last executing test programs: 43.107044202s ago: executing program 3 (id=793): creat(&(0x7f0000000340)='./file0\x00', 0x28) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) r1 = syz_pidfd_open(r0, 0x0) wait4(0x0, 0x0, 0x80000000, 0x0) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) r4 = pidfd_getfd(r3, r1, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0xd0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r3}}) 42.289240614s ago: executing program 3 (id=802): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x1, @local}, 0x10) connect$inet(r2, &(0x7f0000000280)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x2, 0x6c}, 0x0, @in=@empty, 0x10, 0x5, 0x0, 0xb7}}, 0xe8) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x700) 41.374843787s ago: executing program 3 (id=814): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x2c}, 0x94) socket$inet6(0xa, 0x3, 0x3) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x10000, 0x0, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x359}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 40.963024343s ago: executing program 3 (id=818): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x200000000000, &(0x7f0000000140)='./file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0) 40.861155334s ago: executing program 3 (id=822): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x100000a, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = mq_open(&(0x7f0000003440)='nl80211\x00', 0x40, 0x8, &(0x7f0000003480)={0x0, 0x9, 0x2, 0x7}) mq_timedreceive(r1, &(0x7f00000034c0)=""/34, 0x22, 0x1, 0x0) 40.791598961s ago: executing program 3 (id=824): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000f000000850000007a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$kcm(0x11, 0x2, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup(r3) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r2, &(0x7f0000001500)={@val={0xa, 0x10}, @void, @eth={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv6={0x86dd, @tcp={0xc, 0x6, "8249dc", 0x15, 0x6, 0x0, @local, @mcast2, {[], {{0x4e20, 0x4e23, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x6}, {'#'}}}}}}}}, 0x4f) 40.749733733s ago: executing program 32 (id=824): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000f000000850000007a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$kcm(0x11, 0x2, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r0, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup(r3) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r2, &(0x7f0000001500)={@val={0xa, 0x10}, @void, @eth={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv6={0x86dd, @tcp={0xc, 0x6, "8249dc", 0x15, 0x6, 0x0, @local, @mcast2, {[], {{0x4e20, 0x4e23, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x6}, {'#'}}}}}}}}, 0x4f) 3.511215419s ago: executing program 5 (id=1319): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x808003, &(0x7f0000000000), 0x3, 0x519, &(0x7f0000000f80)="$eJzs3cFvHFcZAPBvxl7Xbh3sAodSidZCoLSC7No1bS0ObZEQnAqUcjfGXluW117Lu25jq0KOOCMkhADBBU5ckPgDkFD+BIQUCe4RQqAIknDgENhqdmcde7PrOMquN7F/P+ll3rzMzPe9TfZ53854JoALayYi3omIkYh4NSKm8vY0L3HQKtl2d25/tJyVJBqN9/+VRJK3tY+V5Mvn8t3GI+I734j4fpK0Go6o7e1vLFUq5Z18vVTf3C7V9vavrG8urZXXylvz83NvLLy58PrCbN/6+tbX/v6zH//262/98Usf3lz85ys/yPKdzP/uaD/6qfWaFJqvRdtoROwMItgQjOT/Twqn2TgZfD4AAJws++z2yYj4XETc/eWwswEAAAAGofH2ZNxLIhoP+ua38k0AAACAp1vavAY2SYv5tQCTkabFYusa3k/H21Gp1upfXK3ubq20rpWdjkK6ul4pz+bXCk9HIcnW55r1++uvdazPR8TzEfHTqYnmenG5WlkZ9pcfAAAAcEFk8/zJtFXPFv+ZStPi2LCzAgAAAPpuetgJAAAAAANn/g8AAADn34Pz/5nWIhk9+2QAAACAfvv2u+9mpdF+/vXKB3u7G9UPrqyUaxvFzd3l4nJ1Z7u4Vq2uNe/Zt3l/z2e6Hq9SrW5/ObZ2r5bq5Vq9VNvbX9ys7m7VF5vP9V4sn+o50QAAAEBfPf/y9b8mEXHwlYlmybRv/2euDudb+mibJ4PKAzh7I6duBM4bF/jCxeX9DzxsYj9+RnkAAACDc/kzh+f/J+LI+f9LN53/h/PuEc//A+eIU/1wcXWc//v1qXa61xhMMsCZMscHHvY9QM/z/3/qfy4AAMBgTDZLkhbzOcBkpGmxGHGp+ViAQrK6XinPRsQnIuIvU4VnsvW5YScNAAAAAAAAAAAAAAAAAAAAAAAAAE+ZRiOJBgAAAHCuRaT/SCIiifGIqc9Pdn4/MJb8d6q5jIgPf/X+z68u1es7c1n7vw/b67/I218bxjcYAAAAQKf2PL09jwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAfrpz+6PldjnS/IVBx7311YiY7hZ/NMaby/EoRMSzd5MYPbJfEhEjfYh/cC0iXugWP8nSiuk8i874aURMDDn+c32IDxfZ9Wz8eafb+y+Nmeay+/tvNC+P69ZMr/EvPRz/RnqMf5cecuyxfPnijd+Xesa/FvHiaPfxpx1/7DHH3+99d3+/o+m99tjZ+E3E5a4/f5JjsUr1ze1SbW//yvrm0lp5rbw1Pz/3xsKbC68vzJZW1yvl/M+u8X/y2T/8/6T+P9sj/nTe/6TZ//Fjnc/aGo3ux3y5Y/1/N67e/lS3DZOIWz/K613+/V84Fv/46z+S/3BO89fncrt+0Kof9dLv/vxS7/6PxEqP/o+fED9re6XXQTu8+t4P/9aqFU65BwAwSLW9/Y2lSqW887RXss48AWn0sTLzZKRx3ivtWdSTks/gKskjvd+HOy4BAAD9d/9D/7AzAQAAAAAAAAAAAAAAAAAAgIur/fv/7Xs5D+LeY0fjHd5FOUnOvK8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACf5OAAA//9O3cdG") r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) r3 = fspick(r2, &(0x7f00000000c0)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x820f8, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000)) 2.708231382s ago: executing program 0 (id=1326): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x5, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4040000}, 0x4048801) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000081000001c0012020b00010062726964676500000c00028004001c"], 0x3c}, 0x1, 0x0, 0x0, 0x34041043}, 0x4004000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca2d410}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.597781512s ago: executing program 4 (id=1329): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32=r3, @ANYRES32=r2, @ANYBLOB='&'], 0x10) sendmsg$inet(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000080)='}', 0x1}], 0x1}, 0x2400c0b5) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f00000002c0)=r0}, 0x20) sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x1}], 0x1}, 0x0) 2.497355704s ago: executing program 5 (id=1330): bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000080), &(0x7f0000000240)=r3}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x53f, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 2.496900704s ago: executing program 4 (id=1331): perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x107204, 0x1000, 0x20da, 0xf, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket(0x28, 0x5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) r2 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r2, 0x4) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) sendmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x2d, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x51, 0x0) 2.47454363s ago: executing program 0 (id=1332): unshare(0x2c020400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r0, 0x604ae000) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xff0, 0x1, 0x0}, &(0x7f0000000000)=0x40) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000300)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000880)=""/178, 0xb2, 0x0, 0x0}, &(0x7f0000000680)=0x40) 2.392312445s ago: executing program 0 (id=1333): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) io_uring_setup(0x56a9, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5}) socket$inet_sctp(0x2, 0x1, 0x84) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1, 0x4, @perf_bp={0x0}, 0x0, 0x400004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0) 2.391767935s ago: executing program 4 (id=1334): setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x3, 0x0}}}, 0x0, 0x0, 0xc, 0x0, "bb07000000ca41d6357e544508474404010000003ab6fbffffffffffff8a0e2f964e0000c534a632ab6193fcf10700f3ee0500faa4ff1f56c54dc46d8b6d2ccd00a0cf0a007b0600"}, 0xd8) r0 = socket$kcm(0x23, 0x5, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x6, 0x4) listen(r0, 0x8) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff000000"], 0x78) 2.165456584s ago: executing program 5 (id=1337): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) eventfd2(0x0, 0x1) r3 = socket(0x11, 0x800000003, 0x0) bind$packet(r3, &(0x7f0000000d00)={0x11, 0x0, r2, 0x1, 0x7f, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x14) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1) socket$packet(0x11, 0x3, 0x300) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) 2.114440835s ago: executing program 4 (id=1339): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newlink={0x20, 0x10, 0x401, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2500}}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r2, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) 2.013047556s ago: executing program 1 (id=1340): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x8, 0x1, 0x400, 0x0, {0xa, 0x0, 0xe38, @private0}}}, 0x32) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000001280), r3) close(0x3) sendmsg$L2TP_CMD_TUNNEL_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="2503000000000000000008"], 0x14}}, 0x0) 1.997071963s ago: executing program 5 (id=1341): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x9}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 1.97729094s ago: executing program 1 (id=1342): perf_event_open$cgroup(&(0x7f0000000140)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}, 0x80}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000800)={0x2, 0x80, 0xca, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_config_ext={0x5, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f00000007c0)={0x2, 0x80, 0x62, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x6, 0x104800}, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000730121000000000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000280)=""/73}, 0x20) 1.825591982s ago: executing program 1 (id=1344): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)="11212e", 0x3}, 0x1, 0x0, 0x0, 0x24008011}, 0x800) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) getpid() syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40004) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x40047440, 0xf0ff1f00000013) close_range(r0, 0xffffffffffffffff, 0x0) 1.5361123s ago: executing program 5 (id=1347): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) kexec_load(0x0, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0x1000000, 0x10000}], 0x0) 634.268615ms ago: executing program 5 (id=1348): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@nobarrier}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write$bt_hci(r2, &(0x7f0000000bc0)={0x1, @remote_name_req_cancel={{0x41a, 0x6}}}, 0xa) sendfile(r2, r0, 0x0, 0x40001) sendfile(r2, r1, 0x0, 0x7ffff000) socketpair$unix(0x1, 0x5, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) 634.009935ms ago: executing program 4 (id=1349): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c000080080003400000000214000000110001"], 0xb0}, 0x1, 0x0, 0x0, 0x14}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) 633.583825ms ago: executing program 0 (id=1358): rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffff7ffffffd]}, 0x0, 0x8) r0 = gettid() timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r0}, &(0x7f0000044000)=0x0) timer_settime(r1, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xffeffffffffffffc]}, 0x8, 0x800) r3 = syz_io_uring_setup(0xbd7, &(0x7f0000000040)={0x0, 0xe14f, 0x8, 0x1, 0x4000032f, 0x0, r2}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4004, @fd=r2, 0x7, &(0x7f0000000500)=[{&(0x7f0000001800)=""/201, 0xc9}], 0x1}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) 633.108805ms ago: executing program 1 (id=1350): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in6={{0xa, 0x3, 0x4, @rand_addr=' \x01\x00'}}}, &(0x7f0000000040)=0x84) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x850}, 0x48000) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") r2 = open(&(0x7f0000000140)='./file0/file0\x00', 0xecb42, 0x86) syz_emit_ethernet(0x46, 0x0, 0x0) pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x140000}], 0x14, 0x7800, 0x0, 0x3) 632.866485ms ago: executing program 2 (id=1351): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0) write$binfmt_elf64(r0, &(0x7f0000002600)=ANY=[], 0x1820) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x12}}, 0x40) 551.77954ms ago: executing program 1 (id=1352): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff", 0x2ac}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61faec4a42c29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a610b3738b393eed8633fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33e47a0e416573cfdcfb44ed9d", 0x1cb}, {&(0x7f00000005c0)="05437c98b91b1455046f57b5fc913814bde2bbeac2104eaea9c9d01a7838d859007067c10aa7352abbdf98e9bf033a4784a11e84639d3b9164d9c5d729f3dd409d39ff6d5cca97", 0x47}, {&(0x7f0000000140)="f610e61ac81cc3edc86f0500194d27a5a443f10dfd1ecda0fd0ed9a444b7fb76afe3a0002f0a5eafcd3555a6cad574af080de74a37f54ee5f10fe3f42b445293ca980200000000000000ecfd6cc1b3a9a9263506e88c5557069d0ca055991454ec1307b7411892a1beaef9ae54833107eb88b0411b1bc0ba9bc28d0eb6a73ad76be9facd1d9d82b6a3cc2040e84b398d279e50535b6557df8a633cfc7615fca9879b11834eb07eeb4278cab057f89b7464048cf573c21df5435e3b81aaba048fa4264d4c15513c91e9230a8e4b7635b58dc631604c311225f21db11c7101278ef4c7", 0xe2}], 0x4, 0x0, 0x0, 0x900}}], 0x1, 0x0) r0 = memfd_create(&(0x7f0000000ec0)='\x103q}2[\xe0\x9a\xee\xaf\x03\x97\x9et\v\"|Ma\x86\xe7\xc0\x14\x9f\xb9h\xb1\x96\xe7=I\x860S6\xb5\xa8\xc2\x95Je%\xfeG\'e\xe5\x8f\xf8\xd2\x1c\xc0\xfb\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94k\xcd\t\x00\x90k\xd6\x05\xb6\x03\x00\x00\x00A\xc5\x9c_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2Oc\xc0c\x03gB!\xb0\xb8n\x01\x9bT\x95\x10\x86\xe8$\x7f\r[\xf9\x0e1v\xb1\n\x88\v\x95uy\xb5:`\x8b\nC\x18A;\xaa%\xaf\xc7\xa3\xac\xa2D\xb5\xe2\xe1\xdc(\xfd\x05\x9fB\x84O\xfe@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\xa0\x17\xe3\xac\xe9\xc9\xa7\x8a\x1b\x03\"&\xac\xcap>\xccZ\x01\xbc\x18\xc1\xb9\xe9\v\x8b\x9c\xb4Q\xd4\x96EV<>\x99\xca\xb3\xe0\xc4tL\xed\xf5W\xbd#\xcf\x8a\x84\xed\x9f/\xd4\xbb\xea;-Dp\xf8\xd0F\x90\xf8\x92Ip6\xf4\x16\xe8\x14\xe0\x92!\x92-F\xe2\x14D\x91\xa8b\x04\xdd\x1d\a\xdc\xe0\x18\x85{\x80Q\xf6k\x96\xfaQ\x9fW\vO\xf0\xe4O\\\xceS\xf2\xde\x049d\x06#\x88\xc3\xdf\x85O\x1c\xc3\xad?r\xd7\x0e\x00\xd7\x83\xb0\x88\x9c\xf6Y-F\x98\xdd\x9c~\xfd\x95\xc3\xb6lC\xaa\"Y\xa2K\xecz\x84:*\xf5Y\xd1\x9b1\x91\x9b\x15\xd4\xec\x02o\x01&\xaa\x90w\xc4\xc7yn\xb5\x1ag\xab&?