promiscuous mode [ 187.403244][T10267] ip6gre1: entered allmulticast mode [ 187.871757][T10294] loop7: detected capacity change from 0 to 1 [ 188.171374][T10341] lo speed is unknown, defaulting to 1000 [ 188.362716][T10377] loop5: detected capacity change from 0 to 7 [ 188.437409][T10382] netlink: 'syz.5.2345': attribute type 19 has an invalid length. [ 188.445323][T10382] __nla_validate_parse: 2 callbacks suppressed [ 188.445353][T10382] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2345'. [ 188.535950][T10383] lo speed is unknown, defaulting to 1000 [ 188.641472][T10405] netlink: 'syz.5.2346': attribute type 1 has an invalid length. [ 188.659906][T10407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.668605][T10407] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.852737][T10429] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2352'. [ 188.861786][T10429] netlink: 'syz.3.2352': attribute type 11 has an invalid length. [ 188.870655][T10429] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2352'. [ 188.879672][T10429] netlink: 'syz.3.2352': attribute type 11 has an invalid length. [ 190.246428][T10512] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2382'. [ 190.956209][ T29] kauditd_printk_skb: 121 callbacks suppressed [ 190.956223][ T29] audit: type=1326 audit(1767951928.293:5508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10547 comm="syz.5.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff352572005 code=0x7ffc0000 [ 191.096032][ T29] audit: type=1326 audit(1767951928.333:5509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10547 comm="syz.5.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff352572005 code=0x7ffc0000 [ 191.119661][ T29] audit: type=1326 audit(1767951928.333:5510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10547 comm="syz.5.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff352572005 code=0x7ffc0000 [ 191.145009][ T29] audit: type=1326 audit(1767951928.333:5511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10547 comm="syz.5.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff352572005 code=0x7ffc0000 [ 191.170406][ T29] audit: type=1326 audit(1767951928.333:5512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10547 comm="syz.5.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff352572005 code=0x7ffc0000 [ 191.192517][T10596] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 191.198027][ T29] audit: type=1326 audit(1767951928.333:5513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10547 comm="syz.5.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff352572005 code=0x7ffc0000 [ 191.229413][ T29] audit: type=1326 audit(1767951928.333:5514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10547 comm="syz.5.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff352572005 code=0x7ffc0000 [ 191.251579][T10596] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 191.257442][ T29] audit: type=1326 audit(1767951928.343:5515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10547 comm="syz.5.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff352572005 code=0x7ffc0000 [ 191.285794][ T29] audit: type=1326 audit(1767951928.343:5516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10547 comm="syz.5.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff352572005 code=0x7ffc0000 [ 191.310956][ T29] audit: type=1326 audit(1767951928.343:5517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10547 comm="syz.5.2389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff352572005 code=0x7ffc0000 [ 191.430179][T10606] netlink: 'syz.0.2396': attribute type 12 has an invalid length. [ 191.438170][T10606] netlink: 'syz.0.2396': attribute type 29 has an invalid length. [ 191.446058][T10606] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2396'. [ 191.455470][T10606] netlink: 'syz.0.2396': attribute type 1 has an invalid length. [ 191.463303][T10606] netlink: 43 bytes leftover after parsing attributes in process `syz.0.2396'. [ 191.529323][T10617] netlink: 'syz.1.2400': attribute type 13 has an invalid length. [ 191.572801][T10617] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.580157][T10617] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.663354][T10617] tipc: Resetting bearer [ 191.670460][ T802] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.681340][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 191.693228][ T802] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.702300][ T802] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.711341][ T802] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.735115][T10625] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2403'. [ 191.867808][T10649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2413'. [ 192.460864][T10686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 192.469573][T10686] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 192.769921][T10692] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 192.797605][T10698] netlink: 100 bytes leftover after parsing attributes in process `syz.5.2434'. [ 192.853873][T10708] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 193.009806][T10728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.020141][T10728] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.108636][T10742] netlink: 136 bytes leftover after parsing attributes in process `syz.0.2451'. [ 193.117797][T10742] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 193.175895][T10746] RDS: rds_bind could not find a transport for fc01::81, load rds_tcp or rds_rdma? [ 193.649427][T10786] netlink: 'syz.0.2464': attribute type 1 has an invalid length. [ 193.684286][T10787] lo speed is unknown, defaulting to 1000 [ 193.960491][T10814] process 'syz.4.2467' launched './file0' with NULL argv: empty string added [ 194.326693][T10844] __nla_validate_parse: 2 callbacks suppressed [ 194.326713][T10844] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2477'. [ 194.461231][T10844] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2477'. [ 194.547034][ T36] hid_parser_main: 19 callbacks suppressed [ 194.547051][ T36] hid-generic 0008:0006:0007.0016: unknown main item tag 0x0 [ 194.563524][ T36] hid-generic 0008:0006:0007.0016: unknown main item tag 0x0 [ 194.571180][ T36] hid-generic 0008:0006:0007.0016: unknown main item tag 0x0 [ 194.580328][ T36] hid-generic 0008:0006:0007.0016: unknown main item tag 0x0 [ 194.589510][ T36] hid-generic 0008:0006:0007.0016: unknown main item tag 0x0 [ 194.598541][ T36] hid-generic 0008:0006:0007.0016: unknown main item tag 0x0 [ 194.607497][ T36] hid-generic 0008:0006:0007.0016: unknown main item tag 0x0 [ 194.616477][ T36] hid-generic 0008:0006:0007.0016: unknown main item tag 0x0 [ 194.625582][ T36] hid-generic 0008:0006:0007.0016: unknown main item tag 0x0 [ 194.634316][ T36] hid-generic 0008:0006:0007.0016: unknown main item tag 0x0 [ 194.645046][ T36] hid-generic 0008:0006:0007.0016: hidraw0: HID v0.0b Device [syz1] on syz1 [ 194.778016][T10894] netlink: 100 bytes leftover after parsing attributes in process `syz.5.2489'. [ 194.794039][T10893] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2490'. [ 194.853761][T10905] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2493'. [ 194.939066][T10925] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.949080][T10925] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.350442][T10944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.376335][T10944] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.462380][T10960] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 195.492081][T10962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.513710][T10962] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.612679][T10973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.621387][T10973] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.630778][T10973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.640255][T10973] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.761928][T10983] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 195.777527][T10985] netlink: 'syz.3.2520': attribute type 17 has an invalid length. [ 195.786938][T10985] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2520'. [ 195.803497][T10987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.813697][T10987] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.824919][T10987] loop4: detected capacity change from 0 to 128 [ 195.839458][T10987] EXT4-fs mount: 69 callbacks suppressed [ 195.839475][T10987] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 195.858856][T10987] ext4 filesystem being mounted at /471/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 195.891450][T10993] loop3: detected capacity change from 0 to 512 [ 195.899116][T10987] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2521'. [ 195.908910][T10993] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 195.920541][T10993] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 195.930705][T10993] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.2520: Corrupt directory, running e2fsck is recommended [ 195.968005][T10998] loop5: detected capacity change from 0 to 1024 [ 195.974481][ T29] kauditd_printk_skb: 172 callbacks suppressed [ 195.974556][ T29] audit: type=1400 audit(1767951933.303:5690): avc: denied { setopt } for pid=10997 comm="syz.5.2522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 196.004894][T10987] netlink: 43 bytes leftover after parsing attributes in process `syz.4.2521'. [ 196.014644][T10987] tipc: Enabling of bearer rejected, failed to enable media [ 196.024169][T10998] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 196.039281][ T29] audit: type=1400 audit(1767951933.373:5691): avc: denied { read write } for pid=10997 comm="syz.5.2522" name="file2" dev="loop5" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 196.062079][ T29] audit: type=1400 audit(1767951933.373:5692): avc: denied { open } for pid=10997 comm="syz.5.2522" path="/473/file1/file2" dev="loop5" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 196.087497][ T802] Bluetooth: hci0: Frame reassembly failed (-84) [ 196.103667][T10993] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 196.123204][T10993] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #15: comm syz.3.2520: corrupted in-inode xattr: e_name out of bounds [ 196.138913][T11008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.147852][T11008] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.163301][T11008] loop0: detected capacity change from 0 to 128 [ 196.172121][T11008] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 196.184354][T10993] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2520: couldn't read orphan inode 15 (err -117) [ 196.185243][T11008] ext4 filesystem being mounted at /534/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 196.229678][T10993] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.250873][T11008] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2523'. [ 196.264374][T11008] netlink: 43 bytes leftover after parsing attributes in process `syz.0.2523'. [ 196.279558][T10993] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 196.292582][T10993] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 196.304237][T10993] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.2520: Corrupt directory, running e2fsck is recommended [ 196.347434][ T29] audit: type=1326 audit(1767951933.683:5693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10984 comm="syz.3.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7bff4f749 code=0x7ffc0000 [ 196.370979][ T29] audit: type=1326 audit(1767951933.683:5694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10984 comm="syz.3.2520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7bff4f749 code=0x7ffc0000 [ 196.410424][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.459461][ T29] audit: type=1400 audit(1767951933.793:5695): avc: denied { getopt } for pid=11019 comm="syz.1.2527" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 196.570693][ T29] audit: type=1400 audit(1767951933.903:5696): avc: denied { setopt } for pid=11021 comm="syz.1.2529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 196.709435][ T3318] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 196.774807][T11049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.784786][T11049] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.814726][ T3314] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 196.995825][T11049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.006432][T11049] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.500080][ T29] audit: type=1400 audit(1767951934.833:5697): avc: denied { bind } for pid=11070 comm="syz.1.2541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 197.627324][T11091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.637832][T11091] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.858241][T11100] tipc: Enabled bearer , priority 0 [ 197.867000][T11100] syzkaller0: entered promiscuous mode [ 197.874105][T11100] syzkaller0: entered allmulticast mode [ 197.886367][T11100] tipc: Resetting bearer [ 197.894610][T11099] tipc: Resetting bearer [ 197.903677][T11099] tipc: Disabling bearer [ 197.995996][T11108] netlink: 'syz.0.2554': attribute type 2 has an invalid length. [ 198.153008][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 198.159096][ T3580] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 198.177590][ T3853] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 198.247201][ T29] audit: type=1400 audit(1767951935.583:5698): avc: denied { connect } for pid=11135 comm="syz.5.2566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 198.249334][T11137] tipc: Failed to remove unknown binding: 66,0,0/0:1411006051/1411006052 [ 198.276594][T11137] tipc: Failed to remove unknown binding: 66,0,0/0:1411006051/1411006052 [ 198.297552][ T29] audit: type=1400 audit(1767951935.583:5699): avc: denied { write } for pid=11135 comm="syz.5.2566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 198.347260][T11144] 0: reclassify loop, rule prio 0, protocol 700 [ 198.442017][ T36] hid-generic 0000:0000:FFFFFFFC.0017: hidraw0: HID v8.00 Device [syz0] on syz0 [ 198.442916][T11161] lo speed is unknown, defaulting to 1000 [ 198.460827][T11158] netlink: 'syz.4.2574': attribute type 1 has an invalid length. [ 198.490376][T11184] loop0: detected capacity change from 0 to 1024 [ 198.497493][T11184] ext4: Unknown parameter 'euid' [ 198.531012][T11200] loop5: detected capacity change from 0 to 128 [ 198.537790][T11200] vfat: Bad value for 'utf8' [ 198.554903][T11207] loop3: detected capacity change from 0 to 1024 [ 198.574705][T11207] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 198.601499][T11207] can0: slcan on ptm0. [ 198.637491][T11226] __vm_enough_memory: pid: 11226, comm: syz.5.2582, bytes: 4503599627366400 not enough memory for the allocation [ 198.656866][T11207] can0 (unregistered): slcan off ptm0. [ 198.663059][T11207] Falling back ldisc for ptm0. [ 198.678703][T11227] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 198.696159][T11229] tipc: Enabled bearer , priority 10 [ 198.745829][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.115053][T11265] loop8: detected capacity change from 0 to 7 [ 199.122949][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 199.132572][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 199.140781][ C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 199.150410][ C0] Buffer I/O error on dev loop8, logical block 0, async page read [ 199.158799][T11265] loop8: unable to read partition table [ 199.164821][T11265] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 199.441320][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 199.595033][T11292] lo speed is unknown, defaulting to 1000 [ 199.654797][T11316] loop5: detected capacity change from 0 to 1024 [ 199.677735][T11316] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 199.711600][T11316] can0: slcan on ptm0. [ 199.752870][T11316] can0 (unregistered): slcan off ptm0. [ 199.758623][T11316] Falling back ldisc for ptm0. [ 199.811398][ T9] tipc: Node number set to 10005162 [ 199.831112][ T3853] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.894078][ T36] IPVS: starting estimator thread 0... [ 199.903679][T11345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 199.919670][T11345] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 199.981333][T11343] IPVS: using max 2208 ests per chain, 110400 per kthread [ 199.996596][T11351] __nla_validate_parse: 10 callbacks suppressed [ 199.996613][T11351] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2614'. [ 200.024670][T11351] team0: Port device team_slave_0 removed [ 200.576302][T11391] loop5: detected capacity change from 0 to 1024 [ 200.584598][T11391] EXT4-fs: Ignoring removed bh option [ 200.603367][T11391] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.799061][ T3853] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.842794][T11420] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2639'. [ 200.866140][T11420] team0: Port device team_slave_0 removed [ 200.973401][T11446] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2649'. [ 200.997763][T11449] bridge1: entered promiscuous mode [ 201.267769][T11470] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2659'. [ 201.320485][T11470] team0: Port device team_slave_0 removed [ 201.657267][T11501] loop3: detected capacity change from 0 to 1024 [ 201.674476][T11501] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 201.690934][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 201.690951][ T29] audit: type=1400 audit(1767951939.033:5706): avc: denied { accept } for pid=11498 comm="syz.5.2669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 201.696787][T11499] netlink: 'syz.5.2669': attribute type 10 has an invalid length. [ 201.726594][T11501] can0: slcan on ptm0. [ 201.754570][T11499] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 201.772913][T11501] can0 (unregistered): slcan off ptm0. [ 201.778785][T11501] Falling back ldisc for ptm0. [ 201.786995][T11499] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2669'. [ 201.830119][T11499] bridge_slave_1: left allmulticast mode [ 201.835898][T11499] bridge_slave_1: left promiscuous mode [ 201.841653][T11499] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.863443][T11499] bridge_slave_0: left allmulticast mode [ 201.863462][T11499] bridge_slave_0: left promiscuous mode [ 201.863664][T11499] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.874005][T11499] bond0: (slave bridge0): Releasing backup interface [ 202.015371][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.068351][T11528] lo speed is unknown, defaulting to 1000 [ 202.170797][T11560] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 202.170797][T11560] The task syz.5.2674 (11560) triggered the difference, watch for misbehavior. [ 202.528047][T11567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.538137][T11567] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.549216][T11567] loop4: detected capacity change from 0 to 128 [ 202.558792][T11567] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 202.571226][T11567] ext4 filesystem being mounted at /491/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 202.603944][T11567] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2677'. [ 202.615979][T11567] netlink: 43 bytes leftover after parsing attributes in process `syz.4.2677'. [ 202.784369][T11575] loop0: detected capacity change from 0 to 1024 [ 202.805061][T11575] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 202.824343][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 202.893378][T11582] loop3: detected capacity change from 0 to 1024 [ 202.904599][T11582] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 202.919991][ T413] Bluetooth: hci1: Frame reassembly failed (-84) [ 202.922023][T11582] netlink: 176 bytes leftover after parsing attributes in process `syz.3.2679'. [ 202.969852][ T29] audit: type=1326 audit(1767951940.303:5707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11588 comm="syz.5.