last executing test programs: 6m56.478419806s ago: executing program 4 (id=709): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000002c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=") syz_io_uring_setup(0x14d7, &(0x7f0000000480)={0x0, 0x5121, 0x0, 0x2, 0x257}, &(0x7f00000001c0)=0x0, &(0x7f0000000500)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r0, r1, &(0x7f0000000080)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000060000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x18) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000003c0)={@fallback=r4, 0x8, 0x1, 0x7, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, &(0x7f0000000280), &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0]}, 0x40) r5 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = socket(0xa, 0x1, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000600)='ext4_collapse_range\x00', r5, 0x0, 0xc}, 0x18) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) bind$inet6(r6, &(0x7f0000000000)={0xa, 0xe64, 0xff, @empty, 0x8e1726d}, 0x1c) r8 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r8, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r8, &(0x7f0000000000)={0xa, 0xe64, 0x5, @empty, 0x82}, 0x1c) connect$unix(r8, &(0x7f0000000100)=@abs={0x0, 0x0, 0x4e23}, 0x6e) 6m56.118938052s ago: executing program 4 (id=713): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_KEY(r0, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c000001", @ANYRES16=0x0, @ANYBLOB="00022abd7000fbdbdf250a0000000c009900010000001b0000000a000600ffffffffffff0000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4040) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x789, &(0x7f0000000fc0)="$eJzs3c1rXFUbAPDnTpKmTfu+iSBo3RgQNFA6MTW2CgoVFyJYKOjadphMQ80kUzKT0oSALSK4EVRcCLrpyoUfdefWj63+Fy7EUjUtVlxI5E5m0kkzk07SZCaa3w9u5px77+ScZ879ODPncm8Ae9Zw+icTcTgi3ksiBmvzk4joq6Z6I06urHd7aTGfTkksL7/6W1Jd59bSYj4a3pM6WMs8HBHfvR1xJLO+3PL8wlSuWCzM1vKjlekLo+X5haPnp3OThcnCzPGx8fFjJ54+cXz7Yv3jx4VD199/6YkvT/711kPX3v0+iZNxqLasMY4te35tdjiGa59JX/oRrvHifRe2uyTdrgBbku6aPSt7eRyOweippgCA/7I3I2IZANhjEud/ANhj6r8D3FpazNen7v4i0Vk3XoiI/Svx18c3V5b01sbs9lfHQQduJWtGRpKIGNqG8ocj4pOvX/88nWK7xiEB2nD5SkScHRpef/xP1l2zsFlPbrBsX+11+K75aflGoKEzvkn7P8806/9lVvs/0aT/099k392KZvt/EnF5dcaBbShkAzc+jXiu4dq22w3x1wz11HL/q/b5+pJz54uF9Nj2/4gYib7+ND+2QRkjN/++2WpZY//v9w/e+CwtP329s0bml97+te+ZyFVy9xNzoxtXIh7pbRZ/str+SYv+7+k2y3j52Xc+brUsjT+Ntz6ti7/a/jt3Rli+GvF40/a/c0VbsuH1iaPVzWG0vlE08dVPHw20Kr+x/dMpLb/+XaAT0vYf2Dj+oaTxes3y5sv44ergt62W3Tv+5tv/vuS1arrej7iUq1RmxyL2Ja+sn3/sznsv5R6tpVbWT+Mfeaz5/r/R9p9+JzzbZvy913/9Yuvx76w0/olNtf/mE9duT/W0Kr+99h+vpkZqc9o5/rVbwfv57AAAAAAAAAAAAAAAAAAAAAAAAACgXZmIOBRJJruazmSy2ZVneD8YA5liqVw5cq40NzMR1WdlD0Vfpn6ry8GG+6GO1e6HX88fuyv/VEQ8EBEf9h9I6vdRnOhy7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQd7DF8/9TP/d3u3YAwI7Z3+0KAAAd5/wPAHuP8z8A7D3tnf97drweAEDn+P4PAHuP8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA77PSpU+m0/OfSYj7NT1ycn5sqXTw6UShPZafn8tl8afZCdrJUmiwWsvnS9L3+X7FUujAeM3OXRiuFcmW0PL9wZro0N1M5c346N1k4U+jrSFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDnl+YWpXLFYmJXYQmJ5d1Sj+4me2ua0W+rT0USyO6qxzYkuH5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/iX+CQAA//8vWSHt") creat(&(0x7f00000000c0)='./file0\x00', 0x81) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000080)=[{&(0x7f0000000500)='|', 0x1}], 0x1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3, 0x0, 0x7}, 0x18) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x280003, 0x108) quotactl_fd$Q_SETINFO(r4, 0xffffffff80000601, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r6, 0x28, 0x8, 0x0, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}}, 0x20000000) r7 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_MAKE_EQUIV(r7, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000040)={0x28, 0x3f7, 0x300, 0x70bd2a, 0x25dfdbfc, {0x7, 0x7, './file0', './file0'}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r8, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r8, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}, 0x1c) setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x800000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000340)='kfree\x00', r9, 0x0, 0x200000000}, 0x18) r10 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x2201, 0x0) write$binfmt_elf32(r10, 0x0, 0x69) unshare(0x880) 6m55.185934562s ago: executing program 4 (id=730): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@ipv4_newroute={0x38, 0x18, 0x35f32a6dfa748ddf, 0x0, 0x0, {0x2, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1000}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, @LWTUNNEL_IP_OPT_VXLAN_GBP={0x8, 0x1, 0xffffffc0}}}}]}, 0x38}}, 0x80) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x54, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x24, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3b9aca00f}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3}]}}]}, 0x54}}, 0x20000c04) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r4 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) unshare(0x22020400) r6 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000072c0)={@map, r6, 0x36, 0x10, 0x0, @void, @value=r6}, 0x20) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00'}, 0x18) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0xffffffffffffffa0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x476}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x18) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0) 6m55.091679726s ago: executing program 4 (id=732): r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000002c0), 0x64, 0x50a, &(0x7f0000000940)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") r1 = accept$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14) ioctl$SIOCGSTAMPNS(r1, 0x8907, &(0x7f00000000c0)={0x0, 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FLUSH_PMKSA(r3, &(0x7f0000000240)={&(0x7f0000000100), 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYRESDEC=r4], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x805) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) close(0xffffffffffffffff) socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') lseek(r5, 0x10001, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0xffffffffffffff38) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000040000000000000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='kfree\x00', r7}, 0x18) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001000000000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4010}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)=ANY=[@ANYBLOB], 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) close(0xffffffffffffffff) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) syz_clone(0x623f, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = socket$kcm(0x10, 0x2, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x2}, 0x20) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831373f00000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1f, 