\xbe\xcb\xe8v\xa8\xe0\xa4\x81sW\xacf\x149\xd2}\xefCGa\x9a$4\x8c\xa5!p\x83\x05\x96%\x02%\xabj\n\b\xc8NC\x91}&y\xd3\xe1\xeep\'\xc5\xab\x19GsX5\x8c\n\x9fh\xee;4\xb1%V\xe0\xa9\x8e\xf30:\xd8\x18N~G\x139\xcas\xf4D\xd4\xd0s\r3\xcb\x9a&\xdf+(\xc9S\x9eL5\x84\xb1\x90pN\xe7/\r\b\x9a\xf13Q\xf9\xdf\x7fX\xa0\xafK\xefh\xbfOv\x9bh\xb3\xc0\xf5\x80\xba\"@\'\x02\xafi\xeaE\xa6a6F\xde\xd4\xfa\x84\xe4+A\xb7\xa2\x8f\xc9\xee|xxn\xefw\x93]%\xd0\x19\x132\x86\xabn\xfe\x91\xb6Cl\xcf\x04\x1cq\xc1\x1d~\x8d\x01\x83\x93_\x83\x8a`v\xb0K,|S\xe4\xba\xb1\f\xc8`\xa6s\xad\x11\xd4wG\x80u\x87u\xff\x87\xee', 0x2) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x940a, 0x1000007}) fcntl$addseals(r0, 0x409, 0xb) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newlink={0x40, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @rand_addr=0xc0586300}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x3}]}}}]}, 0x40}}, 0x0) sendto(r1, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x14c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 551.11662ms ago: executing program 4 (id=1353): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x5c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x38, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @local}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x3, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x4}, @CTA_HELP={0xc, 0x5, 0x0, 0x1, {0x8, 0x1, 'RAS\x00'}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x400c014}, 0x10) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x40814) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f727400"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a0000040500010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) 535.712018ms ago: executing program 2 (id=1354): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a50000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0c000980080001400000000508000840000000011400000011000100"], 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000aefff000900020073797a310000ffdf0900010073797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) recvmmsg(r2, &(0x7f0000001f00)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x0, 0x0) 429.880208ms ago: executing program 2 (id=1355): r0 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99f0}, 0x94) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20) r4 = dup(r3) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000040)='./file0\x00', r4}, 0x18) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@generic={&(0x7f0000000140)='./file0\x00'}, 0x18) 385.38392ms ago: executing program 2 (id=1356): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1de0000080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000003700)=ANY=[@ANYBLOB="140000001000010000000000000000000500000aa82c00000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000007c2c0380100000800c00018006000100d1ff0000d4060080480001801400028008000180fffffffd08000340000000033000028008000180ffffffff08000180fffffffc08000180ffffffff08000340000000010900020073797a300000000089000640b80d1868322c68556ea351084de75a8ee4d686e60a0efa53bfd499e92a740ae8d05d16a05df3701e0fa9f8f0af87f400041d5f037b82cbbaf54dbcbba280ad1ab3ec3e30af7ebb205b0e5e7e71a14e5ec3333ef9d4aa95917ec4ec4d30058cab865ff6e147b8a9a61a2162281b6477a5fbd1fa9b64c42a78d994f24bf68839752574478d1a00000030000b802c0001800a0001006c696d69740000001c000280080003400000000a080004400000000008000440000000010900090073797a310000000040010b8060000180080001006475700054000280080002400000001e08000140000000150800014000000012080001400000001108000140000000150800014000000015080001400000000b0800024000000000080001400000001708000140000000130c0001800800010064757000680001800a00010071756f7461000000580002800c0004400000000000000003080002400000000308000240000000050c00014000000000000000020c00014000000000000005c90c000140000000000000094c08000240000000000c00014000000000000000003c0001800a00010072656469720000002c000280080001400000000c0800014000000017080001400000001408000140000000030800014000000013140001800d00010073796e70726f78790000000018000180080001006e6174000c000280080003400000000f0800034000000001f80002"], 0x2cd0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 244.204104ms ago: executing program 2 (id=1357): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r4 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0}}}, 0x24}}, 0x0) 243.784194ms ago: executing program 0 (id=1359): r0 = perf_event_open(&(0x7f0000000fc0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0xf6103, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24000000, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffefffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000007000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000bc0)={{r1}, &(0x7f0000000b40), &(0x7f0000000b80)='%pB \x00'}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40001) 77.576344ms ago: executing program 0 (id=1360): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}, 0x1, 0x0, 0x0, 0x4c840}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0xfffc, 0x0, 0x4}, 0x4000810) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@delchain={0x24, 0x64, 0xf31, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {0xfff3, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) 2.57446ms ago: executing program 1 (id=1361): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x2, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) socket(0x2, 0x80805, 0x0) close(0x3) sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000006000000140008"], 0x28}}, 0x8000) 0s ago: executing program 2 (id=1362): syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x12080c0, &(0x7f0000000240), 0x3, 0x45c, &(0x7f0000000580)="$eJzs282PU1UbAPDndlq+eWdegh98qKNoJH7MMAMiCzcaTVxoYqILdDfODAQpjGHGRAjR0RhcGhIX7ojuTPwLXOnGKCsTt7o3JMSwAVnV3PbeoS1tKbW0YH+/pPSc3nNznod7T++590wDGFmT6T9JxJaI+D0ixmvVxgaTtbdrV87O/33l7HwSlcqbfyXVdlevnJ3Pm+b7bc4rxYjCZ0nsatHv8ukzx+fK5cVTWX165cT708unzzx77MTc0cWjiydnDx06sH/m+YOzz/UlzzSvqzs/Wtq949W3z78+f/j8u798l+T5N+XRJ5OdNj5RqfS5u+HaWldOivHNV0OMhe6N1YZplKrjfzzGqrWa8Xjl06EGB9xRlUqlcn/7zasV4D8siWFHAAxHfqFP73/z14CmHneFyy/WboDSvK9lr9qWYhSyNqWm+9t+moyIw6vXL6SvuDPPIQAAGvyQzn+eaTX/K0T9c6H/ZWsoExHx/4jYFhEHI2J7RNwXUW37QEQ8eJv9Ny+S3Dz/KVzqKbEupfO/F7K1rcb5Xz77i4mxrLa1mn8pOXKsvLgv+z/ZG6X1aX2mQx8/vvzbF+22Ved/payyev1C2n8+F8ziuFRc37jPwtzKXK/5Nrv8ScTOYqv8k7WVgCQidkTEzh77OPbUt7vbbauf/x5umX8HxR4DqlP5OuLJ2vFfjab8c0nn9cnpDVFe3DednxU3u/jruTfa9f+v8u+D9Phvann+r5lI6tdrl2+/j3N/fN72nubW+bc+/9clb1XL+VH6cG5l5dRMxLrktVrQ9Z/P3tg3r+ft0/z37mk9/rdl+6R97IqI9CR+KCIejohHstgfjYjHImJPh/x/funx93rPv8GGDt30JM1/oeXxXzv/m47/jcK6aP6kdWHs+E/fN3Q6cTv5p8f/QLW0N/ukm++/buLq7WwGAACAe08hIrZEUphaKxcKU1O1v+HfHpsK5aXllaePLH1wcqH2G4GJKBXyJ13jdc9DZ7Lb+rw+21Tfnz03/nJsY7U+Nb9UXhh28jDiNrcZ/6k/x4YdHXDH9WEdDbhHGf8wuox/GF3GP4yuFuN/Y/Z+cdCxAIPV6vr/8RDiAAavafxb9oMR4v4fRlc34/+dAcQBDJ7rP4yk5Y1x6x/JKyjcVIhCN42T7Npyd8Ss0H1h2N9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/fFPAAAA//8eWuDl") r0 = gettid() timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) kernel console output (not intermixed with test programs): eturn value 0 on prog (id 16) dev N/A, expect packet loss! [ 45.299740][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.329896][ T28] audit: type=1400 audit(1773179720.227:193): avc: denied { connect } for pid=3696 comm="syz.2.79" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 45.373675][ T3707] loop4: detected capacity change from 0 to 1024 [ 45.388800][ T28] audit: type=1400 audit(1773179720.267:194): avc: denied { open } for pid=3684 comm="syz.1.75" path="/13/file0/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 45.433134][ T3707] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 45.443585][ T3707] System zones: 0-1, 3-36 [ 45.448343][ T28] audit: type=1400 audit(1773179720.317:195): avc: denied { ioctl } for pid=3699 comm="syz.4.81" path="socket:[6195]" dev="sockfs" ino=6195 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 45.472855][ T3707] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.84: bad orphan inode 134217728 [ 45.472950][ T3707] loop4: lost filesystem error report for type 5 error -117 [ 45.483408][ T28] audit: type=1400 audit(1773179720.427:196): avc: denied { read } for pid=3704 comm="syz.4.84" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 45.511127][ T28] audit: type=1400 audit(1773179720.487:197): avc: denied { bind } for pid=3710 comm="syz.2.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 45.538641][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 45.545127][ C0] EXT4-fs (loop4): initial error at time 1773179720: ext4_orphan_get:1417 [ 45.553705][ C0] EXT4-fs (loop4): last error at time 1773179720: ext4_orphan_get:1417 [ 45.581583][ T28] audit: type=1326 audit(1773179720.647:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3712 comm="syz.2.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 45.605438][ T3707] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.618450][ T3713] loop2: detected capacity change from 0 to 128 [ 45.633950][ T28] audit: type=1326 audit(1773179720.647:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3712 comm="syz.2.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 46.604171][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.077421][ T3754] netlink: 24 bytes leftover after parsing attributes in process `syz.2.102'. [ 47.372244][ T3760] loop2: detected capacity change from 0 to 256 [ 47.437762][ T3766] netlink: 4 bytes leftover after parsing attributes in process `syz.4.107'. [ 47.934877][ T3789] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 47.942152][ T3789] IPv6: NLM_F_CREATE should be set when creating new route [ 48.017866][ T3797] loop1: detected capacity change from 0 to 512 [ 48.025017][ T3797] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 48.038485][ T3797] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 48.050134][ T3797] EXT4-fs (loop1): 1 truncate cleaned up [ 48.059116][ T3797] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.065135][ T3779] loop3: detected capacity change from 0 to 2048 [ 48.150450][ T3779] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.180022][ T3779] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.290186][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.568922][ T3808] veth0: entered promiscuous mode [ 48.574291][ T3808] veth0: left promiscuous mode [ 48.578219][ T50] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm kworker/u8:3: bg 0: block 345: padding at end of block bitmap is not set [ 48.595952][ T50] EXT4-fs (loop3): Remounting filesystem read-only [ 48.606594][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.646709][ T3815] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 48.654051][ T3815] IPv6: NLM_F_CREATE should be set when creating new route [ 48.731038][ T35] IPVS: starting estimator thread 0... [ 48.828668][ T3823] IPVS: using max 2160 ests per chain, 108000 per kthread [ 48.893085][ T3832] process 'syz.4.133' launched './file0' with NULL argv: empty string added [ 50.110345][ T3898] netlink: 'syz.1.153': attribute type 4 has an invalid length. [ 50.159954][ T3898] netlink: 'syz.1.153': attribute type 4 has an invalid length. [ 50.227492][ T3902] loop1: detected capacity change from 0 to 1024 [ 50.378997][ T3902] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 50.406643][ T3902] ext4 filesystem being mounted at /27/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.560612][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 50.589844][ T3912] loop2: detected capacity change from 0 to 128 [ 50.604169][ T3912] syz.2.158: attempt to access beyond end of device [ 50.604169][ T3912] loop2: rw=8390657, sector=129, nr_sectors = 1 limit=128 [ 50.628651][ T3912] Buffer I/O error on dev loop2, logical block 129, lost async page write [ 50.637224][ T3912] syz.2.158: attempt to access beyond end of device [ 50.637224][ T3912] loop2: rw=8390657, sector=130, nr_sectors = 1 limit=128 [ 50.650890][ T3912] Buffer I/O error on dev loop2, logical block 130, lost async page write [ 50.659637][ T3912] syz.2.158: attempt to access beyond end of device [ 50.659637][ T3912] loop2: rw=8390657, sector=131, nr_sectors = 1 limit=128 [ 50.673379][ T3912] Buffer I/O error on dev loop2, logical block 131, lost async page write [ 50.678961][ T3914] netlink: 24 bytes leftover after parsing attributes in process `syz.1.157'. [ 50.682182][ T3912] syz.2.158: attempt to access beyond end of device [ 50.682182][ T3912] loop2: rw=8390657, sector=132, nr_sectors = 1 limit=128 [ 50.704551][ T3912] Buffer I/O error on dev loop2, logical block 132, lost async page write [ 50.713158][ T28] kauditd_printk_skb: 64 callbacks suppressed [ 50.713175][ T28] audit: type=1400 audit(1773179725.767:264): avc: denied { create } for pid=3906 comm="syz.0.156" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 50.739882][ T3912] syz.2.158: attempt to access beyond end of device [ 50.739882][ T3912] loop2: rw=8390657, sector=133, nr_sectors = 1 limit=128 [ 50.747993][ T28] audit: type=1400 audit(1773179725.767:265): avc: denied { read write } for pid=3906 comm="syz.0.156" name="file0" dev="tmpfs" ino=169 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 50.777285][ T28] audit: type=1400 audit(1773179725.767:266): avc: denied { ioctl open } for pid=3906 comm="syz.0.156" path="/29/file0" dev="tmpfs" ino=169 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 50.795194][ T3912] Buffer I/O error on dev loop2, logical block 133, lost async page write [ 50.830024][ T28] audit: type=1400 audit(1773179725.897:267): avc: denied { unlink } for pid=3316 comm="syz-executor" name="file0" dev="tmpfs" ino=169 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 50.853960][ T3912] syz.2.158: attempt to access beyond end of device [ 50.853960][ T3912] loop2: rw=8390657, sector=129, nr_sectors = 1 limit=128 [ 50.911146][ T28] audit: type=1400 audit(1773179725.937:268): avc: denied { mount } for pid=3916 comm="syz.0.159" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 50.918848][ T3912] Buffer I/O error on dev loop2, logical block 129, lost async page write [ 50.952832][ T3912] syz.2.158: attempt to access beyond end of device [ 50.952832][ T3912] loop2: rw=8390657, sector=130, nr_sectors = 1 limit=128 [ 50.958748][ T28] audit: type=1326 audit(1773179725.937:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3916 comm="syz.0.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 50.987274][ T3912] Buffer I/O error on dev loop2, logical block 130, lost async page write [ 50.999223][ T28] audit: type=1326 audit(1773179725.937:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3916 comm="syz.0.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 51.018813][ T3912] syz.2.158: attempt to access beyond end of device [ 51.018813][ T3912] loop2: rw=8390657, sector=131, nr_sectors = 1 limit=128 [ 51.024301][ T28] audit: type=1326 audit(1773179725.937:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3916 comm="syz.0.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 51.047582][ T3912] Buffer I/O error on dev loop2, logical block 131, lost async page write [ 51.061337][ T28] audit: type=1326 audit(1773179725.937:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3916 comm="syz.0.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 51.125113][ T3912] syz.2.158: attempt to access beyond end of device [ 51.125113][ T3912] loop2: rw=8390657, sector=132, nr_sectors = 1 limit=128 [ 51.188661][ T3912] Buffer I/O error on dev loop2, logical block 132, lost async page write [ 51.210858][ T3912] syz.2.158: attempt to access beyond end of device [ 51.210858][ T3912] loop2: rw=8390657, sector=133, nr_sectors = 1 limit=128 [ 51.267843][ T3912] Buffer I/O error on dev loop2, logical block 133, lost async page write [ 51.274454][ T28] audit: type=1326 audit(1773179725.937:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3916 comm="syz.0.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 51.570677][ T3923] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.580261][ T3923] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.145210][ T3923] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 52.155570][ T3923] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 52.196436][ T3945] netlink: 14 bytes leftover after parsing attributes in process `syz.2.169'. [ 52.290312][ T3944] 8021q: adding VLAN 0 to HW filter on device bond1 [ 52.327055][ T3944] bond0: (slave bond1): Enslaving as an active interface with an up link [ 52.365701][ T69] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.374741][ T69] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.422106][ T3945] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 52.440515][ T3945] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 52.467861][ T3945] bond0 (unregistering): (slave bond1): Releasing backup interface [ 52.569196][ T3945] bond0 (unregistering): Released all slaves [ 52.618677][ T69] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.653847][ T69] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.229580][ T3979] loop4: detected capacity change from 0 to 1024 [ 53.249654][ T3982] team0: No ports can be present during mode change [ 53.287758][ T3979] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.817777][ T4024] team0: No ports can be present during mode change [ 54.212823][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.259250][ T4044] netlink: 4 bytes leftover after parsing attributes in process `syz.2.206'. [ 54.506322][ C0] vcan0: j1939_tp_rxtimer: 0xffff88811a126e00: rx timeout, send abort [ 54.759979][ T4066] mmap: syz.3.214 (4066) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 54.861919][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.869190][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.925018][ T4033] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 54.951007][ T4033] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 55.006412][ C0] vcan0: j1939_tp_rxtimer: 0xffff88811a126a00: rx timeout, send abort [ 55.015169][ C0] vcan0: j1939_tp_rxtimer: 0xffff88811a126e00: abort rx timeout. Force session deactivation [ 55.075685][ T30] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.084744][ T30] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.093977][ T30] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.109683][ T4033] syz.1.199 (4033) used greatest stack depth: 9992 bytes left [ 55.298692][ T30] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.444909][ T4084] netlink: 4 bytes leftover after parsing attributes in process `syz.4.221'. [ 56.360263][ T4095] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=45 sclass=netlink_audit_socket pid=4095 comm=syz.0.226 [ 56.565870][ T28] kauditd_printk_skb: 25 callbacks suppressed [ 56.565960][ T28] audit: type=1400 audit(1773179731.627:299): avc: denied { block_suspend } for pid=4111 comm="syz.2.235" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 56.689856][ T4121] netlink: 64 bytes leftover after parsing attributes in process `syz.4.237'. [ 56.780901][ T4126] netlink: 'syz.0.241': attribute type 4 has an invalid length. [ 56.811321][ T4128] loop4: detected capacity change from 0 to 736 [ 56.828284][ T4126] netlink: 'syz.0.241': attribute type 4 has an invalid length. [ 56.856280][ T28] audit: type=1400 audit(1773179731.907:300): avc: denied { mount } for pid=4123 comm="syz.4.240" name="/" dev="loop4" ino=1472 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 56.916230][ T4128] netlink: zone id is out of range [ 56.940958][ T4128] netlink: zone id is out of range [ 56.953758][ T4128] netlink: zone id is out of range [ 57.009015][ T4128] netlink: zone id is out of range [ 57.017272][ T4128] netlink: zone id is out of range [ 57.063615][ T4128] netlink: zone id is out of range [ 57.079556][ T4128] netlink: zone id is out of range [ 57.088701][ T4128] netlink: zone id is out of range [ 57.102702][ T4128] netlink: zone id is out of range [ 57.116979][ T4128] netlink: zone id is out of range [ 57.177102][ T28] audit: type=1400 audit(1773179732.237:301): avc: denied { unmount } for pid=3324 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 57.255292][ T4148] netlink: 4 bytes leftover after parsing attributes in process `syz.1.250'. [ 57.381612][ T4158] tipc: Failed to remove unknown binding: 66,1,1/0:2807562887/2807562889 [ 57.431419][ T4160] loop2: detected capacity change from 0 to 512 [ 57.477500][ T4160] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.255: invalid indirect mapped block 256 (level 2) [ 57.491063][ T4160] loop2: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 57.498649][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 57.514268][ C1] EXT4-fs (loop2): initial error at time 1773179732: ext4_free_branches:1023: inode 11 [ 57.521151][ T4160] EXT4-fs (loop2): Remounting filesystem read-only [ 57.523997][ C1] EXT4-fs (loop2): last error at time 1773179732: ext4_free_branches:1023: inode 11 [ 57.558486][ T4160] EXT4-fs (loop2): 2 truncates cleaned up [ 57.568803][ T4165] netlink: 'syz.1.257': attribute type 4 has an invalid length. [ 57.575211][ T4160] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.603628][ T4165] netlink: 'syz.1.257': attribute type 4 has an invalid length. [ 57.620733][ T28] audit: type=1326 audit(1773179732.687:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4159 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 57.681518][ T28] audit: type=1326 audit(1773179732.687:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4159 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 57.717061][ T28] audit: type=1326 audit(1773179732.687:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4159 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3fbbd1cfce code=0x7ffc0000 [ 57.741536][ T28] audit: type=1326 audit(1773179732.687:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4159 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 57.776281][ T28] audit: type=1326 audit(1773179732.687:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4159 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 57.801028][ T28] audit: type=1326 audit(1773179732.687:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4159 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 57.836655][ T28] audit: type=1326 audit(1773179732.687:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4159 comm="syz.2.255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 57.881349][ T4178] netlink: 'syz.1.259': attribute type 11 has an invalid length. [ 58.094231][ T4197] netlink: 'syz.1.265': attribute type 1 has an invalid length. [ 58.112016][ T4197] 8021q: adding VLAN 0 to HW filter on device bond1 [ 58.141626][ T4197] bond1: (slave veth5): Enslaving as an active interface with a down link [ 58.165503][ T4197] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 58.175719][ T4197] bond1: (slave batadv1): making interface the new active one [ 58.184735][ T4197] batadv1: entered promiscuous mode [ 58.191791][ T4197] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 58.199311][ T4203] capability: warning: `syz.3.266' uses 32-bit capabilities (legacy support in use) [ 58.224156][ T4160] syz.2.255 (4160) used greatest stack depth: 9336 bytes left [ 58.279406][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.313591][ T4203] io-wq is not configured for unbound workers [ 58.455039][ T4219] netlink: 4 bytes leftover after parsing attributes in process `syz.3.272'. [ 58.702159][ T4241] netlink: 24 bytes leftover after parsing attributes in process `syz.3.278'. [ 58.895093][ T4259] loop4: detected capacity change from 0 to 1764 [ 59.021394][ T4277] loop2: detected capacity change from 0 to 164 [ 59.048531][ T4277] iso9660: Unknown parameter '1ô¡²Ÿ`Ùèø»­PÉ’óìá àÓ|w' [ 59.183860][ T4288] netlink: 4 bytes leftover after parsing attributes in process `syz.4.296'. [ 59.244133][ T4289] netlink: 12 bytes leftover after parsing attributes in process `syz.4.296'. [ 59.356664][ T4291] netlink: 12 bytes leftover after parsing attributes in process `syz.4.296'. [ 62.152829][ T4286] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.160099][ T4286] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.303213][ T30] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.353823][ T30] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.413147][ T28] kauditd_printk_skb: 48 callbacks suppressed [ 62.413213][ T28] audit: type=1400 audit(1773179737.477:357): avc: denied { create } for pid=4326 comm="syz.1.303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 62.458637][ T30] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.467671][ T30] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.508645][ T28] audit: type=1400 audit(1773179737.507:358): avc: denied { setopt } for pid=4326 comm="syz.1.303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 62.540377][ T4332] loop2: detected capacity change from 0 to 512 [ 62.568750][ T28] audit: type=1400 audit(1773179737.507:359): avc: denied { bind } for pid=4326 comm="syz.1.303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 62.630723][ T28] audit: type=1400 audit(1773179737.507:360): avc: denied { write } for pid=4326 comm="syz.1.303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 62.680241][ T4332] EXT4-fs: Ignoring removed bh option [ 62.686055][ T4332] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 62.729864][ T4332] EXT4-fs (loop2): 1 truncate cleaned up [ 62.736620][ T4332] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 62.767103][ T28] audit: type=1400 audit(1773179737.787:361): avc: denied { ioctl } for pid=4330 comm="syz.1.306" path="socket:[19302]" dev="sockfs" ino=19302 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 62.829121][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.906291][ T28] audit: type=1400 audit(1773179737.967:362): avc: denied { write } for pid=4347 comm="syz.3.310" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 62.951442][ T4341] loop4: detected capacity change from 0 to 1024 [ 62.975093][ T4344] SELinux: policydb magic number 0x6c65732f does not match expected magic number 0xf97cff8c [ 63.000294][ T4344] SELinux: failed to load policy [ 63.016790][ T28] audit: type=1400 audit(1773179738.037:363): avc: denied { load_policy } for pid=4343 comm="syz.2.308" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 63.082147][ T4341] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.096547][ T4341] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.189897][ T4341] EXT4-fs (loop4): shut down requested (0) [ 63.287239][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 63.348167][ T4372] netlink: 24 bytes leftover after parsing attributes in process `syz.2.317'. [ 63.367307][ T28] audit: type=1400 audit(1773179738.427:364): avc: denied { create } for pid=4373 comm="syz.4.316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 63.448042][ T4374] batadv0: entered allmulticast mode [ 63.463629][ T4374] net_ratelimit: 152 callbacks suppressed [ 63.463643][ T4374] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 63.485391][ T4372] netlink: 4 bytes leftover after parsing attributes in process `syz.2.317'. [ 63.638102][ T4381] netlink: 400 bytes leftover after parsing attributes in process `syz.3.320'. [ 63.678061][ T28] audit: type=1326 audit(1773179738.717:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4382 comm="syz.2.322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 63.751532][ T28] audit: type=1326 audit(1773179738.717:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4382 comm="syz.2.322" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 64.340777][ T4403] loop2: detected capacity change from 0 to 4096 [ 64.358348][ T4403] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.490048][ T4408] netlink: 'syz.0.326': attribute type 4 has an invalid length. [ 64.492269][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.529167][ T4408] netlink: 'syz.0.326': attribute type 4 has an invalid length. [ 64.584670][ T4406] loop1: detected capacity change from 0 to 8192 [ 64.620068][ T4408] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.627466][ T4408] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.643460][ T4406] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 64.716552][ T4418] netlink: 12 bytes leftover after parsing attributes in process `syz.1.334'. [ 64.761328][ T4408] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 64.792070][ T4408] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.829937][ T4420] netlink: 28 bytes leftover after parsing attributes in process `syz.1.334'. [ 64.951144][ T4419] 8021q: adding VLAN 0 to HW filter on device bond3 [ 64.960542][ T4419] bond2: (slave bond3): Enslaving as an active interface with an up link [ 64.979791][ T4420] 8021q: adding VLAN 0 to HW filter on device bond2 [ 65.000092][ T36] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.019180][ T4422] netlink: 4 bytes leftover after parsing attributes in process `syz.4.335'. [ 65.028157][ T36] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.061210][ T36] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.090020][ T36] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.142667][ T4438] netlink: 8 bytes leftover after parsing attributes in process `syz.4.340'. [ 65.327929][ T4457] netlink: 4 bytes leftover after parsing attributes in process `syz.1.348'. [ 65.338856][ T4457] netlink: 12 bytes leftover after parsing attributes in process `syz.1.348'. [ 65.414751][ T4465] netlink: 136 bytes leftover after parsing attributes in process `syz.2.352'. [ 67.686573][ T4542] loop3: detected capacity change from 0 to 8192 [ 67.744528][ T28] kauditd_printk_skb: 54 callbacks suppressed [ 67.744546][ T28] audit: type=1400 audit(1773179742.807:421): avc: denied { watch watch_reads } for pid=4541 comm="syz.3.377" path=2F35352F2E02 dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 67.948781][ T28] audit: type=1400 audit(1773179742.997:422): avc: denied { getopt } for pid=4551 comm="syz.3.381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 68.296025][ T4309] IPVS: starting estimator thread 0... [ 68.298273][ T4560] netlink: 'syz.4.385': attribute type 1 has an invalid length. [ 68.310476][ T28] audit: type=1400 audit(1773179743.367:423): avc: denied { create } for pid=4561 comm="syz.3.383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 68.345314][ T28] audit: type=1400 audit(1773179743.367:424): avc: denied { setopt } for pid=4561 comm="syz.3.383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 68.351600][ T4560] bond1: entered promiscuous mode [ 68.373029][ T4560] 8021q: adding VLAN 0 to HW filter on device bond1 [ 68.394870][ T4560] __nla_validate_parse: 1 callbacks suppressed [ 68.394884][ T4560] netlink: 12 bytes leftover after parsing attributes in process `syz.4.385'. [ 68.410171][ T4563] IPVS: using max 2400 ests per chain, 120000 per kthread [ 68.411022][ T4560] netlink: 12 bytes leftover after parsing attributes in process `syz.4.385'. [ 68.440691][ T4560] bond1: (slave bridge2): making interface the new active one [ 68.448290][ T4560] bridge2: entered promiscuous mode [ 68.458104][ T4560] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 68.679118][ T28] audit: type=1400 audit(1773179743.737:425): avc: denied { shutdown } for pid=4573 comm="syz.4.390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 68.978328][ T28] audit: type=1400 audit(1773179744.037:426): avc: denied { listen } for pid=4581 comm="syz.3.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 69.015166][ T28] audit: type=1400 audit(1773179744.057:427): avc: denied { accept } for pid=4581 comm="syz.3.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 69.070613][ T28] audit: type=1400 audit(1773179744.127:428): avc: denied { mount } for pid=4583 comm="syz.3.394" name="/" dev="autofs" ino=20852 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 69.142215][ T28] audit: type=1400 audit(1773179744.127:429): avc: denied { mounton } for pid=4583 comm="syz.3.394" path="/file0" dev="autofs" ino=20853 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 69.179980][ T4297] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 69.209231][ T4297] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 69.477731][ T28] audit: type=1400 audit(1773179744.537:430): avc: denied { setopt } for pid=4595 comm="syz.1.398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 69.559040][ T12] batadv1: left promiscuous mode [ 70.321826][ T4630] netlink: 4 bytes leftover after parsing attributes in process `syz.2.410'. [ 70.359620][ T4630] netlink: 12 bytes leftover after parsing attributes in process `syz.2.410'. [ 70.637897][ T4640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.656893][ T4640] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.699865][ T4640] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 71.319125][ T4676] netlink: 'syz.2.429': attribute type 12 has an invalid length. [ 72.226114][ T4715] netlink: 8 bytes leftover after parsing attributes in process `syz.2.442'. [ 72.253692][ T4715] netlink: 8 bytes leftover after parsing attributes in process `syz.2.442'. [ 72.423878][ T4728] loop2: detected capacity change from 0 to 1024 [ 72.432360][ T4730] Zero length message leads to an empty skb [ 72.472175][ T4728] EXT4-fs: inline encryption not supported [ 72.478084][ T4728] EXT4-fs: Ignoring removed nobh option [ 72.518665][ T4728] EXT4-fs: Ignoring removed bh option [ 72.553679][ T4728] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.607150][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.755977][ T4740] loop3: detected capacity change from 0 to 8192 [ 72.790579][ T4740] loop3: p1 < > p2 p4 < p5 > [ 72.797626][ T4740] loop3: partition table partially beyond EOD, truncated [ 72.806456][ T4740] loop3: p1 start 134217728 is beyond EOD, truncated [ 72.813654][ T4740] loop3: p2 size 591360 extends beyond EOD, truncated [ 72.830976][ T4740] loop3: p5 size 591360 extends beyond EOD, truncated [ 72.855702][ T28] kauditd_printk_skb: 83 callbacks suppressed [ 72.855715][ T28] audit: type=1400 audit(1773179747.917:514): avc: denied { read write } for pid=4739 comm="syz.3.453" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 72.891684][ T28] audit: type=1400 audit(1773179747.947:515): avc: denied { open } for pid=4739 comm="syz.3.453" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 73.020339][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 73.032233][ T3307] udevd[3307]: inotify_add_watch(7, /dev/loop3p5, 10) failed: No such file or directory [ 73.043822][ T3309] udevd[3309]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 73.063175][ T4757] netlink: 'syz.3.459': attribute type 4 has an invalid length. [ 73.104932][ T4757] netlink: 'syz.3.459': attribute type 4 has an invalid length. [ 73.135599][ T4762] loop2: detected capacity change from 0 to 512 [ 73.179349][ T4762] EXT4-fs: Ignoring removed bh option [ 73.184946][ T4762] EXT4-fs: inline encryption not supported [ 73.209988][ T4762] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 73.237204][ T4757] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.242046][ T4762] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1142: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 73.244759][ T4757] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.271494][ T4762] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.460: bg 0: block 248: padding at end of block bitmap is not set [ 73.296039][ T4762] loop2: lost filesystem error report for type 5 error -117 [ 73.296248][ T4762] Quota error (device loop2): write_blk: dquota write failed [ 73.303617][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 73.303638][ C0] EXT4-fs (loop2): last error at time 1773179748: ext4_validate_block_bitmap:441 [ 73.351160][ T4762] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 73.369771][ T4762] EXT4-fs error (device loop2): ext4_acquire_dquot:7001: comm syz.2.460: Failed to acquire dquot type 1 [ 73.384296][ T4771] loop4: detected capacity change from 0 to 1024 [ 73.408872][ T4762] loop2: lost filesystem error report for type 5 error -117 [ 73.410912][ T4772] netlink: 'syz.1.462': attribute type 27 has an invalid length. [ 73.426858][ T4771] EXT4-fs: Ignoring removed nomblk_io_submit option [ 73.438246][ T4762] EXT4-fs (loop2): 1 truncate cleaned up [ 73.450107][ T4757] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 73.458072][ T4762] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 73.459926][ T4771] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 73.483512][ T4771] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e054c018, mo2=0002] [ 73.491934][ T4771] System zones: 0-1, 3-36 [ 73.495165][ T4757] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 73.498309][ T4771] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.524309][ T28] audit: type=1326 audit(1773179748.587:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 73.548543][ T28] audit: type=1326 audit(1773179748.587:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 73.572772][ T28] audit: type=1326 audit(1773179748.597:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 73.573053][ T4771] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 73.596334][ T28] audit: type=1326 audit(1773179748.597:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 73.628777][ T28] audit: type=1326 audit(1773179748.597:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 73.653032][ T28] audit: type=1326 audit(1773179748.597:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4769 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 73.734662][ T4762] syz.2.460 (4762) used greatest stack depth: 9160 bytes left [ 73.748428][ T4773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.760515][ T4773] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.768034][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 73.778338][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.789424][ T4773] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 73.828929][ T12] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.849743][ T12] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.858880][ T12] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.867886][ T12] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.959399][ T4784] tipc: Enabling of bearer rejected, failed to enable media [ 74.133652][ T4790] loop1: detected capacity change from 0 to 8192 [ 74.188759][ T3309] loop1: p1 < > p2 p4 < p5 > [ 74.193645][ T3309] loop1: partition table partially beyond EOD, truncated [ 74.201144][ T3309] loop1: p1 start 134217728 is beyond EOD, truncated [ 74.215770][ T3309] loop1: p2 size 591360 extends beyond EOD, truncated [ 74.258011][ T3309] loop1: p5 size 591360 extends beyond EOD, truncated [ 74.278966][ T4790] loop1: p1 < > p2 p4 < p5 > [ 74.283707][ T4790] loop1: partition table partially beyond EOD, truncated [ 74.308874][ T4790] loop1: p1 start 134217728 is beyond EOD, truncated [ 74.317933][ T4790] loop1: p2 size 591360 extends beyond EOD, truncated [ 74.334794][ T4790] loop1: p5 size 591360 extends beyond EOD, truncated [ 74.378480][ T4797] loop2: detected capacity change from 0 to 512 [ 74.544579][ T4797] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 74.565268][ T4797] ------------[ cut here ]------------ [ 74.571498][ T4797] EA inode 11 i_nlink=2 [ 74.571916][ T4797] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x313/0x350, CPU#0: syz.2.472/4797 [ 74.587607][ T4797] Modules linked in: [ 74.592426][ T4797] CPU: 0 UID: 0 PID: 4797 Comm: syz.2.472 Not tainted syzkaller #0 PREEMPT(full) [ 74.602335][ T4797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 74.613365][ T4797] RIP: 0010:ext4_xattr_inode_update_ref+0x332/0x350 [ 74.620549][ T4797] Code: a4 47 99 ff 4c 8d 2d 5d c0 5d 05 49 8d 7e 40 e8 44 e1 b5 ff 49 8b 6e 40 4c 89 e7 e8 78 dc b5 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 02 ff ff ff e8 ff 59 dd 03 66 66 66 66 66 66 2e [ 74.640648][ T4797] RSP: 0018:ffffc90001217778 EFLAGS: 00010246 [ 74.646975][ T4797] RAX: ffff888101d0cdb8 RBX: ffff888107bed788 RCX: ffffffff81c00598 [ 74.656017][ T4797] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff871dc5e0 [ 74.664591][ T4797] RBP: 000000000000000b R08: 0001888107bed73b R09: 0000000000000000 [ 74.673598][ T4797] R10: ffffc900012176a8 R11: 0001c900012176a8 R12: ffff888107bed738 [ 74.682778][ T4797] R13: ffffffff871dc5e0 R14: ffff888107bed6f0 R15: 0000000000000001 [ 74.691427][ T4797] FS: 00007f3fba7af6c0(0000) GS:ffff8882ae8dc000(0000) knlGS:0000000000000000 [ 74.701157][ T4797] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.708374][ T4797] CR2: 0000000034747865 CR3: 000000011a8c4000 CR4: 00000000003506f0 [ 74.717437][ T4797] Call Trace: [ 74.721438][ T4797] [ 74.724927][ T4797] ext4_xattr_inode_dec_ref_all+0x57c/0x880 [ 74.731804][ T4797] ? errseq_check+0x2c/0x50 [ 74.736875][ T4797] ext4_xattr_delete_inode+0x6c1/0x7a0 [ 74.743208][ T4797] ? ext4_truncate+0x92b/0xb00 [ 74.748478][ T4797] ext4_evict_inode+0xa1f/0xd60 [ 74.754328][ T4797] ? __pfx_ext4_evict_inode+0x10/0x10 [ 74.760767][ T4797] evict+0x2af/0x510 [ 74.765496][ T4797] ? iput+0xc7/0x580 [ 74.769810][ T4797] iput+0x41a/0x580 [ 74.774415][ T4797] ext4_process_orphan+0x1a9/0x1c0 [ 74.780491][ T4797] ext4_orphan_cleanup+0x6a8/0xa00 [ 74.786086][ T4797] ext4_fill_super+0x3408/0x37c0 [ 74.791588][ T4797] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.797593][ T4797] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.803436][ T4797] get_tree_bdev_flags+0x291/0x300 [ 74.809328][ T4797] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.815118][ T4797] get_tree_bdev+0x1f/0x30 [ 74.820324][ T4797] ext4_get_tree+0x1c/0x30 [ 74.825203][ T4797] vfs_get_tree+0x57/0x1d0 [ 74.830394][ T4797] do_new_mount+0x288/0x8d0 [ 74.835465][ T4797] path_mount+0x4d0/0xbc0 [ 74.840967][ T4797] __se_sys_mount+0x28c/0x2e0 [ 74.846377][ T4797] __x64_sys_mount+0x67/0x80 [ 74.852851][ T4797] x64_sys_call+0x2d61/0x3020 [ 74.858313][ T4797] do_syscall_64+0x12c/0x370 [ 74.863446][ T4797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.869959][ T4797] RIP: 0033:0x7f3fbbd5da0a [ 74.874605][ T4797] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 74.895062][ T4797] RSP: 002b:00007f3fba7aee58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.903816][ T4797] RAX: ffffffffffffffda RBX: 00007f3fba7aeee0 RCX: 00007f3fbbd5da0a [ 74.917612][ T4797] RDX: 00002000000009c0 RSI: 0000200000000540 RDI: 00007f3fba7aeea0 [ 74.926202][ T4797] RBP: 00002000000009c0 R08: 00007f3fba7aeee0 R09: 0000000000800718 [ 74.940075][ T4797] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000540 [ 74.949468][ T4797] R13: 00007f3fba7aeea0 R14: 000000000000048d R15: 0000200000000200 [ 74.958367][ T4797] [ 74.962047][ T4797] ---[ end trace 0000000000000000 ]--- [ 75.010743][ T4806] uprobe: syz.4.475:4806 failed to unregister, leaking uprobe [ 75.018180][ T4797] EXT4-fs (loop2): 1 orphan inode deleted [ 75.047805][ T4797] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.085379][ T4810] netlink: 'syz.1.477': attribute type 1 has an invalid length. [ 75.125543][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 75.132665][ T3307] udevd[3307]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory [ 75.152249][ T3309] udevd[3309]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 75.172219][ T4815] netlink: 'syz.4.479': attribute type 1 has an invalid length. [ 75.188832][ T4810] 8021q: adding VLAN 0 to HW filter on device bond4 [ 75.209127][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.317994][ T4815] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 75.331469][ T4815] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 75.342047][ T4815] bond2: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 75.726393][ T4854] netlink: 24 bytes leftover after parsing attributes in process `syz.3.493'. [ 75.758943][ T4847] netlink: 8 bytes leftover after parsing attributes in process `syz.4.489'. [ 75.862359][ T4857] xt_hashlimit: size too large, truncated to 1048576 [ 76.546297][ T4868] loop2: detected capacity change from 0 to 512 [ 76.625624][ T4868] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 76.649679][ T4868] EXT4-fs (loop2): 1 truncate cleaned up [ 76.665027][ T4868] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.905888][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.015943][ T4886] netlink: 12 bytes leftover after parsing attributes in process `syz.2.503'. [ 77.537215][ T4911] netlink: 24 bytes leftover after parsing attributes in process `syz.1.513'. [ 78.062913][ T4928] netlink: 4 bytes leftover after parsing attributes in process `syz.4.520'. [ 78.154322][ T4927] netlink: 12 bytes leftover after parsing attributes in process `syz.4.520'. [ 78.481036][ T28] kauditd_printk_skb: 40 callbacks suppressed [ 78.481068][ T28] audit: type=1400 audit(1773179753.547:562): avc: denied { listen } for pid=4932 comm="syz.3.521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 78.610172][ T28] audit: type=1400 audit(1773179753.627:563): avc: denied { accept } for pid=4932 comm="syz.3.521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 78.859435][ T4945] netlink: 'syz.2.526': attribute type 1 has an invalid length. [ 78.997135][ T4949] netlink: 8 bytes leftover after parsing attributes in process `syz.3.528'. [ 79.016981][ T4949] netlink: 8 bytes leftover after parsing attributes in process `syz.3.528'. [ 79.154675][ T4945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.748786][ T4967] syz_tun: entered allmulticast mode [ 79.760556][ T4966] syz_tun: left allmulticast mode [ 79.863285][ T4975] netlink: 4 bytes leftover after parsing attributes in process `syz.2.538'. [ 80.033760][ T4985] loop3: detected capacity change from 0 to 1024 [ 80.066094][ T28] audit: type=1400 audit(1773179755.127:564): avc: denied { setattr } for pid=4986 comm="syz.1.542" name="/" dev="configfs" ino=1009 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 80.069057][ T4985] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (29950!=20869) [ 80.111358][ T4984] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 80.143867][ T4985] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 80.184600][ T4985] EXT4-fs error (device loop3): ext4_get_journal_inode:5863: comm syz.3.541: inode #4294967295: comm syz.3.541: iget: illegal inode # [ 80.245359][ T4985] loop3: lost filesystem error report for type 5 error -117 [ 80.247520][ T4985] EXT4-fs (loop3): no journal found [ 80.254938][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 80.254962][ C0] EXT4-fs (loop3): initial error at time 1773179755: ext4_get_journal_inode:5863 [ 80.254981][ C0] EXT4-fs (loop3): last error at time 1773179755: ext4_get_journal_inode:5863 [ 80.325963][ T4985] EXT4-fs (loop3): can't get journal size [ 80.342317][ T4985] EXT4-fs (loop3): failed to initialize system zone (-22) [ 80.358667][ T4985] EXT4-fs (loop3): mount failed [ 80.582465][ T28] audit: type=1326 audit(1773179755.637:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.4.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 80.702938][ T28] audit: type=1326 audit(1773179755.637:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.4.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 80.753489][ T28] audit: type=1326 audit(1773179755.637:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.4.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 80.861114][ T28] audit: type=1326 audit(1773179755.677:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.4.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 80.955862][ T28] audit: type=1326 audit(1773179755.687:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.4.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 81.042986][ T28] audit: type=1326 audit(1773179755.687:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.4.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 81.129314][ T28] audit: type=1326 audit(1773179755.687:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5000 comm="syz.4.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f174c02c799 code=0x7ffc0000 [ 81.153195][ T5017] veth1_to_bond: entered allmulticast mode [ 81.174324][ T5016] veth1_to_bond: left allmulticast mode [ 81.286533][ T5019] netlink: 'syz.3.556': attribute type 4 has an invalid length. [ 81.319539][ T5019] netlink: 'syz.3.556': attribute type 4 has an invalid length. [ 81.496107][ T5029] loop3: detected capacity change from 0 to 512 [ 81.541255][ T5029] EXT4-fs (loop3): 1 orphan inode deleted [ 81.547569][ T5029] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.600427][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.146981][ T5055] netlink: 'syz.1.567': attribute type 1 has an invalid length. [ 82.161603][ T5055] 8021q: adding VLAN 0 to HW filter on device bond5 [ 82.193997][ T5055] bond5: (slave veth9): Enslaving as an active interface with a down link [ 82.215092][ T5055] bond5: (slave dummy0): making interface the new active one [ 82.228819][ T5055] dummy0: entered promiscuous mode [ 82.234188][ T5055] bond5: (slave dummy0): Enslaving as an active interface with an up link [ 82.252146][ T5055] bond5 (unregistering): (slave veth9): Releasing active interface [ 82.267464][ T5055] bond5 (unregistering): (slave dummy0): Releasing active interface [ 82.276519][ T5055] bond5 (unregistering): Released all slaves [ 82.285506][ T5060] netlink: 'syz.4.569': attribute type 2 has an invalid length. [ 82.468761][ T5071] netlink: 4 bytes leftover after parsing attributes in process `syz.1.572'. [ 82.479244][ T5071] bridge_slave_1: left allmulticast mode [ 82.485104][ T5071] bridge_slave_1: left promiscuous mode [ 82.491870][ T5071] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.503371][ T5071] bridge_slave_0: left allmulticast mode [ 82.513575][ T5071] bridge_slave_0: left promiscuous mode [ 82.521001][ T5071] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.839184][ T5093] loop1: detected capacity change from 0 to 512 [ 82.846547][ T5093] msdos: Unknown parameter 'dotsdcheck' [ 83.568751][ T5034] Bluetooth: hci0: command 0x1003 tx timeout [ 83.570496][ T3724] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 83.617409][ T28] kauditd_printk_skb: 33 callbacks suppressed [ 83.617437][ T28] audit: type=1400 audit(1773179758.677:605): avc: denied { create } for pid=5114 comm="syz.4.590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 83.666849][ T28] audit: type=1400 audit(1773179758.707:606): avc: denied { write } for pid=5114 comm="syz.4.590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 83.808839][ T28] audit: type=1400 audit(1773179758.867:607): avc: denied { allowed } for pid=5126 comm="syz.1.594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 84.308091][ T28] audit: type=1400 audit(1773179759.367:608): avc: denied { execute } for pid=5143 comm="syz.0.602" path="/97/file0" dev="tmpfs" ino=522 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 85.068180][ T28] audit: type=1400 audit(1773179760.127:609): avc: denied { mount } for pid=5164 comm="syz.0.610" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 85.151891][ T28] audit: type=1400 audit(1773179760.127:610): avc: denied { remount } for