last executing test programs: 46.432395303s ago: executing program 4 (id=343): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000040), &(0x7f0000000180)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0xdd68, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r2, 0x7a98, 0x0, 0x0, 0x0, 0x0) 46.362148334s ago: executing program 4 (id=346): syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x1540c, 0x0, 0x0, 0x0, &(0x7f0000000300)) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x5, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000003c0), 0x200044, 0x0) umount2(&(0x7f00000002c0)='./file0/../file0\x00', 0x0) 46.327658515s ago: executing program 4 (id=348): r0 = open(&(0x7f0000000240)='.\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) write(0xffffffffffffffff, 0x0, 0x0) r2 = inotify_init1(0x0) r3 = inotify_add_watch(r2, &(0x7f0000000200)='.\x00', 0x10000a0) r4 = dup(r2) inotify_rm_watch(r4, r3) close_range(r0, 0xffffffffffffffff, 0x0) 46.229105007s ago: executing program 4 (id=350): mq_open(0x0, 0x42, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f0000000040)=0x10) 45.350765865s ago: executing program 4 (id=365): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) mount$bpf(0x200000000000, &(0x7f0000000140)='./file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x225451, 0x0) 45.295331836s ago: executing program 4 (id=367): pipe2(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e008104df635e731a5bfcd942f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd4f6cfdfe756bc00d08e36655c00"}) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000200)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x7f, 0xc1, &(0x7f00000015c0)="e0bc", 0x2, 0x1, 0x7f, 0xfffffffe, 0x28, 0x0, 0x0}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) ioctl$TCSETAF(r2, 0x5408, 0x0) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xff2e) close_range(r0, 0xffffffffffffffff, 0x0) 35.738513591s ago: executing program 0 (id=556): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2, 0x0, 0x7fff}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)=r1}, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0xc4, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0xb0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x3, r5}}]}, {0x4, 0xa}, {0xc}, {0xffac, 0x8, {0x0, 0x2}}}}, @m_mpls={0x5c, 0x2, 0x0, 0x0, {{0x9}, {0x30}, {0x4}, {0xc}, {0xc}}}]}]}, 0xc4}}, 0x0) 35.572263104s ago: executing program 0 (id=557): pipe2$9p(0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) dup(0xffffffffffffffff) r2 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0) read$eventfd(r2, 0x0, 0x0) 35.523628776s ago: executing program 0 (id=558): prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ioprio_set$pid(0x3, 0x0, 0x0) ioprio_get$pid(0x2, 0x0) 34.657596143s ago: executing program 0 (id=570): syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x2bc3c1f, 0xffffffffffffffff, 0x7, 0x0, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) unshare(0x2a020400) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000500)='./file0/../file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 34.600604014s ago: executing program 0 (id=572): bpf$PROG_LOAD(0x5, 0x0, 0x0) unshare(0x2040400) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) unshare(0x2000400) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x6}, 0x18) fsmount(r0, 0x0, 0x0) 34.470234667s ago: executing program 0 (id=576): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000006000500010007000000080009400000000114000880100007800a001100b4"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) 34.470004997s ago: executing program 32 (id=576): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000006000500010007000000080009400000000114000880100007800a001100b4"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500010007"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) 30.245632023s ago: executing program 33 (id=367): pipe2(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e008104df635e731a5bfcd942f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd4f6cfdfe756bc00d08e36655c00"}) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000200)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x7f, 0xc1, &(0x7f00000015c0)="e0bc", 0x2, 0x1, 0x7f, 0xfffffffe, 0x28, 0x0, 0x0}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) ioctl$TCSETAF(r2, 0x5408, 0x0) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xff2e) close_range(r0, 0xffffffffffffffff, 0x0) 1.642950566s ago: executing program 6 (id=1168): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") socket$inet_mptcp(0x2, 0x1, 0x106) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x1cc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000008c0)="3bf5", 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffbfffffffffff, 0xffffffffffffffff, 0x2) quotactl$Q_GETQUOTA(0xffffffff80000702, 0x0, 0x0, 0x0) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 1.215094955s ago: executing program 5 (id=1175): r0 = socket(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000000000)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc)=0x1, 0x4) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write(r0, &(0x7f0000000980)="a9", 0x1) 1.132757747s ago: executing program 3 (id=1179): socket$inet6_sctp(0xa, 0x801, 0x84) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, 0x0, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_read_part_table(0x5eb, &(0x7f0000000f00)="$eJzs2zFo1FccB/DfxRwHSnFxclIHKcVFcfQoKnenohBOsxQpBhQRbzpBOOlBig56FMUbxG4uVrhF7ZTLDZkSEsjUIYQMKYEMWVqSJZClV+7yCm1KSq8kBeHz4eDHe//f/33fO976Dz5pQ/Frt9vNRET3p4gDA7492ioULx8bOV++EZGJmxHx9fef/9B7kkkd3dx2PZHGy2n89s3BzrONS9nW0vXNk7emG0N/LDne/8Whd+3RPTge++x9fubw4yfV0vNa/t5iqb76dGH+2of1Qrl9tdH8eCV78Xbqm011ONUHUYtHcT/GYji+jTtR3WX97wbMf91aOZ09WmpN3D23Vey8mDrT7xr0Xv97vfz+hY2IXv7D4y+/atYvnPrxyKuztcm58lqKruR2vjm2b3sCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC/y8bM4cdPqqXntfy9xVJ99enC/LUP64Vy+2qj+fFK9uLt1Deb6nCqD6IWj+J+jEUlKnEnqrsmfPbnQW7n0/f5v+a/bq2c/u1oqTVx99xWsfNi6kzqG9mj8/5DfreX//D4yy+b9Qunckdena1NzpXXDmz3Vf628+j/ewAAAAAAAAAAAAAAAAAAALAXCsXLx0bOl29EZOJmRHzxyzdDvflu+t49k/pOpLqc5t++Odh5tnEp21q6vnny1nTj5zQ/HpkYj4hD79qj//thGNjvAQAA//8Pi5HU") 901.395322ms ago: executing program 1 (id=1186): mlockall(0x2) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r2 = io_uring_setup(0x2754, &(0x7f0000000080)={0x0, 0xdf0a, 0x100, 0x2, 0x26d}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 886.993882ms ago: executing program 1 (id=1187): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000640)={0x0, 0x47, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r2, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa5}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x20) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e) getsockopt(r4, 0x111, 0x1, 0x0, &(0x7f00000000c0)) 886.169482ms ago: executing program 3 (id=1188): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xb, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2d00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000300)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 861.002192ms ago: executing program 1 (id=1189): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f0000000040)={0x90000008}) shutdown(r0, 0x1) 760.040194ms ago: executing program 1 (id=1190): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_getevents(r2, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0) io_submit(r2, 0x1, &(0x7f0000000300)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, 0x0}]) io_destroy(r2) sendmsg$NFC_CMD_SE_IO(0xffffffffffffffff, 0x0, 0x24040004) ioctl$TCSETSW2(0xffffffffffffffff, 0x5453, 0x0) 722.175925ms ago: executing program 2 (id=1191): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="7002000013"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4) r0 = socket(0x28, 0x5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x2a) connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10) connect$vsock_stream(r0, &(0x7f0000000400)={0x28, 0x0, 0x2710, @host}, 0x10) 649.053057ms ago: executing program 3 (id=1192): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000600)=0x14) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff9ce}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000680)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014020d000a00000000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d00d00000000000000bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) close(r0) 641.130437ms ago: executing program 2 (id=1193): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x7}, 0x18) socket$tipc(0x1e, 0x5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket(0x10, 0x2, 0x0) write(r2, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r2, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) 579.365768ms ago: executing program 1 (id=1194): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioprio_set$uid(0x3, 0x0, 0x0) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) sendfile(r2, r2, 0x0, 0x1000000201005) 553.389709ms ago: executing program 3 (id=1195): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000048000000160a01000000000000000000010000010900010073797a30000000000900020073797a30000000001c000380080001400000000008000240"], 0x2dc}}, 0x0) 543.453949ms ago: executing program 1 (id=1196): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x8, 0x6}, 0x0, 0x0, 0x800000, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r3, 0x0, 0x7, 0x9) write$P9_RWRITE(r3, &(0x7f0000000040)={0xb}, 0x11000) read(r2, &(0x7f0000032440)=""/102364, 0x18fdc) 525.580399ms ago: executing program 6 (id=1197): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0xfffff000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = gettid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 490.04815ms ago: executing program 3 (id=1198): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r2, &(0x7f0000000000)={0x1d, r3}, 0x10) bind$can_raw(r2, &(0x7f0000000080), 0x10) 489.63119ms ago: executing program 2 (id=1199): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x18) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000010180)=@newtfilter={0x88, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x5c, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x5, 0xd, 0x3, 0x4, 0x13, 0x2, 0x6, 0x7ffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x3, 0x2, 0x8001, 0x10}, {0x0, 0x55, 0xa9, 0x1}]}}, @TCA_U32_INDEV={0x14, 0x8, 'erspan0\x00'}]}}]}, 0x88}}, 0x24040084) 417.699981ms ago: executing program 2 (id=1200): sched_setscheduler(0x0, 0x5, &(0x7f0000000480)) ioprio_set$pid(0x2, 0x0, 0x0) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) 417.492511ms ago: executing program 3 (id=1201): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x11, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x2, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000ec0)=[{{&(0x7f0000000000)=@phonet={0x23, 0x40, 0x6, 0x7}, 0x80, 0x0}}], 0x1, 0x24040001) 353.343313ms ago: executing program 5 (id=1202): unshare(0x22020400) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x7fffffffffe, &(0x7f0000006680)) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x0, &(0x7f0000000040)=0x1) r0 = socket$netlink(0x10, 0x3, 0x400000000000004) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000007111cb00000000008510000002000000850000000000000095000000000000009500b0059d350000f8eb70c3d9330b16491e095815635bf7490c180e3be703966bd8fdc277008531ccb9d9ae8dc9e78d9dc5311486fd1d2bfab99b08b4d46852f103d4ed539d04b034d645e2ea69674b1749efdc6a03ab8d5c3d2a2ed722271db8f4"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x6}, 0x94) writev(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000240)=[{&(0x7f0000000340)="05", 0x1}], 0x1, 0xc) 336.024043ms ago: executing program 5 (id=1203): r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x603f) 247.107815ms ago: executing program 5 (id=1204): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") creat(&(0x7f00000004c0)='./bus\x00', 0x20) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0) preadv2(r1, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0) 246.858915ms ago: executing program 6 (id=1205): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x89, 0x3, @private=0xa010102, @local}}}}}}, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x1, 0x4, 0x2, @vifc_lcl_addr=@loopback, @remote}, 0x10) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "8a79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c) 216.921356ms ago: executing program 6 (id=1206): syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3af, 0x4}, 0x100000, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='mm_page_free\x00', r0, 0x0, 0x5}, 0x18) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x51031, 0xffffffffffffffff, 0x0) 181.613866ms ago: executing program 5 (id=1207): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)={0x84, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_ADDR={0x44, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x14}}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xfffffff8}]}, 0x84}, 0x1, 0x0, 0x0, 0x4880}, 0x4000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[], 0x1cc}, 0x1, 0x0, 0x0, 0x8010}, 0x4008800) unshare(0x22020600) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c0002000700"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800) ioctl$SG_GET_VERSION_NUM(r1, 0x2284, &(0x7f0000000080)) 110.215018ms ago: executing program 5 (id=1208): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") socket$inet_mptcp(0x2, 0x1, 0x106) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x1cc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000008c0)="3bf5", 0x2) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffbfffffffffff, 0xffffffffffffffff, 0x2) quotactl$Q_GETQUOTA(0xffffffff80000702, 0x0, 0x0, 0x0) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 109.307858ms ago: executing program 6 (id=1209): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) ppoll(0x0, 0x0, &(0x7f0000000240), 0x0, 0x0) 33.755519ms ago: executing program 6 (id=1210): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) unshare(0x28040680) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) sendto(r2, &(0x7f0000000000)="00c881d7", 0x4, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f00000001c0)=""/62, 0x3e, 0x10120, 0x0, 0x0) 18.85122ms ago: executing program 2 (id=1211): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000040000000800000010"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x2, 0x2}}, 0x26) close_range(r2, 0xffffffffffffffff, 0x0) 0s ago: executing program 2 (id=1212): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7, 0x14020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x95, 0x5}, 0x100202, 0x0, 0xfffffffb, 0x0, 0x40, 0xfffffffa, 0xa}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x21880, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x52}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2, 0x0, 0x6}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) set_tid_address(0x0) kernel console output (not intermixed with test programs): 342945][ T3634] netlink: zone id is out of range [ 