last executing test programs: 2m0.016311597s ago: executing program 0 (id=1): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x1000c40, &(0x7f00000002c0), 0x5, 0x51c, &(0x7f0000000700)="$eJzs3cFvI1cZAPBvZjebNE2bFCoVENClFBa0WjvxtlHVU7mAUFUJUXHikIbEG0Vx4ih2ShNWavI/IFGJA4ITZyQQHCr1xBHBDW69lANSgRWoQeJgNONx1t3YG3c3awv795NGM29mMt97Y8178RfHL4CJdTUijiLiSkS8ERHzxf6kWOKV9pKd99Gd22snd26vJdFqvf6PJD+e7Yuun8k8XlxzJiK++62IHyRn4zYODrdWa7XqXlEuN7d3y42Dwxub26sb1Y3qTqWyvLS8+NLNFysDtWNmgHOe3f7Vh9/cfPV77/7uCx/86ejrP8qqNVcc627HRWo3feo0TuZyRLz6KIKNwKWiPVdGXREeSBoRn4qI5/Lnfz4u5a/mYHo81gDA/4FWaz5a891lAGDcpXkOLElLRS5gLtK0VGrn8J6O2bRWbzSv36rv76y3c2ULMZXe2qxVF4tc4UJMJVl56e1s+265Eh8v34yIpyLix9OP5eXS2uB5BgDgYj1+z/j/7+n2+A8AjLmeH57pfn++Mry6AADDMciHZwGA8WL8B4DJc3f8nx1pPQCA4fH+HwAmj/EfACbN+53x/9KoawIADMV3XnstW1onxfdfr795sL9Vf/PGerWxVdreXyut1fd2Sxv1+katWlqrb593vVq9vrv0Quy/VW5WG81y4+BwZbu+v9Ncyb/Xe6U6NZRWAQD389Sz7/0liYijlx/Ll+iay8FYDeMtHXUFgJGR84fJ5Vu4YXJ5jw+T69fFf/yeN5dn348Iv/MAQVtvP8APARft2mfl/2FSyf/D5JL/h8kl/w+Tq9VK+s35n56eAgCMlU+Y4/cnARhDQ/37PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIyJuXxZ6CqnaakU8URELMRUcmuzVl2MiCcj4s/TU9NZeWmkNQYAHl76t6SY/+va/PNz9x69kvxnOl9HxA9/+vpP3lptNveWsv3/PN3ffKfYXxlF/QGA83TG6c443vHRndtrnWWY9fnwG+3JRbO4J8XSPnI5LmerP87kkw7P/itplwvZ7yuXLiD+0XFEfKZX+5M8N7JQzHx6b/ws9hNDjZ9+LH6aH2uvs3vx6TNXnu4b87y5XmFSvJf1P6/0ev7SuJqvZ3pOfjyT91APr9P/nZzp/zrP+0ze1/Tq/64OGuOF33+777HjiM9d7hU/OY2f9In//IDx3//8F5/rd6z184hr0Tt+d6xyc3u33Dg4vJHd+OpGdadSWV5aXnzp5ouVcp6jLncy1d3aI8TfX77+ZN/2//K3RUd5Nv7MOe3/yn1b3TrtgH/x3ze+/6V+8Y8jvvbl3q//0/eJn42JXy22+/f0bauzv+k7fXcWf719/48/6et//Zy4HR/89XB9wFMBgCFoHBxurdZq1b0L3ZiKC75g10byiOpsYwQbMcRY2a/JD3udZ4qU2Wrn+ek+5w8/e/eZbN/I7+qFbIyuTwKG4+5DP+qaAAAAAAAAAAAAAAAA/TzyfydKR91CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxtn/AgAA//8LKMVX") r0 = open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e029a4c66810000000000d300e6d602090000000000000000000001", [0x204]}) write$UHID_INPUT2(r0, 0x0, 0x90) 1m59.243761151s ago: executing program 0 (id=14): r0 = fsopen(&(0x7f0000000400)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x84) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x10c) lseek(r2, 0x0, 0x0) 1m57.523831023s ago: executing program 0 (id=46): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x34, 0x10, 0xffffffffffffffff, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x1715}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24004844}, 0x8000002) 1m57.523509993s ago: executing program 32 (id=46): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x34, 0x10, 0xffffffffffffffff, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x1715}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24004844}, 0x8000002) 1m25.728532348s ago: executing program 2 (id=806): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x78, 0x4) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00', 0x4}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4e, &(0x7f0000000040)=0x78, 0x4) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00', 0x4}, 0x1c) 1m25.615844695s ago: executing program 2 (id=818): unshare(0x24060400) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xef, 0x7, 0x0, 0x0, 0x0, 0x0, 0xc9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffdfffc, 0x0, @perf_bp={0x0, 0x8}, 0x800, 0x2000000000, 0x0, 0x5, 0x0, 0x200000b, 0xfffd, 0x0, 0x9, 0x0, 0x8003f}, 0x0, 0x400010, 0xffffffffffffffff, 0x3) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b03d25a806f8c6394f90524fc60040f03", 0x17}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xa, 0x16, &(0x7f0000000f40)=ANY=[@ANYBLOB="611289000000000061134c0000000000bf2000000000000007000000080000002d0301"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe000058"], 0xfe33) 1m25.570841808s ago: executing program 2 (id=811): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000002f40)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x4, 0x0}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000200)="9a", 0x1}], 0x1}}], 0x1, 0x4000000) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) sendto$inet(r0, &(0x7f0000000180)="f3", 0x1, 0x4, &(0x7f00000001c0)={0x2, 0x4e20, @private=0xa010102}, 0x10) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000640)=@assoc_value={r2, 0x2}, 0x8) 1m25.346024701s ago: executing program 2 (id=813): syz_mount_image$ext4(&(0x7f0000000680)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x800700, &(0x7f0000000580)={[{@grpjquota}, {@stripe={'stripe', 0x3d, 0x3}}, {@norecovery}, {@noinit_itable}, {@init_itable_val={'init_itable', 0x3d, 0x1}}, {@minixdf}, {@usrjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@errors_continue}, {@dioread_lock}, {@noblock_validity}, {@noquota}]}, 0x3, 0x465, &(0x7f0000000f00)="$eJzs3M9vFFUcAPDvzLYgP1sRf4CoVWJs/NHSgsrBi0YTDxhN9IDH2hZCWKihNRFCpBqDFxND1LPxaOJf4M2LUU8mXvVuSIhyAT3VzOwM7C67pYXtLnQ/n2SX92Ze+963b97Mm3m7BNC3RrK3JGJrRPwREUO1bGOBkdo/Vy+fnf738tnpJJaW3v47yctduXx2uixa/tyWIjOaRqSfJkUljeZPnzk+Va3Oniry4wsn3h+fP33muWMnpo7OHp09OXnw4IH9Ey++MPn8Mq3fuOI4s7iu7P5obs+u19+98Mb04Qvv/fJ91t6txf76ODplJAv8n6Vc3eYvs7cnO11Zj22rSycDPWwIq1KJiKy7BvPxPxSVuN55Q/HaJz1tHLCmsmvTMlfRxSVgHUtihcViZQWBu0V5oc/uf8tXl6Yed4RLL9dugLK4rxav2p6BSIsyg033t500EhGHF//7JnvFGj2HAACo9/n014fi2VbzvzQeqCu3vVhDGY6IeyNiR0TcFxE7I+L+iLzsgxHxUNuaNrTc2rw0dOP8J714y8GtQDb/e6lY22qc/5Wzv8pwpchty+MfTI4cq87uK/4mozG4MctPLFPHj6/+/kW7ffXzv+yV1V/OBYt2XBxoekA3M7UwlU9KO+DSxxG7B1rFn1xbCchu/XdFxO7V/ertZeLY09/taVfo5vEvowPrTEvfRjxV6//FaIq/lCy/Pjl+T1Rn942XR8WNfv3t/Fvt6r+t+Dsg6//Njcd/c5HhpH69dn71dZz/87O29zS3evxvSN7J+6U8q3w4tbBwaiJiQ3Iozzdsn7z+s2W+LJ/FP7q39fjfUUtsyt4ejojsIH4kIh6NiMeKtj8eEU9ExN5l4v/5lfb77oT+n2l5/rt2/Df1/+oTleM//dCu/pX1/4E8NVpsyc9/N7HSBt7O3w4AAADuFmn+GfgkHbuWTtOxsdpn+HfG5rQ6N7/wzJG5D07O1D4rPxyDafmka6jueehEslj8xlp+snhWXO7fXzw3/qqyKc+PTc9VZ3ocO/S7LW3Gf+avSq9bB6y5Vutoky3Xaxu+yAasA83jP23Mnnuzm40Busr3taF/3WT8p91qB9B9rv/Qv1qN/3NNeWsBsD65/kP/Mv6hfxn/0L+Mf+hLt/O9/n5OZKfMO6AZ1aGiH7tfe6S9jl1iLRKt/58mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAu9X/AQAA//9l+OT1") chdir(&(0x7f0000000400)='./file0\x00') socket$netlink(0x10, 0x3, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) 1m24.787333884s ago: executing program 2 (id=815): openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0), 0x82, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f00000000c0)={0x1, [0x0]}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000008a00)={r2, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x80, 0x2, 0x6, 0x2, 0x7ffffffe}, &(0x7f0000008ac0)=0x98) 1m24.352021149s ago: executing program 2 (id=822): socket(0x10, 0x3, 0x0) socket$kcm(0xa, 0x5, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x200007, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000029000000", @ANYRES16=r0], 0x18}, 0x40c0) 1m24.272671014s ago: executing program 33 (id=822): socket(0x10, 0x3, 0x0) socket$kcm(0xa, 0x5, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x200007, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000029000000", @ANYRES16=r0], 0x18}, 0x40c0) 3.041904981s ago: executing program 6 (id=2452): r0 = socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000520001002abd7000dff000000272000008000180feffffff"], 0x1c}, 0x1, 0x0, 0x0, 0x40091}, 0x0) 3.008402083s ago: executing program 6 (id=2454): socket$rds(0x15, 0x5, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) socket$kcm(0x2a, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x0, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x11000, 0x0, 0x7, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001100010025bd7000ffdbdf2500000000", @ANYRES32=r1], 0x20}}, 0x8080) 2.485438323s ago: executing program 3 (id=2472): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000240)={0xcf4f, 0x1, 0xffff, 0x5, 0x15, "841341000000009a"}) write$binfmt_aout(r0, &(0x7f0000000440)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x4000, 0xfffffffc, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17) 2.249255607s ago: executing program 5 (id=2478): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0xffffffffffffffff, 0x2}, 0x106020, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = eventfd2(0x0, 0x0) read$eventfd(r2, &(0x7f0000000000), 0x8) writev(r2, &(0x7f0000000580)=[{&(0x7f0000000080)='\x00\x00\x00\x00\x00\x00\x00\x00', 0x8}], 0x1) 2.007577421s ago: executing program 4 (id=2482): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) r1 = syz_io_uring_setup(0x38a9, &(0x7f0000000300)={0x0, 0xffffffff, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r0}) io_uring_enter(r1, 0x44fd, 0x3, 0x1, 0x0, 0x0) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) signalfd4(r4, &(0x7f0000000340)={[0x1]}, 0x8, 0x80800) 2.007120162s ago: executing program 4 (id=2483): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8822c, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x8, 0x6}, 0x0, 0xfffd, 0x8, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000000206010700000000000000000000000014000300686173683a69702c706f72742c6970000900020073797a31000000000500010007000000050005000a000000050004"], 0x4c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540", @ANYRES64, @ANYRES64=r1, @ANYRESHEX=r0, @ANYRES32], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 1.624233504s ago: executing program 3 (id=2485): unshare(0x22020600) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x94, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0xe654, 0x10, 0x1, 0x80400}, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1f, &(0x7f0000000000)=[r0], 0x1) 1.595742526s ago: executing program 3 (id=2486): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000005c0)=[{0x6}]}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.509143561s ago: executing program 4 (id=2487): shmdt(0x0) r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f00000001c0)={0x8000042}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) 1.490419372s ago: executing program 4 (id=2488): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20040845}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48048}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @mcast2}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x12}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.453918654s ago: executing program 4 (id=2489): r0 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0xe64, 0xb, @empty, 0x8}, 0x1c) setuid(0xee00) r1 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe64, 0x4, @empty, 0x82}, 0x1c) 1.393307028s ago: executing program 4 (id=2490): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88ce359bdb00143c, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x4) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000300)=0xf) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 1.392696008s ago: executing program 5 (id=2491): r0 = socket(0x1e, 0x1, 0x0) mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000006, 0x11, r0, 0x100000000) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000340), 0x2000011a) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r2, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 1.293846514s ago: executing program 5 (id=2492): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc097, 0x2, @perf_bp={0x0, 0x8}, 0x8216, 0x6, 0x11000, 0x0, 0x9484, 0x1, 0x400}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0xb) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001740), 0x80000, 0x0) ioctl$RTC_UIE_ON(r1, 0x7003) fsopen(0x0, 0x1) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000000)={0x1, 0x0, {0x1d, 0xc, 0x1, 0xb, 0xa, 0xe80, 0x1, 0x91}}) close_range(r0, 0xffffffffffffffff, 0x0) 1.228415587s ago: executing program 5 (id=2493): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xa, 0xb, 0x42, 0x3e, 0x42}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2, 0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000280)}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000070200004e03404fb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x4, 0x1005, &(0x7f00000014c0)=""/4101, 0x41100, 0xc}, 0x94) 1.207951408s ago: executing program 5 (id=2494): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_io_uring_setup(0x292, &(0x7f0000000140)={0x0, 0x40f7b7, 0x10, 0x1, 0x287}, &(0x7f00000007c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x4}) io_uring_enter(r2, 0x6e2, 0x3901, 0x1, 0x0, 0xe2c) sendmsg$tipc(r1, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20040018}, 0x0) recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/191, 0x115}], 0x1}, 0x40012100) 989.996561ms ago: executing program 6 (id=2495): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x4ff1, &(0x7f0000000040)={0x0, 0x835c, 0xf000, 0x20000a, 0x20002f3}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 957.973304ms ago: executing program 6 (id=2496): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x4, @empty}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) recvfrom$l2tp6(r0, 0x0, 0x94, 0x40000002, 0x0, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 743.422076ms ago: executing program 3 (id=2500): r0 = socket$can_bcm(0x1d, 0x2, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x4011, 0x4) connect$can_bcm(r0, &(0x7f00000005c0), 0x10) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000001c0)=0x7f, 0x4) recvmmsg(r0, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}], 0x1, 0x10002, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000180)=0x2, 0x4) 709.492088ms ago: executing program 1 (id=2501): socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb4, 0xb4, 0x2, [@fwd={0xf}, @union={0x10, 0x6, 0x0, 0x5, 0x0, 0x0, [{0x2, 0x0, 0x5}, {0x8, 0x2, 0x2}, {0x6, 0x0, 0x2}, {0x3, 0x2, 0xdbc}, {0xc, 0x1, 0x3338}, {0x4, 0x1, 0x33eb}]}, @func={0xc, 0x0, 0x0, 0xc, 0x1}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @enum64={0x8, 0x3, 0x0, 0x13, 0x0, 0x8, [{0xd, 0xd12e, 0x9}, {0x8, 0x7, 0x9}, {0xd, 0x6, 0x300}]}]}}, 0x0, 0xce, 0x0, 0x0, 0x7ff, 0x10000}, 0x28) unshare(0x2c020400) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) 669.74562ms ago: executing program 1 (id=2502): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) rename(0x0, &(0x7f00000000c0)='./bus\x00') dup2(r0, r1) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, 0x0, &(0x7f00000000c0)) 649.727851ms ago: executing program 3 (id=2503): recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getqdisc={0x24, 0x26, 0x10, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {0x10, 0xd}, {0x3, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x20040000) r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ec0)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}}, [@TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xe, 0x4, 0x7, 0x4, 0x2, 0x2cf, 0x8d2, 0x1}}, {0x6, 0x2, [0xffff]}}]}, @qdisc_kind_options=@q_bfifo={{0xa}, {0x8, 0x2, 0x401}}]}, 0x60}, 0x1, 0x0, 0x0, 0x80d1}, 0x34008098) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 634.719712ms ago: executing program 1 (id=2504): mknod$loop(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100, 0x0) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x6, 0xfffe}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0xa9525000) fcntl$setsig(r0, 0xa, 0x7) link(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 631.944502ms ago: executing program 6 (id=2505): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) close_range(r0, 0xffffffffffffffff, 0x200000000000000) 606.202394ms ago: executing program 3 (id=2506): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@nobarrier}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x200, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f00000001c0)="f1", 0x1) sendfile(r2, r0, 0x0, 0x40001) sendfile(r2, r1, 0x0, 0x7ffff000) 583.136745ms ago: executing program 6 (id=2507): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mbind(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x1ff, 0x3) r1 = syz_clone(0x0, 0x0, 0x43, 0x0, 0x0, 0x0) process_vm_writev(r1, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0) 340.114049ms ago: executing program 5 (id=2508): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)={0x20, r3, 0x9c3fa077fa966179, 0x0, 0x25dfdbfe, {{0x7e}, {@void, @val={0xc, 0x99, {0x7, 0x17}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x8004800}, 0x8) 306.859212ms ago: executing program 1 (id=2509): socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$usbmon(&(0x7f00000005c0), 0x3, 0x40) syz_open_dev$usbfs(&(0x7f0000002000), 0xd, 0x20041) r0 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, &(0x7f0000000dc0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 60.753216ms ago: executing program 1 (id=2510): r0 = fsopen(&(0x7f0000001140)='hugetlbfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000300)='.