last executing test programs: 1.626935699s ago: executing program 4 (id=465): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) readv(r1, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x94}], 0x1) readv(r1, &(0x7f0000001240)=[{&(0x7f0000000040)=""/73, 0x49}], 0x1) 1.226953734s ago: executing program 0 (id=488): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') faccessat2(r2, &(0x7f0000000040)='\x00', 0x1, 0x1300) 1.182009824s ago: executing program 0 (id=491): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) sendto$inet6(r0, &(0x7f0000000740)='XB', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.132471625s ago: executing program 3 (id=493): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) r2 = syz_open_dev$vcsn(&(0x7f0000000180), 0x0, 0x26642) fsetxattr$security_capability(r2, &(0x7f0000000280), &(0x7f0000000380)=@v3={0x3000000, [{0x5, 0x82}, {0x80000000, 0xffffaf0a}]}, 0x18, 0x0) 1.124010075s ago: executing program 0 (id=494): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'geneve0\x00', 0x0}) bind$packet(r0, &(0x7f0000000000)={0x11, 0x3, r1, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @local}, 0x10) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0xc}, {0xfff3, 0x8}}}, 0x24}}, 0x20040000) 1.059096596s ago: executing program 3 (id=496): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0) writev(r2, &(0x7f0000000080)=[{&(0x7f0000000300)='4', 0x1}, {&(0x7f0000000040)='\\', 0x1}], 0x2) 1.002135377s ago: executing program 3 (id=498): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, @perf_bp={0x0, 0xe}, 0x400, 0xffffffff, 0x6, 0x5, 0x0, 0x40000001, 0xfff9, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000001001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100d0000000fbdbdf252100000018000180140002007665746831"], 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x4008800) 913.137918ms ago: executing program 0 (id=500): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000005600)='sys_enter\x00', r1, 0x0, 0x2}, 0x18) r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x4) sendfile(r2, r2, 0x0, 0x200) 912.974708ms ago: executing program 0 (id=501): r0 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f00000008c0)={0xffffffffffffffff}) read(r1, &(0x7f0000032440)=""/102364, 0x18fdc) ioprio_set$pid(0x3, 0x0, 0x0) 850.645119ms ago: executing program 3 (id=502): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r1, 0x0, 0x9}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 825.919369ms ago: executing program 3 (id=505): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r1, 0x400, 0x0) fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000040), 0x0, 0x0, 0x0) 756.81744ms ago: executing program 3 (id=506): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 756.27859ms ago: executing program 4 (id=507): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, 0x0) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r1}, 0x10) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000003c0)={0x0, 0xfff, 0x3}) 645.072261ms ago: executing program 1 (id=508): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r1, 0x0, 0x9}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 644.543931ms ago: executing program 4 (id=509): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000) 644.249221ms ago: executing program 1 (id=510): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c80)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18090000002300810000000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8003}, &(0x7f0000000240)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x38, 0x3, r1, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}}) io_uring_enter(r1, 0x6e2, 0x600, 0x1, 0x0, 0x0) 643.969871ms ago: executing program 4 (id=512): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="fd8d00000000000000000200000008000300", @ANYRES32=r2, @ANYBLOB="0a0009000180c2000000fdff08000b"], 0x30}}, 0x0) 617.777122ms ago: executing program 4 (id=513): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0), 0x4) bind$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e20, 0x2000000, @ipv4={'\x00', '\xff\xff', @loopback}, 0xb851}, 0x1c) 590.067642ms ago: executing program 4 (id=514): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x401, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x2}]}) close_range(r1, 0xffffffffffffffff, 0x0) 521.156283ms ago: executing program 1 (id=515): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x800000000003}, 0x1100, 0x5dd8, 0x0, 0x5, 0x0, 0x8, 0xfffb, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000000)={0xc9495724790b983a, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200003, 0x198a9, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, @perf_bp={0x0}, 0x100040, 0x0, 0x0, 0x1, 0x3, 0xfc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a6c52d922ba2a05dd42"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 280.027576ms ago: executing program 1 (id=518): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f687372"], 0xfc}}, 0x0) 256.209117ms ago: executing program 1 (id=519): r0 = socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="d80000001c0081064e81f782db44b9040a1d08040000000000000aa1180002000607002603600e12080b0f0000810401a8001605200001400200000803604e0cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee422fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef5d2defd5ccae8d3fb7c27a1059ae31c60e2234d732", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) 210.408807ms ago: executing program 2 (id=521): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000015c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x140) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'}) 205.746277ms ago: executing program 1 (id=522): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) recvfrom$inet(r0, &(0x7f0000000080)=""/76, 0x4c, 0x40000000, 0x0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x40) recvfrom$inet6(r0, 0x0, 0x0, 0x102, 0x0, 0x0) 177.823418ms ago: executing program 2 (id=523): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) sendto$inet6(r0, &(0x7f0000000740)='XB', 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 144.027118ms ago: executing program 2 (id=524): r0 = socket(0x1, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', r2, 0x0, 0x0, 0x0, 0x0, 0x44, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000340)={'syztnl1\x00', &(0x7f0000000180)={'syztnl0\x00', r3, 0x29, 0xff, 0x64, 0xa6, 0x0, @mcast2, @private1={0xfc, 0x1, '\x00', 0xfd}, 0x0, 0x40, 0xfffffffe, 0x800}}) 83.167849ms ago: executing program 0 (id=525): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x1a9041, 0x0) write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x12) 70.839969ms ago: executing program 2 (id=526): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0) writev(r2, &(0x7f0000000080)=[{&(0x7f0000000300)='4', 0x1}, {&(0x7f0000000040)='\\', 0x1}], 0x2) 37.628709ms ago: executing program 2 (id=527): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0) pwritev(r2, &(0x7f00000000c0)=[{0x0, 0x4f}, {&(0x7f0000000140)="de", 0x1}], 0x2, 0x0, 0x0) 0s ago: executing program 2 (id=528): rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0) r0 = epoll_create1(0x0) r1 = eventfd2(0x0, 0x0) epoll_pwait2(r0, &(0x7f0000000240)=[{}], 0x1, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000b80)) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000180)={0x20000005}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.225' (ED25519) to the list of known hosts. [ 26.498228][ T29] audit: type=1400 audit(1748500527.731:62): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.499332][ T3302] cgroup: Unknown subsys name 'net' [ 26.520979][ T29] audit: type=1400 audit(1748500527.731:63): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.548390][ T29] audit: type=1400 audit(1748500527.761:64): avc: denied { unmount } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.740546][ T3302] cgroup: Unknown subsys name 'cpuset' [ 26.746855][ T3302] cgroup: Unknown subsys name 'rlimit' [ 26.878883][ T29] audit: type=1400 audit(1748500528.111:65): avc: denied { setattr } for pid=3302 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.902323][ T29] audit: type=1400 audit(1748500528.111:66): avc: denied { create } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 26.922915][ T29] audit: type=1400 audit(1748500528.111:67): avc: denied { write } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.927930][ T3307] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.943528][ T29] audit: type=1400 audit(1748500528.111:68): avc: denied { read } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.972523][ T29] audit: type=1400 audit(1748500528.141:69): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 26.978982][ T3302] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.997405][ T29] audit: type=1400 audit(1748500528.141:70): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 27.029416][ T29] audit: type=1400 audit(1748500528.191:71): avc: denied { relabelto } for pid=3307 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.848869][ T3321] chnl_net:caif_netlink_parms(): no params data found [ 28.874227][ T3314] chnl_net:caif_netlink_parms(): no params data found [ 28.973583][ T3313] chnl_net:caif_netlink_parms(): no params data found [ 28.985598][ T3321] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.992815][ T3321] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.000020][ T3321] bridge_slave_0: entered allmulticast mode [ 29.006506][ T3321] bridge_slave_0: entered promiscuous mode [ 29.034452][ T3321] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.041664][ T3321] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.048934][ T3321] bridge_slave_1: entered allmulticast mode [ 29.055541][ T3321] bridge_slave_1: entered promiscuous mode [ 29.066016][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 29.074738][ T3318] chnl_net:caif_netlink_parms(): no params data found [ 29.088059][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.095273][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.103196][ T3314] bridge_slave_0: entered allmulticast mode [ 29.109883][ T3314] bridge_slave_0: entered promiscuous mode [ 29.129526][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.136636][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.143911][ T3314] bridge_slave_1: entered allmulticast mode [ 29.150668][ T3314] bridge_slave_1: entered promiscuous mode [ 29.158074][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.180766][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.216202][ T3321] team0: Port device team_slave_0 added [ 29.223064][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.232841][ T3321] team0: Port device team_slave_1 added [ 29.262618][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.272226][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.279181][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.305137][ T3321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.320713][ T3313] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.327786][ T3313] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.336282][ T3313] bridge_slave_0: entered allmulticast mode [ 29.342804][ T3313] bridge_slave_0: entered promiscuous mode [ 29.353940][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.360988][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.387017][ T3321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.403591][ T3313] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.410708][ T3313] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.417855][ T3313] bridge_slave_1: entered allmulticast mode [ 29.424209][ T3313] bridge_slave_1: entered promiscuous mode [ 29.478174][ T3314] team0: Port device team_slave_0 added [ 29.484932][ T3314] team0: Port device team_slave_1 added [ 29.490873][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.497935][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.506004][ T3317] bridge_slave_0: entered allmulticast mode [ 29.512438][ T3317] bridge_slave_0: entered promiscuous mode [ 29.519151][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.526340][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.534717][ T3317] bridge_slave_1: entered allmulticast mode [ 29.541180][ T3317] bridge_slave_1: entered promiscuous mode [ 29.547329][ T3318] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.554414][ T3318] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.561608][ T3318] bridge_slave_0: entered allmulticast mode [ 29.568026][ T3318] bridge_slave_0: entered promiscuous mode [ 29.575580][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.584751][ T3318] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.592054][ T3318] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.599259][ T3318] bridge_slave_1: entered allmulticast mode [ 29.605735][ T3318] bridge_slave_1: entered promiscuous mode [ 29.613914][ T3321] hsr_slave_0: entered promiscuous mode [ 29.620000][ T3321] hsr_slave_1: entered promiscuous mode [ 29.637501][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.672032][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.687086][ T3313] team0: Port device team_slave_0 added [ 29.694018][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.703512][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.710515][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.736466][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.748465][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.757959][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.764969][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.790988][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.807427][ T3313] team0: Port device team_slave_1 added [ 29.819864][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.851931][ T3317] team0: Port device team_slave_0 added [ 29.858475][ T3317] team0: Port device team_slave_1 added [ 29.879286][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.886311][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.912430][ T3313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.923667][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.930666][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.956761][ T3313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.978830][ T3318] team0: Port device team_slave_0 added [ 30.005719][ T3318] team0: Port device team_slave_1 added [ 30.025395][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.032417][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.058423][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.071441][ T3314] hsr_slave_0: entered promiscuous mode [ 30.077583][ T3314] hsr_slave_1: entered promiscuous mode [ 30.084681][ T3314] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 30.092441][ T3314] Cannot create hsr debugfs directory [ 30.103332][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.110412][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.136483][ T3318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.147821][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.154977][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.181216][ T3318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.193230][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.200268][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.226240][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.261343][ T3313] hsr_slave_0: entered promiscuous mode [ 30.267566][ T3313] hsr_slave_1: entered promiscuous mode [ 30.273456][ T3313] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 30.281063][ T3313] Cannot create hsr debugfs directory [ 30.341475][ T3318] hsr_slave_0: entered promiscuous mode [ 30.347622][ T3318] hsr_slave_1: entered promiscuous mode [ 30.353681][ T3318] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 30.361330][ T3318] Cannot create hsr debugfs directory [ 30.371406][ T3317] hsr_slave_0: entered promiscuous mode [ 30.377369][ T3317] hsr_slave_1: entered promiscuous mode [ 30.383378][ T3317] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 30.391064][ T3317] Cannot create hsr debugfs directory [ 30.513391][ T3321] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 30.534224][ T3321] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 30.543030][ T3321] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 30.554731][ T3321] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 30.606342][ T3313] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 30.623633][ T3313] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 30.643146][ T3313] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 30.653363][ T3318] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 30.662397][ T3318] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 30.671690][ T3313] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 30.684458][ T3318] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 30.693748][ T3318] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 30.730079][ T3314] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 30.739217][ T3314] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 30.748904][ T3314] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 30.765853][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.773786][ T3314] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 30.803794][ T3321] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.813857][ T3317] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 30.826453][ T3317] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 30.835562][ T3317] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 30.846139][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.853208][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.868186][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.875382][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.884367][ T3317] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 30.966023][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.975168][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.997732][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.016126][ T3313] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.038579][ T3318] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.047270][ T3314] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.060616][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.067736][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.077740][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.084829][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.101391][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.108600][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.118203][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.125300][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.135748][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.142824][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.154957][ T3321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.164578][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.171694][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.186933][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.240268][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.255119][ T3318] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 31.276176][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.283438][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.313308][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.320439][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.348765][ T3321] veth0_vlan: entered promiscuous mode [ 31.384141][ T3321] veth1_vlan: entered promiscuous mode [ 31.395651][ T3317] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 31.406141][ T3317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 31.430064][ T3321] veth0_macvtap: entered promiscuous mode [ 31.437545][ T3321] veth1_macvtap: entered promiscuous mode [ 31.452791][ T3318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.465338][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.480783][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.493878][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.503721][ T3321] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.512519][ T3321] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.521329][ T3321] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.530131][ T3321] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.582394][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.596578][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.637179][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 31.637197][ T29] audit: type=1400 audit(1748500532.871:81): avc: denied { mounton } for pid=3321 comm="syz-executor" path="/root/syzkaller.7RQFuR/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 31.649361][ T3318] veth0_vlan: entered promiscuous mode [ 31.687654][ T29] audit: type=1400 audit(1748500532.871:82): avc: denied { mount } for pid=3321 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 31.693357][ T3318] veth1_vlan: entered promiscuous mode [ 31.709642][ T29] audit: type=1400 audit(1748500532.871:83): avc: denied { mounton } for pid=3321 comm="syz-executor" path="/root/syzkaller.7RQFuR/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 31.740681][ T29] audit: type=1400 audit(1748500532.871:84): avc: denied { mount } for pid=3321 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 31.743595][ T3314] veth0_vlan: entered promiscuous mode [ 31.762629][ T29] audit: type=1400 audit(1748500532.871:85): avc: denied { mounton } for pid=3321 comm="syz-executor" path="/root/syzkaller.7RQFuR/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 31.794659][ T29] audit: type=1400 audit(1748500532.871:86): avc: denied { mounton } for pid=3321 comm="syz-executor" path="/root/syzkaller.7RQFuR/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4331 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 31.795126][ T3318] veth0_macvtap: entered promiscuous mode [ 31.822047][ T29] audit: type=1400 audit(1748500532.871:87): avc: denied { unmount } for pid=3321 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 31.847406][ T29] audit: type=1400 audit(1748500532.911:88): avc: denied { mounton } for pid=3321 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 31.861453][ T3314] veth1_vlan: entered promiscuous mode [ 31.870216][ T29] audit: type=1400 audit(1748500532.911:89): avc: denied { mount } for pid=3321 comm="syz-executor" name="/" dev="gadgetfs" ino=4338 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 31.903181][ T3318] veth1_macvtap: entered promiscuous mode [ 31.913252][ T3321] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 31.918865][ T3314] veth0_macvtap: entered promiscuous mode [ 31.939204][ T3314] veth1_macvtap: entered promiscuous mode [ 31.962822][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.974580][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.996250][ T3317] veth0_vlan: entered promiscuous mode [ 32.005243][ T3314] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.014047][ T3314] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.022944][ T3314] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.031718][ T3314] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.050811][ T29] audit: type=1400 audit(1748500533.291:90): avc: denied { read write } for pid=3321 comm="syz-executor" name="loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 32.079581][ T3317] veth1_vlan: entered promiscuous mode [ 32.093063][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.125139][ T3317] veth0_macvtap: entered promiscuous mode [ 32.137298][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.148281][ T3317] veth1_macvtap: entered promiscuous mode [ 32.163191][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.181603][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.196854][ T3318] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.205737][ T3318] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.214548][ T3318] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.223267][ T3318] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.236405][ T3317] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.245322][ T3317] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.254050][ T3317] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.262844][ T3317] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.284166][ T3313] veth0_vlan: entered promiscuous mode [ 32.320064][ T3313] veth1_vlan: entered promiscuous mode [ 32.380430][ T3313] veth0_macvtap: entered promiscuous mode [ 32.388336][ T3456] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 32.413226][ T3313] veth1_macvtap: entered promiscuous mode [ 32.419156][ T3456] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 32.464444][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.498803][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.517273][ T3313] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.526395][ T3313] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.535268][ T3313] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.544231][ T3313] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.550992][ T3477] loop0: detected capacity change from 0 to 1024 [ 32.595271][ T3477] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.678203][ T3488] xt_hashlimit: max too large, truncated to 1048576 [ 32.707038][ T3477] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.11: bg 0: block 88: padding at end of block bitmap is not set [ 32.784663][ T3485] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 32.811665][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.814097][ T3485] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 33.206125][ T3525] loop0: detected capacity change from 0 to 2048 [ 33.263724][ T3525] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.397247][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.473576][ T3547] rdma_op ffff88811a3d6180 conn xmit_rdma 0000000000000000 [ 33.514910][ T3551] mmap: syz.4.36 (3551) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 33.629008][ T3568] loop1: detected capacity change from 0 to 1024 [ 33.661899][ T3568] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.706277][ T3568] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.781871][ T3568] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 33.850334][ T3568] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 44 with error 28 [ 33.850531][ T3584] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 5 with error 28 [ 33.862844][ T3568] EXT4-fs (loop1): This should not happen!! Data will be lost [ 33.862844][ T3568] [ 33.862868][ T3568] EXT4-fs (loop1): Total free blocks count 0 [ 33.862884][ T3568] EXT4-fs (loop1): Free/Dirty block details [ 33.875122][ T3584] EXT4-fs (loop1): This should not happen!! Data will be lost [ 33.875122][ T3584] [ 33.875144][ T3584] EXT4-fs (loop1): Total free blocks count 0 [ 33.884848][ T3568] EXT4-fs (loop1): free_blocks=4293918720 [ 33.890909][ T3584] EXT4-fs (loop1): Free/Dirty