44.350927][ T3634] netlink: zone id is out of range [ 44.362455][ T3634] netlink: zone id is out of range [ 44.364011][ T12] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.367617][ T3634] netlink: zone id is out of range [ 44.398942][ T12] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.421306][ T12] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.452886][ T12] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.463169][ T3644] syzkaller0: entered allmulticast mode [ 44.469054][ T3644] syzkaller0: entered promiscuous mode [ 44.495768][ T3644] syzkaller0 (unregistering): left allmulticast mode [ 44.502720][ T3644] syzkaller0 (unregistering): left promiscuous mode [ 44.721590][ T3669] unsupported nla_type 52263 [ 44.847181][ T3648] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.70' sets config #0 [ 44.898693][ T3685] loop3: detected capacity change from 0 to 512 [ 44.927614][ T3685] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.953084][ T3685] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.998407][ T3685] netlink: 28 bytes leftover after parsing attributes in process `syz.3.85'. [ 45.007391][ T3685] netlink: 196 bytes leftover after parsing attributes in process `syz.3.85'. [ 45.069194][ T3685] netlink: 28 bytes leftover after parsing attributes in process `syz.3.85'. [ 45.088875][ T3685] netlink: 196 bytes leftover after parsing attributes in process `syz.3.85'. [ 45.255070][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.437281][ T3723] SELinux: ebitmap: truncated map [ 45.450196][ T3723] SELinux: failed to load policy [ 45.484428][ T3723] loop1: detected capacity change from 0 to 2048 [ 45.504605][ T3723] EXT4-fs: inline encryption not supported [ 45.545621][ T3723] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.690160][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.707431][ T3731] tipc: New replicast peer: 255.255.255.255 [ 45.713623][ T3731] tipc: Enabled bearer , priority 10 [ 45.747819][ T3733] loop2: detected capacity change from 0 to 512 [ 45.772378][ T3733] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.789778][ T3733] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.263809][ T3691] syz.0.87 (3691) used greatest stack depth: 7288 bytes left [ 46.352695][ T3750] netlink: 8 bytes leftover after parsing attributes in process `syz.1.107'. [ 46.582092][ T29] kauditd_printk_skb: 167 callbacks suppressed [ 46.582109][ T29] audit: type=1400 audit(1758187193.860:258): avc: denied { read write } for pid=3764 comm="syz.4.112" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 46.620110][ T29] audit: type=1400 audit(1758187193.860:259): avc: denied { open } for pid=3764 comm="syz.4.112" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 46.709635][ T3386] tipc: Node number set to 2181884171 [ 46.801569][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.841101][ T3770] Illegal XDP return value 514 on prog (id 113) dev syzkaller1, expect packet loss! [ 46.875468][ T29] audit: type=1400 audit(1758187194.150:260): avc: denied { bind } for pid=3771 comm="syz.3.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 46.894967][ T29] audit: type=1400 audit(1758187194.160:261): avc: denied { listen } for pid=3771 comm="syz.3.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 46.966877][ T29] audit: type=1400 audit(1758187194.240:262): avc: denied { listen } for pid=3779 comm="syz.2.117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 46.986343][ T29] audit: type=1326 audit(1758187194.240:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3779 comm="syz.2.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534ce9eba9 code=0x7ffc0000 [ 47.009825][ T29] audit: type=1326 audit(1758187194.240:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3779 comm="syz.2.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f534ce9eba9 code=0x7ffc0000 [ 47.033172][ T29] audit: type=1326 audit(1758187194.240:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3779 comm="syz.2.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534ce9eba9 code=0x7ffc0000 [ 47.056533][ T29] audit: type=1326 audit(1758187194.240:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3779 comm="syz.2.117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f534ce9eba9 code=0x7ffc0000 [ 47.080012][ T29] audit: type=1400 audit(1758187194.240:267): avc: denied { accept } for pid=3779 comm="syz.2.117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 47.215586][ C1] hrtimer: interrupt took 34512 ns [ 47.233547][ T3788] netlink: 8 bytes leftover after parsing attributes in process `syz.0.121'. [ 47.353742][ T3791] pim6reg1: entered promiscuous mode [ 47.359074][ T3791] pim6reg1: entered allmulticast mode [ 47.434914][ T3795] netlink: 52 bytes leftover after parsing attributes in process `syz.1.123'. [ 47.607903][ T3809] loop1: detected capacity change from 0 to 1024 [ 47.614937][ T3805] loop4: detected capacity change from 0 to 2048 [ 47.618062][ T3809] EXT4-fs: Ignoring removed bh option [ 47.635248][ T3809] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 47.645330][ T3805] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a842c018, mo2=0002] [ 47.653496][ T3805] System zones: 0-7 [ 47.658465][ T3805] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 47.684348][ T3809] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.711073][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 47.923749][ T3825] I/O error, dev loop4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 47.939799][ T3825] isofs_fill_super: bread failed, dev=loop4, iso_blknum=16, block=32 [ 48.125774][ T3843] loop3: detected capacity change from 0 to 128 [ 48.542769][ T3863] : renamed from vlan0 (while UP) [ 48.607025][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.692704][ T3877] loop3: detected capacity change from 0 to 1024 [ 48.693316][ T3869] pim6reg1: entered promiscuous mode [ 48.704522][ T3869] pim6reg1: entered allmulticast mode [ 48.712271][ T3877] ======================================================= [ 48.712271][ T3877] WARNING: The mand mount option has been deprecated and [ 48.712271][ T3877] and is ignored by this kernel. Remove the mand [ 48.712271][ T3877] option from the mount to silence this warning. [ 48.712271][ T3877] ======================================================= [ 48.751624][ T3877] EXT4-fs: Ignoring removed bh option [ 48.776375][ T3877] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.840601][ T3877] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.847855][ T3877] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.922773][ T3877] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 48.935082][ T3877] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 49.021567][ T3887] syzkaller1: entered promiscuous mode [ 49.027110][ T3887] syzkaller1: entered allmulticast mode [ 49.059313][ T12] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.083059][ T12] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.107277][ T12] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.122180][ T12] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.165290][ T3905] loop2: detected capacity change from 0 to 128 [ 49.183093][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.185953][ T3905] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 49.213570][ T3911] capability: warning: `syz.4.170' uses deprecated v2 capabilities in a way that may be insecure [ 49.322883][ T3905] syz.2.166: attempt to access beyond end of device [ 49.322883][ T3905] loop2: rw=0, sector=97, nr_sectors = 944 limit=128 [ 49.341544][ T3923] loop4: detected capacity change from 0 to 512 [ 49.370867][ T3923] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2798: inode #11: comm syz.4.173: corrupted xattr block 95: invalid header [ 49.391574][ T3923] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2848: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 49.426034][ T3923] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.173: bg 0: block 7: invalid block bitmap [ 49.448633][ T3923] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 49.449806][ T12] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 49.493102][ T3923] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2962: inode #11: comm syz.4.173: corrupted xattr block 95: invalid header [ 49.508191][ T3923] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117) [ 49.530960][ T3923] EXT4-fs (loop4): 1 orphan inode deleted [ 49.557433][ T3923] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.661915][ T3949] loop2: detected capacity change from 0 to 512 [ 49.668708][ T3949] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 49.682080][ T3949] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 49.704540][ T3949] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.184: invalid indirect mapped block 4294967295 (level 0) [ 49.757241][ T3949] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.184: invalid indirect mapped block 4294967295 (level 1) [ 49.796268][ T3949] EXT4-fs (loop2): 1 orphan inode deleted [ 49.796834][ T3954] netlink: 24 bytes leftover after parsing attributes in process `syz.0.186'. [ 49.802091][ T3949] EXT4-fs (loop2): 1 truncate cleaned up [ 49.813401][ T3949] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.878022][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.971730][ T3960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.187'. [ 49.986363][ T3959] sctp: [Deprecated]: syz.0.188 (pid 3959) Use of int in maxseg socket option. [ 49.986363][ T3959] Use struct sctp_assoc_value instead [ 50.126550][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.137325][ T3973] netlink: 64 bytes leftover after parsing attributes in process `syz.0.194'. [ 50.310816][ T3990] netlink: 8 bytes leftover after parsing attributes in process `syz.4.201'. [ 50.347381][ T3994] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3994 comm=syz.3.203 [ 50.366758][ T3996] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 50.415138][ T4000] random: crng reseeded on system resumption [ 50.556048][ T4015] netlink: 'syz.3.213': attribute type 10 has an invalid length. [ 50.585400][ T4015] team0: Device hsr_slave_0 failed to register rx_handler [ 50.654647][ T4019] netlink: 96 bytes leftover after parsing attributes in process `syz.3.214'. [ 51.086873][ T4058] ref_ctr_offset mismatch. inode: 0xf3 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 51.272419][ T4076] pim6reg1: entered promiscuous mode [ 51.277774][ T4076] pim6reg1: entered allmulticast mode [ 51.353420][ T4082] netlink: 12 bytes leftover after parsing attributes in process `syz.4.241'. [ 51.545637][ T4109] loop4: detected capacity change from 0 to 512 [ 51.560428][ T4109] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 51.568659][ T4109] EXT4-fs (loop4): orphan cleanup on readonly fs [ 51.576967][ T4109] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #16: comm syz.4.250: corrupted inode contents [ 51.589402][ T4109] EXT4-fs (loop4): Remounting filesystem read-only [ 51.597198][ T4109] EXT4-fs (loop4): 1 truncate cleaned up [ 51.602999][ T51] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 51.613615][ T51] __quota_error: 190 callbacks suppressed [ 51.613630][ T51] Quota error (device loop4): write_blk: dquota write failed [ 51.617498][ T4114] loop1: detected capacity change from 0 to 128 [ 51.619361][ T51] Quota error (device loop4): remove_free_dqentry: Can't write block (5) with free entries [ 51.619385][ T51] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 51.635943][ T4114] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 51.643131][ T51] Quota error (device loop4): write_blk: dquota write failed [ 51.643150][ T51] Quota error (device loop4): free_dqentry: Can't move quota data block (5) to free list [ 51.680261][ T51] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 51.690569][ T51] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 51.699542][ T51] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 51.721089][ T4114] tipc: Started in network mode [ 51.726061][ T4114] tipc: Node identity ac14140f, cluster identity 4711 [ 51.733620][ T4109] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 51.746908][ T4114] tipc: New replicast peer: 255.255.255.255 [ 51.753045][ T4114] tipc: Enabled bearer , priority 10 [ 51.781653][ T4109] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.802746][ T29] audit: type=1400 audit(1758187199.080:458): avc: denied { read } for pid=4121 comm="syz.1.255" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 51.827137][ T29] audit: type=1400 audit(1758187199.080:459): avc: denied { open } for pid=4121 comm="syz.1.255" path="/dev/loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 51.852276][ T29] audit: type=1400 audit(1758187199.110:460): avc: denied { ioctl } for pid=4121 comm="syz.1.255" path="/dev/loop-control" dev="devtmpfs" ino=99 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 52.024153][ T29] audit: type=1400 audit(1758187199.290:461): avc: denied { mount } for pid=4136 comm="syz.1.262" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 52.060999][ T4141] netlink: 4 bytes leftover after parsing attributes in process `syz.0.263'. [ 52.076552][ T4141] netlink: 4 bytes leftover after parsing attributes in process `syz.0.263'. [ 52.300136][ T4171] __nla_validate_parse: 1 callbacks suppressed [ 52.300163][ T4171] netlink: 64 bytes leftover after parsing attributes in process `syz.0.274'. [ 52.540709][ T4193] syzkaller1: entered promiscuous mode [ 52.546240][ T4193] syzkaller1: entered allmulticast mode [ 52.600499][ T4202] netlink: 12 bytes leftover after parsing attributes in process `syz.3.287'. [ 52.681036][ T4204] netlink: 8 bytes leftover after parsing attributes in process `syz.2.289'. [ 52.759268][ T4212] netlink: 'syz.2.293': attribute type 1 has an invalid length. [ 52.795375][ T4212] 8021q: adding VLAN 0 to HW filter on device bond1 [ 52.822574][ T4220] netlink: 100 bytes leftover after parsing attributes in process `syz.0.296'. [ 52.823061][ T4221] netlink: 4 bytes leftover after parsing attributes in process `syz.2.293'. [ 52.867930][ T4223] syz.4.297 uses obsolete (PF_INET,SOCK_PACKET) [ 52.879770][ T2957] tipc: Node number set to 2886997007 [ 52.897703][ T4221] bond1 (unregistering): Released all slaves [ 53.001363][ T803] IPVS: starting estimator thread 0... [ 53.089684][ T4231] IPVS: using max 2352 ests per chain, 117600 per kthread [ 53.121682][ T4241] netlink: 'syz.2.304': attribute type 5 has an invalid length. [ 53.163180][ T4247] netlink: 'syz.4.308': attribute type 3 has an invalid length. [ 53.173904][ T4248] netlink: 7 bytes leftover after parsing attributes in process `syz.0.307'. [ 53.200624][ T4248] netlink: 7 bytes leftover after parsing attributes in process `syz.0.307'. [ 53.310599][ T4262] netlink: 4 bytes leftover after parsing attributes in process `syz.4.315'. [ 53.335490][ T4262] team0 (unregistering): Port device team_slave_0 removed [ 53.350456][ T4262] team0 (unregistering): Port device team_slave_1 removed [ 53.596299][ T4276] netlink: 12 bytes leftover after parsing attributes in process `syz.2.321'. [ 53.921606][ T4353] netlink: 'syz.0.338': attribute type 27 has an invalid