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff35253f749 code=0x7ffc0000 [ 202.995115][ T29] audit: type=1326 audit(1767951940.303:5708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11588 comm="syz.5.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff35253f749 code=0x7ffc0000 [ 203.020185][ T29] audit: type=1326 audit(1767951940.303:5709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11588 comm="syz.5.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff35253f749 code=0x7ffc0000 [ 203.043937][T11590] loop5: detected capacity change from 0 to 512 [ 203.053220][ T29] audit: type=1326 audit(1767951940.303:5710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11588 comm="syz.5.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff352541667 code=0x7ffc0000 [ 203.078230][ T29] audit: type=1326 audit(1767951940.303:5711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11588 comm="syz.5.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7ff3525415dc code=0x7ffc0000 [ 203.103253][ T29] audit: type=1326 audit(1767951940.303:5712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11588 comm="syz.5.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7ff352541514 code=0x7ffc0000 [ 203.128389][ T29] audit: type=1326 audit(1767951940.303:5713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11588 comm="syz.5.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7ff352541514 code=0x7ffc0000 [ 203.153426][ T29] audit: type=1326 audit(1767951940.303:5714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11588 comm="syz.5.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7ff35253e3aa code=0x7ffc0000 [ 203.178402][ T29] audit: type=1326 audit(1767951940.303:5715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11588 comm="syz.5.2680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff35253f749 code=0x7ffc0000 [ 203.205390][T11590] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 203.216998][T11590] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 203.227129][T11590] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.2680: Corrupt directory, running e2fsck is recommended [ 203.241759][ T3318] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 203.274987][T11590] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 203.301081][T11590] EXT4-fs error (device loop5): ext4_iget_extra_inode:5073: inode #15: comm syz.5.2680: corrupted in-inode xattr: e_name out of bounds [ 203.322407][T11601] loop4: detected capacity change from 0 to 1024 [ 203.323735][T11590] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.2680: couldn't read orphan inode 15 (err -117) [ 203.343075][T11590] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 203.358648][T11601] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.373033][T11590] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 203.386068][T11590] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 203.397759][T11590] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.2680: Corrupt directory, running e2fsck is recommended [ 203.413384][T11590] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 203.426704][T11590] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 203.438258][T11590] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.2680: Corrupt directory, running e2fsck is recommended [ 203.452881][T11601] can0: slcan on ptm2. [ 203.474598][ T3853] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.492890][T11601] can0 (unregistered): slcan off ptm2. [ 203.498551][T11601] Falling back ldisc for ptm2. [ 203.583908][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.604239][T11615] loop5: detected capacity change from 0 to 1024 [ 203.625530][T11615] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.648446][T11615] can0: slcan on ptm2. [ 203.692771][T11615] can0 (unregistered): slcan off ptm2. [ 203.698527][T11615] Falling back ldisc for ptm2. [ 203.802320][ T3853] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.832284][T11636] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2686'. [ 203.955791][T11646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 203.965969][T11646] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 203.976115][T11646] loop5: detected capacity change from 0 to 128 [ 203.984830][T11646] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 203.998275][T11646] ext4 filesystem being mounted at /513/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 204.030945][T11646] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2691'. [ 204.380422][T11659] loop1: detected capacity change from 0 to 512 [ 204.387426][T11659] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 204.399106][T11659] EXT4-fs (loop1): 1 truncate cleaned up [ 204.406651][T11659] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 204.504350][T11665] loop4: detected capacity change from 0 to 1024 [ 204.523078][T11665] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 204.543732][T11665] can0: slcan on ptm2. [ 204.592817][T11665] can0 (unregistered): slcan off ptm2. [ 204.599124][T11665] Falling back ldisc for ptm2. [ 204.606254][T11675] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 204.619797][ T3853] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 204.704071][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.754383][T11686] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 204.778017][T11686] can0: slcan on ptm2. [ 204.821586][T11686] can0 (unregistered): slcan off ptm2. [ 204.827355][T11686] Falling back ldisc for ptm2. [ 204.871340][ T3589] Bluetooth: hci0: command 0x1003 tx timeout [ 204.875192][ T3580] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 204.896796][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 204.941586][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.951354][ T44] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 204.955450][ T3580] Bluetooth: hci1: command 0x1003 tx timeout [ 204.979254][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 205.185619][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.330200][T11737] __nla_validate_parse: 1 callbacks suppressed [ 205.330217][T11737] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2711'. [ 205.409065][T11741] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 