0x10, &(0x7f0000000500)=ANY=[@ANYRESDEC=r0, @ANYRES32, @ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRESOCT=r6, @ANYRES16=r2, @ANYRES16=0x0], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 6m54.282025102s ago: executing program 4 (id=741): bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000044000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85823d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2ba9c29faa38c409d32b6b7d6cf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e933119c5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247fa62fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120bed64069dcf82d3e5e0361e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a1000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0daca8d4c1090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac46a0cfc318fae02922a403431d4e5a4396cad2c8dd34037bc041a2ba1505ba2c4889122ca04e85881aad5f8bfc12e6741872aad21bf5301cd4c607ef50a991c410f7c60e45b5c193f813a36d841165b91b5e170f6ba24558df57145eb8142a6ed87c6d5cbae3e52d569996604669a6e9ca1a3689c795970b4bcd00881faff52a6766fafa07ed7d4a49f47d34fd76a394adcb33a270b6a14e74bca7c2ea92dd845d3f774fde1bbea911c1ea76d52f7912e2597e6a33380647ed44956730b5b84662b8e659124379c0d86b1d28fdfa3cd2013103e3048c4ad4f5a4dcd133b2fc8fae3b51e4433cee7c08e67c7d7ed4432045e10f8718e5c163b1704fa2c707b61a1a9f63edfceff1a0cd7baf4a15b2fd607a09d398d73243bdcc664fbd5f582e48af2a18b02f0184a7bdd95ac78241e6749e74b152702333c56588375f806f10578eaae329c4f8dfb83e5524e2c9aa59ce7828bd1f146b2a4150fb2a8ced08e2ffac81e921e8a6f0071361a0acdbd125fb5f5e9ffe98e38508582a496afd30ca460dbfca77915a18b7b9ef6c1d6e13bc12fe43063cfecfafb05bf2339ad61533fbf3e410b403182742fa2d40c402cb83c2fef46a36f17c1abf97b0e2d114bd1472ab4207aa060f9e5d91c4a4911b1a1df47b858be141ab3386f26f561df35678489dc1b9f10eee1b2ab3dfdaedd7e06ff8a127f1743fcb32d7f80d40aebc1ea72edc348f5f9ba4bace97db948c24c679c74cd4336a7233d836082bb0e8b013bd1ee3612cd43cd2a3cb83754bb3408"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0xfffffedf, 0x10, &(0x7f0000000040), 0xffffff95, 0x0, 0xffffffffffffffff, 0xd}, 0x48) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r1, 0xffffffffffffffff, 0x11, 0x0, @void}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$tty1(0xc, 0x4, 0x4) write(r4, &(0x7f0000000280)="e8bd8a4c56281ba2ba42cfa5b9fe5fc6dcde2ee431f5595ceadb9a2c95e57f15ee4a83f9e7d78ea996f78bd588bedcdbc730d6d15df6d2a26ca4e55e97ed0522a190ce241a37bad3317fba7e4be3dbbfec5e2f401b5658cc8fda", 0xffffffe5) ioctl$TCSETS(r4, 0x5402, &(0x7f0000000440)={0x8, 0x9, 0x4, 0x9, 0x7, "efc64a26a83c8ffa332b3a5419e8ab2543c4ec"}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0x5e, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xc69a, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 6m54.009799213s ago: executing program 4 (id=743): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@ipv4_newroute={0x38, 0x18, 0x35f32a6dfa748ddf, 0x0, 0x0, {0x2, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1000}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, @LWTUNNEL_IP_OPT_VXLAN_GBP={0x8, 0x1, 0xffffffc0}}}}]}, 0x38}}, 0x80) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x54, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x24, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3b9aca00f}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3}]}}]}, 0x54}}, 0x20000c04) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r4 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) unshare(0x22020400) r6 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000072c0)={@map, r6, 0x36, 0x10, 0x0, @void, @value=r6}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r7}, 0x18) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0xffffffffffffffa0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x476}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x18) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0) 6m53.976324465s ago: executing program 32 (id=743): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@ipv4_newroute={0x38, 0x18, 0x35f32a6dfa748ddf, 0x0, 0x0, {0x2, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1000}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, @LWTUNNEL_IP_OPT_VXLAN_GBP={0x8, 0x1, 0xffffffc0}}}}]}, 0x38}}, 0x80) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0x54, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x24, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3b9aca00f}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3}]}}]}, 0x54}}, 0x20000c04) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r4 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) unshare(0x22020400) r6 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000300), 0x800, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000072c0)={@map, r6, 0x36, 0x10, 0x0, @void, @value=r6}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r7}, 0x18) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0xffffffffffffffa0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x476}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x18) lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0) 3m53.278391609s ago: executing program 2 (id=3252): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000640)="0c4a522d120d", 0x6}], 0x1, 0x0, 0x0, 0x2804c044}, 0x0) shutdown(r0, 0x1) 3m53.158257544s ago: executing program 2 (id=3254): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000499324045926ffec85000000506a0c00000000000085000000", @ANYRES16=0x0, @ANYRES8=0x0, @ANYBLOB="7845b5f6489ce97a7771158b6a1375ebd40be66700a5e18e3b03ffdcccbd03a9dddc16383545aed7eac9c612333985"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) rseq(&(0x7f0000000680), 0x20, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r3, 0x0, 0xffff}, 0x18) getuid() socket$nl_generic(0x10, 0x3, 0x10) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r5, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000005c0)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r6}, 0x94) sendmsg$ETHTOOL_MSG_DEBUG_GET(r1, &(0x7f0000000fc0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000f80)={&(0x7f0000000a00)=ANY=[@ANYBLOB="c8010000", @ANYRES16=0x0, @ANYBLOB="000229bd7000fddbdf250700000018000180140002007465616d5f736c6176655f31000000005000018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020067656e657665310000000000000000001400020077673000000000000000000000000000140002007369743000000000000000000000000058000180080003000100000008000100", @ANYRES32=0x0, @ANYBLOB="0800030001000000080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="0800170088fc200f30c82105c2c83de68d7713f548554ba464c61955fc2c1bd2ea31a6ff821dffeeba48f16f8121bb1d70a7a093de6e67a2639128e1a37999eb529c26945d638aa788c409baebf899b7c15881eb18ca54035a0cc7d226f083c8246a703a6fb2132735ae1e64bc80727248eb998fdb6c3ba730c2162329bb6d791f56ea5777e051a3e15640a66b4bdf11f7f1118bf2cd1add5b07f198b1ffac74789ca07c788736373ae1d9f751efa40630cd5b858d61d5ed6b6d4f6444d2b9e797072e8852af011482539248159b061bb451d96f2421b9eee71cdd77d8244d0f7d7b", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468305f746f5f62617461647600080003000200000048000180080003000500000008000100", @ANYRES32=0x0, @ANYBLOB="080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000300020000001400020076657468315f746f5f62617461647600080003000300000020000180140002006272696467655f736c6176655f30000008000100", @ANYRES32=0x0, @ANYBLOB="40000180140002006d6163736563300000000000000000001400020076657468305f766c616e000000000000140002006e6963766630000000000000000000001400018008000300010000000800030001000000380001801400020067726530000000000000000000000000080003000100000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB], 