\x00', 0x100000, 0x0) flock(r2, 0x6) mknod$loop(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x1, 0x1) 0s ago: executing program 1 (id=2511): prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) setresgid(0x0, 0xee00, 0x0) r0 = semget$private(0x0, 0x4, 0x29b) semop(r0, &(0x7f0000000180)=[{0x0, 0x203}, {}], 0x2) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000240)={{0x0, 0xee00, 0x0, 0x0, 0x0, 0x70, 0xd49}, 0x3ff, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x3}) semctl$GETNCNT(r0, 0x4, 0xe, 0x0) kernel console output (not intermixed with test programs): mpfs_t tclass=file permissive=1 [ 81.304408][ T6235] can0 (unregistered): slcan off ttyS3. [ 81.440172][ T29] audit: type=1400 audit(1770577520.329:1126): avc: denied { create } for pid=6238 comm="dhcpcd-run-hook" name="resolv.conf.can0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.484572][ T29] audit: type=1400 audit(1770577520.349:1127): avc: denied { write } for pid=6238 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.can0.link" dev="tmpfs" ino=5064 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.511596][ T29] audit: type=1400 audit(1770577520.349:1128): avc: denied { append } for pid=6238 comm="dhcpcd-run-hook" name="resolv.conf.can0.link" dev="tmpfs" ino=5064 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.542493][ T29] audit: type=1400 audit(1770577520.429:1129): avc: denied { unlink } for pid=6256 comm="rm" name="resolv.conf.can0.link" dev="tmpfs" ino=5064 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.577674][ T6259] loop6: detected capacity change from 0 to 2048 [ 81.614908][ T6259] EXT4-fs: Ignoring removed mblk_io_submit option [ 81.677813][ T6259] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.696649][ T6259] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.983: bg 0: block 234: padding at end of block bitmap is not set [ 81.738877][ T6276] loop5: detected capacity change from 0 to 128 [ 81.747425][ T6259] EXT4-fs (loop6): Remounting filesystem read-only [ 81.790726][ T6259] EXT4-fs (loop6): error restoring inline_data for inode -- potential data loss! (inode 15, error -30) [ 81.822598][ T29] audit: type=1400 audit(1770577520.699:1130): avc: denied { read } for pid=2984 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 81.845561][ T29] audit: type=1400 audit(1770577520.699:1131): avc: denied { search } for pid=2984 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 81.867568][ T29] audit: type=1400 audit(1770577520.699:1132): avc: denied { search } for pid=2984 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 81.902356][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.915556][ T6281] loop5: detected capacity change from 0 to 128 [ 82.053897][ T6299] loop5: detected capacity change from 0 to 512 [ 82.064639][ T6299] EXT4-fs: Ignoring removed mblk_io_submit option [ 82.153064][ T6299] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 82.174395][ T6299] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e028, mo2=0002] [ 82.187358][ T6299] EXT4-fs (loop5): orphan cleanup on readonly fs [ 82.194311][ T6299] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.991: bg 0: block 361: padding at end of block bitmap is not set [ 82.209327][ T6299] EXT4-fs (loop5): Remounting filesystem read-only [ 82.216873][ T6299] EXT4-fs (loop5): 1 truncate cleaned up [ 82.223292][ T6299] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 82.253012][ T3596] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 82.427833][ T6316] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1000'. [ 82.556012][ T6328] loop6: detected capacity change from 0 to 512 [ 82.573739][ T6328] EXT4-fs: Ignoring removed oldalloc option [ 82.582048][ T6328] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 82.602852][ T6328] EXT4-fs (loop6): 1 truncate cleaned up [ 82.610201][ T6328] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.676401][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.038441][ T6360] loop1: detected capacity change from 0 to 512 [ 83.077961][ T6360] EXT4-fs error (device loop1): __ext4_iget:5426: inode #11: block 1: comm syz.1.1018: invalid block [ 83.090646][ T6360] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.1018: couldn't read orphan inode 11 (err -117) [ 83.105597][ T6360] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.177337][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.387798][ T6389] vhci_hcd vhci_hcd.4: default hub control req: 0000 v0000 i0000 l0 [ 83.485468][ T6394] loop6: detected capacity change from 0 to 128 [ 83.535731][ T6394] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 83.589770][ T6394] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.753882][ T6406] loop5: detected capacity change from 0 to 512 [ 83.763291][ T6407] loop3: detected capacity change from 0 to 512 [ 83.775447][ T6407] EXT4-fs: Ignoring removed oldalloc option [ 83.807459][ T6407] EXT4-fs (loop3): 1 truncate cleaned up [ 83.821640][ T6407] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.847521][ T6406] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.956710][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.986009][ T3596] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.356351][ T6433] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1046'. [ 85.365653][ T6467] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1060'. [ 85.374917][ T6467] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 85.582311][ T6473] netlink: 'syz.5.1063': attribute type 15 has an invalid length. [ 85.590394][ T6473] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1063'. [ 85.620901][ T1672] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 2816 - 0 [ 85.630476][ T6473] netlink: 'syz.5.1063': attribute type 15 has an invalid length. [ 85.638447][ T6473] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1063'. [ 85.647621][ T1672] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 2816 - 0 [ 85.664466][ T1672] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 2816 - 0 [ 85.673513][ T1672] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 2816 - 0 [ 86.255043][ T29] kauditd_printk_skb: 28 callbacks suppressed [ 86.255061][ T29] audit: type=1400 audit(1770577525.149:1161): avc: denied { mounton } for pid=6495 comm="syz.3.1072" path="/242/file0" dev="tmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 86.255290][ T36] kernel write not supported for file bpf-prog (pid: 36 comm: kworker/1:1) [ 86.355778][ T29] audit: type=1400 audit(1770577525.249:1162): avc: denied { append } for pid=6497 comm="syz.3.1075" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 86.385168][ T29] audit: type=1400 audit(1770577525.269:1163): avc: denied { read } for pid=6497 comm="syz.3.1075" name="usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 86.408547][ T29] audit: type=1400 audit(1770577525.269:1164): avc: denied { open } for pid=6497 comm="syz.3.1075" path="/dev/usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 86.477330][ T29] audit: type=1400 audit(1770577525.369:1165): avc: denied { watch } for pid=6504 comm="syz.3.1077" path="/proc/569/map_files" dev="proc" ino=13990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 86.626226][ T29] audit: type=1400 audit(1770577525.519:1166): avc: denied { setopt } for pid=6519 comm="syz.3.1084" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 86.651561][ T29] audit: type=1400 audit(1770577525.529:1167): avc: denied { execute } for pid=6517 comm="syz.4.1083" name="sg#" dev="devtmpfs" ino=770 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 86.673882][ T29] audit: type=1400 audit(1770577525.529:1168): avc: denied { execute_no_trans } for pid=6517 comm="syz.4.1083" path="/dev/sg#" dev="devtmpfs" ino=770 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 86.732836][ T6525] loop4: detected capacity change from 0 to 256 [ 86.867688][ T6528] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1087'. [ 86.876767][ T6528] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1087'. [ 86.890944][ T2169] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 86.906019][ T6528] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1087'. [ 86.915116][ T6528] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1087'. [ 86.925166][ T2169] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 86.934131][ T2169] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 86.946174][ T2169] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.322621][ T6552] loop4: detected capacity change from 0 to 1024 [ 87.360570][ T6552] EXT4-fs: Ignoring removed bh option [ 87.372655][ T6552] EXT4-fs: Ignoring removed nobh option [ 87.386921][ T6552] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.420861][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.492339][ T29] audit: type=1400 audit(1770577526.379:1169): avc: denied { firmware_load } for pid=6561 comm="syz.4.1100" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 88.181005][ T29] audit: type=1326 audit(1770577527.069:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.4.1108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1925d9aeb9 code=0x7ffc0000 [ 88.289645][ T6583] netlink: 'syz.5.1110': attribute type 1 has an invalid length. [ 88.297495][ T6583] netlink: 'syz.5.1110': attribute type 4 has an invalid length. [ 88.305315][ T6583] netlink: 15334 bytes leftover after parsing attributes in process `syz.5.1110'. [ 88.364382][ T6587] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1112'. [ 88.694521][ T3541] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 88.745786][ T6605] bridge_slave_0: invalid flags given to default FDB implementation [ 88.825991][ T6609] loop5: detected capacity change from 0 to 512 [ 88.855902][ T6609] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.946803][ T6609] ext4 filesystem being mounted at /225/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 88.983210][ T5820] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 89.019365][ T6609] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #2: comm syz.5.1123: corrupted inode contents [ 89.031605][ T6624] netlink: 'syz.3.1130': attribute type 22 has an invalid length. [ 89.039515][ T6624] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1130'. [ 89.063694][ T6609] EXT4-fs error (device loop5): ext4_dirty_inode:6502: inode #2: comm syz.5.1123: mark_inode_dirty error [ 89.104547][ T6624] netlink: 'syz.3.1130': attribute type 22 has an invalid length. [ 89.108470][ T6609] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #2: comm syz.5.1123: corrupted inode contents [ 89.140422][ T6609] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.1123: mark_inode_dirty error [ 89.171127][ T3596] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.783147][ T6682] loop6: detected capacity change from 0 to 512 [ 89.887861][ T6682] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 89.899652][ T6682] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 89.910387][ T6682] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.1155: Corrupt directory, running e2fsck is recommended [ 89.937076][ T6682] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117 [ 89.946111][ T6682] EXT4-fs error (device loop6): ext4_iget_extra_inode:5073: inode #15: comm syz.6.1155: corrupted in-inode xattr: e_name out of bounds [ 89.960942][ T6682] EXT4-fs error (device loop6): ext4_orphan_get:1396: comm syz.6.1155: couldn't read orphan inode 15 (err -117) [ 89.974120][ T6682] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.991997][ T6682] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 90.003890][ T6682] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 90.014940][ T6682] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.1155: Corrupt directory, running e2fsck is recommended [ 90.030778][ T6682] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 90.042934][ T6682] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 90.053237][ T6682] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.1155: Corrupt directory, running e2fsck is recommended [ 90.077740][ T6682] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 90.089636][ T6682] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 90.100247][ T6682] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.1155: Corrupt directory, running e2fsck is recommended [ 90.136826][ T6692] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 90.148763][ T6692] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 3: comm syz.6.1155: path /56/file0: bad entry in directory: directory entry overrun - offset=0, inode=4294967295, rec_len=65552, size=1024 fake=0 [ 90.170860][ T6692] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 8: comm syz.6.1155: path /56/file0: bad entry in directory: inode out of bounds - offset=0, inode=16810477, rec_len=1024, size=1024 fake=0 [ 90.210168][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.419178][ T5532] kernel write not supported for file bpf-prog (pid: 5532 comm: kworker/0:5) [ 90.770983][ T6739] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 90.783022][ T6739] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 91.341533][ T29] kauditd_printk_skb: 35 callbacks suppressed [ 91.341552][ T29] audit: type=1326 audit(1770577530.229:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6794 comm="syz.6.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 91.372072][ T29] audit: type=1326 audit(1770577530.229:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6794 comm="syz.6.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 91.395759][ T29] audit: type=1326 audit(1770577530.229:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6794 comm="syz.6.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 91.419810][ T29] audit: type=1326 audit(1770577530.309:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6794 comm="syz.6.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 91.443301][ T29] audit: type=1326 audit(1770577530.309:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6794 comm="syz.6.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 91.475722][ T29] audit: type=1326 audit(1770577530.369:1211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6794 comm="syz.6.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 91.494076][ T6800] loop1: detected capacity change from 0 to 512 [ 91.503217][ T29] audit: type=1326 audit(1770577530.389:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6794 comm="syz.6.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 91.529297][ T29] audit: type=1326 audit(1770577530.389:1213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6794 comm="syz.6.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 91.553074][ T29] audit: type=1326 audit(1770577530.389:1214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6794 comm="syz.6.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 91.576563][ T29] audit: type=1326 audit(1770577530.389:1215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6794 comm="syz.6.