block details [ 34.060881][ T3568] syz.1.41 (3568) used greatest stack depth: 9880 bytes left [ 34.114697][ C1] hrtimer: interrupt took 28381 ns [ 34.136958][ T3577] loop2: detected capacity change from 0 to 32768 [ 34.176138][ T3604] netlink: 4 bytes leftover after parsing attributes in process `syz.1.55'. [ 34.185305][ T3466] loop2: p1 p2 p3 < p5 p6 > [ 34.190519][ T3466] loop2: p1 size 242222080 extends beyond EOD, truncated [ 34.200714][ T3466] loop2: p2 start 4294967295 is beyond EOD, truncated [ 34.213081][ T3577] loop2: p1 p2 p3 < p5 p6 > [ 34.218647][ T3577] loop2: p1 size 242222080 extends beyond EOD, truncated [ 34.239880][ T3577] loop2: p2 start 4294967295 is beyond EOD, truncated [ 34.318178][ T3614] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 34.397549][ T3620] loop1: detected capacity change from 0 to 512 [ 34.406037][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 34.406267][ T3467] udevd[3467]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 34.417439][ T3466] udevd[3466]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 34.436474][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop2p6, 10) failed: No such file or directory [ 34.436684][ T3620] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.62: casefold flag without casefold feature [ 34.477611][ T3620] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.62: couldn't read orphan inode 15 (err -117) [ 34.483057][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 34.501142][ T3466] udevd[3466]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 34.501509][ T3467] udevd[3467]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 34.512317][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop2p6, 10) failed: No such file or directory [ 34.533812][ T3620] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.656319][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.704278][ T3640] SELinux: ebitmap: truncated map [ 34.711992][ T3640] SELinux: failed to load policy [ 34.750152][ T3642] loop1: detected capacity change from 0 to 512 [ 34.756859][ T3642] EXT4-fs: Ignoring removed oldalloc option [ 34.763552][ T3642] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 34.776692][ T3642] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 34.787970][ T3642] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.69: invalid indirect mapped block 4294967295 (level 0) [ 34.803536][ T3642] EXT4-fs (loop1): Remounting filesystem read-only [ 34.810559][ T3642] EXT4-fs (loop1): 1 orphan inode deleted [ 34.816395][ T3642] EXT4-fs (loop1): 1 truncate cleaned up [ 34.822853][ T3642] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.849274][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.915127][ T3649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'. [ 34.924206][ T3649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'. [ 34.933163][ T3649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'. [ 34.945262][ T3651] netlink: 'syz.3.73': attribute type 39 has an invalid length. [ 34.956966][ T3649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'. [ 34.965810][ T3649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'. [ 34.974651][ T3649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'. [ 34.999039][ T3649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'. [ 35.008015][ T3649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'. [ 35.016995][ T3649] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'. [ 35.561894][ T3697] atomic_op ffff88811a3d7528 conn xmit_atomic 0000000000000000 [ 35.606193][ T3702] batadv1: entered allmulticast mode [ 35.608169][ T3705] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 35.646863][ T3702] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 35.758575][ T3721] loop3: detected capacity change from 0 to 512 [ 35.779575][ T3721] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 35.807139][ T3721] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 35.850569][ T3721] EXT4-fs (loop3): 1 truncate cleaned up [ 35.876029][ T3721] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.979063][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.106394][ T3750] loop3: detected capacity change from 0 to 128 [ 36.210521][ T3750] syz.3.118: attempt to access beyond end of device [ 36.210521][ T3750] loop3: rw=0, sector=121, nr_sectors = 120 limit=128 [ 36.269099][ T3761] loop1: detected capacity change from 0 to 512 [ 36.290152][ T3761] EXT4-fs: Ignoring removed i_version option [ 36.301070][ T37] kworker/u8:2: attempt to access beyond end of device [ 36.301070][ T37] loop3: rw=1, sector=241, nr_sectors = 800 limit=128 [ 36.341917][ T3761] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e000c018, mo2=0002] [ 36.357946][ T3761] System zones: 0-2, 18-18, 34-35 [ 36.401611][ T3761] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.440301][ T3761] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 36.561283][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.605405][ T3778] loop3: detected capacity change from 0 to 164 [ 36.666291][ T3778] rock: directory entry would overflow storage [ 36.672591][ T3778] rock: sig=0x66, size=4, remaining=3 [ 36.678087][ T29] kauditd_printk_skb: 228 callbacks suppressed [ 36.678100][ T29] audit: type=1400 audit(1748500537.911:319): avc: denied { create } for pid=3780 comm="syz.2.131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 36.730892][ T29] audit: type=1400 audit(1748500537.951:320): avc: denied { bind } for pid=3782 comm="syz.1.132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 36.750819][ T29] audit: type=1400 audit(1748500537.951:321): avc: denied { connect } for pid=3782 comm="syz.1.132" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 36.771134][ T29] audit: type=1400 audit(1748500537.951:322): avc: denied { setopt } for pid=3782 comm="syz.1.132" laddr=::1 lport=1 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 36.793006][ T29] audit: type=1400 audit(1748500537.961:323): avc: denied { mount } for pid=3776 comm="syz.3.129" name="/" dev="loop3" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 36.820286][ T29] audit: type=1400 audit(1748500538.001:324): avc: denied { write } for pid=3780 comm="syz.2.131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 36.861537][ T3778] rock: directory entry would overflow storage [ 36.867864][ T3778] rock: sig=0x66, size=4, remaining=3 [ 36.929601][ T29] audit: type=1400 audit(1748500538.161:325): avc: denied { ioctl } for pid=3791 comm="syz.1.135" path="socket:[5018]" dev="sockfs" ino=5018 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 37.009592][ T29] audit: type=1400 audit(1748500538.171:326): avc: denied { unmount } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 37.029838][ T29] audit: type=1400 audit(1748500538.171:327): avc: denied { bind } for pid=3791 comm="syz.1.