pid=5164 comm="syz.0.610" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 85.661207][ T5191] netlink: 'syz.1.621': attribute type 1 has an invalid length. [ 85.711548][ T5191] bond5: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 85.755525][ T5191] bond5: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 85.813971][ T5191] bond5: (slave ip6gre1): making interface the new active one [ 85.833207][ T5195] netlink: 'syz.0.622': attribute type 3 has an invalid length. [ 85.852275][ T5191] bond5: (slave ip6gre1): Enslaving as an active interface with an up link [ 85.869031][ T5195] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.622'. [ 86.074380][ T5212] loop1: detected capacity change from 0 to 164 [ 86.120273][ T5212] Unable to read rock-ridge attributes [ 86.155643][ T28] audit: type=1400 audit(1773179761.217:611): avc: denied { mounton } for pid=5215 comm="syz.0.632" path="/106/file0" dev="tmpfs" ino=570 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 86.380256][ T28] audit: type=1400 audit(1773179761.447:612): avc: denied { watch watch_reads } for pid=5225 comm="syz.1.634" path="/144/file0" dev="tmpfs" ino=772 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 86.598145][ T28] audit: type=1400 audit(1773179761.657:613): avc: denied { create } for pid=5231 comm="syz.1.636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 86.719289][ T4296] IPVS: starting estimator thread 0... [ 86.726456][ T5232] IPVS: sh: FWM 3 0x00000003 - no destination available [ 86.741751][ T5232] IPVS: sh: FWM 3 0x00000003 - no destination available [ 86.828981][ T5235] IPVS: using max 2304 ests per chain, 115200 per kthread [ 86.871042][ T36] IPVS: stop unused estimator thread 0... [ 86.929768][ T28] audit: type=1400 audit(1773179761.997:614): avc: denied { bind } for pid=5241 comm="syz.1.640" lport=127 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 87.398817][ T5217] syz.3.631 (5217) used greatest stack depth: 7024 bytes left [ 88.317537][ T5282] loop2: detected capacity change from 0 to 164 [ 88.333283][ T5282] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 88.386125][ T5282] netlink: 16 bytes leftover after parsing attributes in process `syz.2.655'. [ 88.555171][ T5295] netlink: 2048 bytes leftover after parsing attributes in process `syz.4.658'. [ 88.712362][ T5295] netlink: 4 bytes leftover after parsing attributes in process `syz.4.658'. [ 88.874531][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 88.874548][ T28] audit: type=1400 audit(1773179763.937:621): avc: denied { connect } for pid=5300 comm="syz.1.662" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 89.057735][ T5307] loop1: detected capacity change from 0 to 512 [ 89.106592][ T5307] EXT4-fs error (device loop1): ext4_iget_extra_inode:5025: inode #15: comm syz.1.664: corrupted in-inode xattr: overlapping e_value [ 89.139410][ T5307] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 89.139749][ T5307] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.664: couldn't read orphan inode 15 (err -117) [ 89.149110][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 89.149137][ C0] EXT4-fs (loop1): initial error at time 1773179764: ext4_iget_extra_inode:5025: inode 15 [ 89.149182][ C0] EXT4-fs (loop1): last error at time 1773179764: ext4_iget_extra_inode:5025: inode 15 [ 89.187798][ T5307] loop1: lost filesystem error report for type 5 error -117 [ 89.188511][ T5307] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.214677][ T5307] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.1.664: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 89.249796][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.393155][ T5305] loop2: detected capacity change from 0 to 1024 [ 89.400695][ T5318] all: renamed from bridge_slave_1 [ 89.441121][ T5305] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 89.559173][ T5305] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 89.632424][ T5305] JBD2: no valid journal superblock found [ 89.662869][ T5305] EXT4-fs (loop2): Could not load journal inode [ 89.983132][ T5337] netlink: 'syz.1.674': attribute type 1 has an invalid length. [ 90.046135][ T28] audit: type=1400 audit(1773179765.107:622): avc: denied { mounton } for pid=5339 comm="syz.0.677" path="/115/file0" dev="tmpfs" ino=617 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 90.286505][ T5342] netlink: 8 bytes leftover after parsing attributes in process `syz.1.678'. [ 90.302040][ T28] audit: type=1400 audit(1773179765.357:623): avc: denied { map } for pid=5346 comm="syz.2.680" path="socket:[27066]" dev="sockfs" ino=27066 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 90.348891][ T28] audit: type=1400 audit(1773179765.357:624): avc: denied { read } for pid=5346 comm="syz.2.680" path="socket:[27066]" dev="sockfs" ino=27066 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 90.414059][ T5355] netlink: 12 bytes leftover after parsing attributes in process `syz.1.683'. [ 90.451206][ T5355] 8021q: adding VLAN 0 to HW filter on device bond7 [ 90.474361][ T5355] macsec1: entered promiscuous mode [ 90.479904][ T5355] bond7: entered promiscuous mode [ 90.489088][ T5355] bond7: left promiscuous mode [ 90.573722][ T5357] loop3: detected capacity change from 0 to 512 [ 90.601031][ T5357] EXT4-fs: Ignoring removed nobh option [ 90.631337][ T5357] EXT4-fs (loop3): orphan cleanup on readonly fs [ 90.674591][ T5357] EXT4-fs warning (device loop3): ext4_xattr_inode_get:560: inode #11: comm syz.3.684: EA inode hash validation failed [ 90.710207][ T5357] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 90.748630][ T28] audit: type=1400 audit(1773179765.777:625): avc: denied { connect } for pid=5367 comm="syz.1.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 90.771543][ T5357] EXT4-fs error (device loop3): ext4_do_update_inode:5569: inode #15: comm syz.3.684: corrupted inode contents [ 90.784496][ T5357] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 90.785606][ T5357] EXT4-fs error (device loop3): ext4_dirty_inode:6450: inode #15: comm syz.3.684: mark_inode_dirty error [ 90.795376][ C0] EXT4-fs (loop3): error count since last fsck: 1 [ 90.795437][ C0] EXT4-fs (loop3): initial error at time 1773179765: ext4_do_update_inode:5569: inode 15 [ 90.795636][ C0] EXT4-fs (loop3): last error at time 1773179765: ext4_do_update_inode:5569: inode 15 [ 90.838120][ T5357] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 90.879121][ T5357] EXT4-fs error (device loop3): ext4_do_update_inode:5569: inode #15: comm syz.3.684: corrupted inode contents [ 90.928868][ T5357] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 90.930203][ T5357] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2999: inode #15: comm syz.3.684: mark_inode_dirty error [ 90.978120][ T5357] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 91.007233][ T5357] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3002: inode #15: comm syz.3.684: mark inode dirty (error -117) [ 91.030657][ T5357] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 91.055643][ T5357] EXT4-fs warning (device loop3): ext4_evict_inode:275: xattr delete (err -117) [ 91.099092][ T5357] EXT4-fs (loop3): 1 orphan inode deleted [ 91.117357][ T5357] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 91.194244][ T3320] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.252062][ T5386] loop2: detected capacity change from 0 to 4096 [ 91.266791][ T5386] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.303753][ T28] audit: type=1400 audit(1773179766.367:626): avc: denied { add_name } for pid=5385 comm="syz.2.695" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 91.343225][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.443098][ T5393] loop2: detected capacity change from 0 to 512 [ 91.497734][ T5393] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 91.538260][ T5393] EXT4-fs (loop2): 1 truncate cleaned up [ 91.582101][ T5393] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.629037][ T5399] netlink: 8 bytes leftover after parsing attributes in process `syz.1.699'. [ 91.638538][ T28] audit: type=1400 audit(1773179766.697:627): avc: denied { nlmsg_read } for pid=5398 comm="syz.1.699" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 91.690202][ T5399] netlink: 4 bytes leftover after parsing attributes in process `syz.1.699'. [ 91.702773][ T5399] loop1: detected capacity change from 0 to 512 [ 91.722511][ T5399] ext4: Unknown parameter 'noacl' [ 91.808976][ T5401] uprobe: syz.0.700:5401 failed to unregister, leaking uprobe [ 91.851650][ T5400] uprobe: syz.0.700:5400 failed to unregister, leaking uprobe [ 91.920705][ T5405] loop1: detected capacity change from 0 to 512 [ 91.991650][ T5405] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2808: inode #11: comm syz.1.702: corrupted xattr block 95: invalid header [ 91.993666][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.017777][ T5414] loop4: detected capacity change from 0 to 512 [ 92.027569][ T5405] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 92.028599][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 92.044195][ C0] EXT4-fs (loop1): initial error at time 1773179767: ext4_expand_extra_isize_ea:2808: inode 11 [ 92.054625][ C0] EXT4-fs (loop1): last error at time 1773179767: ext4_expand_extra_isize_ea:2808: inode 11 [ 92.065516][ T5405] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2858: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 92.079591][ T5414] EXT4-fs: Ignoring removed nobh option [ 92.089854][ T5405] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.702: bg 0: block 7: invalid block bitmap [ 92.104104][ T5414] EXT4-fs (loop4): orphan cleanup on readonly fs [ 92.130771][ T5414] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.705: EA inode hash validation failed [ 92.131500][ T5405] loop1: lost filesystem error report for type 5 error -117 [ 92.165188][ T5405] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6685: Corrupt filesystem [ 92.202692][ T5405] loop1: lost filesystem error report for type 5 error -117 [ 92.202850][ T5405] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2970: inode #11: comm syz.1.702: corrupted xattr block 95: invalid header [ 92.223763][ T5414] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 92.241264][ T5414] EXT4-fs error (device loop4): ext4_do_update_inode:5569: inode #15: comm syz.4.705: corrupted inode contents [ 92.253297][ T5414] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 92.253497][ T5414] EXT4-fs error (device loop4): ext4_dirty_inode:6450: inode #15: comm syz.4.705: mark_inode_dirty error [ 92.262695][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 92.262718][ C1] EXT4-fs (loop4): initial error at time 1773179767: ext4_do_update_inode:5569: inode 15 [ 92.262757][ C1] EXT4-fs (loop4): last error at time 1773179767: ext4_do_update_inode:5569: inode 15 [ 92.301285][ T5405] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 92.301493][ T5405] EXT4-fs warning (device loop1): ext4_evict_inode:275: xattr delete (err -117) [ 92.302279][ T5414] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 92.320228][ T5414] EXT4-fs error (device loop4): ext4_do_update_inode:5569: inode #15: comm syz.4.705: corrupted inode contents [ 92.338975][ T5405] EXT4-fs (loop1): 1 orphan inode deleted [ 92.356410][ T5405] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.360566][ T5414] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2999: inode #15: comm syz.4.705: mark_inode_dirty error [ 92.389547][ T5414] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3002: inode #15: comm syz.4.705: mark inode dirty (error -117) [ 92.408805][ T5414] EXT4-fs warning (device loop4): ext4_evict_inode:275: xattr delete (err -117) [ 92.409368][ T5405] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 92.428328][ T5414] EXT4-fs (loop4): 1 orphan inode deleted [ 92.459018][ T5414] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 92.569750][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.750337][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.289472][ T5440] netlink: 236 bytes leftover after parsing attributes in process `syz.0.714'. [ 93.349088][ T5440] unsupported nla_type 217 [ 93.424811][ T5448] loop4: detected capacity change from 0 to 128 [ 93.486528][ T5448] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 93.500565][ T5448] ext4 filesystem being mounted at /160/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 93.563716][ T3324] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 93.606790][ T5453] loop3: detected capacity change from 0 to 256 [ 93.639979][ T28] audit: type=1326 audit(1773179768.697:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5460 comm="syz.2.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 93.693410][ T28] audit: type=1326 audit(1773179768.697:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5460 comm="syz.2.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 93.733958][ T28] audit: type=1326 audit(1773179768.697:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5460 comm="syz.2.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fbbd5c799 code=0x7ffc0000 [ 93.832823][ T5453] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 93.855734][ T5453] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 93.868270][ T5453] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 93.898789][ T5453] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 93.910658][ T5453] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 93.933752][ T5453] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 93.946328][ T5453] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 93.970692][ T5453] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 93.984321][ T5453] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 94.010789][ T5453] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 94.134506][ T5473] xt_TPROXY: Can be used only with -p tcp or -p udp [ 94.136872][ T28] kauditd_printk_skb: 17 callbacks suppressed [ 94.136919][ T28] audit: type=1400 audit(1773179769.197:648): avc: denied { write } for pid=5472 comm="syz.2.728" name="event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 94.168229][ T5473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 94.187975][ T28] audit: type=1400 audit(1773179769.197:649): avc: denied { open } for pid=5472 comm="syz.2.728" path="/dev/input/event2" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 94.196073][ T5473] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 94.233468][ T28] audit: type=1400 audit(1773179769.207:650): avc: denied { ioctl } for pid=5472 comm="syz.2.728" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 94.599053][ T5489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.734'. [ 94.660262][ T5489] vlan3: entered allmulticast mode [ 95.956442][ T5520] tipc: Failed to remove unknown binding: 66,1,1/0:1797770143/1797770145 [ 95.965152][ T5520] tipc: Failed to remove unknown binding: 66,1,1/0:1797770143/1797770145 [ 96.154047][ T5522] netlink: 12 bytes leftover after parsing attributes in process `syz.4.750'. [ 96.641876][ T5547] netlink: 12 bytes leftover after parsing attributes in process `syz.4.757'. [ 96.691368][ T5545] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 96.815117][ T28] audit: type=1400 audit(1773179771.837:651): avc: denied { name_bind } for pid=5553 comm="syz.0.760" src=762 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hi_reserved_port_t tclass=udp_socket permissive=1 [ 96.869313][ T28] audit: type=1326 audit(1773179771.917:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5552 comm="syz.3.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01adf6c799 code=0x7ffc0000 [ 97.005168][ T28] audit: type=1326 audit(1773179771.917:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5552 comm="syz.3.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f01adf6c799 code=0x7ffc0000 [ 97.292197][ T28] audit: type=1326 audit(1773179771.917:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5552 comm="syz.3.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01adf6c799 code=0x7ffc0000 [ 97.343258][ T28] audit: type=1326 audit(1773179771.917:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5552 comm="syz.3.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01adf6c799 code=0x7ffc0000 [ 97.396944][ T28] audit: type=1326 audit(1773179771.917:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5552 comm="syz.3.