0x1c8}, 0x1, 0x0, 0x0, 0x814}, 0x4004) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r7}, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) fcntl$notify(r4, 0x402, 0x4) r8 = socket$inet6(0x10, 0x3, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) sendto$inet6(r8, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) kexec_load(0x3e00, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x0) 3m53.038899589s ago: executing program 2 (id=3256): bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f0000000380)='kmem_cache_free\x00', r0, 0x0, 0x7}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2642, 0x0) writev(r1, &(0x7f0000000180)=[{&(0x7f0000000140)="139776ff030370", 0x7}], 0x1) 3m53.001699181s ago: executing program 2 (id=3257): futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, 0x0, &(0x7f0000001000)=""/167}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000d00)='kfree\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x53a, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82desEeoAKSIFCQFF2400bVb00uYBQVQlRcUAcUmNvLJPdrPGuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IBixQjATSopkdu1t7XW/j9S71fj7SaObN23nf9+LMvJm39rwAxtZzEbETEdMR8UZEzBf7k2KJO50l+9yjve2l/b3tpSTa7df/nuT52b7oOibzZFHmbER846sR30mOx21ubj1YrNWq60W63KqvlZubWzdW64sr1ZXqw0rl9sLtmy/derEysLZerf9y9yurr37zN7/+9Lu/3/nyD7JqzRV53e0YpE7Tpw7jZCYj4tXzCDYCE8V6esT14PGkEfGxiPhcfv7Px0T+vxMAuMja7floz3enAYCLLs3HwJK0VIwFzEWalkqdMbxn4lJaazRb1+83Nh4ud8bKLsdUen+1Vr15ZeaP38vvGKaSLL2Q5+X5ebpyJH0rIq5ExI9nnsjTpaVGbXl0tz0AMNaePNL//2um0//3oce3egDAR8bsqCsAAAyd/h8Axo/+HwDGTx/9f/Fl/8651wUAGA7P/wAwfvT/ADB+9P8AMFa+/tpr2dLeL95/vfzm5saDxps3lqvNB6X6xlJpqbG+VlppNFbyd/bUTyuv1misLbwQG2+VW9Vmq9zc3LpXb2w8bN3L3+t9rzo1lFYBAB/kytV3/pBExM7LT+RLdM3loK+Giy0ddQWAkZkYdQWAkTHbF4yv/p/xf3eu9QBGp+fLvGd7br7fTz9EEL9nBP9Xrn2y//F/czzDxWL8H8bX443/vzLwegDDZ/wfxle7nRyd83/6MAsAuJDO8Dv+7R8O6iYEGKnTJvMeyPf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcMHMRcR3I0lLxVzgc5GmpVLEUxFxOaaS+6u16s2IeDquRsTUTJZeGHWlAYAzSv+aFPN/XZt/fu5o7nTy75l8HRHf/9nrP3lrsdVaX8j2/+Nw/8zB9GGV9447w7yCAECfnuvzc3n/XSnWXQ/yj/a2lw6W7s+nA67nUbt347/FVMRL+3vb+dLJmYzJfD2b30tc+mdSpDtzkT4bERMDiL/zdkR8olf7k3xs5HIx82l3/ChiPzXU+On74qd5Xmed3Xx9fAB1gXHzzt2IuNPr/EuLa2rv8382v0Kd3e7dTmEH1779rvgH17+JHvGTD3HN333ht187trM938l7O+LZyV7xk8P4yQnxn+8z/p8+9ZkfvXJCXvvnEdeid/zuWOVWfa3c3Ny6sVpfXKmuVB9WKrcXbt986daLlXI+Rl0+GKk+7m8vX3/6pLpl7b90QvzZnu2fPjz2C322/xf/eePbn/2A+F/6fO+f/zM943dkfeIX+4y/eOlXJ07fncVfPqH9p/38r/cZ/92/bC33+VEAYAiam1sPFmu16vqZNrKn0EGUc2wjq+JACzxl488xyALvnO3wqfP6Vz33jcnDe8XBlvytrMQhNycdeCvOtPGosxHnHmu01yXg/L130o+6JgAAAAAAAAAAAAAAwEmG8adLo24jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9f/AgAA//91qMwl") chdir(0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @random='\x00\x00\x00@\x00', @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @broadcast, @remote, @local, @remote}}}}, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x3) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r3}, 0x18) ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x8, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"}) r4 = syz_io_uring_setup(0x4171, &(0x7f0000000180)={0x0, 0x776a, 0x40, 0x2, 0x2d0}, &(0x7f0000000440), &(0x7f0000000400)) capset(0x0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0100000006000000080000000800000040000000", @ANYRES32, @ANYRESOCT=0x0, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) io_uring_enter(r4, 0x7b1d, 0xe93c, 0xc, 0x0, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x0, 0x1}, 0x15008}, r5, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0x24084200, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a0000000407a060c24a0400", @ANYBLOB], 0x48) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="5953fdfffffffddbdf256b"], 0x2c}, 0x1, 0x0, 0x0, 0x8441}, 0x20080050) 3m52.720949603s ago: executing program 2 (id=3261): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r0, &(0x7f00000003c0)={&(0x7f0000000180), 0x10, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0) dup2(r1, r0) setsockopt$sock_attach_bpf(r0, 0x1, 0x21, &(0x7f0000000040), 0x4) sendmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x6, 0x200000d1) 3m52.077834631s ago: executing program 2 (id=3267): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000007000000020000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100004}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106) 3m52.077630181s ago: executing program 33 (id=3267): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000007000000020000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100004}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106) 2.529066021s ago: executing program 3 (id=7452): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881) r1 = dup(r0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) 2.076878581s ago: executing program 6 (id=7467): r0 = socket$inet6(0xa, 0x3, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4b, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00'], 0x28}}], 0x1, 0x0) 2.061851191s ago: executing program 6 (id=7470): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r2], 0x20}}, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000001c0)={@remote}, 0x14) 2.040990442s ago: executing program 6 (id=7472): r0 = gettid() timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) 2.017784023s ago: executing program 6 (id=7475): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000cc0)={@random="e90c610faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x3, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x2, 0xf6, 0x0, @void}}}}}}}, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000200)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x2, 0x0, 0x11, 0x0, @loopback, @empty}, {0x0, 0x7, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "afdae7a7d5965d82a67e1809258e993c3801c63bba371a99df1fcbf137dd9cb2", "b25945130575ec0491512001695c964f70b855ea3d9a421fcd0483a6d735192908b0220cde82c201cd2f31f03b75f592", "d0b67d7bf9f1cff53f3447aee593160bed219d3e45f0001f97a9db5b", {"8a17ef133f0144f747943845914ca3c9", "177f6edcc391ce5dfe7964ec170b3ca8"}}}}}}}, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0xcf47, 0x4cc, 0xffff, 0x9dff, 0xf, "800300"}) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"}) syz_open_pts(r0, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x17) 