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 37.049000][ T29] audit: type=1400 audit(1748500538.171:328): avc: denied { read } for pid=3791 comm="syz.1.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 37.081891][ T3809] SELinux: security policydb version 18 (MLS) not backwards compatible [ 37.099963][ T3809] SELinux: failed to load policy [ 37.122039][ T3808] loop3: detected capacity change from 0 to 4096 [ 37.151927][ T3808] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.172097][ T3816] Zero length message leads to an empty skb [ 37.178902][ T3808] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #15: comm syz.3.139: corrupted inode contents [ 37.204193][ T3808] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #15: comm syz.3.139: mark_inode_dirty error [ 37.237160][ T3808] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #15: comm syz.3.139: corrupted inode contents [ 37.250959][ T3821] capability: warning: `syz.4.145' uses deprecated v2 capabilities in a way that may be insecure [ 37.275478][ T3808] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #15: comm syz.3.139: mark_inode_dirty error [ 37.308755][ T3808] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #15: comm syz.3.139: corrupted inode contents [ 37.322697][ T3808] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #15: comm syz.3.139: mark_inode_dirty error [ 37.335304][ T3808] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #15: comm syz.3.139: corrupted inode contents [ 37.353638][ T3808] EXT4-fs error (device loop3): ext4_truncate:4597: inode #15: comm syz.3.139: mark_inode_dirty error [ 37.394312][ T3808] EXT4-fs error (device loop3) in ext4_setattr:5986: Corrupt filesystem [ 37.419916][ T3822] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #15: comm syz.3.139: corrupted inode contents [ 37.477306][ T3841] netlink: 'syz.4.152': attribute type 13 has an invalid length. [ 37.511785][ T3841] gretap0: refused to change device tx_queue_len [ 37.518239][ T3841] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 37.535668][ T3317] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 37.549272][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.702476][ T3857] vhci_hcd: invalid port number 23 [ 37.759264][ T3866] process 'syz.0.160' launched '/dev/fd/6' with NULL argv: empty string added [ 37.806139][ T3872] netlink: 'syz.0.164': attribute type 1 has an invalid length. [ 37.918412][ T3878] loop3: detected capacity change from 0 to 8192 [ 38.056387][ T3894] syzkaller1: entered promiscuous mode [ 38.062003][ T3894] syzkaller1: entered allmulticast mode [ 38.456439][ T3912] loop0: detected capacity change from 0 to 128 [ 38.521532][ T3912] FAT-fs (loop0): Directory bread(block 162) failed [ 38.539852][ T3912] FAT-fs (loop0): Directory bread(block 163) failed [ 38.547787][ T3912] FAT-fs (loop0): Directory bread(block 164) failed [ 38.562373][ T3912] FAT-fs (loop0): Directory bread(block 165) failed [ 38.570167][ T3912] FAT-fs (loop0): Directory bread(block 166) failed [ 38.576817][ T3912] FAT-fs (loop0): Directory bread(block 167) failed [ 38.586248][ T3912] FAT-fs (loop0): Directory bread(block 168) failed [ 38.610469][ T3912] FAT-fs (loop0): Directory bread(block 169) failed [ 38.662500][ T3912] FAT-fs (loop0): Directory bread(block 162) failed [ 38.758670][ T3912] FAT-fs (loop0): Directory bread(block 163) failed [ 38.792465][ T3912] syz.0.181: attempt to access beyond end of device [ 38.792465][ T3912] loop0: rw=3, sector=226, nr_sectors = 6 limit=128 [ 38.809817][ T3912] syz.0.181: attempt to access beyond end of device [ 38.809817][ T3912] loop0: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 38.930120][ T3924] Falling back ldisc for ttyS3. [ 38.930589][ T3927] loop4: detected capacity change from 0 to 512 [ 38.953679][ T3927] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 39.011622][ T3927] EXT4-fs (loop4): 1 truncate cleaned up [ 39.018873][ T3927] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.052688][ T3934] loop3: detected capacity change from 0 to 512 [ 39.099460][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.122832][ T3934] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 39.135992][ T51] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x6 [ 39.183620][ T3934] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.285351][ T3970] IPVS: stopping master sync thread 3972 ... [ 39.286950][ T3972] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 39.303792][ T3976] syz.4.193: attempt to access beyond end of device [ 39.303792][ T3976] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 39.388743][ T3934] EXT4-fs (loop3): shut down requested (2) [ 39.397546][ T3985] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 39.424041][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 39.702170][ T4019] loop0: detected capacity change from 0 to 512 [ 39.734320][ T4025] __nla_validate_parse: 10 callbacks suppressed [ 39.734338][ T4025] netlink: 16 bytes leftover after parsing attributes in process `syz.3.216'. [ 39.787142][ T4025] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.789672][ T4019] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.813653][ T4025] bridge_slave_0 (unregistering): left allmulticast mode [ 39.820840][ T4025] bridge_slave_0 (unregistering): left promiscuous mode [ 39.827832][ T4025] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.835148][ T4019] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.888732][ T4019] EXT4-fs (loop0): shut down requested (1) [ 39.946346][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.960040][ T31] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 39.970660][ T31] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 39.998575][ T31] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 40.148198][ T4061] Cannot find add_set index 0 as target [ 40.521301][ T4109] syz.0.241 uses obsolete (PF_INET,SOCK_PACKET) [ 40.725793][ T4134] netlink: 332 bytes leftover after parsing attributes in process `syz.1.245'. [ 40.807445][ T4142] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 41.020911][ T4161] loop4: detected capacity change from 0 to 2048 [ 41.071565][ T3466] loop4: p1 < > p4 [ 41.099637][ T3466] loop4: p4 size 8388608 extends beyond EOD, truncated [ 41.125880][ T4161] loop4: p1 < > p4 [ 41.131754][ T4161] loop4: p4 size 8388608 extends beyond EOD, truncated [ 41.234340][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 41.245589][ T3466] udevd[3466]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 41.268875][ T4177] netlink: 76 bytes leftover after parsing attributes in process `syz.2.261'. [ 41.375402][ T4185] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 41.458494][ T4195] sd 0:0:1:0: device reset [ 41.465493][ T4194] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 41.578159][ T4205] loop1: detected capacity change from 0 to 1024 [ 41.586943][ T4205] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 41.596772][ T4205] EXT4-fs (loop1): group descriptors corrupted! [ 41.728212][ T29] kauditd_printk_skb: 169 callbacks suppressed [ 41.728227][ T29] audit: type=1326 audit(1748500542.961:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.4.