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f01adf6c799 code=0x7ffc0000 [ 97.439376][ T28] audit: type=1326 audit(1773179771.917:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5552 comm="syz.3.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01adf6c799 code=0x7ffc0000 [ 98.120039][ T5578] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1547 sclass=netlink_route_socket pid=5578 comm=syz.3.768 [ 98.284503][ T5581] netlink: 11522 bytes leftover after parsing attributes in process `syz.3.769'. [ 98.821209][ T5590] loop4: detected capacity change from 0 to 1024 [ 98.869208][ T5590] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 98.888275][ T5590] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 98.913017][ T5590] JBD2: no valid journal superblock found [ 98.923233][ T5590] EXT4-fs (loop4): Could not load journal inode [ 99.149708][ T5610] loop4: detected capacity change from 0 to 128 [ 99.197310][ T5610] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 99.859030][ T5600] syz.1.776 (5600) used greatest stack depth: 5880 bytes left [ 99.911636][ T28] kauditd_printk_skb: 685 callbacks suppressed [ 99.911655][ T28] audit: type=1400 audit(1773179774.977:1343): avc: denied { mount } for pid=5627 comm="syz.1.787" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 99.942596][ T5619] loop2: detected capacity change from 0 to 512 [ 99.994622][ T28] audit: type=1400 audit(1773179775.007:1344): avc: denied { watch } for pid=5627 comm="syz.1.787" path="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=dir permissive=1 [ 100.021524][ T5619] EXT4-fs: Ignoring removed nobh option [ 100.099547][ T28] audit: type=1400 audit(1773179775.167:1345): avc: denied { read } for pid=3041 comm="dhcpcd" name="n25" dev="tmpfs" ino=3879 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 100.123280][ T5619] EXT4-fs (loop2): orphan cleanup on readonly fs [ 100.138857][ T28] audit: type=1400 audit(1773179775.167:1346): avc: denied { open } for pid=3041 comm="dhcpcd" path="/run/udev/data/n25" dev="tmpfs" ino=3879 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 100.179419][ T28] audit: type=1400 audit(1773179775.167:1347): avc: denied { getattr } for pid=3041 comm="dhcpcd" path="/run/udev/data/n25" dev="tmpfs" ino=3879 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 100.222640][ T5619] EXT4-fs warning (device loop2): ext4_xattr_inode_get:560: inode #11: comm syz.2.781: EA inode hash validation failed [ 100.247342][ T5638] netlink: 'syz.1.792': attribute type 1 has an invalid length. [ 100.260537][ T5619] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 100.287356][ T5638] 8021q: adding VLAN 0 to HW filter on device bond8 [ 100.305422][ T28] audit: type=1400 audit(1773179775.367:1348): avc: denied { read open } for pid=5644 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=488 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 100.316768][ T5638] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 100.340221][ T5638] bond8: (slave batadv2): making interface the new active one [ 100.349449][ T5638] bond8: (slave batadv2): Enslaving as an active interface with an up link [ 100.370262][ T5619] EXT4-fs error (device loop2): ext4_do_update_inode:5569: inode #15: comm syz.2.781: corrupted inode contents [ 100.407730][ T5619] fserror_report: 3 callbacks suppressed [ 100.408054][ T5619] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 100.415794][ T28] audit: type=1400 audit(1773179775.367:1349): avc: denied { getattr } for pid=5644 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=488 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 100.454919][ T5619] EXT4-fs error (device loop2): ext4_dirty_inode:6450: inode #15: comm syz.2.781: mark_inode_dirty error [ 100.467125][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 100.467208][ C1] EXT4-fs (loop2): initial error at time 1773179775: ext4_do_update_inode:5569: inode 15 [ 100.467778][ C1] EXT4-fs (loop2): last error at time 1773179775: ext4_do_update_inode:5569: inode 15 [ 100.519718][ T5619] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 100.519999][ T28] audit: type=1326 audit(1773179775.467:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.0.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 100.553827][ T28] audit: type=1326 audit(1773179775.467:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.0.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 100.554231][ T5619] EXT4-fs error (device loop2): ext4_do_update_inode:5569: inode #15: comm syz.2.781: corrupted inode contents [ 100.577485][ T28] audit: type=1326 audit(1773179775.467:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5648 comm="syz.0.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 100.618507][ T5619] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 100.673704][ T5619] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2999: inode #15: comm syz.2.781: mark_inode_dirty error [ 100.719748][ T5619] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 100.721256][ T5619] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3002: inode #15: comm syz.2.781: mark inode dirty (error -117) [ 100.760774][ T5619] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 100.762948][ T5619] EXT4-fs warning (device loop2): ext4_evict_inode:275: xattr delete (err -117) [ 100.784907][ T5619] EXT4-fs (loop2): 1 orphan inode deleted [ 100.801333][ T5619] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 101.109093][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.567329][ T5707] netlink: 400 bytes leftover after parsing attributes in process `syz.2.807'. [ 101.695009][ T5715] bond1: entered promiscuous mode [ 101.819429][ T5723] netlink: 64 bytes leftover after parsing attributes in process `syz.2.813'. [ 102.094451][ T5725] syzkaller1: entered promiscuous mode [ 102.108900][ T5725] syzkaller1: entered allmulticast mode [ 102.465229][ T5743] capability: warning: `syz.1.820' uses deprecated v2 capabilities in a way that may be insecure [ 102.915599][ T122] bridge_slave_1: left allmulticast mode [ 102.929388][ T122] bridge_slave_1: left promiscuous mode [ 102.935122][ T122] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.954023][ T122] bridge_slave_0: left allmulticast mode [ 102.962804][ T122] bridge_slave_0: left promiscuous mode [ 102.973147][ T122] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.041034][ T122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.059855][ T122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.079331][ T122] bond0 (unregistering): Released all slaves [ 103.134110][ T5771] syzkaller0: entered promiscuous mode [ 103.140405][ T5771] syzkaller0: entered allmulticast mode [ 103.189674][ T122] hsr_slave_0: left promiscuous mode [ 103.195669][ T122] hsr_slave_1: left promiscuous mode [ 103.202728][ T122] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.211178][ T122] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.222627][ T5775] netlink: 28 bytes leftover after parsing attributes in process `syz.2.832'. [ 103.312470][ T122] team0 (unregistering): Port device team_slave_1 removed [ 103.326121][ T122] team0 (unregistering): Port device team_slave_0 removed [ 103.559611][ T5755] chnl_net:caif_netlink_parms(): no params data found [ 103.670061][ T5755] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.678372][ T5755] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.687185][ T5755] bridge_slave_0: entered allmulticast mode [ 103.694237][ T5755] bridge_slave_0: entered promiscuous mode [ 103.707905][ T122] IPVS: stop unused estimator thread 0... [ 103.714835][ T5755] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.726101][ T5755] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.736589][ T5755] bridge_slave_1: entered allmulticast mode [ 103.762440][ T5755] bridge_slave_1: entered promiscuous mode [ 103.785406][ T5755] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.796328][ T5755] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.819955][ T5755] team0: Port device team_slave_0 added [ 103.833770][ T5755] team0: Port device team_slave_1 added [ 103.865389][ T5755] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.877985][ T5755] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.904843][ T5755] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.924396][ T5755] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.940725][ T5755] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.982829][ T5755] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.046627][ T5755] hsr_slave_0: entered promiscuous mode [ 104.059545][ T5755] hsr_slave_1: entered promiscuous mode [ 104.301705][ T5858] xt_hashlimit: size too large, truncated to 1048576 [ 104.324237][ T5755] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 104.354285][ T5755] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 104.413194][ T5755] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 104.456796][ T5871] netlink: 64 bytes leftover after parsing attributes in process `syz.2.844'. [ 104.509383][ T5755] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 104.527555][ T5871] lo speed is unknown, defaulting to 1000 [ 104.558993][ T5871] lo speed is unknown, defaulting to 1000 [ 104.569984][ T5871] lo speed is unknown, defaulting to 1000 [ 104.590071][ T5871] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 104.639999][ T5871] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 104.679077][ T5871] lo speed is unknown, defaulting to 1000 [ 104.704037][ T5871] lo speed is unknown, defaulting to 1000 [ 104.714626][ T5871] lo speed is unknown, defaulting to 1000 [ 104.727458][ T5755] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.745807][ T5871] lo speed is unknown, defaulting to 1000 [ 104.757446][ T5755] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.800819][ T5871] lo speed is unknown, defaulting to 1000 [ 104.815724][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.822960][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.872309][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.879510][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.905863][ T5893] netlink: 8 bytes leftover after parsing attributes in process `syz.0.847'. [ 104.918459][ T5890] loop4: detected capacity change from 0 to 256 [ 104.954167][ T5893] netlink: 8 bytes leftover after parsing attributes in process `syz.0.847'. [ 104.971786][ T28] kauditd_printk_skb: 38 callbacks suppressed [ 104.971804][ T28] audit: type=1400 audit(1773179780.037:1391): avc: denied { read } for pid=5895 comm="syz.1.848" path="socket:[33911]" dev="sockfs" ino=33911 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 104.976353][ T5893] netlink: 8 bytes leftover after parsing attributes in process `syz.0.847'. [ 105.070982][ T28] audit: type=1326 audit(1773179780.127:1392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.0.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 105.119473][ T5755] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.127847][ T28] audit: type=1326 audit(1773179780.157:1393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.0.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 105.157994][ T5890] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 105.169799][ T5890] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 105.181585][ T28] audit: type=1326 audit(1773179780.167:1394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.0.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 105.199281][ T5890] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 105.221049][ T28] audit: type=1326 audit(1773179780.167:1395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.0.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 105.221157][ T28] audit: type=1326 audit(1773179780.167:1396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.0.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 105.221220][ T28] audit: type=1326 audit(1773179780.167:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.0.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 105.221250][ T28] audit: type=1326 audit(1773179780.167:1398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.0.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 105.221279][ T28] audit: type=1326 audit(1773179780.167:1399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.0.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 105.221344][ T28] audit: type=1326 audit(1773179780.167:1400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5905 comm="syz.0.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 105.451213][ T5890] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 105.466199][ T5890] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 105.493135][ T5890] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 105.505629][ T5890] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 105.530431][ T5890] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 105.547349][ T5890] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 105.573043][ T5890] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 105.618984][ T5755] veth0_vlan: entered promiscuous mode [ 105.659390][ T5755] veth1_vlan: entered promiscuous mode [ 105.675625][ T5929] netlink: 'syz.2.855': attribute type 22 has an invalid length. [ 105.687992][ T5929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.855'. [ 105.713299][ T5929] netlink: 'syz.2.855': attribute type 22 has an invalid length. [ 105.726015][ T69] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.738784][ T5929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.855'. [ 105.739419][ T69] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.799113][ T5755] veth0_macvtap: entered promiscuous mode [ 105.812071][ T69] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.828967][ T69] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.860823][ T5755] veth1_macvtap: entered promiscuous mode [ 105.892782][ T5755] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.922338][ T5755] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.942436][ T50] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.963735][ T50] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.106998][ T50] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.130347][ T50] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.535579][ T5975] xt_hashlimit: size too large, truncated to 1048576 [ 106.604517][ T5980] lo speed is unknown, defaulting to 1000 [ 107.060680][ T5973] syz.5.868 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 107.082964][ T5973] CPU: 1 UID: 0 PID: 5973 Comm: syz.5.868 Tainted: G W syzkaller #0 PREEMPT(full) [ 107.082999][ T5973] Tainted: [W]=WARN [ 107.083006][ T5973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 107.083023][ T5973] Call Trace: [ 107.083031][ T5973] [ 107.083100][ T5973] __dump_stack+0x1d/0x30 [ 107.083131][ T5973] dump_stack_lvl+0x95/0xd0 [ 107.083163][ T5973] dump_stack+0x15/0x1b [ 107.083191][ T5973] dump_header+0x80/0x240 [ 107.083232][ T5973] oom_kill_process+0x295/0x350 [ 107.083311][ T5973] out_of_memory+0x97d/0xb80 [ 107.083337][ T5973] try_charge_memcg+0x62e/0xa10 [ 107.083390][ T5973] mem_cgroup_swapin_charge_folio+0x103/0x1f0 [ 107.083430][ T5973] __swap_cache_prepare_and_add+0x386/0x530 [ 107.083478][ T5973] swap_cache_alloc_folio+0xa2/0x120 [ 107.083535][ T5973] swap_cluster_readahead+0x26e/0x3d0 [ 107.083651][ T5973] swapin_readahead+0xde/0x840 [ 107.083683][ T5973] ? _raw_spin_unlock+0x9/0x30 [ 107.083710][ T5973] ? swap_put_entries_cluster+0x385/0x3a0 [ 107.083752][ T5973] ? swap_put_entries_cluster+0x111/0x3a0 [ 107.083792][ T5973] ? __rcu_read_unlock+0x4e/0x70 [ 107.083819][ T5973] ? swap_cache_get_folio+0x26f/0x280 [ 107.083900][ T5973] do_swap_page+0x30d/0x2220 [ 107.083940][ T5973] ? css_rstat_updated+0xbb/0x280 [ 107.083966][ T5973] ? __rcu_read_lock+0x36/0x50 [ 107.083989][ T5973] ? pte_offset_map_rw_nolock+0x19e/0x200 [ 107.084058][ T5973] handle_mm_fault+0xb46/0x3020 [ 107.084101][ T5973] ? vma_start_read+0x1c7/0x2c0 [ 107.084137][ T5973] do_user_addr_fault+0x62f/0x1050 [ 107.084208][ T5973] ? fpregs_assert_state_consistent+0xb3/0xe0 [ 107.084245][ T5973] ? arch_exit_to_user_mode_prepare+0x26/0x80 [ 107.084304][ T5973] ? trace_page_fault_user+0x1f/0xe0 [ 107.084342][ T5973] exc_page_fault+0x62/0xa0 [ 107.084471][ T5973] asm_exc_page_fault+0x26/0x30 [ 107.084498][ T5973] RIP: 0033:0x7fd93d6878f8 [ 107.084517][ T5973] Code: 75 40 a8 10 75 3c 41 51 4c 8d 9b 08 03 00 00 49 89 c9 48 89 f1 41 50 48 8b 74 24 20 49 89 d0 48 89 fa 4c 89 df e8 a8 56 00 00 <8b> 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 [ 107.084540][ T5973] RSP: 002b:00007ffc5b1e3e20 EFLAGS: 00010246 [ 107.084561][ T5973] RAX: 0000000000000000 RBX: 0000555583130500 RCX: 00007fd93d68cfce [ 107.084594][ T5973] RDX: 00007ffc5b1e3e70 RSI: 0000000000000000 RDI: 0000000000000000 [ 107.084611][ T5973] RBP: 00007fd93d947da0 R08: 0000000000000000 R09: 0000000000000000 [ 107.084627][ T5973] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000001a315 [ 107.084649][ T5973] R13: 00007fd93d94618c R14: 000000000001a071 R15: 00007fd93d946180 [ 107.084671][ T5973] [ 107.084739][ T5973] memory: usage 307200kB, limit 307200kB, failcnt 252 [ 107.352633][ T5973] memory+swap: usage 307376kB, limit 9007199254740988kB, failcnt 0 [ 107.360625][ T5973] kmem: usage 307184kB, limit 9007199254740988kB, failcnt 0 [ 107.384212][ T5973] Memory cgroup stats for /syz5: [ 107.384440][ T5973] cache 0 [ 107.398302][ T5973] rss 0 [ 107.404961][ T5973] shmem 0 [ 107.408029][ T5973] mapped_file 0 [ 107.417379][ T5973] dirty 0 [ 107.423252][ T5973] writeback 4096 [ 107.430220][ T5973] workingset_refault_anon 3 [ 107.434755][ T5973] workingset_refault_file 0 [ 107.468233][ T5973] swap 180224 [ 107.477052][ T5973] swapcached 196608 [ 107.487224][ T5973] pgpgin 956 [ 107.491094][ T5973] pgpgout 952 [ 107.494441][ T5973] pgfault 1352 [ 107.497831][ T5973] pgmajfault 0 [ 107.513489][ T5973] inactive_anon 4096 [ 107.517492][ T5973] active_anon 12288 [ 107.538966][ T5973] inactive_file 0 [ 107.542731][ T5973] active_file 0 [ 107.546215][ T5973] unevictable 0 [ 107.549797][ T5973] hierarchical_memory_limit 314572800 [ 107.555350][ T5973] hierarchical_memsw_limit 9223372036854771712 [ 107.583759][ T5973] total_cache 0 [ 107.587358][ T5973] total_rss 0 [ 107.603997][ T5973] total_shmem 0 [ 107.614643][ T5973] total_mapped_file 0 [ 107.630843][ T5973] total_dirty 0 [ 107.634455][ T5973] total_writeback 4096 [ 107.638546][ T5973] total_workingset_refault_anon 3 [ 107.661331][ T5973] total_workingset_refault_file 0 [ 107.666421][ T5973] total_swap 180224 [ 107.684836][ T5973] total_swapcached 196608 [ 107.689613][ T5973] total_pgpgin 956 [ 107.693356][ T5973] total_pgpgout 952 [ 107.697250][ T5973] total_pgfault 1352 [ 107.720447][ T5973] total_pgmajfault 0 [ 107.724437][ T5973] total_inactive_anon 4096 [ 107.732307][ T5973] total_active_anon 12288 [ 107.736680][ T5973] total_inactive_file 0 [ 107.742025][ T5973] total_active_file 0 [ 107.746456][ T5973] total_unevictable 0 [ 107.750497][ T5973] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.868,pid=5973,uid=0 [ 107.776553][ T5973] Memory cgroup out of memory: Killed process 5973 (syz.5.868) total-vm:96272kB, anon-rss:1236kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 108.384218][ T6003] loop2: detected capacity change from 0 to 128 [ 108.833467][ T6043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.892'. [ 108.873909][ T6043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.892'. [ 109.232830][ T6049] tipc: Failed to remove unknown binding: 66,1,1/0:4037734516/4037734518 [ 109.262872][ T6049] tipc: Failed to remove unknown binding: 66,1,1/0:4037734516/4037734518 [ 109.892076][ T6073] netlink: 12 bytes leftover after parsing attributes in process `syz.5.904'. [ 110.319414][ T28] kauditd_printk_skb: 149 callbacks suppressed [ 110.319502][ T28] audit: type=1326 audit(1773179785.377:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6081 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7fc00000 [ 110.368052][ T6094] loop5: detected capacity change from 0 to 1024 [ 110.409530][ T6094] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 110.419661][ T6094] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 110.431267][ T6094] EXT4-fs error (device loop5): ext4_get_journal_inode:5863: inode #32: comm syz.5.913: iget: special inode unallocated [ 110.445555][ T6094] loop5: lost file I/O error report for ino 32 type 5 pos 0x0 len 0x0 error -117 [ 110.445886][ T6094] EXT4-fs (loop5): Remounting filesystem read-only [ 110.455435][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 110.455461][ C0] EXT4-fs (loop5): initial error at time 1773179785: ext4_get_journal_inode:5863: inode 32 [ 110.455506][ C0] EXT4-fs (loop5): last error at time 1773179785: ext4_get_journal_inode:5863: inode 32 [ 110.489151][ T6094] EXT4-fs (loop5): no journal found [ 110.494456][ T6094] EXT4-fs (loop5): can't get journal size [ 110.501808][ T6094] EXT4-fs (loop5): filesystem is read-only [ 110.518059][ T6094] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 110.589713][ T28] audit: type=1400 audit(1773179785.647:1551): avc: denied { mounton } for pid=6093 comm="syz.5.913" path="/14/file0" dev="loop5" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 110.846965][ T5755] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.928641][ T28] audit: type=1326 audit(1773179785.977:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6081 comm="syz.0.909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7865ecc799 code=0x7fc00000 [ 112.037207][ T6160] netlink: 'syz.2.927': attribute type 2 has an invalid length. [ 112.114533][ T6168] netlink: 'syz.4.931': attribute type 4 has an invalid length. [ 112.126731][ T6168] netlink: 'syz.4.931': attribute type 4 has an invalid length. [ 112.311514][ T6179] netlink: 12 bytes leftover after parsing attributes in process `syz.4.934'. [ 112.330595][ T6181] netlink: 40 bytes leftover after parsing attributes in process `syz.0.935'. [ 112.341209][ T6181] netlink: 32 bytes leftover after parsing attributes in process `syz.0.935'. [ 112.371319][ T6183] netlink: 168 bytes leftover after parsing attributes in process `syz.5.937'. [ 113.300097][ T6235] loop4: detected capacity change from 0 to 128 [ 113.327949][ T28] audit: type=1400 audit(1773179788.387:1553): avc: denied { unmount } for pid=3324 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 113.542788][ T28] audit: type=1400 audit(1773179788.607:1554): avc: denied { mounton } for pid=6246 comm="syz.1.960" path="/file0" dev="ramfs" ino=39171 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 113.581521][ T6250] bond3: entered promiscuous mode [ 113.593360][ T6250] macvlan2: entered promiscuous mode [ 113.599588][ T6250] macvlan2: entered allmulticast mode [ 113.605719][ T6250] bond3: (slave macvlan2): Opening slave failed [ 113.763208][ T6257] loop2: detected capacity change from 0 to 512 [ 113.808548][ T6257] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 113.835963][ T6257] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.963: iget: bogus i_mode (2) [ 113.888039][ T6257] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 113.888294][ T6257] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.963: couldn't read orphan inode 15 (err -117) [ 113.897507][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 113.897527][ C0] EXT4-fs (loop2): initial error at time 1773179788: ext4_orphan_get:1391: inode 15 [ 113.897565][ C0] EXT4-fs (loop2): last error at time 1773179788: ext4_orphan_get:1391: inode 15 [ 113.967064][ T6257] loop2: lost filesystem error report for type 5 error -117 [ 113.968330][ T6257] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.994374][ T6257] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1142: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 114.026252][ T6268] ªªªªªª: renamed from vlan0 [ 114.031029][ T6257] EXT4-fs error (device loop2): ext4_find_dest_de:2050: inode #2: block 3: comm syz.2.963: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 114.159423][ T6269] EXT4-fs error (device loop2): ext4_find_dest_de:2050: inode #2: block 3: comm syz.2.963: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 114.244694][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.650092][ T28] audit: type=1400 audit(1773179789.707:1555): avc: denied { map } for pid=6288 comm="syz.4.975" path="socket:[38215]" dev="sockfs" ino=38215 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 115.698442][ T6352] netlink: 12 bytes leftover after parsing attributes in process `syz.1.989'. [ 116.217854][ T28] audit: type=1400 audit(1773179791.247:1556): avc: denied { sqpoll } for pid=6365 comm="syz.4.993" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 116.339269][ T28] audit: type=1326 audit(1773179791.407:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.5.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93d6cc799 code=0x7ffc0000 [ 116.405179][ T28] audit: type=1326 audit(1773179791.407:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.5.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93d6cc799 code=0x7ffc0000 [ 116.482959][ T28] audit: type=1326 audit(1773179791.437:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.5.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fd93d6cc799 code=0x7ffc0000 [ 116.594030][ T28] audit: type=1326 audit(1773179791.437:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.5.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93d6cc799 code=0x7ffc0000 [ 116.658789][ T28] audit: type=1326 audit(1773179791.437:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.5.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93d6cc799 code=0x7ffc0000 [ 116.717387][ T28] audit: type=1326 audit(1773179791.437:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.5.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fd93d6cc799 code=0x7ffc0000 [ 116.760161][ T6396] bond3: entered promiscuous mode [ 116.775404][ T28] audit: type=1326 audit(1773179791.457:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.5.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93d6cc799 code=0x7ffc0000 [ 116.788810][ T6396] 8021q: adding VLAN 0 to HW filter on device bond3 [ 116.799793][ T28] audit: type=1326 audit(1773179791.457:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.5.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93d6cc799 code=0x7ffc0000 [ 116.830064][ T28] audit: type=1326 audit(1773179791.457:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6372 comm="syz.5.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fd93d6cc799 code=0x7ffc0000 [ 116.918880][ T6396] bridge6: entered promiscuous mode [ 117.696290][ T6444] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1011'. [ 117.730238][ T6444] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1011'. [ 117.811841][ T122] Bluetooth: hci0: Frame reassembly failed (-84) [ 117.818535][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 117.827037][ T6447] netlink: 'syz.1.1012': attribute type 13 has an invalid length. [ 118.230198][ T6467] loop4: detected capacity change from 0 to 128 [ 118.307707][ T6476] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1024'. [ 118.446356][ T6482] lo: Caught tx_queue_len zero misconfig [ 118.477006][ T6486] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1029'. [ 118.795487][ T6499] netlink: 'syz.1.1034': attribute type 12 has an invalid length. [ 119.889093][ T43] Bluetooth: hci1: command 0x1003 tx timeout [ 119.895351][ T43] Bluetooth: hci0: command 0x1003 tx timeout [ 119.901478][ T5034] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 119.903172][ T3724] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 120.094799][ T6536] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1048'. [ 120.154292][ T6542] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1051'. [ 120.200093][ T6542] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1051'. [ 120.552090][ T6564] xt_hashlimit: size too large, truncated to 1048576 [ 120.565123][ T6568] ref_ctr_offset mismatch. inode: 0x4f4 offset: 0x0 ref_ctr_offset(old): 0x2000000000c0 ref_ctr_offset(new): 0x1000000008 [ 120.582635][ T6571] netlink: 'syz.5.1062': attribute type 10 has an invalid length. [ 120.611607][ T6571] team0: Failed to send options change via netlink (err -105) [ 120.639484][ T6571] team0: Port device dummy0 added [ 120.658948][ T6571] netlink: 'syz.5.1062': attribute type 10 has an invalid length. [ 120.667366][ T6571] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 120.699291][ T6571] team0: Failed to send options change via netlink (err -105) [ 120.717568][ T6571] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 120.735020][ T6571] team0: Port device dummy0 removed [ 120.757891][ T6571] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 120.813879][ T6589] loop5: detected capacity change from 0 to 512 [ 120.864016][ T6589] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c198, mo2=0002] [ 120.881757][ T6589] System zones: 1-12 [ 120.888746][ T6589] EXT4-fs error (device loop5): ext4_iget_extra_inode:5025: inode #15: comm syz.5.1068: corrupted in-inode xattr: e_value size too large [ 120.911108][ T6589] loop5: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 120.911670][ T6589] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.1068: couldn't read orphan inode 15 (err -117) [ 120.921264][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 120.921286][ C1] EXT4-fs (loop5): initial error at time 1773179795: ext4_iget_extra_inode:5025: inode 15 [ 120.921334][ C1] EXT4-fs (loop5): last error at time 1773179795: ext4_iget_extra_inode:5025: inode 15 [ 120.960170][ T6589] loop5: lost filesystem error report for type 5 error -117 [ 120.963402][ T6600] ref_ctr increment failed for inode: 0x481 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff888103fcde80 [ 120.968249][ T6589] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.026977][ T6589] EXT4-fs warning (device loop5): dx_probe:801: inode #2: comm syz.5.1068: Unrecognised inode hash code 4 [ 121.038960][ T6589] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.1068: Corrupt directory, running e2fsck is recommended [ 121.052431][ T6589] EXT4-fs warning (device loop5): dx_probe:801: inode #2: comm syz.5.1068: Unrecognised inode hash code 4 [ 121.095679][ T6589] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.1068: Corrupt directory, running e2fsck is recommended [ 121.160550][ T5755] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.257831][ T6614] netlink: 'syz.5.1076': attribute type 12 has an invalid length. [ 122.371031][ T6634] loop5: detected capacity change from 0 to 128 [ 122.946709][ T6659] netlink: 'syz.2.1092': attribute type 12 has an invalid length. [ 122.965333][ T6628] lo speed is unknown, defaulting to 1000 [ 123.779707][ T6681] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1098'. [ 123.789551][ T6681] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1098'. [ 123.799255][ T6681] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1098'. [ 124.583474][ T6685] loop5: detected capacity change from 0 to 2048 [ 124.755274][ T28] kauditd_printk_skb: 20 callbacks suppressed [ 124.755352][ T28] audit: type=1326 audit(1773179799.817:1586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6724 comm="syz.0.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 124.815855][ T6728] loop4: detected capacity change from 0 to 1024 [ 124.828021][ T28] audit: type=1326 audit(1773179799.817:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6724 comm="syz.0.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7865ecc502 code=0x7ffc0000 [ 124.836019][ T6685] Alternate GPT is invalid, using primary GPT. [ 124.890530][ T28] audit: type=1326 audit(1773179799.817:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6724 comm="syz.0.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f7865ecc597 code=0x7ffc0000 [ 124.891106][ T6728] EXT4-fs: Ignoring removed oldalloc option [ 124.941912][ T28] audit: type=1326 audit(1773179799.817:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6724 comm="syz.0.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f7865e89491 code=0x7ffc0000 [ 124.951079][ T6685] loop5: p2 p3 p7 [ 124.967241][ T28] audit: type=1326 audit(1773179799.817:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6724 comm="syz.0.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f7865ecd589 code=0x7ffc0000 [ 124.980306][ T6728] EXT4-fs: Ignoring removed bh option [ 124.994588][ T28] audit: type=1326 audit(1773179799.817:1591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6724 comm="syz.0.