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 91.603900][ T6800] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 91.615978][ T6800] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 91.626105][ T6800] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.1205: Corrupt directory, running e2fsck is recommended [ 91.640288][ T6800] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 91.648765][ T6800] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.1205: corrupted in-inode xattr: e_name out of bounds [ 91.663589][ T6800] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.1205: couldn't read orphan inode 15 (err -117) [ 91.676022][ T6800] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.692879][ T6800] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 91.704616][ T6800] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 91.714905][ T6800] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.1205: Corrupt directory, running e2fsck is recommended [ 91.749791][ T6807] __nla_validate_parse: 2 callbacks suppressed [ 91.749807][ T6807] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1208'. [ 91.765376][ T6807] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1208'. [ 91.774422][ T6807] netlink: 5 bytes leftover after parsing attributes in process `syz.5.1208'. [ 91.791935][ T6809] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 91.797851][ T6807] loop5: detected capacity change from 0 to 256 [ 91.803807][ T6809] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 91.820077][ T6809] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.1205: Corrupt directory, running e2fsck is recommended [ 91.826062][ T6807] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 91.850591][ T6800] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 91.862261][ T6800] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 91.872419][ T6800] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.1205: Corrupt directory, running e2fsck is recommended [ 91.887923][ T6800] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 91.900993][ T6800] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 3: comm syz.1.1205: path /249/file0: bad entry in directory: directory entry overrun - offset=0, inode=4294967295, rec_len=65552, size=1024 fake=0 [ 91.922263][ T6807] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 91.958390][ T6800] EXT4-fs error (device loop1): ext4_readdir:264: inode #2: block 8: comm syz.1.1205: path /249/file0: bad entry in directory: inode out of bounds - offset=0, inode=16810477, rec_len=1024, size=1024 fake=0 [ 92.024533][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.191657][ T6838] loop1: detected capacity change from 0 to 128 [ 92.208642][ T6838] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 92.253330][ T6838] ext4 filesystem being mounted at /252/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 92.268901][ T6841] loop6: detected capacity change from 0 to 256 [ 92.326174][ T6841] FAT-fs (loop6): Directory bread(block 64) failed [ 92.354377][ T6841] FAT-fs (loop6): Directory bread(block 65) failed [ 92.385193][ T6841] FAT-fs (loop6): Directory bread(block 66) failed [ 92.405001][ T6841] FAT-fs (loop6): Directory bread(block 67) failed [ 92.412929][ T3318] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 92.430701][ T6841] FAT-fs (loop6): Directory bread(block 68) failed [ 92.446277][ T6841] FAT-fs (loop6): Directory bread(block 69) failed [ 92.456561][ T6841] FAT-fs (loop6): Directory bread(block 70) failed [ 92.489228][ T6841] FAT-fs (loop6): Directory bread(block 71) failed [ 92.506875][ T6841] FAT-fs (loop6): Directory bread(block 72) failed [ 92.516960][ T6841] FAT-fs (loop6): Directory bread(block 73) failed [ 92.674792][ T6857] loop3: detected capacity change from 0 to 512 [ 92.695834][ T6857] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 92.707526][ T6857] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 92.717706][ T6857] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.1228: Corrupt directory, running e2fsck is recommended [ 92.748689][ T6857] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 92.761375][ T6857] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #15: comm syz.3.1228: corrupted in-inode xattr: e_name out of bounds [ 92.777294][ T6857] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1228: couldn't read orphan inode 15 (err -117) [ 92.789920][ T6857] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.807119][ T6867] loop6: detected capacity change from 0 to 256 [ 92.833473][ T6857] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 92.845221][ T6857] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 92.855465][ T6857] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.1228: Corrupt directory, running e2fsck is recommended [ 92.888521][ T6857] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 92.900155][ T6857] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 92.910336][ T6857] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.1228: Corrupt directory, running e2fsck is recommended [ 92.925090][ T6857] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 92.936768][ T6857] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 92.946959][ T6857] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.1228: Corrupt directory, running e2fsck is recommended [ 92.962184][ T6857] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 92.973953][ T6857] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.1228: path /273/file0: bad entry in directory: directory entry overrun - offset=0, inode=4294967295, rec_len=65552, size=1024 fake=0 [ 92.996925][ T6857] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 8: comm syz.3.1228: path /273/file0: bad entry in directory: inode out of bounds - offset=0, inode=16810477, rec_len=1024, size=1024 fake=0 [ 93.031099][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.054035][ T6874] loop3: detected capacity change from 0 to 128 [ 93.116198][ T6879] loop6: detected capacity change from 0 to 128 [ 93.213258][ T6889] loop1: detected capacity change from 0 to 512 [ 93.220615][ T6889] EXT4-fs: Ignoring removed bh option [ 93.227749][ T6889] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 93.240910][ T6889] EXT4-fs (loop1): 1 truncate cleaned up [ 93.247547][ T6889] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.409365][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.500580][ T6896] syzkaller0: entered promiscuous mode [ 93.506177][ T6896] syzkaller0: entered allmulticast mode [ 93.788362][ T6903] 9pnet: p9_errstr2errno: server reported unknown error ÿÿ [ 93.942440][ T6911] loop3: detected capacity change from 0 to 512 [ 93.959007][ T6911] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 93.993342][ T6911] EXT4-fs (loop3): 1 truncate cleaned up [ 94.006569][ T6911] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.025185][ T6911] EXT4-fs error (device loop3): ext4_generic_delete_entry:2666: inode #2: block 13: comm syz.3.1250: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 94.073583][ T6915] loop4: detected capacity change from 0 to 2048 [ 94.081769][ T6915] EXT4-fs: Ignoring removed mblk_io_submit option [ 94.091053][ T6911] EXT4-fs (loop3): Remounting filesystem read-only [ 94.097792][ T6911] EXT4-fs warning (device loop3): ext4_rename_delete:3729: inode #2: comm syz.3.1250: Deleting old file: nlink 5, error=-117 [ 94.129659][ T6915] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.165714][ T6915] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1251: bg 0: block 234: padding at end of block bitmap is not set [ 94.186708][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.200497][ T6915] EXT4-fs (loop4): Remounting filesystem read-only [ 94.207222][ T6922] loop6: detected capacity change from 0 to 128 [ 94.210894][ T6915] EXT4-fs (loop4): error restoring inline_data for inode -- potential data loss! (inode 15, error -30) [ 94.296353][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.699475][ T6941] can0: slcan on ttyS3. [ 94.874290][ T6937] can0 (unregistered): slcan off ttyS3. [ 95.715832][ T7026] loop6: detected capacity change from 0 to 128 [ 95.739782][ T7026] msdos: Unknown parameter 'cô¡UŒÁ…ã§ict' [ 95.942294][ T7047] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1293'. [ 96.127047][ T7066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 96.157172][ T7066] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 96.583199][ T7089] netlink: 'syz.4.1312': attribute type 83 has an invalid length. [ 97.014433][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 97.327764][ T7143] netlink: 51 bytes leftover after parsing attributes in process `syz.4.1332'. [ 97.362257][ T7146] loop5: detected capacity change from 0 to 128 [ 97.461960][ T7151] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1334'. [ 98.035598][ T7179] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1347'. [ 98.136161][ T7189] set_capacity_and_notify: 1 callbacks suppressed [ 98.136180][ T7189] loop3: detected capacity change from 0 to 128 [ 98.599683][ T7218] loop6: detected capacity change from 0 to 1024 [ 98.615571][ T7218] EXT4-fs: Ignoring removed orlov option [ 98.621393][ T7218] EXT4-fs: inline encryption not supported [ 98.676566][ T7218] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.702893][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 98.702912][ T29] audit: type=1400 audit(1770577537.582:1276): avc: denied { mounton } for pid=7217 comm="syz.6.1363" path="/103/file1/bus" dev="loop6" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 98.806051][ T29] audit: type=1400 audit(1770577537.692:1277): avc: denied { rmdir } for pid=5820 comm="syz-executor" name="lost+found" dev="loop6" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 98.831496][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.844345][ T29] audit: type=1400 audit(1770577537.692:1278): avc: denied { unlink } for pid=5820 comm="syz-executor" name="file0" dev="loop6" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 98.866895][ T29] audit: type=1400 audit(1770577537.692:1279): avc: denied { unlink } for pid=5820 comm="syz-executor" name="file1" dev="loop6" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 98.889913][ T29] audit: type=1400 audit(1770577537.702:1280): avc: denied { unmount } for pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 98.910056][ T29] audit: type=1400 audit(1770577537.712:1281): avc: denied { unlink } for pid=5820 comm="syz-executor" name="bus" dev="loop6" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 99.064057][ T7233] loop3: detected capacity change from 0 to 512 [ 99.085569][ T7236] loop6: detected capacity change from 0 to 256 [ 99.133356][ T7236] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 99.176530][ T7233] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.217030][ T7233] ext4 filesystem being mounted at /297/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.257741][ T29] audit: type=1400 audit(1770577538.142:1282): avc: denied { mounton } for pid=7234 comm="syz.6.1366" path="/104/file0/file0" dev="loop6" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 99.281697][ T29] audit: type=1400 audit(1770577538.162:1283): avc: denied { write } for pid=7232 comm="syz.3.1370" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 99.304117][ T29] audit: type=1400 audit(1770577538.162:1284): avc: denied { open } for pid=7232 comm="syz.3.1370" path="/297/file0/file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 99.352071][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.368163][ T29] audit: type=1400 audit(1770577538.212:1285): avc: denied { append } for pid=7232 comm="syz.3.1370" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 99.403732][ T7253] loop3: detected capacity change from 0 to 128 [ 99.414802][ T7253] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 99.454274][ T7253] ext4 filesystem being mounted at /298/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 99.629874][ T3315] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 99.642550][ T7265] loop6: detected capacity change from 0 to 128 [ 99.658934][ T7265] syz.6.1382: attempt to access beyond end of device [ 99.658934][ T7265] loop6: rw=8423425, sector=121, nr_sectors = 21 limit=128 [ 99.676081][ T7265] syz.6.1382: attempt to access beyond end of device [ 99.676081][ T7265] loop6: rw=8423425, sector=121, nr_sectors = 21 limit=128 [ 99.760862][ T7272] loop3: detected capacity change from 0 to 128 [ 99.791898][ T7277] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0 [ 99.829968][ T4655] kworker/u8:14: attempt to access beyond end of device [ 99.829968][ T4655] loop6: rw=1, sector=145, nr_sectors = 25 limit=128 [ 99.899742][ T7276] loop1: detected capacity change from 0 to 8192 [ 99.916921][ T7283] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1389'. [ 99.934396][ T7283] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1389'. [ 99.967929][ T7276] loop1: p1 p2 p3 p4 [ 99.980373][ T7276] loop1: p1 size 196608 extends beyond EOD, truncated [ 100.001754][ T7276] loop1: p2 start 164919041 is beyond EOD, truncated [ 100.008671][ T7276] loop1: p3 size 66846464 extends beyond EOD, truncated [ 100.057555][ T7276] loop1: p4 size 37048832 extends beyond EOD, truncated [ 100.068127][ T7291] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1393'. [ 100.112509][ T7291] team1: entered promiscuous mode [ 100.117656][ T7291] team1: entered allmulticast mode [ 100.142254][ T7291] 8021q: adding VLAN 0 to HW filter on device team1 [ 100.176917][ T7295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1395'. [ 100.310296][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 100.321763][ T3307] udevd[3307]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 100.321763][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 100.369079][ T7311] netlink: 'syz.5.1403': attribute type 1 has an invalid length. [ 100.373881][ T7307] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1402'. [ 100.386685][ T7307] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1402'. [ 100.413799][ T7311] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 100.422531][ T7311] bond1: (slave batadv1): making interface the new active one [ 100.432051][ T7311] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 100.482357][ T7311] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1403'. [ 100.493637][ T7311] bond1 (unregistering): (slave batadv1): Releasing active interface [ 100.515114][ T7311] bond1 (unregistering): Released all slaves [ 100.553558][ T7313] loop6: detected capacity change from 0 to 512 [ 100.592316][ T7313] EXT4-fs error (device loop6): ext4_xattr_inode_iget:441: inode #11: comm syz.6.1401: ea_inode with extended attributes [ 100.624140][ T7319] xt_hashlimit: size too large, truncated to 1048576 [ 100.635790][ T7313] EXT4-fs (loop6): Remounting filesystem read-only [ 100.642783][ T7313] EXT4-fs warning (device loop6): ext4_evict_inode:273: xattr delete (err -30) [ 100.653510][ T7313] EXT4-fs (loop6): 1 orphan inode deleted [ 100.787381][ T7326] –: renamed from veth0_to_batadv (while UP) [ 101.097844][ T7310] syz.6.1401 invoked oom-killer: gfp_mask=0x402d02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 101.112620][ T7310] CPU: 0 UID: 0 PID: 7310 Comm: syz.6.1401 Not tainted syzkaller #0 PREEMPT(voluntary) [ 101.112680][ T7310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 101.112696][ T7310] Call Trace: [ 101.112704][ T7310] [ 101.112712][ T7310] __dump_stack+0x1d/0x30 [ 101.112782][ T7310] dump_stack_lvl+0x95/0xd0 [ 101.112809][ T7310] dump_stack+0x15/0x1b [ 101.112830][ T7310] dump_header+0x80/0x240 [ 101.112852][ T7310] oom_kill_process+0x295/0x350 [ 101.112879][ T7310] out_of_memory+0x97d/0xb80 [ 101.112969][ T7310] try_charge_memcg+0x62e/0xa10 [ 101.113015][ T7310] obj_cgroup_charge_pages+0x23/0xc0 [ 101.113052][ T7310] __memcg_kmem_charge_page+0x9e/0x170 [ 101.113163][ T7310] __alloc_frozen_pages_noprof+0x18a/0x350 [ 101.113207][ T7310] alloc_pages_mpol+0xb3/0x260 [ 101.113251][ T7310] alloc_pages_noprof+0x8f/0x130 [ 101.113360][ T7310] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 101.113437][ T7310] __kvmalloc_node_noprof+0x471/0x680 [ 101.113469][ T7310] ? ip_set_alloc+0x24/0x30 [ 101.113500][ T7310] ? ip_set_alloc+0x24/0x30 [ 101.113542][ T7310] ip_set_alloc+0x24/0x30 [ 101.113624][ T7310] hash_netiface_create+0x282/0x740 [ 101.113677][ T7310] ? __pfx_hash_netiface_create+0x10/0x10 [ 101.113713][ T7310] ip_set_create+0x3cf/0x970 [ 101.113769][ T7310] ? __nla_parse+0x40/0x60 [ 101.113796][ T7310] nfnetlink_rcv_msg+0x509/0x5d0 [ 101.113856][ T7310] netlink_rcv_skb+0x123/0x220 [ 101.113990][ T7310] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 101.114036][ T7310] nfnetlink_rcv+0x167/0x1720 [ 101.114065][ T7310] ? __kfree_skb+0x109/0x150 [ 101.114109][ T7310] ? nlmon_xmit+0x4f/0x60 [ 101.114149][ T7310] ? consume_skb+0x49/0x140 [ 101.114181][ T7310] ? nlmon_xmit+0x4f/0x60 [ 101.114271][ T7310] ? dev_hard_start_xmit+0x3a8/0x3e0 [ 101.114330][ T7310] ? __dev_queue_xmit+0x139a/0x1f20 [ 101.114370][ T7310] ? __dev_queue_xmit+0x148/0x1f20 [ 101.114499][ T7310] ? ref_tracker_free+0x37d/0x3e0 [ 101.114546][ T7310] ? __netlink_deliver_tap+0x4dc/0x500 [ 101.114591][ T7310] netlink_unicast+0x5c0/0x690 [ 101.114625][ T7310] netlink_sendmsg+0x5c8/0x6f0 [ 101.114705][ T7310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 101.114787][ T7310] ____sys_sendmsg+0x5af/0x600 [ 101.114851][ T7310] ___sys_sendmsg+0x195/0x1e0 [ 101.114885][ T7310] __x64_sys_sendmsg+0xd4/0x160 [ 101.114913][ T7310] x64_sys_call+0x17ba/0x3000 [ 101.115022][ T7310] do_syscall_64+0xc0/0x2a0 [ 101.115064][ T7310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.115160][ T7310] RIP: 0033:0x7f5bef58aeb9 [ 101.115181][ T7310] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 101.115205][ T7310] RSP: 002b:00007f5bedfe7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 101.115231][ T7310] RAX: ffffffffffffffda RBX: 00007f5bef805fa0 RCX: 00007f5bef58aeb9 [ 101.115256][ T7310] RDX: 0000000000000800 RSI: 0000200000000200 RDI: 0000000000000003 [ 101.115274][ T7310] RBP: 00007f5bef5f8c1f R08: 0000000000000000 R09: 0000000000000000 [ 101.115291][ T7310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.115306][ T7310] R13: 00007f5bef806038 R14: 00007f5bef805fa0 R15: 00007ffcba1a2538 [ 101.115331][ T7310] [ 101.437058][ T7310] memory: usage 307200kB, limit 307200kB, failcnt 320 [ 101.443865][ T7310] memory+swap: usage 307292kB, limit 9007199254740988kB, failcnt 0 [ 101.452264][ T7310] kmem: usage 238920kB, limit 9007199254740988kB, failcnt 0 [ 101.459973][ T7310] Memory cgroup stats for /syz6: [ 101.508187][ T7310] cache 69701632 [ 101.516812][ T7310] rss 208896 [ 101.520101][ T7310] shmem 69681152 [ 101.523772][ T7310] mapped_file 0 [ 101.527290][ T7310] dirty 12288 [ 101.530853][ T7310] writeback 0 [ 101.534163][ T7310] workingset_refault_anon 1078 [ 101.539088][ T7310] workingset_refault_file 0 [ 101.543711][ T7310] swap 94208 [ 101.547056][ T7310] swapcached 0 [ 101.550484][ T7310] pgpgin 52940 [ 101.553992][ T7310] pgpgout 35870 [ 101.557572][ T7310] pgfault 30118 [ 101.561057][ T7310] pgmajfault 156 [ 101.564916][ T7310] inactive_anon 69742592 [ 101.569310][ T7310] active_anon 147456 [ 101.573317][ T7310] inactive_file 0 [ 101.577155][ T7310] active_file 28672 [ 101.581090][ T7310] unevictable 0 [ 101.584601][ T7310] hierarchical_memory_limit 314572800 [ 101.590466][ T7310] hierarchical_memsw_limit 9223372036854771712 [ 101.596799][ T7310] total_cache 69701632 [ 101.601118][ T7310] total_rss 208896 [ 101.604928][ T7310] total_shmem 69681152 [ 101.609199][ T7310] total_mapped_file 0 [ 101.613330][ T7310] total_dirty 12288 [ 101.617278][ T7310] total_writeback 0 [ 101.621114][ T7310] total_workingset_refault_anon 1078 [ 101.626623][ T7310] total_workingset_refault_file 0 [ 101.631770][ T7310] total_swap 94208 [ 101.635627][ T7310] total_swapcached 0 [ 101.639551][ T7310] total_pgpgin 52940 [ 101.643459][ T7310] total_pgpgout 35870 [ 101.647511][ T7310] total_pgfault 30118 [ 101.651610][ T7310] total_pgmajfault 156 [ 101.655751][ T7310] total_inactive_anon 69742592 [ 101.660546][ T7310] total_active_anon 147456 [ 101.665124][ T7310] total_inactive_file 0 [ 101.669328][ T7310] total_active_file 28672 [ 101.673793][ T7310] total_unevictable 0 [ 101.677849][ T7310] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.1401,pid=7309,uid=0 [ 101.693234][ T7310] Memory cgroup out of memory: Killed process 7310 (syz.6.1401) total-vm:96192kB, anon-rss:1344kB, file-rss:22356kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 101.785336][ T7310] syz.6.1401 (7310) used greatest stack depth: 8064 bytes left [ 101.793626][ T5820] EXT4-fs unmount: 1 callbacks suppressed [ 101.793643][ T5820] EXT4-fs (loop6): unmounting filesystem 00000800-0000-0000-0000-000000000000. [ 102.703611][ T7404] loop4: detected capacity change from 0 to 32768 [ 103.755015][ T7475] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26091 sclass=netlink_route_socket pid=7475 comm=syz.1.1469 [ 104.087327][ T7523] __nla_validate_parse: 2 callbacks suppressed [ 104.087347][ T7523] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1482'. [ 104.106585][ T7525] loop1: detected capacity change from 0 to 512 [ 104.127238][ T7525] EXT4-fs: Ignoring removed nobh option [ 104.152589][ T7529] netlink: 208 bytes leftover after parsing attributes in process `syz.5.1483'. [ 104.153164][ T7525] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 104.161941][ T7529] netlink: 208 bytes leftover after parsing attributes in process `syz.5.1483'. [ 104.183483][ T7525] EXT4-fs (loop1): 1 truncate cleaned up [ 104.189949][ T7525] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.222780][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.253481][ T29] kauditd_printk_skb: 108 callbacks suppressed [ 104.253500][ T29] audit: type=1400 audit(1770577543.132:1394): avc: denied { mount } for pid=7534 comm="syz.6.1486" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 104.811040][ T7580] loop6: detected capacity change from 0 to 512 [ 104.819029][ T7578] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1501'. [ 104.830303][ T7580] msdos: Unknown parameter 'ts' [ 104.899296][ T7580] loop6: detected capacity change from 0 to 8192 [ 105.213136][ T7598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 105.232253][ T7597] loop1: detected capacity change from 0 to 512 [ 105.264368][ T7598] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 105.311141][ T7607] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 105.372522][ T7597] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #11: comm syz.1.1505: ea_inode with extended attributes [ 105.432127][ T7597] EXT4-fs (loop1): Remounting filesystem read-only [ 105.538292][ T7597] EXT4-fs warning (device loop1): ext4_evict_inode:273: xattr delete (err -30) [ 105.617412][ T7597] EXT4-fs (loop1): 1 orphan inode deleted [ 105.663196][ T7597] EXT4-fs (loop1): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.134925][ T7626] netlink: 4768 bytes leftover after parsing attributes in process `syz.6.1518'. [ 106.195217][ T7630] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1521'. [ 106.382024][ T3318] EXT4-fs (loop1): unmounting filesystem 00000800-0000-0000-0000-000000000000. [ 106.555867][ T7649] netlink: 'syz.5.1528': attribute type 1 has an invalid length. [ 106.573047][ T7649] 8021q: adding VLAN 0 to HW filter on device bond1 [ 106.600064][ T7649] bond1: (slave gretap1): making interface the new active one [ 106.609264][ T7649] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 106.630153][ T29] audit: type=1400 audit(1770577545.512:1395): avc: denied { associate } for pid=7655 comm="syz.6.1531" name="core" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 107.033045][ T7678] SELinux: failed to load policy [ 107.213070][ T7694] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.291805][ T7694] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.386024][ T7703] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1548'. [ 107.458580][ T7694] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.486446][ T7703] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1548'. [ 107.521326][ T7699] SELinux: failed to load policy [ 107.548474][ T7694] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.564584][ T29] audit: type=1326 audit(1770577546.452:1396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7706 comm="syz.1.1550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda73faaeb9 code=0x7ffc0000 [ 107.678484][ T29] audit: type=1326 audit(1770577546.482:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7706 comm="syz.1.1550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda73faaeb9 code=0x7ffc0000 [ 107.702172][ T29] audit: type=1326 audit(1770577546.482:1398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7706 comm="syz.1.1550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fda73faaeb9 code=0x7ffc0000 [ 107.718363][ T4648] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.726463][ T29] audit: type=1326 audit(1770577546.482:1399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7706 comm="syz.1.1550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda73faaeb9 code=0x7ffc0000 [ 107.758125][ T29] audit: type=1326 audit(1770577546.482:1400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7706 comm="syz.1.1550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda73faaeb9 code=0x7ffc0000 [ 107.758693][ T4648] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.782366][ T29] audit: type=1326 audit(1770577546.512:1401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7706 comm="syz.1.1550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fda73faaeb9 code=0x7ffc0000 [ 107.814094][ T29] audit: type=1326 audit(1770577546.512:1402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7706 comm="syz.1.1550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7fda73faaeb9 code=0x7ffc0000 [ 107.837933][ T29] audit: type=1326 audit(1770577546.512:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7706 comm="syz.1.1550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda73faaeb9 code=0x7ffc0000 [ 107.982596][ T4648] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.026574][ T4648] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.472704][ T7734] netlink: 'syz.3.1561': attribute type 4 has an invalid length. [ 108.549153][ T7734] netlink: 'syz.3.1561': attribute type 4 has an invalid length. [ 108.969509][ T7760] netlink: 'syz.6.1574': attribute type 1 has an invalid length. [ 109.007578][ T7760] 8021q: adding VLAN 0 to HW filter on device bond1 [ 109.116604][ T7760] bond1: (slave gretap1): making interface the new active one [ 109.148235][ T7760] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 109.425799][ T7787] loop4: detected capacity change from 0 to 512 [ 109.493798][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 109.493816][ T29] audit: type=1400 audit(1770577548.372:1413): avc: denied { ioctl } for pid=7790 comm="syz.3.1586" path="socket:[19000]" dev="sockfs" ino=19000 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 109.579170][ T7787] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.671252][ T7787] ext4 filesystem being mounted at /299/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 109.742969][ T29] audit: type=1400 audit(1770577548.622:1414): avc: denied { override_creds } for pid=7808 comm="syz.5.1592" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 109.776556][ T7787] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.1585: corrupted inode contents [ 109.917710][ T7787] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #2: comm syz.4.1585: mark_inode_dirty error [ 110.044364][ T7787] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.1585: corrupted inode contents [ 110.125687][ T7787] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.1585: mark_inode_dirty error [ 110.204430][ T29] audit: type=1400 audit(1770577549.072:1415): avc: denied { rename } for pid=7783 comm="syz.4.1585" name="file0" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 110.231076][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.432990][ T7825] netlink: 'syz.6.1598': attribute type 1 has an invalid length. [ 110.496149][ T29] audit: type=1400 audit(1770577549.382:1416): avc: denied { write } for pid=7827 comm="syz.3.1599" name="event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 110.551101][ T7831] loop4: detected capacity change from 0 to 512 [ 110.589237][ T7831] EXT4-fs (loop4): orphan cleanup on readonly fs [ 110.624643][ T7831] Quota error (device loop4): v2_read_file_info: Block with free entry 9 out of range (1, 6). [ 110.639640][ T7831] EXT4-fs warning (device loop4): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 110.663414][ T7831] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 110.677377][ T7831] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.1595: bad orphan inode 14 [ 110.688944][ T7831] ext4_test_bit(bit=13, block=18) = 1 [ 110.694427][ T7831] is_bad_inode(inode)=0 [ 110.698740][ T7831] NEXT_ORPHAN(inode)=0 [ 110.702982][ T7831] max_ino=32 [ 110.706497][ T7831] i_nlink=1 [ 110.710520][ T7831] EXT4-fs (loop4): 1 truncate cleaned up [ 110.717287][ T7831] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 110.731011][ T29] audit: type=1400 audit(1770577549.622:1417): avc: denied { read } for pid=7829 comm="syz.4.1595" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 110.875983][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.118278][ T7850] loop1: detected capacity change from 0 to 1024 [ 111.133648][ T7852] netlink: 'syz.3.1608': attribute type 29 has an invalid length. [ 111.155147][ T7850] EXT4-fs: Ignoring removed orlov option [ 111.161108][ T7850] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.182560][ T7852] netlink: 'syz.3.1608': attribute type 29 has an invalid length. [ 111.225052][ T7852] netlink: 500 bytes leftover after parsing attributes in process `syz.3.1608'. [ 111.230487][ T7850] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.234437][ T7852] unsupported nla_type 66 [ 111.275162][ T29] audit: type=1400 audit(1770577550.142:1418): avc: denied { create } for pid=7856 comm="syz.6.1610" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 111.295589][ T29] audit: type=1400 audit(1770577550.162:1419): avc: denied { read } for pid=7856 comm="syz.6.1610" path="socket:[18301]" dev="sockfs" ino=18301 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 111.423213][ T7864] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1611'. [ 111.477271][ T7870] netlink: 240 bytes leftover after parsing attributes in process `syz.6.1610'. [ 111.495365][ T29] audit: type=1400 audit(1770577550.362:1420): avc: denied { write } for pid=7856 comm="syz.6.1610" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 111.566747][ T29] audit: type=1326 audit(1770577550.442:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7873 comm="syz.6.1615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 111.594679][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.720545][ T7890] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1622'. [ 111.742452][ T7890] 8021q: adding VLAN 0 to HW filter on device bond4 [ 111.755356][ T7888] veth2: entered promiscuous mode [ 111.760519][ T7888] veth2: entered allmulticast mode [ 111.819539][ T9] IPVS: starting estimator thread 0... [ 111.827271][ T7890] bond4: (slave macvlan1): Enslaving as an active interface with an up link [ 111.914302][ T7897] IPVS: using max 2112 ests per chain, 105600 per kthread [ 111.926120][ T7902] loop1: detected capacity change from 0 to 2048 [ 111.985364][ T3307] loop1: p3 < > p4 < > [ 111.989591][ T3307] loop1: partition table partially beyond EOD, truncated [ 112.011310][ T3307] loop1: p3 start 4284289 