1.674116818s ago: executing program 3 (id=7479): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56551, 0x400, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xffe0}}, [@TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x8, 0xa9f4, 0x7, 0x0, 0x6, 0x6, 0x1}}, {0x6, 0x2, [0xa]}}]}, @qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x58}}, 0x880) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) 1.16977348s ago: executing program 6 (id=7493): r0 = socket(0xa, 0x3, 0xff) connect$inet6(r0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="140000000000000029000000340000000900000000000000"], 0x18}}], 0x1, 0x24000816) r1 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x200000e, 0x6c033, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x403e, &(0x7f0000000040)={0x0, 0x400e8b6, 0x1c080, 0xa, 0x20002f7}) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) futex(0x0, 0xd, 0x0, 0x0, 0x0, 0x2) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300) futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r1, 0x0) socketpair(0x11, 0xa, 0x0, &(0x7f0000001080)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) lseek(r1, 0x80007, 0x4) 1.004686507s ago: executing program 5 (id=7504): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000200)={'sit0\x00', 0x0, 0x80, 0x80, 0xffffffff, 0x6fda, {{0x6, 0x4, 0x3, 0x2, 0x18, 0x65, 0x0, 0x80, 0x4, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0xd}, {[@generic={0x89, 0x2}]}}}}}) 946.281089ms ago: executing program 5 (id=7505): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x28, 0x66, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7c56c988f0195595, 0x6071, 0x0, 0xe7}}}}}}, 0x0) sendto$inet6(r0, &(0x7f0000000300)="1ed5c7d1321a", 0x6, 0x800, 0x0, 0x0) 868.871243ms ago: executing program 3 (id=7506): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000c40), 0x12) r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000001c0), 0x12) 857.109083ms ago: executing program 3 (id=7507): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x30, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x1, 0x4}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x893}, 0x20040084) r4 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000011100)=@newtfilter={0x4c, 0x2c, 0xd2b, 0x70bd2a, 0x25df9bfd, {0x0, 0x0, 0x0, 0x0, {0x9, 0xb}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_fw={{0x7}, {0x20, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'veth1_to_team\x00'}, @TCA_FW_MASK={0x53, 0x5, 0x15ac}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x8000) 810.061375ms ago: executing program 3 (id=7508): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10) sendto$inet6(r0, &(0x7f0000000040)="e4", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x41, 0x80, 0xfe, 0x2, 0x9, 0x40, 0x8, 0x5a, 0x0, 0x9, 0xa}, 0xe) recvmmsg(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000fc0)=""/244, 0xf4}], 0x1}, 0x400}], 0x1, 0x40010002, 0x0) 510.395399ms ago: executing program 0 (id=7525): semtimedop(0x0, &(0x7f0000000000)=[{0x1, 0x8000, 0x1800}], 0x1, &(0x7f0000000200)={0x0, 0x3938700}) 510.036128ms ago: executing program 0 (id=7526): r0 = socket(0x80000000000000a, 0x2, 0x0) r1 = io_uring_setup(0x12b9, &(0x7f00000002c0)={0x0, 0x6fb, 0x810, 0xfffffffb, 0x1008168}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) r3 = dup(r2) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4, 0x0, 0x0, 0x1b, "0062ba7d820700000000000000000000096304"}) r4 = syz_open_pts(r2, 0x80) ioctl$TCSETS(r2, 0x5402, &(0x7f00000000c0)={0x8000, 0x8, 0x6, 0xffffffed, 0x1, "135825f1a6c51de48aaf7b2ce6252f0b5add77"}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r5 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0xc8df, 0xc000, 0xa, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r6 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0) r7 = dup3(r4, r2, 0x80000) r8 = accept$unix(r7, &(0x7f0000000180), &(0x7f0000000100)=0x6e) fremovexattr(r8, &(0x7f0000000200)=@known='trusted.overlay.nlink\x00') read(r2, &(0x7f00000005c0)=""/228, 0xe4) write$binfmt_script(r3, &(0x7f0000000140)={'#! ', './file0'}, 0xb) close_range(r1, 0xffffffffffffffff, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) 472.9243ms ago: executing program 0 (id=7527): prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0) brk(0x200000ff8000) r0 = syz_open_procfs(0x0, &(0x7f000001a300)='pagemap\x00') madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) pread64(r0, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) epoll_create(0x29) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000), 0xffffff98) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)=@generic={&(0x7f0000000180)='./file1\x00', 0x0, 0x10}, 0x18) 458.01319ms ago: executing program 0 (id=7528): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000c40), 0x12) r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000001c0), 0x12) 401.668663ms ago: executing program 0 (id=7530): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r2 = io_uring_setup(0xc, &(0x7f0000000040)={0x0, 0xc8a1, 0xdb00, 0x8, 0x29}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) write(r1, &(0x7f0000000340), 0x11000) sendmmsg$inet6(r0, &(0x7f0000001c80)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x8000001, @private0, 0x3}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000440)="14", 0x1}], 0x1}}], 0x1, 0x931766f6319eed40) shutdown(r0, 0x1) 400.806123ms ago: executing program 6 (id=7534): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0) dup(0xffffffffffffffff) creat(&(0x7f0000000240)='./file0\x00', 0x122) openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x1, 0x29) 352.784135ms ago: executing program 0 (id=7535): fallocate(0xffffffffffffffff, 0x20, 0x40000, 0x1000f4) r0 = memfd_secret(0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') fcntl$setlease(r0, 0x400, 0x1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0xffffff2f) sendto$inet(r2, &(0x7f0000000340)="8fb5e617108c3d1787c8b0041122c09c27edb19fdd776c430800000034fbb53cada507cf308da34e306754e493be71d3c8d49334d5fcc13de61affe4a0ec7a143d8e66c1576511a2e137a9b6f1963d52fbfadd20ddded10ea0afc796457dc6c97e54a267813c", 0x66, 0x4008000, 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r2, 0x8030942b, &(0x7f0000000300)={0x18000000000000, {0x1, 0x52, 0x9, 0x0, 0x9e}}) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0x40082104, &(0x7f00000003c0)) ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000040)) getsockopt$EBT_SO_GET_ENTRIES(r2, 0x0, 0x81, &(0x7f0000000240)={'filter\x00', 0x0, 0x4, 0x4b, [0x40, 0x2, 0x4, 0x19, 0xc, 0x4], 0x6, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}], &(0x7f00000001c0)=""/75}, &(0x7f00000002c0)=0x78) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x98) fcntl$setlease(r4, 0x400, 0x0) fcntl$getown(r4, 0x9) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) close(0x3) socket(0x2, 0x80805, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r5, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)}, &(0x7f0000000140)=0x10) 