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f7865e894fb code=0x7ffc0000 [ 125.023960][ T28] audit: type=1326 audit(1773179799.817:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6724 comm="syz.0.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 125.048020][ T28] audit: type=1326 audit(1773179799.817:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6724 comm="syz.0.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7865ecc799 code=0x7ffc0000 [ 125.077677][ T28] audit: type=1326 audit(1773179799.827:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6724 comm="syz.0.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f7865e88bec code=0x7ffc0000 [ 125.117901][ T28] audit: type=1326 audit(1773179799.827:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6724 comm="syz.0.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f7865e88c4e code=0x7ffc0000 [ 125.142504][ T6728] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.324772][ T6745] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1123'. [ 125.734075][ T6755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1127'. [ 125.743260][ T6755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1127'. [ 125.752408][ T6755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1127'. [ 125.824080][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.420947][ T6776] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1136'. [ 128.180595][ T6832] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1157'. [ 128.272064][ T6840] tipc: Enabling of bearer rejected, failed to enable media [ 128.928655][ T6861] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1170'. [ 129.062831][ T6868] tipc: Started in network mode [ 129.083452][ T6868] tipc: Node identity fe96a216de1e, cluster identity 4711 [ 129.117870][ T6868] tipc: Enabled bearer , priority 0 [ 129.201121][ T6874] syzkaller0: entered promiscuous mode [ 129.213667][ T6874] syzkaller0: entered allmulticast mode [ 129.241730][ T6874] tipc: Resetting bearer [ 129.322695][ T6865] tipc: Resetting bearer [ 129.374417][ T6865] tipc: Disabling bearer [ 129.504131][ T6886] loop4: detected capacity change from 0 to 1024 [ 129.556931][ T6886] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.624667][ T6894] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1181'. [ 129.670856][ T6894] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1181'. [ 129.704571][ T6894] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1181'. [ 129.730196][ T6886] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4222: comm syz.4.1179: Allocating blocks 497-513 which overlap fs metadata [ 129.759156][ T6886] EXT4-fs (loop4): Remounting filesystem read-only [ 129.810053][ T28] kauditd_printk_skb: 51 callbacks suppressed [ 129.810067][ T28] audit: type=1400 audit(1773179804.877:1647): avc: denied { setattr } for pid=6885 comm="syz.4.1179" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 129.859468][ T6885] EXT4-fs (loop4): pa ffff888107a954d0: logic 304, phys. 433, len 5 [ 129.897835][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.153886][ T6924] netlink: 'syz.2.1193': attribute type 39 has an invalid length. [ 131.458649][ T28] audit: type=1400 audit(1773179806.497:1648): avc: denied { name_bind } for pid=6957 comm="syz.5.1205" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 131.575856][ T28] audit: type=1400 audit(1773179806.517:1649): avc: denied { open } for pid=6959 comm="syz.5.1206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 131.671814][ T28] audit: type=1400 audit(1773179806.517:1650): avc: denied { kernel } for pid=6959 comm="syz.5.1206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 131.752602][ T28] audit: type=1400 audit(1773179806.517:1651): avc: denied { tracepoint } for pid=6959 comm="syz.5.1206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 131.843379][ T28] audit: type=1400 audit(1773179806.907:1652): avc: denied { write } for pid=6973 comm="syz.2.1212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 132.021034][ T6979] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1214'. [ 132.112463][ T6968] team_slave_0: entered promiscuous mode [ 132.119863][ T6968] team_slave_1: entered promiscuous mode [ 132.157782][ T6968] macvtap1: entered promiscuous mode [ 132.182777][ T6968] team0: entered promiscuous mode [ 132.232343][ T6968] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 132.266700][ T6968] team0: Device macvtap1 is already an upper device of the team interface [ 132.378437][ T6968] team0: left promiscuous mode [ 132.414415][ T6968] team_slave_0: left promiscuous mode [ 132.421505][ T6968] team_slave_1: left promiscuous mode [ 132.755023][ T7013] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1229'. [ 132.877535][ T28] audit: type=1400 audit(1773179807.937:1653): avc: denied { sys_module } for pid=7022 comm="syz.2.1233" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 133.851604][ T7048] bridge_slave_1: left allmulticast mode [ 133.857333][ T7048] bridge_slave_1: left promiscuous mode [ 133.863129][ T7048] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.886404][ T7048] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 133.932201][ T7050] tipc: Enabling of bearer rejected, failed to enable media [ 134.000503][ T28] audit: type=1400 audit(1773179809.057:1654): avc: denied { create } for pid=7054 comm="syz.1.1245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 134.053202][ T7057] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1244'. [ 134.064704][ T7044] loop4: detected capacity change from 0 to 512 [ 134.084330][ T7057] vlan2: entered promiscuous mode [ 134.134670][ T7057] syz_tun: entered promiscuous mode [ 134.183852][ T7044] EXT4-fs (loop4): 1 truncate cleaned up [ 134.215798][ T7044] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.296475][ T28] audit: type=1400 audit(1773179809.357:1655): avc: denied { remove_name } for pid=7043 comm="syz.4.1239" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 134.340623][ T28] audit: type=1400 audit(1773179809.357:1656): avc: denied { rename } for pid=7043 comm="syz.4.1239" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 134.377857][ T7071] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1251'. [ 134.591140][ T7062] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 134.842328][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.390375][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 135.390393][ T28] audit: type=1326 audit(1773179810.457:1659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7094 comm="syz.1.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f227c96c799 code=0x7ffc0000 [ 135.480137][ T28] audit: type=1326 audit(1773179810.457:1660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7094 comm="syz.1.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f227c96c799 code=0x7ffc0000 [ 135.545810][ T28] audit: type=1326 audit(1773179810.487:1661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7094 comm="syz.1.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f227c96c799 code=0x7ffc0000 [ 135.641212][ T28] audit: type=1326 audit(1773179810.487:1662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7094 comm="syz.1.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f227c96c799 code=0x7ffc0000 [ 135.726174][ T28] audit: type=1326 audit(1773179810.487:1663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7094 comm="syz.1.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f227c96c799 code=0x7ffc0000 [ 135.817920][ T28] audit: type=1326 audit(1773179810.487:1664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7094 comm="syz.1.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7f227c96c799 code=0x7ffc0000 [ 135.871821][ T28] audit: type=1326 audit(1773179810.487:1665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7094 comm="syz.1.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f227c96c799 code=0x7ffc0000 [ 135.927329][ T28] audit: type=1326 audit(1773179810.487:1666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7094 comm="syz.1.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f227c96c799 code=0x7ffc0000 [ 135.998343][ T28] audit: type=1326 audit(1773179810.537:1667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7094 comm="syz.1.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f227c96c799 code=0x7ffc0000 [ 136.069492][ T28] audit: type=1326 audit(1773179810.537:1668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7094 comm="syz.1.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f227c96c799 code=0x7ffc0000 [ 136.307348][ T7102] lo speed is unknown, defaulting to 1000 [ 136.594173][ T7152] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1283'. [ 136.882869][ T7163] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1286'. [ 137.394579][ T7185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1296'. [ 137.408479][ T7185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1296'. [ 138.669620][ T7224] IPv6: sit2: Disabled Multicast RS [ 139.078176][ T7236] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1315'. [ 139.087845][ T7229] loop4: detected capacity change from 0 to 1024 [ 139.135260][ T7236] 8021q: adding VLAN 0 to HW filter on device team1 [ 139.145795][ T7229] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 140.006839][ T7247] loop5: detected capacity change from 0 to 512 [ 140.144292][ T7247] EXT4-fs (loop5): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 140.442457][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 140.442475][ T28] audit: type=1400 audit(1773179815.507:1693): avc: denied { remount } for pid=7246 comm="syz.5.1319" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 140.572244][ T7247] EXT4-fs error (device loop5): ext4_quota_enable:7188: comm syz.5.1319: Bad quota inum: 2, type: 1 [ 140.601662][ T7247] EXT4-fs warning (device loop5): ext4_enable_quotas:7236: Failed to enable quota tracking (type=1, err=-117, ino=2). Please run e2fsck to fix. [ 140.624358][ T7263] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1324'. [ 140.644934][ T7263] bond4: entered promiscuous mode [ 140.668623][ T7257] EXT4-fs (loop5): warning: mounting unchecked fs, running e2fsck is recommended [ 140.678164][ T7268] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1326'. [ 140.679651][ T7257] EXT4-fs error (device loop5): ext4_quota_enable:7188: comm syz.5.1319: Bad quota inum: 2, type: 1 [ 140.700864][ T7257] EXT4-fs warning (device loop5): ext4_enable_quotas:7236: Failed to enable quota tracking (type=1, err=-117, ino=2). Please run e2fsck to fix. [ 140.718413][ T7268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1326'. [ 140.744922][ T30] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 140.753844][ T30] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 140.767603][ T7268] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1326'. [ 140.776995][ T7268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1326'. [ 140.787270][ T30] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 140.813231][ T30] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 140.864212][ T5755] EXT4-fs (loop5): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 140.914022][ T28] audit: type=1400 audit(1773179815.977:1694): avc: denied { map } for pid=7278 comm="syz.0.1332" path="socket:[41713]" dev="sockfs" ino=41713 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 140.998390][ T28] audit: type=1400 audit(1773179816.057:1695): avc: denied { listen } for pid=7282 comm="syz.4.1334" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 141.204978][ T7291] netlink: 'syz.2.1338': attribute type 1 has an invalid length. [ 141.220401][ T7293] netlink: 'syz.5.1337': attribute type 4 has an invalid length. [ 141.270509][ T7293] netlink: 'syz.5.1337': attribute type 4 has an invalid length. [ 141.289714][ T7298] bond4: (slave vxcan1): The slave device specified does not support setting the MAC address [ 141.300276][ T7298] bond4: (slave vxcan1): Setting fail_over_mac to active for active-backup mode [ 141.311077][ T7298] bond4: (slave vxcan1): making interface the new active one [ 141.319159][ T7298] bond4: (slave vxcan1): Enslaving as an active interface with an up link [ 141.434368][ T7291] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address [ 141.446672][ T7291] bond4: (slave vxcan3): Enslaving as a backup interface with an up link [ 141.493542][ T7281] lo speed is unknown, defaulting to 1000 [ 141.977220][ T28] audit: type=1400 audit(1773179817.027:1696): avc: denied { kexec_image_load } for pid=7316 comm="syz.5.1347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 142.741712][ T7324] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1349'. [ 142.773878][ T7331] loop5: detected capacity change from 0 to 1024 [ 142.814900][ T7331] EXT4-fs: Ignoring removed oldalloc option [ 142.835541][ T7331] EXT4-fs: Ignoring removed bh option [ 142.875524][ T7340] netlink: 'syz.4.1353': attribute type 3 has an invalid length. [ 142.883990][ T7331] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.981141][ T7347] netlink: 896 bytes leftover after parsing attributes in process `syz.2.1356'. [ 142.990604][ T7347] netlink: 896 bytes leftover after parsing attributes in process `syz.2.1356'. [ 143.123578][ T7333] IPv6: sit1: Disabled Multicast RS [ 143.330296][ T7357] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1360'. [ 143.399314][ T7348] ================================================================== [ 143.407462][ T7348] BUG: KCSAN: data-race in file_write_and_wait_range / xas_set_mark [ 143.415498][ T7348] [ 143.417856][ T7348] write to 0xffff888107becfac of 4 bytes by task 7331 on cpu 0: [ 143.425520][ T7348] xas_set_mark+0x12b/0x140 [ 143.430060][ T7348] tag_pages_for_writeback+0xe3/0x2e0 [ 143.435515][ T7348] ext4_do_writepages+0x6b9/0x2840 [ 143.440678][ T7348] ext4_writepages+0x18f/0x320 [ 143.445488][ T7348] do_writepages+0x1c6/0x310 [ 143.450127][ T7348] file_write_and_wait_range+0x178/0x2f0 [ 143.455802][ T7348] generic_buffers_fsync_noflush+0x45/0x130 [ 143.461829][ T7348] ext4_sync_file+0x1aa/0x6b0 [ 143.466557][ T7348] vfs_fsync_range+0xc5/0xe0 [ 143.471185][ T7348] ext4_buffered_write_iter+0x34f/0x3c0 [ 143.476762][ T7348] ext4_file_write_iter+0x380/0xfa0 [ 143.481986][ T7348] iter_file_splice_write+0x6c4/0xa80 [ 143.487395][ T7348] direct_splice_actor+0x156/0x2a0 [ 143.492544][ T7348] splice_direct_to_actor+0x311/0x670 [ 143.497997][ T7348] do_splice_direct+0x119/0x1a0 [ 143.502900][ T7348] do_sendfile+0x382/0x650 [ 143.507371][ T7348] __x64_sys_sendfile64+0x105/0x150 [ 143.512603][ T7348] x64_sys_call+0x2dc4/0x3020 [ 143.517334][ T7348] do_syscall_64+0x12c/0x370 [ 143.521956][ T7348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.527894][ T7348] [ 143.530244][ T7348] read to 0xffff888107becfac of 4 bytes by task 7348 on cpu 1: [ 143.537821][ T7348] file_write_and_wait_range+0x130/0x2f0 [ 143.543502][ T7348] generic_buffers_fsync_noflush+0x45/0x130 [ 143.549439][ T7348] ext4_sync_file+0x1aa/0x6b0 [ 143.554151][ T7348] vfs_fsync_range+0xc5/0xe0 [ 143.558779][ T7348] ext4_buffered_write_iter+0x34f/0x3c0 [ 143.564451][ T7348] ext4_file_write_iter+0x380/0xfa0 [ 143.569681][ T7348] iter_file_splice_write+0x6c4/0xa80 [ 143.575099][ T7348] direct_splice_actor+0x156/0x2a0 [ 143.580249][ T7348] splice_direct_to_actor+0x311/0x670 [ 143.585667][ T7348] do_splice_direct+0x119/0x1a0 [ 143.590582][ T7348] do_sendfile+0x382/0x650 [ 143.595044][ T7348] __x64_sys_sendfile64+0x105/0x150 [ 143.600286][ T7348] x64_sys_call+0x2dc4/0x3020 [ 143.605013][ T7348] do_syscall_64+0x12c/0x370 [ 143.609648][ T7348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.615599][ T7348] [ 143.617955][ T7348] value changed: 0x02000021 -> 0x04000021 [ 143.623694][ T7348] [ 143.626087][ T7348] Reported by Kernel Concurrency Sanitizer on: [ 143.632321][ T7348] CPU: 1 UID: 0 PID: 7348 Comm: syz.5.1348 Tainted: G W syzkaller #0 PREEMPT(full) [ 143.643209][ T7348] Tainted: [W]=WARN [ 143.647036][ T7348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 143.657113][ T7348] ================================================================== [ 143.788644][ T5755] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.