is beyond EOD, truncated [ 112.031742][ T7902] loop1: p3 < > p4 < > [ 112.035991][ T7902] loop1: partition table partially beyond EOD, truncated [ 112.054612][ T7902] loop1: p3 start 4284289 is beyond EOD, truncated [ 112.098887][ T7924] sit0: entered promiscuous mode [ 112.116833][ T7924] netlink: 'syz.6.1636': attribute type 1 has an invalid length. [ 112.124745][ T7924] netlink: 1 bytes leftover after parsing attributes in process `syz.6.1636'. [ 112.282186][ T7937] loop1: detected capacity change from 0 to 4096 [ 112.289349][ T7937] EXT4-fs: Ignoring removed bh option [ 112.331409][ T7937] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.395024][ T7937] netlink: 14593 bytes leftover after parsing attributes in process `syz.1.1643'. [ 112.429715][ T7956] netdevsim netdevsim5 eth3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 112.439992][ T7956] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.461605][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.477554][ T7956] netdevsim netdevsim5 eth2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 112.487641][ T7956] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.548783][ T7956] netdevsim netdevsim5 eth1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 112.558975][ T7956] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.618714][ T7956] netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 112.628749][ T7956] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.685074][ T31] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 2816 - 0 [ 112.693410][ T31] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.705730][ T31] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 2816 - 0 [ 112.715030][ T31] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.726687][ T31] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 2816 - 0 [ 112.735258][ T31] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.752895][ T31] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 2816 - 0 [ 112.761377][ T31] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.227179][ T7987] loop4: detected capacity change from 0 to 128 [ 113.255741][ T7989] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.404392][ T7989] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.465799][ T7987] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 113.622223][ T7987] ext4 filesystem being mounted at /309/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.926074][ T7996] loop3: detected capacity change from 0 to 4096 [ 113.940870][ T7996] EXT4-fs: Ignoring removed bh option [ 113.956117][ T7996] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.973344][ T7996] netlink: 14593 bytes leftover after parsing attributes in process `syz.3.1662'. [ 114.209375][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.578571][ T29] kauditd_printk_skb: 41 callbacks suppressed [ 114.578590][ T29] audit: type=1326 audit(1770577553.462:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8015 comm="syz.5.1671" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6595f6aeb9 code=0x0 [ 115.219584][ T8020] loop6: detected capacity change from 0 to 512 [ 115.262443][ T8020] EXT4-fs (loop6): orphan cleanup on readonly fs [ 115.269172][ T8020] Quota error (device loop6): v2_read_file_info: Block with free entry 9 out of range (1, 6). [ 115.299923][ T8020] EXT4-fs warning (device loop6): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 115.336174][ T8020] EXT4-fs (loop6): Cannot turn on quotas: error -117 [ 115.344112][ T8020] EXT4-fs error (device loop6): ext4_orphan_get:1417: comm syz.6.1672: bad orphan inode 14 [ 115.361397][ T8020] ext4_test_bit(bit=13, block=18) = 1 [ 115.367099][ T8020] is_bad_inode(inode)=0 [ 115.371366][ T8020] NEXT_ORPHAN(inode)=0 [ 115.375588][ T8020] max_ino=32 [ 115.378815][ T8020] i_nlink=1 [ 115.382474][ T8020] EXT4-fs (loop6): 1 truncate cleaned up [ 115.388763][ T8020] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 115.466545][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.552571][ T8032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1678'. [ 115.561607][ T8032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1678'. [ 115.572548][ T8033] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1679'. [ 115.615725][ T8033] syz.5.1679: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 115.630369][ T8033] CPU: 0 UID: 0 PID: 8033 Comm: syz.5.1679 Not tainted syzkaller #0 PREEMPT(voluntary) [ 115.630398][ T8033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 115.630412][ T8033] Call Trace: [ 115.630422][ T8033] [ 115.630432][ T8033] __dump_stack+0x1d/0x30 [ 115.630529][ T8033] dump_stack_lvl+0x95/0xd0 [ 115.630559][ T8033] dump_stack+0x15/0x1b [ 115.630616][ T8033] warn_alloc+0x145/0x1c0 [ 115.630653][ T8033] __vmalloc_node_range_noprof+0xa0/0x12b0 [ 115.630688][ T8033] ? __futex_wait+0x1fd/0x260 [ 115.630723][ T8033] ? __pfx_futex_wake_mark+0x10/0x10 [ 115.630811][ T8033] ? __rcu_read_unlock+0x4e/0x70 [ 115.630850][ T8033] ? avc_has_perm_noaudit+0xab/0x130 [ 115.630894][ T8033] ? should_fail_ex+0x30/0x280 [ 115.630980][ T8033] ? should_failslab+0x8c/0xb0 [ 115.631013][ T8033] vmalloc_user_noprof+0x7d/0xb0 [ 115.631051][ T8033] ? xskq_create+0x80/0xe0 [ 115.631163][ T8033] xskq_create+0x80/0xe0 [ 115.631210][ T8033] xsk_init_queue+0x91/0xe0 [ 115.631248][ T8033] xsk_setsockopt+0x3f5/0x640 [ 115.631323][ T8033] ? __pfx_xsk_setsockopt+0x10/0x10 [ 115.631361][ T8033] __sys_setsockopt+0x184/0x200 [ 115.631469][ T8033] __x64_sys_setsockopt+0x64/0x80 [ 115.631591][ T8033] x64_sys_call+0x21d5/0x3000 [ 115.631623][ T8033] do_syscall_64+0xc0/0x2a0 [ 115.631738][ T8033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.631768][ T8033] RIP: 0033:0x7f6595f6aeb9 [ 115.631798][ T8033] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.631854][ T8033] RSP: 002b:00007f65949c7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 115.631882][ T8033] RAX: ffffffffffffffda RBX: 00007f65961e5fa0 RCX: 00007f6595f6aeb9 [ 115.631898][ T8033] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005 [ 115.631912][ T8033] RBP: 00007f6595fd8c1f R08: 0000000000000004 R09: 0000000000000000 [ 115.631968][ T8033] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.631988][ T8033] R13: 00007f65961e6038 R14: 00007f65961e5fa0 R15: 00007fffc0683f28 [ 115.632024][ T8033] [ 115.632033][ T8033] Mem-Info: [ 115.846253][ T8033] active_anon:11510 inactive_anon:16961 isolated_anon:0 [ 115.846253][ T8033] active_file:24474 inactive_file:2527 isolated_file:0 [ 115.846253][ T8033] unevictable:0 dirty:295 writeback:0 [ 115.846253][ T8033] slab_reclaimable:3513 slab_unreclaimable:18608 [ 115.846253][ T8033] mapped:29091 shmem:17215 pagetables:1625 [ 115.846253][ T8033] sec_pagetables:0 bounce:0 [ 115.846253][ T8033] kernel_misc_reclaimable:0 [ 115.846253][ T8033] free:1763231 free_pcp:58692 free_cma:0 [ 115.892149][ T8033] Node 0 active_anon:46272kB inactive_anon:67844kB active_file:97896kB inactive_file:10108kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:116364kB dirty:1180kB writeback:0kB shmem:68860kB kernel_stack:4176kB pagetables:6500kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 115.920306][ T8033] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 115.950111][ T8033] lowmem_reserve[]: 0 2879 7858 7858 [ 115.955491][ T8033] Node 0 DMA32 free:2944740kB boost:0kB min:4128kB low:7056kB high:9984kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2948372kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:104kB free_cma:0kB [ 115.987014][ T8033] lowmem_reserve[]: 0 0 4978 4978 [ 115.992252][ T8033] Node 0 Normal free:4092824kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:46504kB inactive_anon:67844kB active_file:97896kB inactive_file:10108kB unevictable:0kB writepending:1176kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:230660kB local_pcp:166608kB free_cma:0kB [ 116.027329][ T8033] lowmem_reserve[]: 0 0 0 0 [ 116.032035][ T8033] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 116.044885][ T8033] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 4*16kB (M) 2*32kB (M) 3*64kB (M) 3*128kB (M) 4*256kB (M) 2*512kB (M) 3*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2944740kB [ 116.061233][ T8033] Node 0 Normal: 216*4kB (UE) 377*8kB (UME) 381*16kB (UME) 673*32kB (UME) 460*64kB (UME) 287*128kB (UME) 172*256kB (UM) 89*512kB (UM) 46*1024kB (UME) 24*2048kB (UM) 930*4096kB (UM) = 4092824kB [ 116.081148][ T8033] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 116.090783][ T8033] 44238 total pagecache pages [ 116.095556][ T8033] 31 pages in swap cache [ 116.100003][ T8033] Free swap = 123524kB [ 116.104311][ T8033] Total swap = 124996kB [ 116.108584][ T8033] 2097051 pages RAM [ 116.112606][ T8033] 0 pages HighMem/MovableOnly [ 116.117348][ T8033] 81558 pages reserved [ 116.172255][ T8038] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.179891][ T8038] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.322150][ T8038] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.348154][ T8038] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.418025][ T31] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.427062][ T31] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.474607][ T31] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.483561][ T31] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.495854][ T31] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.504935][ T31] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.522180][ T31] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.531790][ T31] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.635929][ T29] audit: type=1400 audit(1770577555.522:1464): avc: denied { create } for pid=8052 comm="syz.3.1688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 116.702554][ T29] audit: type=1400 audit(1770577555.582:1465): avc: denied { bind } for pid=8058 comm="syz.3.1691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 116.913291][ T29] audit: type=1400 audit(1770577555.792:1466): avc: denied { name_bind } for pid=8076 comm="syz.3.1698" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 117.155428][ T8093] netlink: 'syz.6.1706': attribute type 2 has an invalid length. [ 117.163705][ T8093] __nla_validate_parse: 3 callbacks suppressed [ 117.163719][ T8093] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1706'. [ 117.426576][ T8106] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.434003][ T8106] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.592198][ T8106] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.621660][ T8106] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.727653][ T2169] netdevsim netdevsim5 eth0: unset [0, 0] type 1 family 0 port 2816 - 0 [ 117.736191][ T2169] netdevsim netdevsim5 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.801531][ T8151] loop6: detected capacity change from 0 to 512 [ 117.811001][ T2169] netdevsim netdevsim5 eth1: unset [0, 0] type 1 family 0 port 2816 - 0 [ 117.819595][ T2169] netdevsim netdevsim5 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.828872][ T8153] netlink: 'syz.3.1722': attribute type 12 has an invalid length. [ 117.836986][ T8153] netlink: 'syz.3.1722': attribute type 29 has an invalid length. [ 117.845056][ T8153] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1722'. [ 117.854518][ T8153] netlink: 'syz.3.1722': attribute type 2 has an invalid length. [ 117.862283][ T8153] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1722'. [ 117.874474][ T2169] netdevsim netdevsim5 eth2: unset [0, 0] type 1 family 0 port 2816 - 0 [ 117.882986][ T2169] netdevsim netdevsim5 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.927579][ T2169] netdevsim netdevsim5 eth3: unset [0, 0] type 1 family 0 port 2816 - 0 [ 117.936032][ T2169] netdevsim netdevsim5 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.945377][ T8151] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.964833][ T8151] ext4 filesystem being mounted at /190/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 117.995932][ T8160] SELinux: policydb magic number 0x6c65732f does not match expected magic number 0xf97cff8c [ 118.014606][ T29] audit: type=1400 audit(1770577556.902:1467): avc: denied { setattr } for pid=8150 comm="syz.6.1721" name="file1" dev="loop6" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 118.025696][ T8151] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.1721: bg 0: block 217: padding at end of block bitmap is not set [ 118.056123][ T8160] SELinux: failed to load policy [ 118.101208][ T29] audit: type=1400 audit(1770577556.982:1468): avc: denied { read } for pid=8150 comm="syz.6.1721" name="file1" dev="loop6" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 118.152886][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.223127][ T29] audit: type=1400 audit(1770577557.102:1469): avc: denied { lock } for pid=8171 comm="syz.1.1730" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=20190 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 118.952442][ T8195] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1739'. [ 118.990051][ T8197] netlink: 'syz.5.1740': attribute type 3 has an invalid length. [ 119.004342][ T8197] netlink: 'syz.5.1740': attribute type 3 has an invalid length. [ 119.036949][ T8200] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1741'. [ 119.162749][ T8205] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1743'. [ 119.305533][ T8212] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26091 sclass=netlink_route_socket pid=8212 comm=syz.6.1745 [ 119.384387][ T8216] all: renamed from veth1_to_bond (while UP) [ 119.595808][ T8225] netlink: 304 bytes leftover after parsing attributes in process `syz.1.1749'. [ 120.018889][ T29] audit: type=1326 audit(1770577558.902:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8222 comm="syz.6.1750" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x0 [ 120.205944][ T8246] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1760'. [ 120.390467][ T8255] loop6: detected capacity change from 0 to 128 [ 120.455707][ T29] audit: type=1400 audit(1770577559.342:1471): avc: denied { watch } for pid=8254 comm="syz.6.1764" path="/199/file0" dev="loop6" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 120.783860][ T29] audit: type=1326 audit(1770577559.662:1472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8272 comm="syz.3.1771" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0e511eaeb9 code=0x0 [ 120.992705][ T3322] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 121.018333][ T8289] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1777'. [ 121.326915][ T29] audit: type=1326 audit(1770577560.212:1473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.6.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 121.350445][ T29] audit: type=1326 audit(1770577560.212:1474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.6.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 121.385832][ T29] audit: type=1326 audit(1770577560.222:1475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.6.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 121.409735][ T29] audit: type=1326 audit(1770577560.262:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.6.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 121.433342][ T29] audit: type=1326 audit(1770577560.262:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.6.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 121.457019][ T29] audit: type=1326 audit(1770577560.262:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.6.