205.433904][T11741] can0: slcan on ptm0. [ 205.483094][T11741] can0 (unregistered): slcan off ptm0. [ 205.490933][T11741] Falling back ldisc for ptm0. [ 205.575594][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.624331][T11759] tipc: Enabled bearer , priority 0 [ 205.633532][T11759] syzkaller0: entered promiscuous mode [ 205.639167][T11759] syzkaller0: entered allmulticast mode [ 205.664193][T11759] tipc: Resetting bearer [ 205.670260][T11758] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 205.683714][T11756] tipc: Resetting bearer [ 205.690557][T11756] tipc: Disabling bearer [ 205.698104][ T413] Bluetooth: hci0: Frame reassembly failed (-84) [ 206.911116][T11812] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2736'. [ 207.060547][T11815] lo speed is unknown, defaulting to 1000 [ 207.090635][T11815] netlink: 'syz.3.2734': attribute type 1 has an invalid length. [ 207.115994][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 207.116008][ T29] audit: type=1400 audit(1767951944.453:5728): avc: denied { mounton } for pid=11844 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 207.218075][T11844] lo speed is unknown, defaulting to 1000 [ 207.308164][T11844] chnl_net:caif_netlink_parms(): no params data found [ 207.354591][T11844] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.361864][T11844] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.369377][T11844] bridge_slave_0: entered allmulticast mode [ 207.376118][T11844] bridge_slave_0: entered promiscuous mode [ 207.383080][T11844] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.390179][T11844] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.397442][T11844] bridge_slave_1: entered allmulticast mode [ 207.403986][T11844] bridge_slave_1: entered promiscuous mode [ 207.426840][T11844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.437383][T11844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.460530][T11844] team0: Port device team_slave_0 added [ 207.468699][T11844] team0: Port device team_slave_1 added [ 207.487401][T11844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.494463][T11844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 207.520578][T11844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.531998][T11844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.539013][T11844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 207.564969][T11844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.594056][T11844] hsr_slave_0: entered promiscuous mode [ 207.600308][T11844] hsr_slave_1: entered promiscuous mode [ 207.606192][T11844] debugfs: 'hsr0' already exists in 'hsr' [ 207.611993][T11844] Cannot create hsr debugfs directory [ 207.752090][ T3580] Bluetooth: hci0: command 0x1003 tx timeout [ 207.760290][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 207.785687][ T3853] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 207.806223][T12174] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2742'. [ 207.863987][T11844] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 207.876562][T11844] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 207.887892][T11844] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 207.897149][T11844] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 207.918451][T11844] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.925612][T11844] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.932937][T11844] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.940092][T11844] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.958352][T12213] netlink: 'syz.3.2747': attribute type 6 has an invalid length. [ 207.973699][T11844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.985894][ T923] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.994246][ T923] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.011312][T11844] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.026872][ T413] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.034131][ T413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.050347][T12213] netlink: 'syz.3.2747': attribute type 4 has an invalid length. [ 208.058231][T12213] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2747'. [ 208.067277][ T413] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.074486][ T413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.163953][ T9] IPVS: starting estimator thread 0... [ 208.165112][T12219] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 208.197838][T12237] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2756'. [ 208.214504][T11844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.261570][T12234] IPVS: using max 2208 ests per chain, 110400 per kthread [ 208.319248][T11844] veth0_vlan: entered promiscuous mode [ 208.326496][T12257] netlink: 'syz.3.2763': attribute type 4 has an invalid length. [ 208.335982][T12257] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2763'. [ 208.350925][T11844] veth1_vlan: entered promiscuous mode [ 208.368017][T11844] veth0_macvtap: entered promiscuous mode [ 208.375568][T11844] veth1_macvtap: entered promiscuous mode [ 208.387724][T11844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 208.400074][T11844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 208.430647][T12262] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.437995][T12262] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.453703][T12266] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2767'. [ 208.510977][T12262] bond1: left promiscuous mode [ 208.518381][T12262] ip6gre1: left promiscuous mode [ 208.523782][T12262] ip6gre1: left allmulticast mode [ 208.541018][ T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.552421][T12266] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2767'. [ 208.567378][ T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.587105][ T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.600123][ T29] audit: type=1400 audit(1767951945.933:5729): avc: denied { mounton } for pid=11844 comm="syz-executor" path="/root/syzkaller.MBKgDT/syz-tmp" dev="sda1" ino=2049 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 208.603448][ T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.628662][ T29] audit: type=1400 audit(1767951945.933:5730): avc: denied { mount } for pid=11844 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 208.639395][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.666145][ T29] audit: type=1400 audit(1767951945.933:5731): avc: denied { mount } for pid=11844 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 