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92bf1de969 code=0x7ffc0000 [ 41.758245][ T29] audit: type=1326 audit(1748500542.971:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.4.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92bf1de969 code=0x7ffc0000 [ 41.781572][ T29] audit: type=1326 audit(1748500542.971:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.4.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92bf1de969 code=0x7ffc0000 [ 41.804964][ T29] audit: type=1326 audit(1748500542.971:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.4.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92bf1de969 code=0x7ffc0000 [ 41.828222][ T29] audit: type=1326 audit(1748500542.971:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.4.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92bf1de969 code=0x7ffc0000 [ 41.851686][ T29] audit: type=1326 audit(1748500542.971:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.4.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92bf1de969 code=0x7ffc0000 [ 41.875042][ T29] audit: type=1326 audit(1748500542.971:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.4.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92bf1de969 code=0x7ffc0000 [ 41.899065][ T29] audit: type=1326 audit(1748500542.991:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.4.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92bf1de969 code=0x7ffc0000 [ 41.924832][ T29] audit: type=1326 audit(1748500542.991:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.4.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92bf1de969 code=0x7ffc0000 [ 41.948183][ T29] audit: type=1326 audit(1748500543.021:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.4.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f92bf1de969 code=0x7ffc0000 [ 42.117711][ T4228] netlink: 'syz.1.284': attribute type 1 has an invalid length. [ 42.315947][ T4245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 42.359972][ T4245] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 42.478962][ T4265] netlink: 20 bytes leftover after parsing attributes in process `syz.1.298'. [ 43.000756][ T4282] syz.4.305 (4282) used greatest stack depth: 9776 bytes left [ 43.145098][ T4299] loop4: detected capacity change from 0 to 2048 [ 43.320345][ T4299] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.438096][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.670251][ T4349] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 43.719884][ T4356] bridge0: entered promiscuous mode [ 43.733169][ T4356] macvlan2: entered promiscuous mode [ 43.740151][ T4356] bridge0: port 1(macvlan2) entered blocking state [ 43.746779][ T4356] bridge0: port 1(macvlan2) entered disabled state [ 43.756864][ T4356] macvlan2: entered allmulticast mode [ 43.762327][ T4356] bridge0: entered allmulticast mode [ 43.768502][ T4356] macvlan2: left allmulticast mode [ 43.773734][ T4356] bridge0: left allmulticast mode [ 43.787293][ T4356] bridge0: left promiscuous mode [ 44.075577][ T4389] bond1: entered promiscuous mode [ 44.081024][ T4389] bond1: entered allmulticast mode [ 44.088065][ T4389] 8021q: adding VLAN 0 to HW filter on device bond1 [ 44.098333][ T4390] vhci_hcd: invalid port number 96 [ 44.098533][ T4389] bond1 (unregistering): Released all slaves [ 44.103530][ T4390] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 44.387054][ T4418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.355'. [ 44.402061][ T4418] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 44.410892][ T4418] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 44.410911][ T4416] Falling back ldisc for ttyS3. [ 44.410935][ T4418] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 44.433386][ T4418] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 44.451352][ T4418] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 44.460328][ T4418] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 44.470167][ T4418] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 44.479210][ T4418] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 44.767716][ T4449] Illegal XDP return value 1790309011 on prog (id 242) dev N/A, expect packet loss! [ 44.790390][ T4441] Falling back ldisc for ttyS3. [ 45.018367][ T4500] hub 9-0:1.0: USB hub found [ 45.037007][ T4500] hub 9-0:1.0: 8 ports detected [ 45.171292][ T4526] netlink: 'syz.0.385': attribute type 10 has an invalid length. [ 45.196068][ T4526] team0: Device veth0_macvtap failed to register rx_handler [ 45.324365][ T4548] random: crng reseeded on system resumption [ 45.479813][ T4557] infiniband syz!: set active [ 45.484588][ T4557] infiniband syz!: added team_slave_0 [ 45.526414][ T4557] RDS/IB: syz!: added [ 45.530639][ T4557] smc: adding ib device syz! with port count 1 [ 45.537056][ T4557] smc: ib device syz! port 1 has pnetid [ 45.654339][ T4579] SELinux: ebitmap: truncated map [ 45.665024][ T4579] SELinux: failed to load policy [ 45.773591][ T4583] netlink: 'syz.1.402': attribute type 1 has an invalid length. [ 45.879916][ T4591] Falling back ldisc for ttyS3. [ 45.902797][ T4616] loop0: detected capacity change from 0 to 2048 [ 45.929241][ T4616] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.999241][ T4616] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.410: bg 0: block 234: padding at end of block bitmap is not set [ 46.013885][ T4616] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1554 with error 28 [ 46.026437][ T4616] EXT4-fs (loop0): This should not happen!! Data will be lost [ 46.026437][ T4616] [ 46.036087][ T4616] EXT4-fs (loop0): Total free blocks count 0 [ 46.042155][ T4616] EXT4-fs (loop0): Free/Dirty block details [ 46.048118][ T4616] EXT4-fs (loop0): free_blocks=0 [ 46.053098][ T4616] EXT4-fs (loop0): dirty_blocks=1568 [ 46.058442][ T4616] EXT4-fs (loop0): Block reservation details [ 46.064474][ T4616] EXT4-fs (loop0): i_reserved_data_blocks=98 [ 46.123432][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.670317][ T4633] netlink: 'syz.3.413': attribute type 10 has an invalid length. [ 46.682223][ T4633] team0: Device veth0_macvtap failed to register rx_handler [ 46.762717][ T29] kauditd_printk_skb: 213 callbacks suppressed [ 46.762812][ T29] audit: type=1400 audit(1748500548.001:716): avc: denied { wake_alarm } for pid=4648 comm="syz.3.418" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 46.835642][ T29] audit: type=1400 