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 121.480689][ T29] audit: type=1326 audit(1770577560.262:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.6.1788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 121.602923][ T8320] loop3: detected capacity change from 0 to 1024 [ 121.610088][ T8320] EXT4-fs: Ignoring removed orlov option [ 121.699440][ T8320] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.763613][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.806991][ T8330] loop3: detected capacity change from 0 to 512 [ 121.827867][ T8330] EXT4-fs (loop3): orphan cleanup on readonly fs [ 121.834465][ T8330] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 121.842743][ T8330] EXT4-fs error (device loop3): ext4_get_branch:178: inode #13: block 1024: comm syz.3.1793: invalid block [ 121.856793][ T8332] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 121.873174][ T8330] EXT4-fs (loop3): Remounting filesystem read-only [ 121.880140][ T8330] EXT4-fs (loop3): 1 truncate cleaned up [ 121.887593][ T8330] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 121.941071][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.127687][ T8353] loop3: detected capacity change from 0 to 4096 [ 122.145215][ T8353] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 122.180561][ T8353] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.277629][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.406553][ T8373] loop4: detected capacity change from 0 to 1024 [ 122.485916][ T8377] loop3: detected capacity change from 0 to 1024 [ 122.502897][ T8377] EXT4-fs: Ignoring removed orlov option [ 122.518885][ T8377] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 122.546002][ T8377] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.580083][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.620586][ T8386] loop3: detected capacity change from 0 to 512 [ 122.743888][ T8390] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.808625][ T8390] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 122.829935][ T8390] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 122.889543][ T8398] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1815'. [ 122.899161][ T8398] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1815'. [ 122.954520][ T1672] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 122.963487][ T1672] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.003218][ T1672] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 123.012444][ T1672] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.036178][ T1672] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 123.045304][ T1672] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.054536][ T1672] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 123.063470][ T1672] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.113094][ T8402] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1817'. [ 123.140770][ T8406] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1819'. [ 123.149834][ T8406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1819'. [ 123.162803][ T4652] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.162824][ T8406] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1819'. [ 123.162857][ T8406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1819'. [ 123.179917][ T4652] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.230279][ T4652] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.249846][ T4652] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.333361][ T8418] netlink: 'syz.3.1825': attribute type 1 has an invalid length. [ 123.346931][ T8418] 8021q: adding VLAN 0 to HW filter on device bond5 [ 123.359720][ T8418] bond5: option tlb_dynamic_lb: unable to set because the bond device is up [ 123.447212][ T8425] syzkaller0: entered promiscuous mode [ 123.452756][ T8425] syzkaller0: entered allmulticast mode [ 123.524549][ T3415] Process accounting resumed [ 123.781042][ T8450] uprobe: syz.1.1836:8450 failed to unregister, leaking uprobe [ 123.858003][ T8458] netlink: 'syz.1.1840': attribute type 12 has an invalid length. [ 123.866003][ T8458] netlink: 'syz.1.1840': attribute type 29 has an invalid length. [ 123.873927][ T8458] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1840'. [ 124.077206][ T8479] netlink: 'syz.3.1847': attribute type 12 has an invalid length. [ 124.085237][ T8479] netlink: 'syz.3.1847': attribute type 29 has an invalid length. [ 124.093364][ T8479] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1847'. [ 124.102510][ T8479] netlink: 'syz.3.1847': attribute type 2 has an invalid length. [ 124.110299][ T8479] netlink: 23 bytes leftover after parsing attributes in process `syz.3.1847'. [ 124.314402][ T8146] Process accounting resumed [ 124.381031][ T8492] loop4: detected capacity change from 0 to 128 [ 124.646643][ T8498] loop4: detected capacity change from 0 to 512 [ 124.695243][ T8498] EXT4-fs (loop4): 1 orphan inode deleted [ 124.701672][ T8498] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 124.714652][ T4652] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:13: Failed to release dquot type 1 [ 124.744526][ T8498] ext4 filesystem being mounted at /334/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.824596][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.501899][ T8535] loop4: detected capacity change from 0 to 512 [ 125.525220][ T8535] EXT4-fs (loop4): orphan cleanup on readonly fs [ 125.532206][ T8535] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 125.542349][ T8535] EXT4-fs (loop4): 1 truncate cleaned up [ 125.548619][ T8535] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 125.563602][ T8535] EXT4-fs error (device loop4): ext4_iget_extra_inode:5073: inode #15: comm syz.4.1868: corrupted in-inode xattr: e_value out of bounds [ 125.579129][ T8535] EXT4-fs (loop4): Remounting filesystem read-only [ 125.599683][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.678915][ T8549] loop6: detected capacity change from 0 to 1024 [ 125.694819][ T8549] EXT4-fs: Ignoring removed orlov option [ 125.714600][ T8549] EXT4-fs (loop6): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 125.743757][ T8549] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.764252][ T29] kauditd_printk_skb: 19 callbacks suppressed [ 125.764270][ T29] audit: type=1326 audit(1770577564.652:1498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8551 comm="syz.5.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6595f6aeb9 code=0x7ffc0000 [ 125.794789][ T29] audit: type=1326 audit(1770577564.652:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8551 comm="syz.5.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f6595f6aeb9 code=0x7ffc0000 [ 125.875712][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.895490][ T29] audit: type=1400 audit(1770577564.712:1500): avc: denied { accept } for pid=8550 comm="syz.3.1875" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 125.921979][ T29] audit: type=1326 audit(1770577564.812:1501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8551 comm="syz.5.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6595f6aeb9 code=0x7ffc0000 [ 125.945849][ T29] audit: type=1326 audit(1770577564.812:1502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8551 comm="syz.5.1874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6595f6aeb9 code=0x7ffc0000 [ 125.979739][ T8563] loop6: detected capacity change from 0 to 128 [ 126.004566][ T8563] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 126.154501][ T29] audit: type=1400 audit(1770577565.022:1503): avc: denied { remount } for pid=8562 comm="syz.6.1876" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 126.300227][ T8583] netlink: 'syz.5.1887': attribute type 1 has an invalid length. [ 126.308252][ T8583] netlink: 'syz.5.1887': attribute type 4 has an invalid length. [ 126.356394][ T8589] netlink: 'syz.4.1889': attribute type 12 has an invalid length. [ 126.364400][ T4648] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.390925][ T4648] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.407261][ T8589] netlink: 'syz.4.1889': attribute type 12 has an invalid length. [ 126.416495][ T4648] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.432328][ T4648] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.454920][ T29] audit: type=1326 audit(1770577565.342:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8595 comm="syz.5.1893" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6595f6aeb9 code=0x0 [ 126.574715][ T29] audit: type=1326 audit(1770577565.462:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8602 comm="syz.6.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 126.599210][ T29] audit: type=1326 audit(1770577565.462:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8602 comm="syz.6.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 126.623984][ T29] audit: type=1326 audit(1770577565.482:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8602 comm="syz.6.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f5bef58aeb9 code=0x7ffc0000 [ 126.930802][ T1672] netdevsim netdevsim6 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.940080][ T1672] netdevsim netdevsim6 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.949081][ T1672] netdevsim netdevsim6 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.983353][ T1672] netdevsim netdevsim6 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 128.030218][ T8669] __nla_validate_parse: 9 callbacks suppressed [ 128.030240][ T8669] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1922'. [ 129.040916][ T8704] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1934'. [ 129.497441][ T8730] netlink: 'syz.5.1949': attribute type 5 has an invalid length. [ 130.023677][ T8626] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 130.293605][ T8752] loop4: detected capacity change from 0 to 1024 [ 130.463977][ T8752] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 130.516499][ T8752] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4215: comm syz.4.1958: Allocating blocks 497-513 which overlap fs metadata [ 130.554642][ T8752] EXT4-fs (loop4): pa ffff8881061384d0: logic 16, phys. 129, len 24 [ 130.562744][ T8752] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5466: group 0, free 0, pa_free 1 [ 130.725607][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.778399][ T8796] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1977'. [ 130.887537][ T8807] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1980'. [ 131.103461][ T8815] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8815 comm=syz.5.1984 [ 131.117031][ T8815] netlink: 'syz.5.1984': attribute type 1 has an invalid length. [ 131.137766][ T8815] bond2: (slave bridge1): making interface the new active one [ 131.164696][ T8815] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 131.197809][ T8818] loop6: detected capacity change from 0 to 512 [ 131.237484][ T8820] netlink: 'syz.5.1986': attribute type 4 has an invalid length. [ 131.266355][ T8820] netlink: 'syz.5.1986': attribute type 17 has an invalid length. [ 132.331808][ T29] kauditd_printk_skb: 38 callbacks suppressed [ 132.331837][ T29] audit: type=1326 audit(1770577571.212:1546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8879 comm="syz.5.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6595f6aeb9 code=0x7ffc0000 [ 132.365603][ T29] audit: type=1326 audit(1770577571.212:1547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8879 comm="syz.5.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6595f6aeb9 code=0x7ffc0000 [ 132.389224][ T29] audit: type=1326 audit(1770577571.252:1548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8879 comm="syz.5.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f6595f6aeb9 code=0x7ffc0000 [ 132.484296][ T29] audit: type=1326 audit(1770577571.352:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8879 comm="syz.5.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6595f6aeb9 code=0x7ffc0000 [ 132.508013][ T29] audit: type=1326 audit(1770577571.352:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8879 comm="syz.5.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6595f6aeb9 code=0x7ffc0000 [ 132.531606][ T29] audit: type=1326 audit(1770577571.352:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8888 comm="syz.5.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6595f2b78e code=0x7ffc0000 [ 132.554310][ T8890] netlink: 'syz.1.2013': attribute type 1 has an invalid length. [ 132.562997][ T8890] netlink: 'syz.1.2013': attribute type 4 has an invalid length. [ 132.571005][ T8890] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.2013'. [ 132.586208][ T8865] loop6: detected capacity change from 0 to 1024 [ 132.688446][ T29] audit: type=1326 audit(1770577571.502:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8888 comm="syz.5.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f6595f6aeb9 code=0x7ffc0000 [ 132.692023][ T8865] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.829226][ T8865] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4215: comm syz.6.2004: Allocating blocks 385-513 which overlap fs metadata [ 132.907350][ T8865] EXT4-fs (loop6): pa ffff888107a87620: logic 0, phys. 113, len 25 [ 132.915444][ T8865] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5466: group 0, free 0, pa_free 8 [ 132.985288][ T29] audit: type=1400 audit(1770577571.862:1553): avc: denied { setopt } for pid=8901 comm="syz.1.2020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 133.076951][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.150754][ T8912] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2026'. [ 133.264976][ T8923] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2027'. [ 133.294412][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2031'. [ 133.303494][ T8927] netlink: 'syz.4.2031': attribute type 5 has an invalid length. [ 133.311500][ T8927] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2031'. [ 133.352135][ T29] audit: type=1326 audit(1770577572.222:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8929 comm="syz.3.2029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e511eaeb9 code=0x7ffc0000 [ 133.376099][ T29] audit: type=1326 audit(1770577572.222:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8929 comm="syz.3.2029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e511eaeb9 code=0x7ffc0000 [ 133.408020][ T8927] geneve2: entered promiscuous mode [ 133.413509][ T8927] geneve2: entered allmulticast mode [ 133.427937][ T4655] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 65535 - 0 [ 133.461396][ T4655] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 65535 - 0 [ 133.470743][ T4655] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 65535 - 0 [ 133.480323][ T4655] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 65535 - 0 [ 133.593830][ T8944] netlink: 'syz.6.2036': attribute type 2 has an invalid length. [ 133.601910][ T8944] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2036'. [ 133.613218][ T8945] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2034'. [ 133.623376][ T8944] netlink: 'syz.6.2036': attribute type 2 has an invalid length. [ 133.631489][ T8944] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2036'. [ 134.067356][ T9000] loop6: detected capacity change from 0 to 512 [ 134.097171][ T9000] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.120212][ T9000] ext4 filesystem being mounted at /258/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 134.230658][ T9007] EXT4-fs error (device loop6): ext4_do_update_inode:5617: inode #2: comm syz.6.2058: corrupted inode contents [ 134.427492][ T9007] EXT4-fs error (device loop6): ext4_dirty_inode:6502: inode #2: comm syz.6.2058: mark_inode_dirty error [ 134.439272][ T9007] EXT4-fs error (device loop6): ext4_do_update_inode:5617: inode #2: comm syz.6.2058: corrupted inode contents [ 134.451562][ T9007] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #2: comm syz.6.2058: mark_inode_dirty error [ 134.530889][ T9000] Set syz1 is full, maxelem 65536 reached [ 134.566633][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.808912][ T9025] loop6: detected capacity change from 0 to 128 [ 