352.418675ms ago: executing program 1 (id=7536): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x17ba, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0xa, 0x20002fb}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x21, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 282.200768ms ago: executing program 1 (id=7537): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x400, 0x33}}}}]}, 0x44}}, 0x20040084) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000800)=@newqdisc={0x44, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffdfdfc, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xb, 0xfff2}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x2, 0x1, 0x3}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) 263.296589ms ago: executing program 1 (id=7538): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x100000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = socket(0x2, 0x80805, 0x0) setsockopt(r0, 0x84, 0x7c, &(0x7f0000000440)="00000800b9000000", 0x63) 246.669909ms ago: executing program 1 (id=7539): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x970, 0x1f480, 0x0, 0x399}) io_uring_enter(r0, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd) 158.149324ms ago: executing program 1 (id=7540): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000c40), 0x12) r2 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) r3 = fsmount(r2, 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000001c0), 0x12) 157.674644ms ago: executing program 5 (id=7541): r0 = socket(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x13, @local, 0x2}, 0x1c) listen(r0, 0x7f) syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0xff6f}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) set_mempolicy(0x2, &(0x7f0000000040)=0x4, 0x4) r1 = io_uring_setup(0x833, &(0x7f0000000080)={0x0, 0x92bc, 0x400}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "000200", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc0, 0x0, 0x0, 0x0, {[@generic={0x8, 0x2}]}}}}}}}}, 0x0) 157.451984ms ago: executing program 1 (id=7542): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000040)="0000116d00150000000000", 0xffffffffffffff90, 0x10008095, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x400, 0x4) 125.701455ms ago: executing program 5 (id=7543): r0 = socket$inet(0x2, 0xa, 0x1000000) connect$inet(r0, 0x0, 0x0) 109.960095ms ago: executing program 5 (id=7544): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e24, 0xf1, @empty, 0x19f49a9}], 0x1c) listen(r0, 0x100) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000300)="d9", 0xff82}], 0x1, &(0x7f0000000280)=[@dstaddrv4={0x18, 0x84, 0x7, @local}], 0x18, 0x48d5}, 0x8050) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e24, @local}}}, 0x84) 46.169399ms ago: executing program 5 (id=7545): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x400000000000247, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000ec0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x40) 0s ago: executing program 3 (id=7546): r0 = socket$inet_sctp(0x2, 0x5, 0x84) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300), 0x13f, 0x9}}, 0x20) add_key$fscrypt_v1(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffd) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x1, &(0x7f0000000300)=[{0x6, 0xb5, 0x1, 0x5}]}) socket$vsock_stream(0x28, 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 460.354775][T10823] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.364514][T10823] netdevsim netdevsim5 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 460.402871][T10850] loop6: detected capacity change from 0 to 512 [ 460.411102][T10850] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 460.422629][T10850] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 460.432734][T10850] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.6801: Corrupt directory, running e2fsck is recommended [ 460.445834][T10850] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117 [ 460.454317][T10850] EXT4-fs error (device loop6): ext4_iget_extra_inode:5075: inode #15: comm syz.6.6801: corrupted in-inode xattr: invalid ea_ino [ 460.472780][T10850] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.6801: couldn't read orphan inode 15 (err -117) [ 460.484845][ T12] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 460.493086][ T12] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 460.496343][T10850] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 460.501377][ T12] netdevsim netdevsim5 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 460.524089][ T12] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 460.532296][ T12] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 460.540610][ T12] netdevsim netdevsim5 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 460.560212][T10850] bond6: entered promiscuous mode [ 460.565699][ T12] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 460.573928][ T12] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 460.581248][T10902] SELinux: policydb version -1411311999 does not match my version range 15-35 [ 460.582444][ T12] netdevsim netdevsim5 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 460.591656][T10902] SELinux: failed to load policy [ 460.630459][T10903] lo speed is unknown, defaulting to 1000 [ 460.648391][ T12] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 460.656669][ T12] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 460.665033][ T12] netdevsim netdevsim5 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 460.712714][T10850] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 460.724284][T10850] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 460.734387][T10850] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.6801: Corrupt directory, running e2fsck is recommended [ 460.750101][T10850] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 3: comm syz.6.6801: path /106/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 460.782706][T10850] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 64: comm syz.6.6801: path /106/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 460.816824][T10933] loop5: detected capacity change from 0 to 2048 [ 460.823538][ T29] kauditd_printk_skb: 320 callbacks suppressed [ 460.823551][ T29] audit: type=1326 audit(524761.941:46586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10828 comm="syz.3.6797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 460.823969][T10933] EXT4-fs: quotafile must be on filesystem root [ 460.853044][ T29] audit: type=1326 audit(524761.973:46587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10828 comm="syz.3.6797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 460.884359][ T29] audit: type=1326 audit(524761.994:46588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10828 comm="syz.3.6797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 460.907966][ T29] audit: type=1326 audit(524762.025:46589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10828 