length. [ 53.943881][ T4351] netlink: 12 bytes leftover after parsing attributes in process `+}[@'. [ 53.992349][ T4353] bridge0: port 3(syz_tun) entered disabled state [ 54.004528][ T4365] process 'syz.1.342' launched './file0' with NULL argv: empty string added [ 54.016352][ T4353] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.023666][ T4353] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.064235][ T4364] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 54.112437][ T4377] loop2: detected capacity change from 0 to 512 [ 54.151197][ T4377] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 54.161386][ T4377] FAT-fs (loop2): Filesystem has been set read-only [ 54.165683][ T4353] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 54.172596][ T4377] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 54.182125][ T4353] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 54.244301][ T4391] loop2: detected capacity change from 0 to 2048 [ 54.276257][ T4391] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.291318][ T4360] bridge0: port 3(syz_tun) entered blocking state [ 54.297830][ T4360] bridge0: port 3(syz_tun) entered forwarding state [ 54.301577][ T4391] EXT4-fs error (device loop2): ext4_ext_precache:632: inode #2: comm syz.2.349: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 54.322339][ T4391] EXT4-fs (loop2): Remounting filesystem read-only [ 54.326351][ T4360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.338751][ T4360] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.347359][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.357119][ T4360] net_ratelimit: 1 callbacks suppressed [ 54.357130][ T4360] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 54.386720][ T31] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.403271][ T31] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.412637][ T31] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.422938][ T31] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.448013][ T4406] loop2: detected capacity change from 0 to 2048 [ 54.484530][ T4414] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 54.485154][ T4406] loop2: p1 < > p4 [ 54.505699][ T4406] loop2: p4 size 8388608 extends beyond EOD, truncated [ 54.513976][ T4416] netlink: 'syz.3.355': attribute type 1 has an invalid length. [ 54.543925][ T4416] 8021q: adding VLAN 0 to HW filter on device bond1 [ 54.593854][ T4416] macvlan2: entered promiscuous mode [ 54.599197][ T4416] macvlan2: entered allmulticast mode [ 54.662797][ T4416] bond1: entered promiscuous mode [ 54.678300][ T4416] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 54.688342][ T4416] bond1: left promiscuous mode [ 55.723943][ T4578] loop1: detected capacity change from 0 to 1024 [ 55.772061][ T4578] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.839003][ T4590] netlink: 'syz.0.377': attribute type 21 has an invalid length. [ 55.882864][ T4578] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.374: Allocating blocks 449-513 which overlap fs metadata [ 55.926073][ T4592] loop3: detected capacity change from 0 to 512 [ 55.942311][ T4592] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 55.958276][ T4577] EXT4-fs (loop1): pa ffff8881056f50e0: logic 48, phys. 177, len 21 [ 55.966348][ T4577] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 55.994772][ T4592] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm : Failed to acquire dquot type 1 [ 55.997153][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.005952][ T4592] EXT4-fs (loop3): 1 truncate cleaned up [ 56.048827][ T4592] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.145657][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.475719][ T4664] loop1: detected capacity change from 0 to 128 [ 56.642091][ T4646] syz.1.385: attempt to access beyond end of device [ 56.642091][ T4646] loop1: rw=0, sector=121, nr_sectors = 920 limit=128 [ 56.820413][ T29] kauditd_printk_skb: 672 callbacks suppressed [ 56.820564][ T29] audit: type=1400 audit(1758187204.100:1132): avc: denied { create } for pid=4703 comm="syz.0.388" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 56.856114][ T4710] tipc: Started in network mode [ 56.861135][ T4710] tipc: Node identity 5aa8ff0212c5, cluster identity 4711 [ 56.868409][ T4710] tipc: Enabled bearer , priority 0 [ 56.900738][ T4710] tipc: Disabling bearer [ 56.906824][ T29] audit: type=1400 audit(1758187204.150:1133): avc: denied { mounton } for pid=4703 comm="syz.0.388" path="/70/file0" dev="tmpfs" ino=376 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 56.929737][ T29] audit: type=1400 audit(1758187204.160:1134): avc: denied { unlink } for pid=3305 comm="syz-executor" name="file0" dev="tmpfs" ino=376 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 56.956668][ T4714] tipc: Started in network mode [ 56.961668][ T4714] tipc: Node identity f254040960a9, cluster identity 4711 [ 56.968949][ T4714] tipc: Enabled bearer , priority 0 [ 57.032304][ T4714] tipc: Disabling bearer [ 57.169491][ T29] audit: type=1400 audit(1758187204.440:1135): avc: denied { create } for pid=4736 comm="syz.3.396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 57.191460][ T29] audit: type=1400 audit(1758187204.470:1136): avc: denied { write } for pid=4736 comm="syz.3.396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 57.218116][ T29] audit: type=1326 audit(1758187204.490:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4732 comm="syz.0.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 57.241555][ T29] audit: type=1326 audit(1758187204.490:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4732 comm="syz.0.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 57.270203][ T29] audit: type=1326 audit(1758187204.550:1139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4732 comm="syz.0.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 57.293603][ T29] audit: type=1326 audit(1758187204.550:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4732 comm="syz.0.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 57.317007][ T29] audit: type=1326 audit(1758187204.550:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4732 comm="syz.0.395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 57.936163][ T4806] netlink: 'syz.1.417': attribute type 30 has an invalid length. [ 58.303087][ T4831] __nla_validate_parse: 4 callbacks suppressed [ 58.303105][ T4831] netlink: 24 bytes leftover after parsing attributes in process `syz.0.424'. [ 58.361609][ T4837] loop2: detected capacity change from 0 to 256 [ 58.418928][ T4862] program syz.1.430 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 58.432432][ T4862] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 58.696180][ T4893] loop1: detected capacity change from 0 to 1024 [ 58.734015][ T4893] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.758822][ T4893] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.440: bg 0: block 494: padding at end of block bitmap is not set [ 58.782222][ T4893] EXT4-fs (loop1): Remounting filesystem read-only [ 58.789115][ T4893] EXT4-fs (loop1): error restoring inline_data for inode -- potential data loss! (inode 15, error -30) [ 58.890698][ T4909] loop2: detected capacity change from 0 to 2048 [ 58.941150][ T4915] vhci_hcd: invalid port number 96 [ 58.946326][ T4915] vhci_hcd: default hub control req: 0300 vfbfa i0060 l0 [ 58.954054][ T4909] loop2: p1 < > p4 [ 58.970160][ T4909] loop2: p4 size 8388608 extends beyond EOD, truncated [ 59.009669][ T4921] netlink: 'syz.3.448': attribute type 1 has an invalid length. [ 59.034015][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.061974][ T4960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.449'. [ 59.062324][ T4921] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 59.083288][ T4921] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 59.093597][ T4921] bond2: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 59.112072][ T4960] netlink: 12 bytes leftover after parsing attributes in process `syz.2.449'. [ 59.155362][ T4960] netlink: 156 bytes leftover after parsing attributes in process `syz.2.449'. [ 59.219988][ T4980] wg2: entered promiscuous mode [ 59.224915][ T4980] wg2: entered allmulticast mode [ 59.579369][ T5038] loop0: detected capacity change from 0 to 2048 [ 59.621837][ T5038] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.640130][ T5038] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.661555][ T4996] netlink: 20 bytes leftover after parsing attributes in process `syz.1.457'. [ 59.700534][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.027744][ T5051] netlink: 'syz.1.469': attribute type 1 has an invalid length. [ 60.183246][ T5075] loop1: detected capacity change from 0 to 764 [ 60.242142][ T5082] 9pnet: p9_errstr2errno: server reported unknown error [ 60.544223][ T5094] tipc: Enabled bearer , priority 0 [ 61.921693][ T5153] ref_ctr increment failed for inode: 0x273 offset: 0xf ref_ctr_offset: 0x82 of mm: 0xffff888103e08b80 [ 61.943595][ T5152] uprobe: syz.3.511:5152 failed to unregister, leaking uprobe [ 62.170580][ T29] kauditd_printk_skb: 88 callbacks suppressed [ 62.170594][ T29] audit: type=1326 audit(1758187209.450:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5159 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 62.255261][ T29] audit: type=1326 audit(1758187209.480:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5159 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 62.278727][ T29] audit: type=1326 audit(1758187209.480:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5159 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 62.302241][ T29] audit: type=1326 audit(1758187209.480:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5159 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 62.325589][ T29] audit: type=1326 audit(1758187209.480:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5159 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 62.349024][ T29] audit: type=1326 audit(1758187209.480:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5159 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 62.372436][ T29] audit: type=1326 audit(1758187209.480:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5159 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 62.396023][ T29] audit: type=1326 audit(1758187209.480:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5159 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 62.419475][ T29] audit: type=1326 audit(1758187209.480:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5159 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 62.442749][ T29] audit: type=1326 audit(1758187209.480:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5159 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b35b7eba9 code=0x7ffc0000 [ 62.662291][ T5176] $H: renamed from bond0 (while UP) [ 62.674312][ T5176] $H: entered promiscuous mode [ 62.679421][ T5176] bond_slave_0: entered promiscuous mode [ 62.685288][ T5176] bond_slave_1: entered promiscuous mode [ 62.737238][ T5176] dummy0: entered promiscuous mode [ 62.962845][ T5192] ref_ctr increment failed for inode: 0x234 offset: 0xb ref_ctr_offset: 0x82 of mm: 0xffff888103e0d640 [ 62.988976][ T5189] uprobe: syz.2.525:5189 failed to unregister, leaking uprobe [ 63.023533][ T5196] loop1: detected capacity change from 0 to 164 [ 63.168776][ T5212] netlink: 'syz.1.532': attribute type 39 has an invalid length. [ 63.213005][ T5214] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=36 sclass=netlink_audit_socket pid=5214 comm=syz.2.533 [ 63.254349][ T5218] netlink: 96 bytes leftover after parsing attributes in process `syz.2.534'. [ 64.364173][ T5263] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5263 comm=syz.2.547 [ 64.752762][ T5281] netlink: 12 bytes leftover after parsing attributes in process `syz.0.556'. [ 64.761860][ T5281] netlink: 28 bytes leftover after parsing attributes in process `syz.0.556'. [ 64.770914][ T5281] netlink: 12 bytes leftover after parsing attributes in process `syz.0.556'. [ 64.800907][ T5281] netlink: 28 bytes leftover after parsing attributes in process `syz.0.556'. [ 64.809942][ T5281] netlink: 'syz.0.556': attribute type 6 has an invalid length. [ 64.976271][ T5287] loop3: detected capacity change from 0 to 512 [ 65.004237][ T5287] EXT4-fs (loop3): orphan cleanup on readonly fs [ 65.025187][ T5287] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.559: iget: bad extended attribute block 1 [ 65.049904][ T5287] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.559: couldn't read orphan inode 15 (err -117) [ 65.070129][ T5287] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 65.130419][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.714092][ T5324] macvlan1: entered promiscuous mode [ 65.730142][ T5324] ipvlan0: entered promiscuous mode [ 65.743582][ T5324] ipvlan0: left promiscuous mode [ 65.756416][ T5324] macvlan1: left promiscuous mode [ 65.880127][ T3305] bridge0: port 3(syz_tun) entered disabled state [ 65.888048][ T3305] syz_tun (unregistering): left allmulticast mode [ 65.894829][ T3305] syz_tun (unregistering): left promiscuous mode [ 65.901313][ T3305] bridge0: port 3(syz_tun) entered disabled state [ 66.068087][ T5352] netlink: 96 bytes leftover after parsing attributes in process `syz.1.581'. [ 66.133527][ T5361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.584'. [ 66.171352][ T5364] loop1: detected capacity change from 0 to 1024 [ 66.193948][ T5364] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 66.212746][ T5364] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 66.258832][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.299126][ T5407] netlink: 4 bytes leftover after parsing attributes in process `syz.3.587'. [ 66.334011][ T5407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.587'. [ 66.368328][ T5412] pim6reg: entered allmulticast mode [ 66.377435][ T5350] chnl_net:caif_netlink_parms(): no params data found [ 66.398697][ T5412] pim6reg: left allmulticast mode [ 66.501843][ T5350] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.509221][ T5350] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.549463][ T5350] bridge_slave_0: entered allmulticast mode [ 66.580076][ T5350] bridge_slave_0: entered promiscuous mode [ 66.604590][ T5350] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.611947][ T5350] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.658994][ T5350] bridge_slave_1: entered allmulticast mode [ 66.675782][ T5350] bridge_slave_1: entered promiscuous mode [ 66.722171][ T5350] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.742610][ T5350] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.754633][ T5583] loop3: detected capacity change from 0 to 2368 [ 66.785244][ T5583] : renamed from bond0 [ 66.850937][ T5350] team0: Port device team_slave_0 added [ 66.857710][ T5350] team0: Port device team_slave_1 added [ 66.911193][ T5350] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.918202][ T5350] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.944183][ T5350] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.971937][ T5350] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.978982][ T5350] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.004970][ T5350] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.074145][ T5350] hsr_slave_0: entered promiscuous mode [ 67.091468][ T5350] hsr_slave_1: entered promiscuous mode [ 67.097495][ T5350] debugfs: 'hsr0' already exists in 'hsr' [ 67.103464][ T5350] Cannot create hsr debugfs directory [ 67.111378][ T5686] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.198595][ T5686] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.254830][ T5686] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.274172][ T5756] ip6gre1: entered allmulticast mode [ 67.326133][ T5350] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 67.335645][ T5350] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 67.354331][ T5686] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.371420][ T5350] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 67.382940][ T5350] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 67.422303][ T4502] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.437869][ T4502] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.467705][ T4502] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.491264][ T4502] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.504347][ T5350] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.537498][ T5350] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.553453][ T4502] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.560619][ T4502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.586542][ T5350] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 67.597160][ T5350] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 67.613244][ T4502] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.620388][ T4502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.637998][ T5798] netlink: 'syz.1.611': attribute type 1 has an invalid length. [ 67.661674][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.685908][ T5798] netlink: 4 bytes leftover after parsing attributes in process `syz.1.611'. [ 67.710303][ T5798] bond0 (unregistering): Released all slaves [ 67.801905][ T5350] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.979180][ T5350] veth0_vlan: entered promiscuous mode [ 67.988077][ T5350] veth1_vlan: entered promiscuous mode [ 68.008276][ T5350] veth0_macvtap: entered promiscuous mode [ 68.020555][ T5350] veth1_macvtap: entered promiscuous mode [ 68.037468][ T5350] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.063153][ T5350] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.076769][ T4511] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.086758][ T4511] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.111691][ T4511] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.132324][ T29] kauditd_printk_skb: 125 callbacks suppressed [ 68.132342][ T29] audit: type=1400 audit(1758187215.410:1365): avc: denied { mounton } for pid=5350 comm="syz-executor" path="/root/syzkaller.cubzMO/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 68.133824][ T4511] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.183869][ T5911] netlink: 'syz.1.620': attribute type 1 has an invalid length. [ 68.225980][ T29] audit: type=1400 audit(1758187215.500:1366): avc: denied { mount } for pid=5913 comm="syz.5.577" name="/" dev="configfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 68.254018][ T5911] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.284786][ T29] audit: type=1400 audit(1758187215.540:1367): avc: denied { search } for pid=5913 comm="syz.5.577" name="/" dev="configfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 68.305300][ T5940] macvlan2: entered promiscuous mode [ 68.307217][ T29] audit: type=1326 audit(1758187215.540:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5937 comm="syz.3.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 68.312894][ T5940] macvlan2: entered allmulticast mode [ 68.335883][ T29] audit: type=1326 audit(1758187215.540:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5937 comm="syz.3.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 68.364556][ T29] audit: type=1400 audit(1758187215.540:1370): avc: denied { search } for pid=5913 comm="syz.5.577" name="/" dev="configfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 68.386877][ T29] audit: type=1400 audit(1758187215.540:1371): avc: denied { read open } for pid=5913 comm="syz.5.577" path="/" dev="configfs" ino=106 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 68.407012][ T5955] netlink: 12 bytes leftover after parsing attributes in process `syz.5.623'. [ 68.409195][ T29] audit: type=1326 audit(1758187215.550:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5937 comm="syz.3.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 68.441648][ T29] audit: type=1326 audit(1758187215.550:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5937 comm="syz.3.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 68.465200][ T29] audit: type=1326 audit(1758187215.550:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5937 comm="syz.3.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 68.490364][ T5940] bond0: entered promiscuous mode [ 68.495745][ T5940] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 68.505012][ T5940] bond0: left promiscuous mode [ 68.516917][ T5953] bridge_slave_0: left allmulticast mode [ 68.522931][ T5953] bridge_slave_0: left promiscuous mode [ 68.528796][ T5953] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.536517][ T5953] bridge_slave_1: left allmulticast mode [ 68.542262][ T5953] bridge_slave_1: left promiscuous mode [ 68.548027][ T5953] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.556637][ T5953] : (slave bond_slave_0): Releasing backup interface [ 68.564840][ T5953] : (slave bond_slave_1): Releasing backup interface [ 68.573437][ T5953] team0: Port device team_slave_0 removed [ 68.580551][ T5953] team0: Port device team_slave_1 removed [ 68.586660][ T5953] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 68.594813][ T5953] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 68.886480][ T4533] bridge_slave_1: left allmulticast mode [ 68.892247][ T4533] bridge_slave_1: left promiscuous mode [ 68.897963][ T4533] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.929207][ T4533] bridge_slave_0: left allmulticast mode [ 68.934933][ T4533] bridge_slave_0: left promiscuous mode [ 68.941223][ T4533] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.033253][ T4533] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 69.045040][ T4533] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 69.045705][ T6007] netlink: 'syz.2.638': attribute type 10 has an invalid length. [ 69.063197][ T4533] bond0 (unregistering): Released all slaves [ 69.096252][ T6007] team0: Port device dummy0 added [ 69.110879][ T6007] netlink: 'syz.2.638': attribute type 10 has an invalid length. [ 69.119523][ T6007] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 69.132223][ T6007] team0: Failed to send options change via netlink (err -105) [ 69.145694][ T6007] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 69.154879][ T6007] team0: Port device dummy0 removed [ 69.163762][ T6007] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 69.172728][ T4533] tipc: Left network mode [ 69.179857][ T6008] Falling back ldisc for ttyS3. [ 69.217250][ T4533] hsr_slave_0: left promiscuous mode [ 69.226289][ T4533] hsr_slave_1: left promiscuous mode [ 69.240784][ T4533] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 69.260712][ T4533] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 69.359901][ T4533] team0 (unregistering): Port device team_slave_1 removed [ 69.376104][ T4533] team0 (unregistering): Port device team_slave_0 removed [ 69.453746][ T6020] tipc: New replicast peer: 255.255.255.255 [ 69.459930][ T6020] tipc: Enabled bearer , priority 10 [ 69.506846][ T6030] futex_wake_op: syz.1.643 tries to shift op by 144; fix this program [ 69.983889][ T6068] vhci_hcd: invalid port number 96 [ 69.989084][ T6068] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 70.045800][ T6078] loop3: detected capacity change from 0 to 1024 [ 70.083349][ T6078] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.189920][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.589615][ T2957] tipc: Node number set to 1215168258 [ 70.627754][ T6165] netlink: 24 bytes leftover after parsing attributes in process `syz.5.682'. [ 70.664984][ T6236] loop5: detected capacity change from 0 to 1024 [ 70.672094][ T6236] EXT4-fs: inline encryption not supported [ 70.680431][ T6236] EXT4-fs (loop5): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 70.704077][ T6236] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.721427][ T6110] chnl_net:caif_netlink_parms(): no params data found [ 70.736043][ T6246] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6246 comm=syz.2.684 [ 70.751292][ T6246] netlink: 12 bytes leftover after parsing attributes in process `syz.2.684'. [ 70.821003][ T6110] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.821975][ T6332] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 70.828154][ T6110] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.856562][ T6110] bridge_slave_0: entered allmulticast mode [ 70.863505][ T6110] bridge_slave_0: entered promiscuous mode [ 70.870421][ T6110] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.877608][ T6110] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.885119][ T6110] bridge_slave_1: entered allmulticast mode [ 70.891840][ T6110] bridge_slave_1: entered promiscuous mode [ 70.922582][ T6110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.934770][ T6110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.993184][ T6110] team0: Port device team_slave_0 added [ 70.993424][ T6395] netlink: 'syz.1.689': attribute type 10 has an invalid length. [ 71.007765][ T6110] team0: Port device team_slave_1 added [ 71.028255][ T6403] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 71.042525][ T6395] $H: (slave dummy0): Releasing backup interface [ 71.056310][ T6416] netlink: 'syz.1.689': attribute type 10 has an invalid length. [ 71.064690][ T6395] dummy0: left promiscuous mode [ 71.077552][ T6395] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 71.086773][ T6395] team0: Failed to send options change via netlink (err -105) [ 71.094395][ T6395] team0: Port device dummy0 added [ 71.114470][ T6110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.121531][ T6110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.147522][ T6110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.164808][ T6416] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 71.178590][ T6416] team0: Failed to send options change via netlink (err -105) [ 71.186420][ T6416] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 71.208227][ T6416] team0: Port device dummy0 removed [ 71.215583][ T6416] dummy0: entered promiscuous mode [ 71.222660][ T6416] $H: (slave dummy0): Enslaving as an active interface with an up link [ 71.231910][ T6110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.238867][ T6110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.265009][ T6110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.325274][ T6453] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 71.346929][ T6110] hsr_slave_0: entered promiscuous mode [ 71.364801][ T6110] hsr_slave_1: entered promiscuous mode [ 71.377702][ T6110] debugfs: 'hsr0' already exists in 'hsr' [ 71.383570][ T6110] Cannot create hsr debugfs directory [ 71.466774][ T6498] loop1: detected capacity change from 0 to 2048 [ 71.480176][ T6509] cgroup: cgroup_addrm_files: failed to add weight, err=-12 [ 71.520399][ T6498] Alternate GPT is invalid, using primary GPT. [ 71.526735][ T6498] loop1: p1 p2 p3 [ 71.588564][ T6110] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 71.614091][ T5350] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.616073][ T6110] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 71.634297][ T6110] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 71.657114][ T6110] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 71.721380][ T6608] syz_tun: entered allmulticast mode [ 71.733107][ T6606] syz_tun: left allmulticast mode [ 71.742490][ T6110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.752854][ T6610] netlink: 4 bytes leftover after parsing attributes in process `syz.5.709'. [ 71.764904][ T6610] netlink: 32 bytes leftover after parsing attributes in process `syz.5.709'. [ 71.778916][ T6110] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.794217][ T4533] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.801375][ T4533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.811644][ T6615] netlink: 4 bytes leftover after parsing attributes in process `syz.3.710'. [ 71.840903][ T4511] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.848082][ T4511] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.977470][ T6110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.252126][ T6110] veth0_vlan: entered promiscuous mode [ 72.267976][ T6110] veth1_vlan: entered promiscuous mode [ 72.286676][ T6110] veth0_macvtap: entered promiscuous mode [ 72.298895][ T6679] loop3: detected capacity change from 0 to 512 [ 72.310687][ T6110] veth1_macvtap: entered promiscuous mode [ 72.328759][ T6679] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.333681][ T6110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.348281][ T6679] ext4 filesystem being mounted at /172/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.355846][ T6110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.373749][ T4518] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.385999][ T4518] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.397354][ T4518] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.410605][ T4518] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.450393][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.644276][ T6721] netlink: 8 bytes leftover after parsing attributes in process `syz.6.738'. [ 72.653391][ T6721] netlink: 24 bytes leftover after parsing attributes in process `syz.6.738'. [ 72.662492][ T6721] netlink: 8 bytes leftover after parsing attributes in process `syz.6.738'. [ 72.671727][ T6721] netlink: 24 bytes leftover after parsing attributes in process `syz.6.738'. [ 72.717198][ T6728] mmap: syz.5.741 (6728) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 72.882584][ T6738] netlink: 20 bytes leftover after parsing attributes in process `syz.6.745'. [ 73.275525][ T6765] sg_write: data in/out 46582/42 bytes for SCSI command 0x1-- guessing data in; [ 73.275525][ T6765] program syz.6.758 not setting count and/or reply_len properly [ 73.279476][ T6761] vhci_hcd: invalid port number 96 [ 73.297710][ T6761] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 73.413458][ T29] kauditd_printk_skb: 134 callbacks suppressed [ 73.413476][ T29] audit: type=1400 audit(1758187220.690:1509): avc: denied { read } for pid=6777 comm="syz.3.762" path="socket:[12604]" dev="sockfs" ino=12604 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 73.621724][ T29] audit: type=1400 audit(1758187220.890:1510): avc: denied { setopt } for