134.818541][ T9025] EXT4-fs: Ignoring removed orlov option [ 134.832484][ T9025] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 134.861890][ T9025] ext4 filesystem being mounted at /262/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 134.943874][ T5820] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 135.031786][ T9037] geneve2: entered promiscuous mode [ 135.038249][ T4655] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.055390][ T4655] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.063733][ T4655] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.087753][ T9040] netlink: 'syz.5.2074': attribute type 1 has an invalid length. [ 135.095540][ T4655] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.111294][ T9040] 8021q: adding VLAN 0 to HW filter on device bond3 [ 135.722435][ T9073] loop4: detected capacity change from 0 to 8192 [ 135.747964][ T3322] FAT-fs (loop4): error, invalid access to FAT (entry 0x0000e1b1) [ 135.755884][ T3322] FAT-fs (loop4): Filesystem has been set read-only [ 135.779344][ T9078] capability: warning: `syz.4.2088' uses 32-bit capabilities (legacy support in use) [ 136.061146][ T9098] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2097'. [ 136.156177][ T9107] netlink: 566 bytes leftover after parsing attributes in process `syz.1.2101'. [ 136.401737][ T9121] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2108'. [ 136.470365][ T9128] loop6: detected capacity change from 0 to 128 [ 136.546288][ T9130] SELinux: unknown common r [ 136.561527][ T9128] syz.6.2111: attempt to access beyond end of device [ 136.561527][ T9128] loop6: rw=8423425, sector=102, nr_sectors = 32 limit=128 [ 136.565146][ T9130] SELinux: failed to load policy [ 136.593356][ T9128] syz.6.2111: attempt to access beyond end of device [ 136.593356][ T9128] loop6: rw=8423425, sector=102, nr_sectors = 32 limit=128 [ 136.948644][ T9169] batadv_slave_1: entered promiscuous mode [ 136.962493][ T9168] batadv_slave_1: left promiscuous mode [ 137.389233][ T9190] loop6: detected capacity change from 0 to 512 [ 137.408002][ T9190] EXT4-fs (loop6): 1 orphan inode deleted [ 137.425328][ T31] __quota_error: 61 callbacks suppressed [ 137.425346][ T31] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 137.441897][ T31] EXT4-fs error (device loop6): ext4_release_dquot:7022: comm kworker/u8:1: Failed to release dquot type 1 [ 137.456123][ T9190] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.469361][ T9190] ext4 filesystem being mounted at /278/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.509817][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.524422][ T2169] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 137.534416][ T2169] EXT4-fs error (device loop6): ext4_release_dquot:7022: comm kworker/u8:7: Failed to release dquot type 1 [ 137.763562][ T29] audit: type=1326 audit(1770577576.642:1617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9210 comm="syz.6.2144" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x0 [ 138.052860][ T9229] A link change request failed with some changes committed already. Interface gre2 may have been left with an inconsistent configuration, please check. [ 138.441572][ T9239] __nla_validate_parse: 5 callbacks suppressed [ 138.441589][ T9239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2154'. [ 138.459149][ T9239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2154'. [ 139.720524][ T4655] Bluetooth: hci0: Frame reassembly failed (-84) [ 139.737610][ T9289] loop3: detected capacity change from 0 to 512 [ 139.755189][ T9289] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 139.781355][ T29] audit: type=1326 audit(1770577578.662:1618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9284 comm="syz.4.2173" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1925d9aeb9 code=0x0 [ 139.790087][ T9289] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.818515][ T9289] ext4 filesystem being mounted at /454/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 139.847341][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.202817][ T9315] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2183'. [ 140.352615][ T9321] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2185'. [ 140.361937][ T9321] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2185'. [ 140.486313][ T9328] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2188'. [ 140.497340][ T9328] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2188'. [ 140.526827][ T9330] ipip0: entered promiscuous mode [ 140.556152][ T29] audit: type=1400 audit(1770577579.442:1619): avc: denied { connect } for pid=9331 comm="syz.1.2190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 140.582129][ T29] audit: type=1400 audit(1770577579.442:1620): avc: denied { read } for pid=9331 comm="syz.1.2190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 140.607762][ T29] audit: type=1400 audit(1770577579.492:1621): avc: denied { write } for pid=9331 comm="syz.1.2190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 140.965514][ T9351] netlink: 'syz.5.2198': attribute type 29 has an invalid length. [ 140.974482][ T9351] netlink: 'syz.5.2198': attribute type 29 has an invalid length. [ 140.985085][ T9351] netlink: 500 bytes leftover after parsing attributes in process `syz.5.2198'. [ 141.439265][ T9366] bond4: (slave macvlan1): Releasing backup interface [ 141.516147][ T9370] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2206'. [ 141.544347][ T9372] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2207'. [ 141.579132][ T9376] syz_tun: entered allmulticast mode [ 141.708938][ T9390] pim6reg: entered allmulticast mode [ 141.734460][ T3710] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 141.749255][ T9390] pim6reg: left allmulticast mode [ 141.787650][ T9398] geneve3: entered promiscuous mode [ 141.793063][ T9398] geneve3: entered allmulticast mode [ 141.800543][ T2169] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 141.817228][ T2169] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 141.840232][ T2169] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 141.854350][ T2169] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 141.991171][ T9411] sit0: Caught tx_queue_len zero misconfig [ 142.637733][ T29] audit: type=1400 audit(1770577837.513:1622): avc: denied { name_bind } for pid=9421 comm="syz.3.2227" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 142.687539][ T9424] loop3: detected capacity change from 0 to 512 [ 142.694393][ T9424] EXT4-fs: Ignoring removed i_version option [ 142.707319][ T9424] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.722214][ T9287] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 142.739607][ T9424] ext4 filesystem being mounted at /469/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 142.946157][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.091784][ T9444] loop3: detected capacity change from 0 to 512 [ 143.099440][ T9447] netlink: 'syz.6.2239': attribute type 2 has an invalid length. [ 143.137748][ T9444] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #11: block 530: comm syz.3.2237: lblock 4 mapped to illegal pblock 530 (length 1) [ 143.157780][ T9444] ------------[ cut here ]------------ [ 143.163395][ T9444] EA inode 11 i_nlink=2 [ 143.163429][ T9444] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x313/0x350, CPU#1: syz.3.2237/9444 [ 143.179042][ T9444] Modules linked in: [ 143.183288][ T9444] CPU: 1 UID: 0 PID: 9444 Comm: syz.3.2237 Not tainted syzkaller #0 PREEMPT(voluntary) [ 143.193209][ T9444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 143.203472][ T9444] RIP: 0010:ext4_xattr_inode_update_ref+0x332/0x350 [ 143.210487][ T9444] Code: 64 e4 9a ff 4c 8d 2d bd 1f 3e 05 49 8d 7e 40 e8 74 ce b6 ff 49 8b 6e 40 4c 89 e7 e8 a8 c9 b6 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 02 ff ff ff e8 4f de d0 03 66 66 66 66 66 66 2e [ 143.230374][ T9444] RSP: 0018:ffffc90000f4f778 EFLAGS: 00010246 [ 143.236551][ T9444] RAX: ffff8881282b4c90 RBX: ffff88811a895348 RCX: ffffffff81be1d78 [ 143.244734][ T9444] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff86fc3d20 [ 143.252936][ T9444] RBP: 000000000000000b R08: 000188811a8952fb R09: 0000000000000000 [ 143.261486][ T9444] R10: ffffc90000f4f6a8 R11: 0001c90000f4f6a8 R12: ffff88811a8952f8 [ 143.269550][ T9444] R13: ffffffff86fc3d20 R14: ffff88811a8952b0 R15: 0000000000000001 [ 143.277599][ T9444] FS: 00007f0e4fc476c0(0000) GS:ffff8882aec57000(0000) knlGS:0000000000000000 [ 143.286797][ T9444] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.293416][ T9444] CR2: 00007f634247e000 CR3: 000000011c42a000 CR4: 00000000003506f0 [ 143.301716][ T9444] DR0: fffffffffffffffe DR1: 0000000000000000 DR2: 0000000000000000 [ 143.309865][ T9444] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 143.319061][ T9444] Call Trace: [ 143.322376][ T9444] [ 143.325445][ T9444] ext4_xattr_inode_dec_ref_all+0x57c/0x880 [ 143.331644][ T9444] ? errseq_check+0x2c/0x50 [ 143.336392][ T9444] ext4_xattr_delete_inode+0x6c1/0x7a0 [ 143.342198][ T9444] ? ext4_truncate+0x92b/0xad0 [ 143.347242][ T9444] ext4_evict_inode+0xa1f/0xd40 [ 143.352288][ T9444] ? __pfx_ext4_evict_inode+0x10/0x10 [ 143.357764][ T9444] evict+0x2af/0x510 [ 143.361996][ T9444] ? __dquot_initialize+0x146/0x7c0 [ 143.367558][ T9444] iput+0x4b9/0x650 [ 143.371736][ T9444] ext4_process_orphan+0x1a9/0x1c0 [ 143.377071][ T9444] ext4_orphan_cleanup+0x6a8/0xa00 [ 143.382249][ T9444] ext4_fill_super+0x3476/0x3800 [ 143.387267][ T9444] ? set_blocksize+0x1a3/0x310 [ 143.392081][ T9444] ? setup_bdev_super+0x30e/0x370 [ 143.397176][ T9444] ? __pfx_ext4_fill_super+0x10/0x10 [ 143.402549][ T9444] get_tree_bdev_flags+0x291/0x300 [ 143.407761][ T9444] ? __pfx_ext4_fill_super+0x10/0x10 [ 143.413177][ T9444] get_tree_bdev+0x1f/0x30 [ 143.417718][ T9444] ext4_get_tree+0x1c/0x30 [ 143.422287][ T9444] vfs_get_tree+0x57/0x1d0 [ 143.426828][ T9444] do_new_mount+0x288/0x700 [ 143.431449][ T9444] path_mount+0x4d0/0xbc0 [ 143.435930][ T9444] ? user_path_at+0xbf/0x130 [ 143.440656][ T9444] __se_sys_mount+0x28c/0x2e0 [ 143.445511][ T9444] __x64_sys_mount+0x67/0x80 [ 143.450587][ T9444] x64_sys_call+0x2cca/0x3000 [ 143.455391][ T9444] do_syscall_64+0xc0/0x2a0 [ 143.460006][ T9444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.466060][ T9444] RIP: 0033:0x7f0e511ec14a [ 143.470522][ T9444] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 143.490548][ T9444] RSP: 002b:00007f0e4fc46e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 143.499133][ T9444] RAX: ffffffffffffffda RBX: 00007f0e4fc46ee0 RCX: 00007f0e511ec14a [ 143.507386][ T9444] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f0e4fc46ea0 [ 143.515458][ T9444] RBP: 0000200000000180 R08: 00007f0e4fc46ee0 R09: 0000000000800718 [ 143.523518][ T9444] R10: 0000000000800718 R11: 0000000000000246 R12: 00002000000001c0 [ 143.531587][ T9444] R13: 00007f0e4fc46ea0 R14: 0000000000000482 R15: 0000200000000200 [ 143.539624][ T9444] [ 143.542678][ T9444] ---[ end trace 0000000000000000 ]--- [ 143.549990][ T9444] EXT4-fs (loop3): 1 orphan inode deleted [ 143.556579][ T9444] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.582925][ T9454] __nla_validate_parse: 3 callbacks suppressed [ 143.582942][ T9454] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2241'. [ 143.617182][ T9454] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.629630][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.679708][ T9454] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.954778][ T9464] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2245'. [ 143.963811][ T9464] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2245'. [ 144.048507][ T9468] netlink: 'syz.6.2247': attribute type 3 has an invalid length. [ 144.056680][ T9468] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.2247'. [ 144.159750][ T9470] 9pnet: p9_errstr2errno: server reported unknown error 0x000000 [ 144.214102][ T9478] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2250'. [ 144.250717][ T9478] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2250'. [ 144.277687][ T29] audit: type=1400 audit(1770577839.163:1623): avc: denied { sys_module } for pid=9484 comm="syz.5.2253" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 144.363557][ T9493] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9493 comm=syz.6.2256 [ 144.377447][ T9493] netlink: 'syz.6.2256': attribute type 1 has an invalid length. [ 144.402652][ T9493] bond2: (slave bridge1): making interface the new active one [ 144.410932][ T9493] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 144.450493][ T9502] loop6: detected capacity change from 0 to 512 [ 144.468143][ T9502] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.481288][ T9502] ext4 filesystem being mounted at /300/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 144.507771][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.824585][ T9534] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2271'. [ 144.834038][ T9534] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2271'. [ 144.977992][ T29] audit: type=1400 audit(1770577839.863:1624): avc: denied { create } for pid=9551 comm="syz.1.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 144.997951][ T29] audit: type=1400 audit(1770577839.863:1625): avc: denied { bind } for pid=9551 comm="syz.1.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 145.024635][ T29] audit: type=1400 audit(1770577839.863:1626): avc: denied { listen } for pid=9551 comm="syz.1.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 145.044265][ T29] audit: type=1400 audit(1770577839.863:1627): avc: denied { accept } for pid=9551 comm="syz.1.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 145.555338][ T9570] netlink: 'syz.5.2285': attribute type 6 has an invalid length. [ 145.563424][ T9570] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2285'. [ 145.889166][ T9583] team0 (unregistering): Port device team_slave_0 removed [ 145.899950][ T9583] team0 (unregistering): Port device team_slave_1 removed [ 145.902553][ T29] audit: type=1400 audit(1770577840.783:1628): avc: denied { shutdown } for pid=9588 comm="syz.1.2293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 146.143469][ T9597] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2296'. [ 146.266675][ T9603] loop6: detected capacity change from 0 to 128 [ 146.283994][ T9603] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 146.300007][ T9603] ext4 filesystem being mounted at /306/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 146.327029][ T29] audit: type=1326 audit(1770577841.213:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9606 comm="syz.4.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1925d9aeb9 code=0x7ffc0000 [ 146.351301][ T29] audit: type=1326 audit(1770577841.213:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9606 comm="syz.4.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1925d9aeb9 code=0x7ffc0000 [ 146.375935][ T29] audit: type=1326 audit(1770577841.213:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9606 comm="syz.4.