comm="syz.3.6797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 460.935299][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 460.945339][ T29] audit: type=1326 audit(524762.046:46590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10828 comm="syz.3.6797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 460.968680][ T29] audit: type=1326 audit(524762.067:46591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10828 comm="syz.3.6797" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 460.987968][T10950] loop5: detected capacity change from 0 to 512 [ 461.003670][ T29] audit: type=1400 audit(524762.120:46592): avc: denied { mounton } for pid=10949 comm="syz.5.6813" path="/410/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=2206 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 461.047453][T10950] EXT4-fs: Ignoring removed orlov option [ 461.053752][T10950] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 461.053978][ T29] audit: type=1400 audit(524762.141:46593): avc: denied { read write } for pid=9298 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 461.076805][T10950] EXT4-fs error (device loop5): ext4_iget_extra_inode:5075: inode #15: comm syz.5.6813: corrupted in-inode xattr: e_value size too large [ 461.085868][ T29] audit: type=1400 audit(524762.141:46594): avc: denied { open } for pid=9298 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 461.100164][T10950] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.6813: couldn't read orphan inode 15 (err -117) [ 461.123778][ T29] audit: type=1400 audit(524762.141:46595): avc: denied { ioctl } for pid=9298 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 461.136844][T10950] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 461.180047][T10957] loop6: detected capacity change from 0 to 512 [ 461.193111][T10957] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.6811: bg 0: block 248: padding at end of block bitmap is not set [ 461.208526][T10957] EXT4-fs error (device loop6): ext4_acquire_dquot:6945: comm syz.6.6811: Failed to acquire dquot type 1 [ 461.209505][T31081] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 461.220959][T10957] EXT4-fs (loop6): 1 truncate cleaned up [ 461.235610][T10957] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 461.249250][T10955] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.298682][T10972] loop5: detected capacity change from 0 to 1024 [ 461.305683][T10972] EXT4-fs: Ignoring removed mblk_io_submit option [ 461.316985][T10972] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 461.330290][T10955] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.347258][T10972] SELinux: Context system_u:object_r:kmsg_device_t:s0 is not valid (left unmapped). [ 461.380594][T10955] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.403030][T31081] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 461.434169][T10955] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.473287][ T31] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.484711][ T31] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.497340][ T31] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.515714][ T31] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.638371][T11010] bond4: entered promiscuous mode [ 461.674825][T11049] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 461.716745][T11049] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 461.783663][T11055] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 461.807180][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 461.811081][T11049] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 461.853367][T11071] loop6: detected capacity change from 0 to 512 [ 461.860873][T11071] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 461.871539][T11049] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 461.872339][T11071] EXT4-fs (loop6): 1 truncate cleaned up [ 461.887882][T11071] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 461.908341][T11071] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6831'. [ 461.925413][ T12] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 461.942596][ T12] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 461.957959][ T12] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 461.974472][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 461.991848][ T12] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 462.061897][T11098] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.6836' sets config #1 [ 462.077833][T11098] lo speed is unknown, defaulting to 1000 [ 462.375172][T11151] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 462.394303][T11147] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 462.442910][T11159] vlan1: entered promiscuous mode [ 462.443007][T11159] macvtap0: entered promiscuous mode [ 462.452240][T11157] loop3: detected capacity change from 0 to 1024 [ 462.452840][T11157] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 462.452878][T11157] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 462.453549][T11157] JBD2: no valid journal superblock found [ 462.453558][T11157] EXT4-fs (loop3): Could not load journal inode [ 462.501861][T11172] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 462.556400][T11172] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 462.599388][T11172] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 462.650620][T11172] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 462.841039][T11204] loop6: detected capacity change from 0 to 512 [ 462.851273][T11204] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 462.866099][T11204] EXT4-fs error (device loop6): ext4_xattr_block_get:597: inode #12: comm syz.6.6852: corrupted xattr block 6: invalid header [ 462.879698][T11204] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop6 ino=12 [ 462.888712][T11204] EXT4-fs error (device loop6): ext4_xattr_block_get:597: inode #12: comm syz.6.6852: corrupted xattr block 6: invalid header [ 462.902161][T11204] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop6 ino=12 [ 462.911351][T11210] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 462.911873][T11204] EXT4-fs error (device loop6): ext4_xattr_block_get:597: inode #12: comm syz.6.6852: corrupted xattr block 6: invalid header [ 462.935202][T11204] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop6 ino=12 [ 462.944873][T11204] EXT4-fs error (device loop6): ext4_xattr_block_get:597: inode #12: comm syz.6.6852: corrupted xattr block 6: invalid header [ 462.958546][T11204] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop6 ino=12 [ 462.967816][T11204] EXT4-fs error (device loop6): ext4_xattr_block_get:597: inode #12: comm syz.6.6852: corrupted xattr block 6: invalid header [ 462.981338][T11204] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop6 ino=12 [ 462.991195][T11204] EXT4-fs error (device loop6): ext4_xattr_block_get:597: inode #12: comm syz.6.6852: corrupted xattr block 6: invalid header [ 