208.688512][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.688634][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.688671][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.720599][ T29] audit: type=1400 audit(1767951945.973:5732): avc: denied { mounton } for pid=11844 comm="syz-executor" path="/root/syzkaller.MBKgDT/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 208.747452][ T29] audit: type=1400 audit(1767951945.973:5733): avc: denied { mounton } for pid=11844 comm="syz-executor" path="/root/syzkaller.MBKgDT/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=37152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 208.779299][ T29] audit: type=1400 audit(1767951946.123:5734): avc: denied { mounton } for pid=11844 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 208.803973][ T29] audit: type=1400 audit(1767951946.123:5735): avc: denied { mount } for pid=11844 comm="syz-executor" name="/" dev="gadgetfs" ino=4642 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 208.890331][T12292] netlink: 'syz.5.2774': attribute type 4 has an invalid length. [ 208.899764][T12292] netlink: 17 bytes leftover after parsing attributes in process `syz.5.2774'. [ 208.944991][T12301] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2777'. [ 208.997546][T12309] bridge2: entered promiscuous mode [ 209.010340][T12309] macsec0: entered promiscuous mode [ 209.015959][T12309] macsec0: entered allmulticast mode [ 209.021375][T12309] bridge2: entered allmulticast mode [ 209.027648][T12309] bridge2: left allmulticast mode [ 209.034702][T12309] bridge2: left promiscuous mode [ 209.169158][T12339] netlink: 'syz.4.2790': attribute type 4 has an invalid length. [ 209.264714][T12359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 209.280212][T12359] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 209.367799][T12381] tipc: Enabled bearer , priority 0 [ 209.380496][T12381] syzkaller0: entered promiscuous mode [ 209.387716][T12381] syzkaller0: entered allmulticast mode [ 209.396776][T12381] tipc: Resetting bearer [ 209.404964][T12380] tipc: Resetting bearer [ 209.413337][T12380] tipc: Disabling bearer [ 209.703359][T12431] lo speed is unknown, defaulting to 1000 [ 209.886804][T12484] netlink: 'syz.0.2837': attribute type 6 has an invalid length. [ 209.987231][T12506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.004431][T12506] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.036789][T12517] netlink: 'syz.0.2851': attribute type 6 has an invalid length. [ 210.342776][T12547] lo speed is unknown, defaulting to 1000 [ 210.368198][T12589] __nla_validate_parse: 20 callbacks suppressed [ 210.368214][T12589] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2868'. [ 210.492136][T12547] chnl_net:caif_netlink_parms(): no params data found [ 210.545533][T12713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2881'. [ 210.563869][T12713] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2881'. [ 210.609099][T12547] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.618202][T12547] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.627728][T12547] bridge_slave_0: entered allmulticast mode [ 210.636469][T12547] bridge_slave_0: entered promiscuous mode [ 210.653669][T12547] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.660906][T12547] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.683044][T12547] bridge_slave_1: entered allmulticast mode [ 210.689728][T12547] bridge_slave_1: entered promiscuous mode [ 210.725493][T12547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.739558][T12547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.775214][T12547] team0: Port device team_slave_0 added [ 210.784779][T12821] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.793466][T12547] team0: Port device team_slave_1 added [ 210.801212][T12821] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.824718][T12547] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.832020][T12547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 210.858031][T12547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.872047][T12547] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.879134][T12547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 210.905110][T12547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.941512][T12547] hsr_slave_0: entered promiscuous mode [ 210.947991][T12547] hsr_slave_1: entered promiscuous mode [ 210.954718][T12547] debugfs: 'hsr0' already exists in 'hsr' [ 210.960499][T12547] Cannot create hsr debugfs directory [ 211.294466][T12547] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 211.304923][T12547] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 211.315795][T12547] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 211.326260][T12547] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 211.387974][T12547] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.402225][T12547] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.412200][ T413] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.419433][ T413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.452311][ T413] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.459462][ T413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.570395][T12547] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.677673][T12547] veth0_vlan: entered promiscuous mode [ 211.686950][T12547] veth1_vlan: entered promiscuous mode [ 211.709242][T12547] veth0_macvtap: entered promiscuous mode [ 211.719093][T12547] veth1_macvtap: entered promiscuous mode [ 211.746867][T12547] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 211.755795][T13010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.756515][T13010] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.774889][T12547] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 211.797016][ T413] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.806441][ T413] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.816898][ T413] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.826307][ T413] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 211.861952][T13017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2910'. [ 211.871935][T13017] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2910'. [ 211.888888][T13019] netlink: 'syz.0.2863': attribute type 6 has an invalid length. [ 211.943184][T13025] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2913'. [ 211.988034][T13033] tipc: Enabled bearer , priority 0 [ 211.996647][T13033] syzkaller0: entered promiscuous mode [ 212.002213][T13033] syzkaller0: entered allmulticast mode [ 212.012253][T13033] tipc: Resetting bearer [ 