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f1925d9aeb9 code=0x7ffc0000 [ 146.481540][ T5820] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 146.545577][ T23] kernel write not supported for file bpf-prog (pid: 23 comm: kworker/1:0) [ 146.801537][ T9631] loop4: detected capacity change from 0 to 1024 [ 146.902146][ T9631] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 147.014005][ T9631] ext4 filesystem being mounted at /421/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.048792][ T9631] EXT4-fs error (device loop4): ext4_map_blocks:825: inode #15: block 3: comm syz.4.2311: lblock 3 mapped to illegal pblock 3 (length 3) [ 147.083621][ T9631] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 147.096176][ T9631] EXT4-fs (loop4): This should not happen!! Data will be lost [ 147.096176][ T9631] [ 147.184777][ T9631] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #15: block 3: comm syz.4.2311: lblock 3 mapped to illegal pblock 3 (length 1) [ 147.220791][ T9631] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #15: block 3: comm syz.4.2311: lblock 3 mapped to illegal pblock 3 (length 1) [ 147.275126][ T9655] EXT4-fs error (device loop4): ext4_ext_remove_space:2955: inode #15: comm syz.4.2311: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 147.369448][ T9655] EXT4-fs error (device loop4) in ext4_setattr:6035: Corrupt filesystem [ 147.426888][ T9671] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9671 comm=syz.1.2328 [ 147.514762][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 147.847858][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 147.847878][ T29] audit: type=1400 audit(1770577842.733:1641): avc: denied { read } for pid=9691 comm="syz.4.2336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 147.888102][ T9693] SELinux: Context system_u:object_r:systemd_logger_exec_t:s0 is not valid (left unmapped). [ 147.908959][ T29] audit: type=1400 audit(1770577842.773:1642): avc: denied { mac_admin } for pid=9690 comm="syz.6.2337" capability=33 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 147.930394][ T29] audit: type=1400 audit(1770577842.793:1643): avc: denied { relabelto } for pid=9690 comm="syz.6.2337" name="311" dev="tmpfs" ino=1645 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0" [ 147.957730][ T29] audit: type=1400 audit(1770577842.793:1644): avc: denied { associate } for pid=9690 comm="syz.6.2337" name="311" dev="tmpfs" ino=1645 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:systemd_logger_exec_t:s0" [ 147.986843][ T29] audit: type=1400 audit(1770577842.853:1645): avc: denied { add_name } for pid=9690 comm="syz.6.2337" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0" [ 148.013728][ T29] audit: type=1400 audit(1770577842.853:1646): avc: denied { create } for pid=9690 comm="syz.6.2337" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 148.035901][ T29] audit: type=1400 audit(1770577842.853:1647): avc: denied { associate } for pid=9690 comm="syz.6.2337" name=E91F7189591E9233614B scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 148.058970][ T29] audit: type=1400 audit(1770577842.853:1648): avc: denied { accept } for pid=9690 comm="syz.6.2337" path=2F3331312FE91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 148.142553][ T29] audit: type=1400 audit(1770577843.023:1649): avc: denied { remove_name } for pid=5820 comm="syz-executor" name=E91F7189591E9233614B dev="tmpfs" ino=1650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0" [ 148.171792][ T29] audit: type=1400 audit(1770577843.023:1650): avc: denied { unlink } for pid=5820 comm="syz-executor" name=E91F7189591E9233614B dev="tmpfs" ino=1650 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 148.718838][ T9712] bridge_slave_0: left allmulticast mode [ 148.724636][ T9712] bridge_slave_0: left promiscuous mode [ 148.730508][ T9712] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.832626][ T9712] bridge_slave_1: left allmulticast mode [ 148.838389][ T9712] bridge_slave_1: left promiscuous mode [ 148.844325][ T9712] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.984280][ T9712] bond0: (slave bond_slave_0): Releasing backup interface [ 149.029627][ T9712] bond0: (slave bond_slave_1): Releasing backup interface [ 149.041541][ T9712] team0: Port device team_slave_0 removed [ 149.158398][ T9712] team0: Port device team_slave_1 removed [ 149.194622][ T9712] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.202149][ T9712] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.223039][ T9726] loop4: detected capacity change from 0 to 8192 [ 149.249062][ T9712] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.256646][ T9712] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 149.296966][ T9712] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 149.314485][ T9732] ªªªªªª: renamed from vlan0 (while UP) [ 149.610508][ T9751] loop6: detected capacity change from 0 to 4096 [ 149.657352][ T9754] syzkaller1: entered promiscuous mode [ 149.662892][ T9754] syzkaller1: entered allmulticast mode [ 149.689275][ T9751] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.707358][ T9751] __find_get_block_slow() failed. block=144115188075855872, b_blocknr=0, b_state=0x00000019, b_size=4096, device loop6 blocksize: 4096 [ 149.721916][ T9751] grow_buffers: requested out-of-range block 144115188075855872 for device loop6 [ 149.731115][ T9751] EXT4-fs warning (device loop6): ext4_resize_fs:2019: can't read last block, resize aborted [ 149.778453][ T5820] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.484577][ T9789] loop6: detected capacity change from 0 to 2048 [ 150.510180][ T9796] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2379'. [ 150.519808][ T9796] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2379'. [ 150.552315][ T9789] loop6: p3 p4 < > [ 150.572448][ T9789] loop6: p3 start 11362048 is beyond EOD, truncated [ 151.283871][ T9829] netlink: 7 bytes leftover after parsing attributes in process `syz.6.2390'. [ 151.307510][ T9829] netlink: 7 bytes leftover after parsing attributes in process `syz.6.2390'. [ 151.929254][ T9868] netlink: 'syz.3.2406': attribute type 1 has an invalid length. [ 152.061613][ T9870] bond6: (slave geneve2): making interface the new active one [ 152.089938][ T9870] bond6: (slave geneve2): Enslaving as an active interface with an up link [ 152.098722][ T4635] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0 [ 152.108609][ T4635] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0 [ 152.118237][ T4635] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0 [ 152.127372][ T4635] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0 [ 152.330210][ T9881] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2409'. [ 152.357978][ T9881] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2409'. [ 153.075736][ T9893] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2415'. [ 153.131338][ T29] kauditd_printk_skb: 40 callbacks suppressed [ 153.131353][ T29] audit: type=1326 audit(2000000000.150:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9894 comm="syz.6.2416" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5bef58aeb9 code=0x0 [ 153.514252][ T8116] IPVS: starting estimator thread 0... [ 153.604387][ T9903] IPVS: using max 2160 ests per chain, 108000 per kthread [ 154.057303][ T9914] netlink: 'syz.6.2422': attribute type 1 has an invalid length. [ 154.067004][ T4635] IPVS: stop unused estimator thread 0... [ 154.085517][ T9914] bond3: entered promiscuous mode [ 154.094476][ T9914] 8021q: adding VLAN 0 to HW filter on device bond3 [ 154.220235][ T9921] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2425'. [ 154.229507][ T9921] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2425'. [ 154.238516][ T9921] netlink: 7 bytes leftover after parsing attributes in process `syz.3.2425'. [ 154.273792][ T9914] 8021q: adding VLAN 0 to HW filter on device bond3 [ 154.418746][ T29] audit: type=1400 audit(2000000001.440:1692): avc: denied { create } for pid=9926 comm="syz.4.2427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 154.438924][ T29] audit: type=1400 audit(2000000001.440:1693): avc: denied { bind } for pid=9926 comm="syz.4.2427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 154.459085][ T29] audit: type=1400 audit(2000000001.440:1694): avc: denied { write } for pid=9926 comm="syz.4.2427" path="socket:[25850]" dev="sockfs" ino=25850 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 154.485232][ T9914] bond3: (slave vti0): The slave device specified does not support setting the MAC address [ 154.495388][ T9914] bond3: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 154.513935][ T9914] bond3: (slave vti0): making interface the new active one [ 154.521298][ T9914] vti0: entered promiscuous mode [ 154.528972][ T9914] bond3: (slave vti0): Enslaving as an active interface with an up link [ 154.941444][ T9946] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.948763][ T9946] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.043506][ T9960] loop3: detected capacity change from 0 to 4096 [ 155.055339][ T9960] EXT4-fs: inline encryption not supported [ 155.061663][ T9960] EXT4-fs: test_dummy_encryption option not supported [ 155.071538][ T9946] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.219291][ T9958] bond0: (slave bond_slave_1): Releasing backup interface [ 155.229217][ T2169] netdevsim netdevsim6 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 155.238251][ T2169] netdevsim netdevsim6 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.248419][ T2169] netdevsim netdevsim6 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 155.257084][ T2169] netdevsim netdevsim6 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.266652][ T2169] netdevsim netdevsim6 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 155.275103][ T2169] netdevsim netdevsim6 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.283575][ T2169] netdevsim netdevsim6 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 155.292039][ T2169] netdevsim netdevsim6 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.418206][ T9970] netlink: 'syz.4.2444': attribute type 1 has an invalid length. [ 155.516931][ T9970] bond3: entered promiscuous mode [ 155.522019][ T9970] bond3: entered allmulticast mode [ 155.574288][ T29] audit: type=1400 audit(2000000002.590:1695): avc: denied { read } for pid=9973 comm="syz.6.2445" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 155.621147][ T9971] bond3: (slave ip6gretap1): making interface the new active one [ 155.629081][ T9971] ip6gretap1: entered promiscuous mode [ 155.634801][ T9971] ip6gretap1: entered allmulticast mode [ 155.666715][ T9971] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link [ 155.714497][ T29] audit: type=1326 audit(2000000002.730:1696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9983 comm="syz.5.2451" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6595f6aeb9 code=0x0 [ 155.745387][ T9985] sock: sock_set_timeout: `syz.3.2450' (pid 9985) tries to set negative timeout [ 155.809551][ T9993] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 155.826941][ T9995] loop4: detected capacity change from 0 to 512 [ 155.839174][ T9995] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 155.867254][ T9995] EXT4-fs (loop4): 1 truncate cleaned up [ 155.873478][ T9995] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.939944][ T29] audit: type=1400 audit(2000000002.960:1697): avc: denied { setopt } for pid=10001 comm="syz.1.2457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 155.962122][ T29] audit: type=1400 audit(2000000002.990:1698): avc: denied { ioctl } for pid=10001 comm="syz.1.2457" path="socket:[26911]" dev="sockfs" ino=26911 ioctlcmd=0x48d2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 156.005663][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.108445][T10015] all: renamed from bridge_slave_0 [ 156.144121][T10019] __nla_validate_parse: 1 callbacks suppressed [ 156.144139][T10019] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2465'. [ 156.260764][ T29] audit: type=1326 audit(2000000003.280:1699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10029 comm="syz.4.2470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1925d9aeb9 code=0x7ffc0000 [ 156.284719][ T29] audit: type=1326 audit(2000000003.280:1700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10029 comm="syz.4.2470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1925d9aeb9 code=0x7ffc0000 [ 156.649249][T10054] loop4: detected capacity change from 0 to 512 [ 156.656491][T10054] EXT4-fs: inline encryption not supported [ 156.666355][T10054] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.679656][T10054] ext4 filesystem being mounted at /456/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 156.754721][ T3322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.393331][ T31] Bluetooth: hci0: Frame reassembly failed (-84) [ 157.413751][ T3710] Bluetooth: hci0: unexpected event 0x0f length: 0 < 4 [ 158.227517][T10113] loop3: detected capacity change from 0 to 1024 [ 158.236695][T10113] EXT4-fs: Ignoring removed oldalloc option [ 158.242672][T10113] EXT4-fs: Ignoring removed bh option [ 158.292276][T10113] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 158.973652][T10113] ================================================================== [ 158.981804][T10113] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark [ 158.988979][T10113] [ 158.991332][T10113] write to 0xffff88811a8946f4 of 4 bytes by task 10121 on cpu 1: [ 158.999085][T10113] xas_set_mark+0x12b/0x140 [ 159.003680][T10113] __folio_start_writeback+0x17b/0x370 [ 159.009252][T10113] ext4_bio_write_folio+0x5ad/0x9f0 [ 159.014507][T10113] mpage_process_page_bufs+0x4a1/0x620 [ 159.020002][T10113] mpage_prepare_extent_to_map+0x7d4/0xc50 [ 159.025858][T10113] ext4_do_writepages+0x9f6/0x2800 [ 159.031030][T10113] ext4_writepages+0x18f/0x320 [ 159.036007][T10113] do_writepages+0x1c6/0x310 [ 159.040655][T10113] file_write_and_wait_range+0x178/0x2f0 [ 159.046330][T10113] generic_buffers_fsync_noflush+0x45/0x130 [ 159.052267][T10113] ext4_sync_file+0x1aa/0x680 [ 159.056993][T10113] vfs_fsync_range+0x10d/0x130 [ 159.061811][T10113] ext4_buffered_write_iter+0x34f/0x3c0 [ 159.067417][T10113] ext4_file_write_iter+0x380/0xf70 [ 159.072679][T10113] iter_file_splice_write+0x6bc/0xa80 [ 159.078098][T10113] direct_splice_actor+0x156/0x2a0 [ 159.083264][T10113] splice_direct_to_actor+0x311/0x670 [ 159.088682][T10113] do_splice_direct+0x119/0x1a0 [ 159.093572][T10113] do_sendfile+0x382/0x650 [ 159.098042][T10113] __x64_sys_sendfile64+0x105/0x150 [ 159.103300][T10113] x64_sys_call+0x2db1/0x3000 [ 159.108025][T10113] do_syscall_64+0xc0/0x2a0 [ 159.112574][T10113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.118523][T10113] [ 159.120883][T10113] read to 0xffff88811a8946f4 of 4 bytes by task 10113 on cpu 0: [ 159.128818][T10113] xas_find_marked+0x5d7/0x620 [ 159.133637][T10113] filemap_get_folios_tag+0xfa/0x510 [ 159.139062][T10113] mpage_prepare_extent_to_map+0x328/0xc50 [ 159.144943][T10113] ext4_do_writepages+0x9f6/0x2800 [ 159.150114][T10113] ext4_writepages+0x18f/0x320 [ 159.154932][T10113] do_writepages+0x1c6/0x310 [ 159.159582][T10113] file_write_and_wait_range+0x178/0x2f0 [ 159.165615][T10113] generic_buffers_fsync_noflush+0x45/0x130 [ 159.171567][T10113] ext4_sync_file+0x1aa/0x680 [ 159.176392][T10113] vfs_fsync_range+0x10d/0x130 [ 159.181468][T10113] ext4_buffered_write_iter+0x34f/0x3c0 [ 159.187082][T10113] ext4_file_write_iter+0x380/0xf70 [ 159.192774][T10113] iter_file_splice_write+0x6bc/0xa80 [ 159.198276][T10113] direct_splice_actor+0x156/0x2a0 [ 159.203426][T10113] splice_direct_to_actor+0x311/0x670 [ 159.208880][T10113] do_splice_direct+0x119/0x1a0 [ 159.213766][T10113] do_sendfile+0x382/0x650 [ 159.218223][T10113] __x64_sys_sendfile64+0x105/0x150 [ 159.223471][T10113] x64_sys_call+0x2db1/0x3000 [ 159.228198][T10113] do_syscall_64+0xc0/0x2a0 [ 159.232761][T10113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.238703][T10113] [ 159.241059][T10113] value changed: 0x0a000021 -> 0x04000021 [ 159.246889][T10113] [ 159.249248][T10113] Reported by Kernel Concurrency Sanitizer on: [ 159.255690][T10113] CPU: 0 UID: 0 PID: 10113 Comm: syz.3.2506 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 159.267380][T10113] Tainted: [W]=WARN [ 159.271210][T10113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 159.281300][T10113] ================================================================== [ 159.354586][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.414291][ T3541] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 159.414683][ T3710] Bluetooth: hci0: command 0x1003 tx timeout