audit(1748500548.041:717): avc: denied { getopt } for pid=4648 comm="syz.3.418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 46.855119][ T29] audit: type=1400 audit(1748500548.051:718): avc: denied { create } for pid=4652 comm="syz.0.419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 46.874961][ T29] audit: type=1400 audit(1748500548.061:719): avc: denied { bind } for pid=4652 comm="syz.0.419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 46.894794][ T29] audit: type=1400 audit(1748500548.061:720): avc: denied { write } for pid=4652 comm="syz.0.419" path="socket:[7346]" dev="sockfs" ino=7346 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 46.919070][ T29] audit: type=1400 audit(1748500548.141:721): avc: denied { execute } for pid=4666 comm="syz.1.425" path="/104/blkio.bfq.time_recursive" dev="tmpfs" ino=547 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 47.072048][ T29] audit: type=1400 audit(1748500548.311:722): avc: denied { bind } for pid=4683 comm="syz.2.431" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 47.124968][ T4690] netlink: 'syz.3.433': attribute type 3 has an invalid length. [ 47.160292][ T4693] vhci_hcd: invalid port number 96 [ 47.165554][ T4693] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 47.213826][ T29] audit: type=1400 audit(1748500548.451:723): avc: denied { create } for pid=4700 comm="syz.0.437" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 47.279810][ T29] audit: type=1400 audit(1748500548.451:724): avc: denied { write } for pid=4700 comm="syz.0.437" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 47.478761][ T4726] netlink: 'syz.4.442': attribute type 1 has an invalid length. [ 47.567985][ T29] audit: type=1400 audit(1748500548.801:725): avc: denied { write } for pid=4739 comm="syz.1.446" name="kcm" dev="proc" ino=4026532616 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 47.617587][ T4745] x_tables: duplicate underflow at hook 1 [ 47.645287][ T4752] random: crng reseeded on system resumption [ 47.820008][ T4758] netlink: 'syz.1.452': attribute type 3 has an invalid length. [ 47.869700][ T4765] netlink: 20 bytes leftover after parsing attributes in process `syz.1.454'. [ 47.878790][ T4765] netlink: 8 bytes leftover after parsing attributes in process `syz.1.454'. [ 48.078317][ T4785] netlink: 96 bytes leftover after parsing attributes in process `syz.1.460'. [ 48.129211][ T4792] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4792 comm=syz.1.462 [ 48.298072][ T4829] netlink: 'syz.3.473': attribute type 21 has an invalid length. [ 48.312286][ T4829] netlink: 'syz.3.473': attribute type 1 has an invalid length. [ 48.320024][ T4829] netlink: 144 bytes leftover after parsing attributes in process `syz.3.473'. [ 48.422105][ T4848] netlink: 132 bytes leftover after parsing attributes in process `syz.0.479'. [ 48.465140][ T4854] loop1: detected capacity change from 0 to 164 [ 48.488611][ T4857] x_tables: duplicate underflow at hook 1 [ 48.498623][ T4854] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 48.598399][ T4876] netlink: 'syz.1.490': attribute type 1 has an invalid length. [ 48.679956][ T4894] geneve0: entered promiscuous mode [ 48.691467][ T4894] netlink: 4 bytes leftover after parsing attributes in process `syz.0.494'. [ 48.717358][ T4894] geneve0 (unregistering): left promiscuous mode [ 48.728905][ T4900] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.741811][ T4900] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.801853][ T4911] netlink: 36 bytes leftover after parsing attributes in process `syz.1.499'. [ 48.935896][ T4930] loop1: detected capacity change from 0 to 512 [ 48.958233][ T4930] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.985811][ T4941] loop3: detected capacity change from 0 to 1024 [ 49.000158][ T4930] ext4 filesystem being mounted at /129/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.017835][ T4930] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.027511][ T4941] EXT4-fs: Ignoring removed orlov option [ 49.038564][ T4944] program syz.4.507 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 49.065215][ T4941] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.200010][ T4968] random: crng reseeded on system resumption [ 49.524714][ T4982] netlink: 132 bytes leftover after parsing attributes in process `syz.1.519'. [ 49.824904][ T4941] ================================================================== [ 49.833065][ T4941] BUG: KCSAN: data-race in __xa_clear_mark / file_write_and_wait_range [ 49.841384][ T4941] [ 49.843717][ T4941] write to 0xffff888118b0a54c of 4 bytes by interrupt on cpu 0: [ 49.851363][ T4941] __xa_clear_mark+0x1c6/0x1e0 [ 49.856163][ T4941] __folio_end_writeback+0x177/0x470 [ 49.861468][ T4941] folio_end_writeback+0xb6/0x3a0 [ 49.866535][ T4941] ext4_finish_bio+0x459/0x8c0 [ 49.871323][ T4941] ext4_end_bio+0x22a/0x330 [ 49.875862][ T4941] bio_endio+0x377/0x410 [ 49.880136][ T4941] blk_update_request+0x336/0x730 [ 49.885180][ T4941] blk_mq_end_request+0x26/0x50 [ 49.890062][ T4941] lo_complete_rq+0x98/0x140 [ 49.894680][ T4941] blk_done_softirq+0x77/0xb0 [ 49.899370][ T4941] handle_softirqs+0xb7/0x290 [ 49.904062][ T4941] run_ksoftirqd+0x1c/0x30 [ 49.908490][ T4941] smpboot_thread_fn+0x32b/0x530 [ 49.913456][ T4941] kthread+0x486/0x510 [ 49.917532][ T4941] ret_from_fork+0xda/0x150 [ 49.922044][ T4941] ret_from_fork_asm+0x1a/0x30 [ 49.926825][ T4941] [ 49.929150][ T4941] read to 0xffff888118b0a54c of 4 bytes by task 4941 on cpu 1: [ 49.936699][ T4941] file_write_and_wait_range+0x10e/0x2c0 [ 49.942354][ T4941] generic_buffers_fsync_noflush+0x45/0x120 [ 49.948269][ T4941] ext4_sync_file+0x1ab/0x690 [ 49.952955][ T4941] vfs_fsync_range+0x10d/0x130 [ 49.957740][ T4941] ext4_buffered_write_iter+0x34f/0x3c0 [ 49.963300][ T4941] ext4_file_write_iter+0x383/0xf00 [ 49.968514][ T4941] iter_file_splice_write+0x5f2/0x970 [ 49.973906][ T4941] direct_splice_actor+0x156/0x2a0 [ 49.979037][ T4941] splice_direct_to_actor+0x312/0x680 [ 49.984432][ T4941] do_splice_direct+0xda/0x150 [ 49.989234][ T4941] do_sendfile+0x380/0x650 [ 49.993662][ T4941] __x64_sys_sendfile64+0x105/0x150 [ 49.998872][ T4941] x64_sys_call+0xb39/0x2fb0 [ 50.003469][ T4941] do_syscall_64+0xd2/0x200 [ 50.007985][ T4941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.013886][ T4941] [ 50.016210][ T4941] value changed: 0x06000021 -> 0x0a000021 [ 50.021926][ T4941] [ 50.024252][ T4941] Reported by Kernel Concurrency Sanitizer on: [ 50.030423][ T4941] CPU: 1 UID: 0 PID: 4941 Comm: syz.3.506 Not tainted 6.15.0-syzkaller-07774-g90b83efa6701 #0 PREEMPT(voluntary) [ 50.042411][ T4941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 50.052483][ T4941] ================================================================== [ 50.275304][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.