212.019404][T13032] tipc: Resetting bearer [ 212.027271][T13032] tipc: Disabling bearer [ 212.179767][T13056] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2923'. [ 212.193973][T13056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2923'. [ 212.326956][T13065] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2927'. [ 212.357967][T13067] tipc: Enabled bearer , priority 0 [ 212.375343][T13065] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2927'. [ 212.391021][T13067] syzkaller0: entered promiscuous mode [ 212.398331][T13067] syzkaller0: entered allmulticast mode [ 212.445258][T13067] tipc: Resetting bearer [ 212.469143][T13066] tipc: Resetting bearer [ 212.486556][T13066] tipc: Disabling bearer [ 212.686662][T13101] netlink: 'syz.3.2939': attribute type 4 has an invalid length. [ 212.864656][T13139] netlink: 'syz.0.2953': attribute type 4 has an invalid length. [ 213.016309][T13163] lo speed is unknown, defaulting to 1000 [ 213.027052][T13172] netlink: 'syz.1.2966': attribute type 4 has an invalid length. [ 213.335994][T13237] netlink: 'syz.1.2983': attribute type 4 has an invalid length. [ 213.355678][T13238] tipc: Enabled bearer , priority 0 [ 213.368416][T13238] syzkaller0: entered promiscuous mode [ 213.373970][T13238] syzkaller0: entered allmulticast mode [ 213.398154][T13236] tipc: Resetting bearer [ 213.413824][T13236] tipc: Disabling bearer [ 213.445046][T13249] team_slave_0: entered promiscuous mode [ 213.450887][T13249] team_slave_1: entered promiscuous mode [ 213.478770][T13249] macsec1: entered promiscuous mode [ 213.484192][T13249] team0: entered promiscuous mode [ 213.489512][T13249] macsec1: entered allmulticast mode [ 213.495191][T13249] team0: entered allmulticast mode [ 213.500327][T13249] team_slave_0: entered allmulticast mode [ 213.506127][T13249] team_slave_1: entered allmulticast mode [ 213.525885][T13249] team0: left allmulticast mode [ 213.530829][T13249] team_slave_0: left allmulticast mode [ 213.536455][T13249] team_slave_1: left allmulticast mode [ 213.542124][T13249] team0: left promiscuous mode [ 213.547082][T13249] team_slave_0: left promiscuous mode [ 213.552787][T13249] team_slave_1: left promiscuous mode [ 213.695145][T13279] netlink: 'syz.4.2997': attribute type 4 has an invalid length. [ 213.893902][T13301] team_slave_1: entered promiscuous mode [ 213.913080][T13301] macsec0: entered promiscuous mode [ 213.918374][T13301] team0: entered promiscuous mode [ 213.925190][T13301] macsec0: entered allmulticast mode [ 213.930542][T13301] team0: entered allmulticast mode [ 213.937309][T13301] team_slave_1: entered allmulticast mode [ 214.186643][T13301] team0: left allmulticast mode [ 214.193356][T13301] team_slave_1: left allmulticast mode [ 214.198882][T13301] team0: left promiscuous mode [ 214.205302][T13301] team_slave_1: left promiscuous mode [ 214.288919][T13315] netlink: 'syz.5.3010': attribute type 4 has an invalid length. [ 214.392077][T13336] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.402463][T13336] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.554563][T13364] netlink: 'syz.4.3024': attribute type 4 has an invalid length. [ 214.971907][T13393] netlink: 'syz.5.3038': attribute type 4 has an invalid length. [ 215.194713][T13415] tipc: Started in network mode [ 215.199670][T13415] tipc: Node identity 6a7653d2d59b, cluster identity 4711 [ 215.208151][T13415] tipc: Enabled bearer , priority 0 [ 215.215709][T13415] syzkaller0: entered promiscuous mode [ 215.221212][T13415] syzkaller0: entered allmulticast mode [ 215.234974][T13414] tipc: Resetting bearer [ 215.244941][T13414] tipc: Disabling bearer [ 215.375876][T13422] lo speed is unknown, defaulting to 1000 [ 215.394859][T13453] __nla_validate_parse: 43 callbacks suppressed [ 215.394872][T13453] netlink: 92 bytes leftover after parsing attributes in process `syz.4.3053'. [ 215.442664][T13476] netlink: 92 bytes leftover after parsing attributes in process `syz.3.3064'. [ 215.453766][T13477] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3055'. [ 215.462909][T13477] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3055'. [ 215.471960][T13477] netlink: 376 bytes leftover after parsing attributes in process `syz.4.3055'. [ 215.519986][T13551] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3056'. [ 215.530071][T13552] netlink: 'syz.3.3057': attribute type 4 has an invalid length. [ 215.537910][T13552] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3057'. [ 215.550275][T13422] chnl_net:caif_netlink_parms(): no params data found [ 215.594764][T13562] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3058'. [ 215.645328][T13422] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.652620][T13422] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.664144][T13422] bridge_slave_0: entered allmulticast mode [ 215.670730][T13422] bridge_slave_0: entered promiscuous mode [ 215.678457][T13422] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.685576][T13422] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.693095][T13422] bridge_slave_1: entered allmulticast mode [ 215.699798][T13422] bridge_slave_1: entered promiscuous mode [ 215.750350][T13642] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3065'. [ 215.767832][T13422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 215.796758][T13642] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3065'. [ 215.854650][ T802] tipc: Disabling bearer [ 216.383571][ T802] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 216.393082][ T802] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 216.402382][ T802] bond0 (unregistering): Released all slaves [ 216.412077][T13422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.455151][T13422] team0: Port device team_slave_0 added [ 216.464123][ T802] tipc: Left network mode [ 216.469462][T13422] team0: Port device team_slave_1 added [ 216.476354][ T802] IPVS: stopping master sync thread 4132 ... [ 216.492205][T13697] lo speed is unknown, defaulting to 1000 [ 216.536452][T13733] netlink: 'syz.1.3073': attribute type 4 has an invalid length. [ 216.574036][ T802] hsr_slave_0: left promiscuous mode [ 216.582414][ T802] hsr_slave_1: left promiscuous mode [ 216.588101][ T802] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 216.596337][ T802] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 216.645205][ T802] team0 (unregistering): Port device team_slave_1 removed [ 216.681852][T13422] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 216.688813][T13422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 216.714864][T13422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 