pid=6795 comm="syz.3.767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 73.775231][ T6817] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.795218][ T6819] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 73.887365][ T6837] loop5: detected capacity change from 0 to 512 [ 73.903349][ T6837] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.916183][ T6837] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 73.931860][ T6837] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 73.932011][ T29] audit: type=1400 audit(1758187221.210:1511): avc: denied { setattr } for pid=6836 comm="syz.5.775" name="file0" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 73.955495][ T6837] EXT4-fs (loop5): Remounting filesystem read-only [ 73.983112][ T29] audit: type=1400 audit(1758187221.260:1512): avc: denied { remount } for pid=6836 comm="syz.5.775" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 74.017692][ T5350] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.027311][ T4504] Quota error (device loop5): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 74.042422][ T4504] Quota error (device loop5): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 74.095752][ T29] audit: type=1400 audit(1758187221.370:1513): avc: denied { connect } for pid=6844 comm="syz.3.778" lport=132 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 74.148541][ T6862] loop5: detected capacity change from 0 to 1024 [ 74.156952][ T6862] EXT4-fs: Ignoring removed bh option [ 74.162863][ T6862] EXT4-fs: inline encryption not supported [ 74.169382][ T6862] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 74.181991][ T6862] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 74.191458][ T6862] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 2: comm syz.5.777: lblock 2 mapped to illegal pblock 2 (length 1) [ 74.207222][ T6862] Quota error (device loop5): qtree_write_dquot: dquota write failed [ 74.215421][ T6862] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 48: comm syz.5.777: lblock 0 mapped to illegal pblock 48 (length 1) [ 74.231302][ T6862] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 74.240291][ T6862] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.777: Failed to acquire dquot type 0 [ 74.251796][ T6862] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 74.261791][ T6862] EXT4-fs error (device loop5): ext4_evict_inode:254: inode #11: comm syz.5.777: mark_inode_dirty error [ 74.276566][ T6862] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 74.286984][ T6862] EXT4-fs (loop5): 1 orphan inode deleted [ 74.297455][ T6862] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.318084][ T4511] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:35: lblock 1 mapped to illegal pblock 1 (length 1) [ 74.335182][ T4511] Quota error (device loop5): remove_tree: Can't read quota data block 1 [ 74.343716][ T4511] EXT4-fs error (device loop5): ext4_release_dquot:6973: comm kworker/u8:35: Failed to release dquot type 0 [ 74.470869][ T5350] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.481800][ T5350] EXT4-fs error (device loop5): __ext4_get_inode_loc:4861: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 74.495144][ T5350] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 74.507551][ T5350] EXT4-fs error (device loop5): ext4_quota_off:7221: inode #3: comm syz-executor: mark_inode_dirty error [ 75.056331][ T7008] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 75.078390][ T7026] pim6reg1: entered promiscuous mode [ 75.091348][ T7026] pim6reg1: entered allmulticast mode [ 75.104445][ T7032] netlink: 'syz.1.791': attribute type 4 has an invalid length. [ 75.332778][ T7057] loop1: detected capacity change from 0 to 1024 [ 75.347017][ T7057] EXT4-fs: Ignoring removed nobh option [ 75.352964][ T7057] EXT4-fs: inline encryption not supported [ 75.384075][ T7057] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.416134][ T7057] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.799: Allocating blocks 385-513 which overlap fs metadata [ 75.464616][ T7057] EXT4-fs (loop1): pa ffff8881056f5150: logic 16, phys. 129, len 24 [ 75.472921][ T7057] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 75.485402][ T7057] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28 [ 75.497929][ T7057] EXT4-fs (loop1): This should not happen!! Data will be lost [ 75.497929][ T7057] [ 75.507821][ T7057] EXT4-fs (loop1): Total free blocks count 0 [ 75.514029][ T7057] EXT4-fs (loop1): Free/Dirty block details [ 75.520221][ T7057] EXT4-fs (loop1): free_blocks=128 [ 75.525354][ T7057] EXT4-fs (loop1): dirty_blocks=0 [ 75.530443][ T7057] EXT4-fs (loop1): Block reservation details [ 75.536456][ T7057] EXT4-fs (loop1): i_reserved_data_blocks=0 [ 75.566108][ T6817] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.795061][ T7120] loop5: detected capacity change from 0 to 2048 [ 75.830441][ T7120] Alternate GPT is invalid, using primary GPT. [ 75.836785][ T7120] loop5: p1 p2 p3 [ 75.853090][ T7126] loop2: detected capacity change from 0 to 512 [ 75.915149][ T7128] loop5: detected capacity change from 0 to 1024 [ 75.922142][ T7128] EXT4-fs: Ignoring removed nobh option [ 75.927759][ T7128] EXT4-fs: inline encryption not supported [ 75.957031][ T7126] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 75.966616][ T7126] EXT4-fs (loop2): orphan cleanup on readonly fs [ 75.976331][ T7128] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.977087][ T7126] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.816: corrupted inode contents [ 75.995073][ T7128] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.817: Allocating blocks 385-513 which overlap fs metadata [ 76.016675][ T7126] EXT4-fs (loop2): Remounting filesystem read-only [ 76.023738][ T7128] EXT4-fs (loop5): pa ffff888106f385b0: logic 16, phys. 129, len 24 [ 76.032550][ T7128] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 76.043862][ T7128] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28 [ 76.046581][ T7126] EXT4-fs (loop2): 1 truncate cleaned up [ 76.056607][ T7128] EXT4-fs (loop5): This should not happen!! Data will be lost [ 76.056607][ T7128] [ 76.066444][ T4509] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 76.072571][ T7128] EXT4-fs (loop5): Total free blocks count 0 [ 76.082840][ T4509] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 76.084682][ T4509] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 76.089124][ T7128] EXT4-fs (loop5): Free/Dirty block details [ 76.089141][ T7128] EXT4-fs (loop5): free_blocks=128 [ 76.103020][ T7126] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 76.110726][ T7128] EXT4-fs (loop5): dirty_blocks=0 [ 76.117309][ T7126] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.121873][ T7128] EXT4-fs (loop5): Block reservation details [ 76.154545][ T7128] EXT4-fs (loop5): i_reserved_data_blocks=0 [ 76.162581][ T6817] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.248766][ T6817] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.270528][ T7175] __nla_validate_parse: 6 callbacks suppressed [ 76.270544][ T7175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.823'. [ 76.304577][ T7175] netlink: 32 bytes leftover after parsing attributes in process `syz.3.823'. [ 76.336457][ T4512] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.361264][ T7193] tipc: Enabled bearer , priority 0 [ 76.367499][ T4512] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.390270][ T4504] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.403433][ T4504] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.668614][ T7216] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.716339][ T7224] loop3: detected capacity change from 0 to 1024 [ 76.723438][ T7224] EXT4-fs: Ignoring removed nobh option [ 76.729137][ T7224] EXT4-fs: inline encryption not supported [ 76.738516][ T7216] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.762160][ T7224] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.804836][ T7224] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.831: Allocating blocks 385-513 which overlap fs metadata [ 76.833972][ T7216] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.871246][ T7239] EXT4-fs (loop3): pa ffff8881056f5150: logic 16, phys. 129, len 24 [ 76.879385][ T7239] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 76.903153][ T7216] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.911673][ T7239] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28 [ 76.925326][ T7239] EXT4-fs (loop3): This should not happen!! Data will be lost [ 76.925326][ T7239] [ 76.935101][ T7239] EXT4-fs (loop3): Total free blocks count 0 [ 76.941272][ T7239] EXT4-fs (loop3): Free/Dirty block details [ 76.947191][ T7239] EXT4-fs (loop3): free_blocks=128 [ 76.952367][ T7239] EXT4-fs (loop3): dirty_blocks=0 [ 76.957571][ T7239] EXT4-fs (loop3): Block reservation details [ 76.963656][ T7239] EXT4-fs (loop3): i_reserved_data_blocks=0 [ 77.048470][ T7254] loop5: detected capacity change from 0 to 512 [ 77.067300][ T7254] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 77.093965][ T7254] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #16: comm syz.5.834: invalid indirect mapped block 4294967295 (level 0) [ 77.112886][ T7254] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #16: comm syz.5.834: invalid indirect mapped block 4294967295 (level 1) [ 77.160858][ T7254] EXT4-fs (loop5): 1 orphan inode deleted [ 77.166772][ T7254] EXT4-fs (loop5): 1 truncate cleaned up [ 77.186530][ T7254] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.233732][ T5350] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.246664][ T7267] $H: renamed from bond0 (while UP) [ 77.254597][ T7267] $H: entered promiscuous mode [ 77.259844][ T7267] bond_slave_0: entered promiscuous mode [ 77.265721][ T7267] bond_slave_1: entered promiscuous mode [ 77.272484][ T7267] dummy0: entered promiscuous mode [ 77.324807][ T7277] ref_ctr increment failed for inode: 0x3ac offset: 0xf ref_ctr_offset: 0x82 of mm: 0xffff888103c09700 [ 77.338136][ T7276] uprobe: syz.2.840:7276 failed to unregister, leaking uprobe [ 77.432215][ T7282] tipc: Enabled bearer , priority 0 [ 77.507942][ T7286] netlink: 360 bytes leftover after parsing attributes in process `syz.1.856'. [ 77.560477][ T7290] I/O error, dev loop1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 77.571670][ T7290] isofs_fill_super: bread failed, dev=loop1, iso_blknum=16, block=32 [ 78.369462][ T7298] loop2: detected capacity change from 0 to 1024 [ 78.376635][ T7298] EXT4-fs: Ignoring removed nobh option [ 78.382541][ T7298] EXT4-fs: inline encryption not supported [ 78.392025][ T7298] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.407764][ T7298] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.847: Allocating blocks 385-513 which overlap fs metadata [ 78.425276][ T7298] EXT4-fs (loop2): pa ffff888106f38620: logic 16, phys. 129, len 24 [ 78.433616][ T7298] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 78.446815][ T7298] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 28 [ 78.459221][ T7298] EXT4-fs (loop2): This should not happen!! Data will be lost [ 78.459221][ T7298] [ 78.469192][ T7298] EXT4-fs (loop2): Total free blocks count 0 [ 78.475332][ T7298] EXT4-fs (loop2): Free/Dirty block details [ 78.481251][ T7298] EXT4-fs (loop2): free_blocks=128 [ 78.486390][ T7298] EXT4-fs (loop2): dirty_blocks=0 [ 78.491493][ T7298] EXT4-fs (loop2): Block reservation details [ 78.497485][ T7298] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 79.545311][ T7363] loop2: detected capacity change from 0 to 1024 [ 79.553650][ T7363] EXT4-fs: Ignoring removed bh option [ 79.559473][ T7363] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 79.583950][ T7363] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.616916][ T29] kauditd_printk_skb: 83 callbacks suppressed [ 79.616930][ T29] audit: type=1400 audit(1758187226.890:1591): avc: denied { read } for pid=7362 comm="syz.2.854" path="/184/file1/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 79.694401][ T7376] tipc: Started in network mode [ 79.699367][ T7376] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 79.706652][ T7376] tipc: Enabled bearer , priority 0 [ 79.774123][ T7382] vhci_hcd: invalid port number 96 [ 79.779364][ T7382] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 79.893264][ T29] audit: type=1326 audit(1758187227.170:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7389 comm="syz.5.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20098aeba9 code=0x7ffc0000 [ 79.917576][ T29] audit: type=1326 audit(1758187227.170:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7389 comm="syz.5.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20098aeba9 code=0x7ffc0000 [ 79.949841][ T29] audit: type=1326 audit(1758187227.170:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7389 comm="syz.5.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f20098aeba9 code=0x7ffc0000 [ 79.973433][ T29] audit: type=1326 audit(1758187227.200:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7389 comm="syz.5.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20098aeba9 code=0x7ffc0000 [ 79.996957][ T29] audit: type=1326 audit(1758187227.200:1596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7389 comm="syz.5.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20098aeba9 code=0x7ffc0000 [ 80.043991][ T29] audit: type=1326 audit(1758187227.230:1597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7389 comm="syz.5.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f20098aeba9 code=0x7ffc0000 [ 80.067907][ T29] audit: type=1326 audit(1758187227.230:1598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7389 comm="syz.5.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20098aeba9 code=0x7ffc0000 [ 80.091658][ T29] audit: type=1326 audit(1758187227.230:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7389 comm="syz.5.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20098aeba9 code=0x7ffc0000 [ 80.115231][ T29] audit: type=1326 audit(1758187227.230:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7389 comm="syz.5.865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=460 compat=0 ip=0x7f20098aeba9 code=0x7ffc0000 [ 80.357303][ T4515] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.399723][ T4515] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.431298][ T4515] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.455099][ T4515] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.618790][ T7423] loop5: detected capacity change from 0 to 128 [ 80.691677][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.829728][ T3415] tipc: Node number set to 11578026 [ 80.869199][ T7437] vlan0: entered allmulticast mode [ 80.874459][ T7437] veth1_to_bridge: entered allmulticast mode [ 80.904561][ T7443] netlink: 'syz.6.879': attribute type 12 has an invalid length. [ 80.912460][ T7443] netlink: 4 bytes leftover after parsing attributes in process `syz.6.879'. [ 80.925645][ T7443] netlink: 'syz.6.879': attribute type 12 has an invalid length. [ 80.933476][ T7443] netlink: 4 bytes leftover after parsing attributes in process `syz.6.879'. [ 80.939923][ T4504] netdevsim netdevsim6 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 80.959700][ T4504] netdevsim netdevsim6 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 80.981701][ T4504] netdevsim netdevsim6 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 81.019964][ T4504] netdevsim netdevsim6 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 81.032670][ T7453] I/O error, dev loop5, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 81.043438][ T7453] isofs_fill_super: bread failed, dev=loop5, iso_blknum=16, block=32 [ 81.129343][ T7466] netlink: 8 bytes leftover after parsing attributes in process `syz.2.887'. [ 81.380160][ T7517] vlan0: entered allmulticast mode [ 81.385395][ T7517] veth1_to_bridge: entered allmulticast mode [ 81.417170][ T7531] loop5: detected capacity change from 0 to 512 [ 81.441668][ T7540] tipc: Enabled bearer , priority 0 [ 81.442554][ T7531] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.462636][ T7531] ext4 filesystem being mounted at /83/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.468996][ T7540] tipc: Disabling bearer [ 82.295541][ T5350] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.346710][ T7566] netlink: 8 bytes leftover after parsing attributes in process `syz.5.901'. [ 82.375330][ T7567] netlink: 7 bytes leftover after parsing attributes in process `syz.1.900'. [ 82.391872][ T7567] netlink: 7 bytes leftover after parsing attributes in process `syz.1.900'. [ 82.471383][ T7570] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.543190][ T7570] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.585023][ T7570] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.639699][ T7570] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.689269][ T4509] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.718487][ T4509] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.747135][ T4509] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.770965][ T4509] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.945882][ T7649] loop6: detected capacity change from 0 to 512 [ 82.965913][ T7649] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.978840][ T7649] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.064822][ T4509] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.114914][ T4509] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.182448][ T7653] chnl_net:caif_netlink_parms(): no params data found [ 83.194794][ T4509] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.232867][ T4509] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.266358][ T7653] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.273576][ T7653] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.282167][ T7653] bridge_slave_0: entered allmulticast mode [ 83.288796][ T7653] bridge_slave_0: entered promiscuous mode [ 83.306725][ T7653] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.313872][ T7653] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.321530][ T7653] bridge_slave_1: entered allmulticast mode [ 83.328280][ T7653] bridge_slave_1: entered promiscuous mode [ 83.338540][ T4509] bridge_slave_1: left allmulticast mode [ 83.344341][ T4509] bridge_slave_1: left promiscuous mode [ 83.350080][ T4509] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.358353][ T4509] bridge_slave_0: left allmulticast mode [ 83.364174][ T4509] bridge_slave_0: left promiscuous mode [ 83.369960][ T4509] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.473969][ T4509] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.484653][ T4509] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 83.494825][ T4509] bond0 (unregistering): Released all slaves [ 83.526222][ T7653] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.537143][ T7653] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.568547][ T4509] tipc: Disabling bearer [ 83.574870][ T4509] tipc: Left network mode [ 83.580163][ T7653] team0: Port device team_slave_0 added [ 83.589968][ T7653] team0: Port device team_slave_1 added [ 83.597547][ T4509] hsr_slave_0: left promiscuous mode [ 83.609630][ T4509] hsr_slave_1: left promiscuous mode [ 83.615259][ T4509] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 83.622672][ T4509] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 83.631358][ T4509] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 83.638837][ T4509] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 83.651673][ T4509] veth1_macvtap: left promiscuous mode [ 83.657350][ T4509] veth0_macvtap: left promiscuous mode [ 83.663585][ T4509] veth1_vlan: left promiscuous mode [ 83.668908][ T4509] veth0_vlan: left promiscuous mode [ 83.704136][ T7879] loop3: detected capacity change from 0 to 1024 [ 83.730178][ T7879] EXT4-fs: Ignoring removed bh option [ 83.740649][ T7879] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 83.782534][ T7884] netlink: 7 bytes leftover after parsing attributes in process `syz.2.914'. [ 83.796147][ T7879] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.813567][ T4509] team0 (unregistering): Port device team_slave_1 removed [ 83.823385][ T7884] netlink: 7 bytes leftover after parsing attributes in process `syz.2.914'. [ 83.849790][ T4509] team0 (unregistering): Port device team_slave_0 removed [ 83.881902][ T7888] netlink: 8 bytes leftover after parsing attributes in process `syz.1.915'. [ 83.908585][ T6110] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.000635][ T7653] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.007707][ T7653] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.033802][ T7653] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.097268][ T7653] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.104347][ T7653] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.130431][ T7653] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.228618][ T7653] hsr_slave_0: entered promiscuous mode [ 84.272560][ T7653] hsr_slave_1: entered promiscuous mode [ 84.286815][ T7653] debugfs: 'hsr0' already exists in 'hsr' [ 84.292647][ T7653] Cannot create hsr debugfs directory [ 84.411972][ T4509] netdevsim netdevsim6 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 84.421854][ T4509] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.491817][ T4509] netdevsim netdevsim6 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 84.501790][ T4509] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.571110][ T4509] netdevsim netdevsim6 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 84.581072][ T4509] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.661264][ T4509] netdevsim netdevsim6 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 84.671113][ T4509] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.681991][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.708530][ T7653] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 84.717538][ T7653] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 84.726553][ T7653] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 84.735829][ T7653] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 84.765786][ T4509] bridge_slave_1: left allmulticast mode [ 84.771574][ T4509] bridge_slave_1: left promiscuous mode [ 84.777234][ T4509] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.785625][ T4509] bridge_slave_0: left allmulticast mode [ 84.791345][ T4509] bridge_slave_0: left promiscuous mode [ 84.797014][ T4509] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.907602][ T29] kauditd_printk_skb: 73 callbacks suppressed [ 84.907619][ T29] audit: type=1326 audit(1758187232.180:1674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.3.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 84.939078][ T29] audit: type=1326 audit(1758187232.180:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.3.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 84.962681][ T29] audit: type=1326 audit(1758187232.190:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.3.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 84.986338][ T29] audit: type=1326 audit(1758187232.190:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.3.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 84.991413][ T8073] loop3: detected capacity change from 0 to 512 [ 85.009925][ T29] audit: type=1326 audit(1758187232.190:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.3.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 85.017672][ T8073] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 85.039669][ T29] audit: type=1326 audit(1758187232.190:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.3.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 85.039703][ T29] audit: type=1326 audit(1758187232.190:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.3.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 85.039793][ T29] audit: type=1326 audit(1758187232.190:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.3.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 85.054119][ T8073] EXT4-fs (loop3): 1 truncate cleaned up [ 85.073140][ T29] audit: type=1326 audit(1758187232.190:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.3.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 85.073179][ T29] audit: type=1326 audit(1758187232.190:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8069 comm="syz.3.925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 85.098449][ T8073] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.187154][ T4509] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 85.197483][ T4509] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 85.207503][ T4509] bond0 (unregistering): Released all slaves [ 85.230764][ T8057] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.275086][ T4509] hsr_slave_0: left promiscuous mode [ 85.283003][ T4509] hsr_slave_1: left promiscuous mode [ 85.288796][ T4509] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.296310][ T4509] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 85.304035][ T4509] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.311642][ T4509] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 85.322827][ T4509] veth1_macvtap: left promiscuous mode [ 85.328318][ T4509] veth0_macvtap: left promiscuous mode [ 85.333975][ T4509] veth1_vlan: left promiscuous mode [ 85.339222][ T4509] veth0_vlan: left promiscuous mode [ 85.406411][ T4509] team0 (unregistering): Port device team_slave_1 removed [ 85.415892][ T4509] team0 (unregistering): Port device team_slave_0 removed [ 85.461299][ T8057] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.513153][ T7653] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.531390][ T7653] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.557641][ T8057] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.574155][ T4512] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.581329][ T4512] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.595213][ T8127] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.615739][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.622907][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.643909][ T8057] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.700871][ T8127] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.712901][ T8062] chnl_net:caif_netlink_parms(): no params data found [ 85.767027][ T4504] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.779121][ T4515] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.787586][ T8062] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.794719][ T8062] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.802117][ T8062] bridge_slave_0: entered allmulticast mode [ 85.809072][ T8062] bridge_slave_0: entered promiscuous mode [ 85.816144][ T8062] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.823430][ T8062] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.830654][ T8062] bridge_slave_1: entered allmulticast mode [ 85.837329][ T8062] bridge_slave_1: entered promiscuous mode [ 85.852364][ T8127] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.864680][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.882971][ T4515] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.893155][ T8062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.907516][ T4515] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.920169][ T8062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.932235][ T7653] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.942963][ T8127] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.994686][ T8062] team0: Port device team_slave_0 added [ 86.001753][ T8062] team0: Port device team_slave_1 added [ 86.056720][ T8062] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.063898][ T8062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.089973][ T8062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.112416][ T8062] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.119416][ T8062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.145460][ T8062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.163576][ T8377] netlink: 16 bytes leftover after parsing attributes in process `syz.2.934'. [ 86.196417][ T8062] hsr_slave_0: entered promiscuous mode [ 86.203438][ T8062] hsr_slave_1: entered promiscuous mode [ 86.209337][ T8062] debugfs: 'hsr0' already exists in 'hsr' [ 86.215123][ T8062] Cannot create hsr debugfs directory [ 86.354141][ T7653] veth0_vlan: entered promiscuous mode [ 86.365054][ T7653] veth1_vlan: entered promiscuous mode [ 86.388511][ T7653] veth0_macvtap: entered promiscuous mode [ 86.405332][ T7653] veth1_macvtap: entered promiscuous mode [ 86.421818][ T7653] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.438026][ T7653] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.448775][ T4509] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.475843][ T4509] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.504248][ T4509] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.513953][ T8062] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 86.532278][ T4512] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.549243][ T8062] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 86.581968][ T8062] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 86.604273][ T8062] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 86.620399][ T8502] SELinux: ebitmap: truncated map [ 86.625992][ T8502] SELinux: failed to load policy [ 86.659722][ T4509] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.668429][ T8502] loop2: detected capacity change from 0 to 2048 [ 86.682205][ T4509] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.695270][ T8502] EXT4-fs: inline encryption not supported [ 86.724261][ T8502] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.741918][ T4509] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.782819][ T8521] loop1: detected capacity change from 0 to 128 [ 86.785305][ T8062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.809064][ T8521] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 86.827553][ T4509] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.845641][ T8062] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.876156][ T4515] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.883266][ T4515] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.911945][ T8521] syz.1.935: attempt to access beyond end of device [ 86.911945][ T8521] loop1: rw=0, sector=97, nr_sectors = 944 limit=128 [ 86.930424][ T4504] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.937636][ T4504] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.964492][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.975592][ T4509] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 87.004287][ T8062] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.064574][ T8530] netlink: 8 bytes leftover after parsing attributes in process `syz.2.936'. [ 87.144789][ T8062] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.386117][ T8062] veth0_vlan: entered promiscuous mode [ 87.395962][ T8062] veth1_vlan: entered promiscuous mode [ 87.416022][ T8062] veth0_macvtap: entered promiscuous mode [ 87.426725][ T8062] veth1_macvtap: entered promiscuous mode [ 87.438582][ T8062] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.453078][ T8062] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.465100][ T4504] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.476642][ T4504] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.497323][ T4504] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.524692][ T4504] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.605853][ T8561] netlink: 7 bytes leftover after parsing attributes in process `syz.5.939'. [ 87.616426][ T8561] netlink: 7 bytes leftover after parsing attributes in process `syz.5.939'. [ 87.677356][ T8567] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.720176][ T8575] netlink: 'syz.6.945': attribute type 1 has an invalid length. [ 87.748119][ T8580] netlink: 4 bytes leftover after parsing attributes in process `syz.6.947'. [ 87.757924][ T8580] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 87.765177][ T8580] IPv6: NLM_F_CREATE should be set when creating new route [ 87.774403][ T8580] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 87.781612][ T8582] netlink: 100 bytes leftover after parsing attributes in process `syz.2.948'. [ 87.790664][ T8580] IPv6: NLM_F_CREATE should be set when creating new route [ 87.819101][ T8584] netlink: 5 bytes leftover after parsing attributes in process `syz.6.950'. [ 87.832276][ T8584] 0XD: renamed from gretap0 (while UP) [ 87.841113][ T8584] 0XD: entered allmulticast mode [ 87.846897][ T8584] A link change request failed with some changes committed already. Interface 30XD may have been left with an inconsistent configuration, please check. [ 87.991554][ T8606] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8606 comm=syz.3.960 [ 88.053880][ T8615] rdma_op ffff888104d6b980 conn xmit_rdma 0000000000000000 [ 88.068953][ T8613] bridge: RTM_NEWNEIGH with invalid ether address [ 88.165965][ T8625] 9pnet: p9_errstr2errno: server reported unknown error [ 88.235940][ T8567] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.377399][ T8619] Set syz1 is full, maxelem 65536 reached [ 88.510028][ T8643] netlink: 8 bytes leftover after parsing attributes in process `syz.6.972'. [ 88.524965][ T8567] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.575842][ T8658] loop1: detected capacity change from 0 to 512 [ 88.605880][ T8658] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 88.628991][ T8658] EXT4-fs (loop1): 1 truncate cleaned up [ 88.635183][ T8658] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.651802][ T8567] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.713084][ T4512] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.748861][ T4512] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.773435][ T4512] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.786936][ T4512] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.925922][ T8686] wireguard0: entered promiscuous mode [ 88.931616][ T8686] wireguard0: entered allmulticast mode [ 89.061033][ T8723] loop6: detected capacity change from 0 to 128 [ 89.079139][ T8723] FAT-fs (loop6): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 89.137942][ T8723] syz.6.984: attempt to access beyond end of device [ 89.137942][ T8723] loop6: rw=0, sector=97, nr_sectors = 944 limit=128 [ 89.172053][ T4509] FAT-fs (loop6): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 89.425317][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.876444][ T8767] loop3: detected capacity change from 0 to 512 [ 89.890932][ T8767] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.1009: bad orphan inode 11862016 [ 89.902321][ T8767] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 89.915031][ T8767] ext4 filesystem being mounted at /223/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.929754][ T29] kauditd_printk_skb: 101 callbacks suppressed [ 89.929770][ T29] audit: type=1400 audit(1758187237.210:1785): avc: denied { setattr } for pid=8766 comm="syz.3.1009" path="/223/file1/file1" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 90.012984][ T29] audit: type=1400 audit(1758187237.290:1786): avc: denied { ioctl } for pid=8766 comm="syz.3.1009" path="/223/file1/file1" dev="loop3" ino=18 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 90.015633][ T8767] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #19: comm syz.3.1009: corrupted inode contents [ 90.051204][ T8767] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #19: comm syz.3.1009: mark_inode_dirty error [ 90.079598][ T8767] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #19: comm syz.3.1009: corrupted inode contents [ 90.103665][ T8767] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2991: inode #19: comm syz.3.1009: mark_inode_dirty error [ 90.133550][ T8767] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2994: inode #19: comm syz.3.1009: mark inode dirty (error -117) [ 90.153378][ T8776] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1001'. [ 90.169686][ T8767] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117) [ 90.222020][ T8785] netlink: 'syz.2.1004': attribute type 27 has an invalid length. [ 90.239211][ T3314] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 90.264305][ T8791] loop3: detected capacity change from 0 to 1024 [ 90.303481][ T8791] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.324799][ T8785] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.332139][ T8785] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.345731][ T29] audit: type=1400 audit(1758187237.620:1787): avc: denied { execute } for pid=8790 comm="syz.3.1006" path="/224/file1/file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 90.374303][ T8785] $H: left promiscuous mode [ 90.379198][ T8785] bond_slave_0: left promiscuous mode [ 90.385031][ T8785] bond_slave_1: left promiscuous mode [ 90.392840][ T8791] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.1006: Allocating blocks 385-513 which overlap fs metadata [ 90.411140][ T8785] dummy0: left promiscuous mode [ 90.417126][ T8785] tipc: Resetting bearer [ 90.423883][ T8791] EXT4-fs (loop3): pa ffff8881056f5230: logic 16, phys. 129, len 24 [ 90.431945][ T8791] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 90.454443][ T8791] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28 [ 90.466989][ T8791] EXT4-fs (loop3): This should not happen!! Data will be lost [ 90.466989][ T8791] [ 90.476845][ T8791] EXT4-fs (loop3): Total free blocks count 0 [ 90.482892][ T8791] EXT4-fs (loop3): Free/Dirty block details [ 90.488825][ T8791] EXT4-fs (loop3): free_blocks=128 [ 90.494071][ T8791] EXT4-fs (loop3): dirty_blocks=0 [ 90.499118][ T8791] EXT4-fs (loop3): Block reservation details [ 90.505177][ T8791] EXT4-fs (loop3): i_reserved_data_blocks=0 [ 90.544439][ T8785] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.556908][ T8785] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.646569][ T8793] 8021q: adding VLAN 0 to HW filter on device $H [ 90.656160][ T8793] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.663884][ T8793] tipc: Resetting bearer [ 90.674020][ T8793] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 90.695103][ T4509] tipc: Resetting bearer [ 90.701103][ T4515] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.718537][ T4515] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.727641][ T4515] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.739485][ T4515] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.453541][ T29] audit: type=1326 audit(1758187238.730:1788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8844 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 91.477182][ T29] audit: type=1326 audit(1758187238.730:1789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8844 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 91.525709][ T29] audit: type=1326 audit(1758187238.730:1790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8844 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 91.549221][ T29] audit: type=1326 audit(1758187238.730:1791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8844 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 91.572769][ T29] audit: type=1326 audit(1758187238.730:1792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8844 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 91.587170][ T8845] loop3: detected capacity change from 0 to 128 [ 91.596345][ T29] audit: type=1326 audit(1758187238.780:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8844 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 91.626096][ T29] audit: type=1326 audit(1758187238.780:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8844 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f602776eba9 code=0x7ffc0000 [ 91.651462][ T8845] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 91.681710][ T8845] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 91.698358][ T8850] loop2: detected capacity change from 0 to 128 [ 91.715862][ T8850] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 91.732080][ T4504] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 91.743850][ T8850] ext4 filesystem being mounted at /225/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.760235][ T8856] netlink: 'syz.3.1020': attribute type 27 has an invalid length. [ 91.781067][ T8856] wg2: left promiscuous mode [ 91.785749][ T8856] wg2: left allmulticast mode [ 91.884900][ T8858] 8021q: adding VLAN 0 to HW filter on device  [ 91.885791][ T3307] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 91.893465][ T8858] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.908496][ T8858] tipc: Resetting bearer [ 91.916370][ T8858] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 91.948522][ T8860] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.012211][ T8872] loop2: detected capacity change from 0 to 128 [ 92.014548][ T8872] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 92.021840][ T8872] ext4 filesystem being mounted at /227/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.041319][ T8860] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.091509][ T8860] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.104201][ T3307] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 92.174608][ T8860] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.266763][ T8915] loop1: detected capacity change from 0 to 128 [ 92.276228][ T8915] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 92.288511][ T8919] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1036'. [ 92.298686][ T8915] ext4 filesystem being mounted at /227/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 92.314591][ T8919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.345568][ T8919] macvlan2: entered promiscuous mode [ 92.351082][ T8919] macvlan2: entered allmulticast mode [ 92.353348][ T3315] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 92.357981][ T8919] bond0: (slave macvlan2): Opening slave failed [ 92.394040][ T4512] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.418145][ T8965] cgroup: cgroup_addrm_files: failed to add weight, err=-12 [ 92.431870][ T4512] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.458239][ T4512] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.488128][ T4512] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.596172][ T8985] SELinux: ebitmap: truncated map [ 92.615556][ T8985] SELinux: failed to load policy [ 92.656671][ T8985] loop6: detected capacity change from 0 to 2048 [ 92.671149][ T8985] EXT4-fs: inline encryption not supported [ 92.686362][ T8985] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.848704][ T8062] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.148024][ T9029] loop6: detected capacity change from 0 to 164 [ 93.206344][ T9029] syz.6.1058: attempt to access beyond end of device [ 93.206344][ T9029] loop6: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 93.272885][ T9036] loop2: detected capacity change from 0 to 1024 [ 93.286534][ T9029] syz.6.1058: attempt to access beyond end of device [ 93.286534][ T9029] loop6: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 93.291296][ T9036] EXT4-fs: Ignoring removed orlov option [ 93.330416][ T9036] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.443937][ T9043] loop6: detected capacity change from 0 to 1024 [ 93.476619][ T9043] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.518611][ T9043] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.1062: bg 0: block 494: padding at end of block bitmap is not set [ 93.793061][ T9088] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1068'. [ 93.900316][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.965687][ T8062] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.049257][ T9124] loop5: detected capacity change from 0 to 512 [ 94.072584][ T9124] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 94.092440][ T9124] EXT4-fs (loop5): 1 truncate cleaned up [ 94.101869][ T9124] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.379738][ T2957] af_packet: tpacket_rcv: packet too big, clamped from 94 to 4294967286. macoff=82 [ 94.422974][ T9147] loop6: detected capacity change from 0 to 512 [ 94.442345][ T9147] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 94.462153][ T9147] EXT4-fs (loop6): orphan cleanup on readonly fs [ 94.481185][ T9147] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.1086: Failed to acquire dquot type 1 [ 94.501577][ T9147] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.1086: bg 0: block 40: padding at end of block bitmap is not set [ 94.529909][ T9147] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 94.549333][ T9147] EXT4-fs (loop6): 1 truncate cleaned up [ 94.569277][ T9147] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 94.601945][ T9147] EXT4-fs error (device loop6): ext4_xattr_block_get:593: inode #16: comm syz.6.1086: corrupted xattr block 31: invalid header [ 94.625510][ T9147] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop6 ino=16 [ 94.644769][ T9147] EXT4-fs error (device loop6): ext4_xattr_block_get:593: inode #16: comm syz.6.1086: corrupted xattr block 31: invalid header [ 94.674404][ T9147] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop6 ino=16 [ 94.693909][ T9147] EXT4-fs error (device loop6): ext4_get_link:106: inode #16: comm syz.6.1086: bad symlink. [ 94.736376][ T8062] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.906318][ T7653] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.046721][ T9175] loop5: detected capacity change from 0 to 128 [ 95.085857][ T9177] syzkaller1: entered promiscuous mode [ 95.091510][ T9177] syzkaller1: entered allmulticast mode [ 95.093683][ T9175] syz.5.1093: attempt to access beyond end of device [ 95.093683][ T9175] loop5: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 95.138054][ T9175] syz.5.1093: attempt to access beyond end of device [ 95.138054][ T9175] loop5: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 95.183504][ T9175] syz.5.1093: attempt to access beyond end of device [ 95.183504][ T9175] loop5: rw=2049, sector=177, nr_sectors = 24 limit=128 [ 95.215027][ T9175] syz.5.1093: attempt to access beyond end of device [ 95.215027][ T9175] loop5: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 95.230964][ T9190] syz.5.1093: attempt to access beyond end of device [ 95.230964][ T9190] loop5: rw=2049, sector=305, nr_sectors = 80 limit=128 [ 95.244977][ T9175] syz.5.1093: attempt to access beyond end of device [ 95.244977][ T9175] loop5: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 95.262815][ T9190] syz.5.1093: attempt to access beyond end of device [ 95.262815][ T9190] loop5: rw=2049, sector=393, nr_sectors = 8 limit=128 [ 95.294488][ T9175] syz.5.1093: attempt to access beyond end of device [ 95.294488][ T9175] loop5: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 95.389894][ T9199] 9p: Unknown access argument z%*018!A͏AQåH]00000000000000000000: -22 [ 95.416345][ T9201] -1: renamed from syzkaller0 [ 95.489123][ T29] kauditd_printk_skb: 101 callbacks suppressed [ 95.489157][ T29] audit: type=1326 audit(1758187242.760:1894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3ee2eba9 code=0x7ffc0000 [ 95.553759][ T29] audit: type=1326 audit(1758187242.800:1895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fbe3ee2eba9 code=0x7ffc0000 [ 95.559826][ T9215] loop1: detected capacity change from 0 to 1024 [ 95.577292][ T29] audit: type=1326 audit(1758187242.800:1896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3ee2eba9 code=0x7ffc0000 [ 95.577334][ T29] audit: type=1326 audit(1758187242.800:1897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3ee2eba9 code=0x7ffc0000 [ 95.630599][ T29] audit: type=1326 audit(1758187242.800:1898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe3ee2eba9 code=0x7ffc0000 [ 95.632399][ T9215] EXT4-fs: Ignoring removed orlov option [ 95.654148][ T29] audit: type=1326 audit(1758187242.800:1899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3ee2eba9 code=0x7ffc0000 [ 95.654185][ T29] audit: type=1326 audit(1758187242.800:1900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3ee2eba9 code=0x7ffc0000 [ 95.654222][ T29] audit: type=1326 audit(1758187242.810:1901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe3ee2eba9 code=0x7ffc0000 [ 95.730372][ T29] audit: type=1326 audit(1758187242.810:1902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3ee2eba9 code=0x7ffc0000 [ 95.754076][ T29] audit: type=1326 audit(1758187242.810:1903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz.5.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3ee2eba9 code=0x7ffc0000 [ 95.795289][ T9215] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.906652][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.066646][ T9234] loop5: detected capacity change from 0 to 4096 [ 96.093611][ T9234] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.232263][ T7653] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.345805][ T9268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1116'. [ 96.356800][ T9265] netlink: 3 bytes leftover after parsing attributes in process `syz.6.1117'. [ 96.360396][ T9268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1116'. [ 96.375397][ T9265] batadv1: entered promiscuous mode [ 96.380728][ T9265] batadv1: entered allmulticast mode [ 96.436728][ T9286] loop1: detected capacity change from 0 to 512 [ 96.453148][ T9286] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.466542][ T9286] ext4 filesystem being mounted at /248/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.481442][ T9286] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1120'. [ 96.490755][ T9286] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1120'. [ 96.501964][ T9286] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1120'. [ 96.511179][ T9286] netlink: 196 bytes leftover after parsing attributes in process `syz.1.1120'. [ 96.528856][ T9300] loop6: detected capacity change from 0 to 512 [ 96.536254][ T9300] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 96.548648][ T9300] EXT4-fs (loop6): 1 truncate cleaned up [ 96.557045][ T9300] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.570513][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.307227][ T9343] netlink: 'syz.5.1133': attribute type 27 has an invalid length. [ 97.335231][ T9343] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.342512][ T9343] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.376337][ T8062] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.392547][ T9343] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 97.409373][ T9343] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.486564][ T9344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.502622][ T9344] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.512558][ T9344] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 97.534953][ T9350] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.547802][ T4530] netdevsim netdevsim5 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.558167][ T4530] netdevsim netdevsim5 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.567952][ T4530] netdevsim netdevsim5 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.576532][ T4530] netdevsim netdevsim5 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.590961][ T9350] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.617127][ T9356] loop5: detected capacity change from 0 to 512 [ 97.639092][ T9356] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.671966][ T9356] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.700016][ T9350] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.743423][ T9356] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1138'. [ 97.752564][ T9356] netlink: 196 bytes leftover after parsing attributes in process `syz.5.1138'. [ 97.791286][ T9350] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.803949][ T7653] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.855711][ T4530] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.868793][ T4530] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.882582][ T4489] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.895743][ T4489] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.976693][ T9405] syz.2.1153 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 98.151645][ T9423] loop2: detected capacity change from 0 to 512 [ 98.159103][ T9423] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 98.171276][ T9423] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002] [ 98.179764][ T9423] System zones: 1-12 [ 98.184991][ T9423] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.1160: corrupted in-inode xattr: e_value size too large [ 98.221314][ T9423] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1160: couldn't read orphan inode 15 (err -117) [ 98.255108][ T9423] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.318803][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.675851][ T9448] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.747151][ T9448] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.825716][ T9448] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.861311][ T9459] loop6: detected capacity change from 0 to 1024 [ 98.879104][ T9459] EXT4-fs: Ignoring removed bh option [ 98.885885][ T9459] EXT4-fs (loop6): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 98.907619][ T9448] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.932215][ T9459] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.988901][ T1674] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.016967][ T9480] netlink: 'syz.5.1171': attribute type 10 has an invalid length. [ 99.029832][ T1674] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.038786][ T4510] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.047193][ T4510] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.072594][ T9488] netlink: 'syz.5.1171': attribute type 10 has an invalid length. [ 99.087974][ T9480] team0: Port device dummy0 added [ 99.119686][ T9488] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 99.133122][ T9490] loop1: detected capacity change from 0 to 4096 [ 99.140298][ T9488] team0: Failed to send options change via netlink (err -105) [ 99.148296][ T9490] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 99.148399][ T9488] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 99.161764][ T9490] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.188479][ T9488] team0: Port device dummy0 removed [ 99.196686][ T9488] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 99.221739][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.329888][ T9496] tipc: Enabled bearer , priority 0 [ 99.341901][ T9496] tipc: Disabling bearer [ 99.370360][ T9507] loop3: detected capacity change from 0 to 2048 [ 99.408684][ T9517] __nla_validate_parse: 3 callbacks suppressed [ 99.408703][ T9517] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1183'. [ 99.442468][ T9517] netlink: 'syz.2.1183': attribute type 1 has an invalid length. [ 99.466928][ T9522] netlink: 1343 bytes leftover after parsing attributes in process `syz.1.1184'. [ 99.478176][ T9507] loop3: unable to read partition table [ 99.484568][ T9507] loop3: partition table beyond EOD, truncated [ 99.488703][ T9524] loop2: detected capacity change from 0 to 256 [ 99.490836][ T9507] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) [ 99.552842][ T9524] bio_check_eod: 39 callbacks suppressed [ 99.552935][ T9524] syz.2.1185: attempt to access beyond end of device [ 99.552935][ T9524] loop2: rw=2049, sector=256, nr_sectors = 68 limit=256 [ 99.576902][ T9524] syz.2.1185: attempt to access beyond end of device [ 99.576902][ T9524] loop2: rw=34817, sector=261, nr_sectors = 32 limit=256 [ 99.604905][ T9534] netlink: 'syz.3.1188': attribute type 10 has an invalid length. [ 99.649788][ T9534] team0: Port device dummy0 added [ 99.656054][ T9537] netlink: 'syz.3.1188': attribute type 10 has an invalid length. [ 99.671719][ T9537] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 99.684935][ T9537] team0: Failed to send options change via netlink (err -105) [ 99.736883][ T9537] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 99.746748][ T9537] team0: Port device dummy0 removed [ 99.755319][ T9537] : (slave dummy0): Enslaving as an active interface with an up link [ 99.779515][ T4510] tipc: Resetting bearer [ 99.822421][ T9546] netlink: 'syz.3.1192': attribute type 10 has an invalid length. [ 99.830361][ T9546] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1192'. [ 99.839836][ T9546] dummy0: entered promiscuous mode [ 99.847602][ T9546] : (slave dummy0): Releasing backup interface [ 99.919825][ T8062] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.930123][ T9552] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1195'. [ 100.152842][ T9574] SELinux: failed to load policy [ 100.187638][ T9576] loop5: detected capacity change from 0 to 512 [ 100.196880][ T9578] syz_tun: entered allmulticast mode [ 100.207469][ T9578] dvmrp1: entered allmulticast mode [ 100.215857][ T9576] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.226541][ T9577] syz_tun: left allmulticast mode [ 100.245610][ T9576] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.287297][ T7653] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.343122][ T9594] loop5: detected capacity change from 0 to 1024 [ 100.350677][ T9594] EXT4-fs: Ignoring removed bh option [ 100.356740][ T9594] EXT4-fs (loop5): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 100.765684][ T9602] ================================================================== [ 100.773827][ T9602] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark [ 100.781027][ T9602] [ 100.783374][ T9602] write to 0xffff88811a274f94 of 4 bytes by task 9594 on cpu 1: [ 100.791017][ T9602] xas_set_mark+0x12b/0x140 [ 100.795560][ T9602] __folio_start_writeback+0x1dd/0x440 [ 100.801083][ T9602] ext4_bio_write_folio+0x5ad/0x9f0 [ 100.806319][ T9602] mpage_process_page_bufs+0x4a1/0x620 [ 100.811819][ T9602] mpage_prepare_extent_to_map+0x786/0xc00 [ 100.817655][ T9602] ext4_do_writepages+0xa05/0x2750 [ 100.822796][ T9602] ext4_writepages+0x176/0x300 [ 100.827587][ T9602] do_writepages+0x1c3/0x310 [ 100.832222][ T9602] file_write_and_wait_range+0x156/0x2c0 [ 100.837899][ T9602] generic_buffers_fsync_noflush+0x45/0x120 [ 100.843820][ T9602] ext4_sync_file+0x1ab/0x690 [ 100.848521][ T9602] vfs_fsync_range+0x10a/0x130 [ 100.853304][ T9602] ext4_buffered_write_iter+0x34f/0x3c0 [ 100.858888][ T9602] ext4_file_write_iter+0xdbf/0xf00 [ 100.864130][ T9602] iter_file_splice_write+0x666/0xa60 [ 100.869519][ T9602] direct_splice_actor+0x156/0x2a0 [ 100.874653][ T9602] splice_direct_to_actor+0x312/0x680 [ 100.880057][ T9602] do_splice_direct+0xda/0x150 [ 100.884850][ T9602] do_sendfile+0x380/0x650 [ 100.889307][ T9602] __x64_sys_sendfile64+0x105/0x150 [ 100.894544][ T9602] x64_sys_call+0x2bb0/0x2ff0 [ 100.899262][ T9602] do_syscall_64+0xd2/0x200 [ 100.903807][ T9602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.909737][ T9602] [ 100.912073][ T9602] read to 0xffff88811a274f94 of 4 bytes by task 9602 on cpu 0: [ 100.919805][ T9602] xas_find_marked+0x5dc/0x620 [ 100.924625][ T9602] find_get_entry+0x5d/0x380 [ 100.929278][ T9602] filemap_get_folios_tag+0x92/0x210 [ 100.934595][ T9602] mpage_prepare_extent_to_map+0x320/0xc00 [ 100.940425][ T9602] ext4_do_writepages+0xa05/0x2750 [ 100.945582][ T9602] ext4_writepages+0x176/0x300 [ 100.950375][ T9602] do_writepages+0x1c3/0x310 [ 100.954998][ T9602] filemap_write_and_wait_range+0x144/0x340 [ 100.960929][ T9602] ext4_file_write_iter+0xe04/0xf00 [ 100.966161][ T9602] iter_file_splice_write+0x666/0xa60 [ 100.971562][ T9602] direct_splice_actor+0x156/0x2a0 [ 100.976710][ T9602] splice_direct_to_actor+0x312/0x680 [ 100.982102][ T9602] do_splice_direct+0xda/0x150 [ 100.986892][ T9602] do_sendfile+0x380/0x650 [ 100.991341][ T9602] __x64_sys_sendfile64+0x105/0x150 [ 100.996567][ T9602] x64_sys_call+0x2bb0/0x2ff0 [ 101.001287][ T9602] do_syscall_64+0xd2/0x200 [ 101.005818][ T9602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.011743][ T9602] [ 101.014077][ T9602] value changed: 0x0a000021 -> 0x04000021 [ 101.019809][ T9602] [ 101.022144][ T9602] Reported by Kernel Concurrency Sanitizer on: [ 101.028587][ T9602] CPU: 0 UID: 0 PID: 9602 Comm: syz.5.1208 Not tainted syzkaller #0 PREEMPT(voluntary) [ 101.038334][ T9602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 101.048418][ T9602] ==================================================================