216.726416][T13422] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 216.733546][T13422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 216.759667][T13422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 216.830135][T13422] hsr_slave_0: entered promiscuous mode [ 216.844002][T13422] hsr_slave_1: entered promiscuous mode [ 216.849936][T13422] debugfs: 'hsr0' already exists in 'hsr' [ 216.855736][T13422] Cannot create hsr debugfs directory [ 216.917857][ T31] ================================================================== [ 216.925975][ T31] BUG: KCSAN: data-race in copy_process / free_pid [ 216.932506][ T31] [ 216.934849][ T31] read-write to 0xffffffff86860008 of 4 bytes by task 13842 on cpu 1: [ 216.943010][ T31] free_pid+0xb9/0x1d0 [ 216.947110][ T31] free_pids+0x7a/0xb0 [ 216.951206][ T31] release_task+0x9a7/0xb60 [ 216.955727][ T31] do_exit+0xd4d/0x1590 [ 216.959906][ T31] call_usermodehelper_exec_async+0x247/0x250 [ 216.965998][ T31] ret_from_fork+0x149/0x290 [ 216.970610][ T31] ret_from_fork_asm+0x1a/0x30 [ 216.975397][ T31] [ 216.977832][ T31] read to 0xffffffff86860008 of 4 bytes by task 31 on cpu 0: [ 216.985215][ T31] copy_process+0x16d4/0x1ef0 [ 216.989918][ T31] kernel_clone+0x16c/0x5c0 [ 216.994456][ T31] user_mode_thread+0x7d/0xb0 [ 216.999166][ T31] call_usermodehelper_exec_work+0x41/0x160 [ 217.005091][ T31] process_scheduled_works+0x4ce/0x9d0 [ 217.010567][ T31] worker_thread+0x582/0x770 [ 217.015173][ T31] kthread+0x489/0x510 [ 217.019275][ T31] ret_from_fork+0x149/0x290 [ 217.023890][ T31] ret_from_fork_asm+0x1a/0x30 [ 217.028672][ T31] [ 217.031002][ T31] value changed: 0x800000f0 -> 0x800000ef [ 217.036731][ T31] [ 217.039065][ T31] Reported by Kernel Concurrency Sanitizer on: [ 217.045319][ T31] CPU: 0 UID: 0 PID: 31 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(voluntary) [ 217.055052][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 217.065124][ T31] Workqueue: events_unbound call_usermodehelper_exec_work [ 217.072262][ T31] ================================================================== [ 217.081789][ T29] audit: type=1400 audit(1767951954.423:5736): avc: denied { write } for pid=3297 comm="syz-executor" path="pipe:[2356]" dev="pipefs" ino=2356 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 217.163141][ T802] IPVS: stop unused estimator thread 0... [ 217.555979][ T802] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.614283][ T802] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.684670][ T802] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.754431][ T802] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.828869][ T802] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.854424][ T802] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.914866][ T802] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.974675][ T802] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.026937][ T802] bridge_slave_1: left allmulticast mode [ 218.032669][ T802] bridge_slave_1: left promiscuous mode [ 218.038339][ T802] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.046147][ T802] bridge_slave_0: left allmulticast mode [ 218.051862][ T802] bridge_slave_0: left promiscuous mode [ 218.057555][ T802] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.065935][ T802] bridge_slave_1: left allmulticast mode [ 218.071641][ T802] bridge_slave_1: left promiscuous mode [ 218.077281][ T802] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.085211][ T802] bridge_slave_0: left allmulticast mode [ 218.090855][ T802] bridge_slave_0: left promiscuous mode [ 218.096642][ T802] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.105236][ T802] bridge_slave_1: left allmulticast mode [ 218.110880][ T802] bridge_slave_1: left promiscuous mode [ 218.116582][ T802] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.124758][ T802] bridge_slave_0: left allmulticast mode [ 218.130397][ T802] bridge_slave_0: left promiscuous mode [ 218.136077][ T802] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.253443][ T802] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 218.263346][ T802] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 218.272727][ T802] bond0 (unregistering): Released all slaves [ 218.324611][ T802] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 218.334595][ T802] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 218.344210][ T802] bond0 (unregistering): Released all slaves [ 218.453396][ T802] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 218.463228][ T802] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 218.472850][ T802] bond0 (unregistering): Released all slaves [ 218.515786][ T802] tipc: Left network mode [ 218.524751][ T802] hsr_slave_0: left promiscuous mode [ 218.530466][ T802] hsr_slave_1: left promiscuous mode [ 218.536132][ T802] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.543644][ T802] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.553737][ T802] hsr_slave_0: left promiscuous mode [ 218.559534][ T802] hsr_slave_1: left promiscuous mode [ 218.565296][ T802] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.572783][ T802] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.580325][ T802] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.587776][ T802] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.597140][ T802] hsr_slave_0: left promiscuous mode [ 218.603090][ T802] hsr_slave_1: left promiscuous mode [ 218.608700][ T802] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.616214][ T802] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.623947][ T802] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.631446][ T802] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.645316][ T802] veth1_macvtap: left promiscuous mode [ 218.650863][ T802] veth0_macvtap: left promiscuous mode [ 218.656506][ T802] veth1_vlan: left promiscuous mode [ 218.661788][ T802] veth0_vlan: left promiscuous mode [ 218.667652][ T802] veth1_macvtap: left promiscuous mode [ 218.673182][ T802] veth0_macvtap: left promiscuous mode [ 218.678693][ T802] veth1_vlan: left promiscuous mode [ 218.684142][ T802] veth0_vlan: left promiscuous mode [ 218.788212][ T802] team0 (unregistering): Port device team_slave_1 removed [ 218.798849][ T802] team0 (unregistering): Port device team_slave_0 removed [ 218.854803][ T802] team0 (unregistering): Port device team_slave_1 removed [ 218.864767][ T802] team0 (unregistering): Port device team_slave_0 removed [ 218.921953][ T802] team0 (unregistering): Port device team_slave_1 removed [ 218.933987][ T802] team0 (unregistering): Port device team_slave_0 removed