463.018893][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 463.041118][T11220] loop6: detected capacity change from 0 to 128 [ 463.049268][T11220] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 463.139960][ T135] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 463.152465][ T31] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 463.164716][ T31] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 463.176224][ T31] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 463.280628][T11245] loop3: detected capacity change from 0 to 512 [ 463.307494][T11245] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 463.319099][T11245] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 463.329260][T11245] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.6860: Corrupt directory, running e2fsck is recommended [ 463.344766][T11245] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 463.363443][T11245] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.6860: corrupted in-inode xattr: invalid ea_ino [ 463.384160][T11245] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.6860: couldn't read orphan inode 15 (err -117) [ 463.407933][ T6945] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 463.417499][T11245] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 463.448302][T11245] bond2: entered promiscuous mode [ 463.461665][T11293] loop6: detected capacity change from 0 to 512 [ 463.481435][T11293] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 463.499981][T11245] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 463.511659][T11245] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 463.521748][T11245] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.6860: Corrupt directory, running e2fsck is recommended [ 463.536076][T11293] EXT4-fs (loop6): 1 truncate cleaned up [ 463.542191][T11293] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 463.559745][T11245] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.6860: path /49/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 463.580715][T11293] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6864'. [ 463.622975][T11245] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 64: comm syz.3.6860: path /49/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 463.669531][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 463.741939][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 463.763219][T11305] netlink: 36 bytes leftover after parsing attributes in process `syz.6.6867'. [ 463.777790][T11309] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.826396][T11319] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 463.826703][T11320] loop6: detected capacity change from 0 to 1024 [ 463.842190][T11309] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.854274][T11320] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 463.865331][T11320] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 463.877598][T11320] JBD2: no valid journal superblock found [ 463.883415][T11320] EXT4-fs (loop6): Could not load journal inode [ 463.908717][T11309] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.955712][T11309] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.990247][T11340] netlink: 'syz.0.6872': attribute type 10 has an invalid length. [ 464.008095][T11340] lo speed is unknown, defaulting to 1000 [ 464.577386][T11378] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6876'. [ 464.644237][T11384] bond4: entered promiscuous mode [ 464.727337][ T23] hid_parser_main: 8 callbacks suppressed [ 464.727353][ T23] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0 [ 464.727379][ T23] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0 [ 464.727432][ T23] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0 [ 464.727458][ T23] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0 [ 464.727480][ T23] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0 [ 464.727573][ T23] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0 [ 464.727594][ T23] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0 [ 464.727744][ T23] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0 [ 464.727859][ T23] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0 [ 464.780933][T11431] netlink: 'syz.1.6882': attribute type 1 has an invalid length. [ 464.785450][ T23] hid-generic 0003:0004:0000.0033: unknown main item tag 0x0 [ 464.820624][ T23] hid-generic 0003:0004:0000.0033: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 464.890434][T11431] macvlan2: entered promiscuous mode [ 464.895745][T11431] macvlan2: entered allmulticast mode [ 464.896331][T11431] bond5: entered promiscuous mode [ 464.896576][T11431] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 464.897630][T11431] bond5: left promiscuous mode [ 464.983050][T11425] loop6: detected capacity change from 0 to 32768 [ 464.999659][ T335] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.003423][ T335] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.032021][T11425] loop6: p1 p2 p3 < p5 p6 > [ 465.039251][ T335] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.040999][T11425] loop6: p1 size 242222080 extends beyond EOD, truncated [ 465.047832][ T335] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 465.063645][T11425] loop6: p2 start 4294967295 is beyond EOD, truncated [ 465.089116][T11497] loop3: detected capacity change from 0 to 512 [ 465.112186][T11497] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 465.148742][T11509] loop5: detected capacity change from 0 to 1024 [ 465.151125][T11497] EXT4-fs (loop3): 1 truncate cleaned up [ 465.157781][T11509] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 465.171822][T11509] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 465.172334][T11497] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 465.182243][T11509] JBD2: no valid journal superblock found [ 465.199237][T11509] EXT4-fs (loop5): Could not load journal inode [ 465.243290][T11497] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6885'. [ 465.679263][ T29] kauditd_printk_skb: 464 callbacks suppressed [ 465.679279][ T29] audit: type=1326 audit(524768.026:47058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11549 comm="syz.1.6897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 465.679327][ T29] audit: type=1326 audit(524768.026:47059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11549 comm="syz.1.6897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 465.685568][ T29] audit: type=1326 audit(524768.026:47060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11549 comm="syz.1.6897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 465.685599][ T29] audit: type=1326 audit(524768.026:47061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11549 comm="syz.1.6897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 465.685744][ T29] audit: type=1326 audit(524768.026:47062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11549 comm="syz.1.6897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 465.685847][ T29] audit: type=1326 audit(524768.026:47063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11549 comm="syz.1.6897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 465.709704][ T29] audit: type=1326 audit(524768.068:47064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11549 comm="syz.1.6897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 465.717469][ T29] audit: type=1326 audit(524768.068:47065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11549 comm="syz.1.6897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 465.964159][T11562] loop5: detected capacity change from 0 to 512 [ 465.964822][T11562] EXT4-fs: Ignoring removed orlov option [ 465.978420][T11562] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 465.988861][T11562] EXT4-fs error (device loop5): ext4_iget_extra_inode:5075: inode #15: comm syz.5.6899: corrupted in-inode xattr: e_value size too large [ 465.989460][T11562] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.6899: couldn't read orphan inode 15 (err -117) [ 466.139074][ T29] audit: type=1326 audit(524768.509:47066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11569 comm="syz.1.6901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 466.139485][ T29] audit: type=1326 audit(524768.509:47067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11569 comm="syz.1.6901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 466.150049][T11575] loop5: detected capacity change from 0 to 512 [ 466.176579][T11576] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 466.481960][T11593] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6908'. [ 466.514317][T11593] siw: device registration error -23 [ 466.542647][T11602] loop5: detected capacity change from 0 to 1024 [ 466.549771][T11602] EXT4-fs: Ignoring removed oldalloc option [ 466.555714][T11602] EXT4-fs: Ignoring removed bh option [ 466.775684][T11623] loop5: detected capacity change from 0 to 1024 [ 466.783993][T11623] EXT4-fs warning (device loop5): ext4_enable_quotas:7180: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 466.786999][T11625] syz_tun: entered allmulticast mode [ 466.799478][T11623] EXT4-fs (loop5): mount failed [ 466.823868][T11624] syz_tun: left allmulticast mode [ 466.838427][T11632] loop5: detected capacity change from 0 to 512 [ 466.845498][T11632] journal_path: Lookup failure for './file1' [ 466.851564][T11632] EXT4-fs: error: could not find journal device path [ 466.863513][T11632] netlink: 16 bytes leftover after parsing attributes in process `+HdbŠõ¦îZÐÚúy¥ '. [ 466.878162][T11639] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11639 comm=syz.6.6920 [ 466.915704][T11645] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6921'. [ 466.950635][T11645] siw: device registration error -23 [ 467.389085][T11674] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 467.429627][T11683] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6934'. [ 467.507970][T11683] siw: device registration error -23 [ 467.588021][T11698] bond6: entered promiscuous mode [ 467.646149][T11700] netlink: 'syz.0.6941': attribute type 2 has an invalid length. [ 467.696460][ T23] IPVS: starting estimator thread 0... [ 467.786299][T11750] IPVS: using max 2736 ests per chain, 136800 per kthread [ 467.793814][T11757] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 467.813347][T11758] lo speed is unknown, defaulting to 1000 [ 467.839288][T11758] FAULT_INJECTION: forcing a failure. [ 467.839288][T11758] name failslab, interval 1, probability 0, space 0, times 0 [ 467.851971][T11758] CPU: 1 UID: 0 PID: 11758 Comm: syz.0.6946 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 467.852004][T11758] Tainted: [W]=WARN [ 467.852010][T11758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 467.852022][T11758] Call Trace: [ 467.852028][T11758] [ 467.852036][T11758] __dump_stack+0x1d/0x30 [ 467.852057][T11758] dump_stack_lvl+0xe8/0x140 [ 467.852137][T11758] dump_stack+0x15/0x1b [ 467.852222][T11758] should_fail_ex+0x265/0x280 [ 467.852256][T11758] should_failslab+0x8c/0xb0 [ 467.852281][T11758] kmem_cache_alloc_noprof+0x50/0x480 [ 467.852312][T11758] ? skb_clone+0x151/0x1f0 [ 467.852394][T11758] skb_clone+0x151/0x1f0 [ 467.852411][T11758] __netlink_deliver_tap+0x2c9/0x500 [ 467.852497][T11758] netlink_unicast+0x66b/0x690 [ 467.852543][T11758] netlink_sendmsg+0x58b/0x6b0 [ 467.852623][T11758] ? __pfx_netlink_sendmsg+0x10/0x10 [ 467.852642][T11758] __sock_sendmsg+0x145/0x180 [ 467.852664][T11758] ____sys_sendmsg+0x31e/0x4e0 [ 467.852685][T11758] ___sys_sendmsg+0x17b/0x1d0 [ 467.852753][T11758] __x64_sys_sendmsg+0xd4/0x160 [ 467.852778][T11758] x64_sys_call+0x191e/0x3000 [ 467.852798][T11758] do_syscall_64+0xd2/0x200 [ 467.852817][T11758] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 467.852842][T11758] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 467.852921][T11758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.852942][T11758] RIP: 0033:0x7f0eef21f749 [ 467.852956][T11758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 467.852973][T11758] RSP: 002b:00007f0eedc87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 467.853045][T11758] RAX: ffffffffffffffda RBX: 00007f0eef475fa0 RCX: 00007f0eef21f749 [ 467.853058][T11758] RDX: 0000000020008010 RSI: 00002000000002c0 RDI: 000000000000000a [ 467.853070][T11758] RBP: 00007f0eedc87090 R08: 0000000000000000 R09: 0000000000000000 [ 467.853081][T11758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 467.853150][T11758] R13: 00007f0eef476038 R14: 00007f0eef475fa0 R15: 00007ffc6f3c65f8 [ 467.853171][T11758] [ 468.105134][T11785] loop6: detected capacity change from 0 to 128 [ 468.112090][T11785] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 468.125599][T11785] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 468.142249][T11788] netlink: 'syz.3.6949': attribute type 1 has an invalid length. [ 468.150024][T11788] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6949'. [ 468.170577][ T31] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 468.233218][T11801] netlink: 36 bytes leftover after parsing attributes in process `syz.6.6952'. [ 468.281211][T11809] loop3: detected capacity change from 0 to 512 [ 468.298931][T11809] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 468.305718][T11813] loop6: detected capacity change from 0 to 512 [ 468.310498][T11809] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 468.327034][T11809] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.6955: Corrupt directory, running e2fsck is recommended [ 468.340220][T11813] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 468.350516][T11809] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 468.362719][T11809] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.6955: corrupted in-inode xattr: invalid ea_ino [ 468.377384][T11813] EXT4-fs (loop6): 1 truncate cleaned up [ 468.381748][T11809] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.6955: couldn't read orphan inode 15 (err -117) [ 468.410638][T11809] bond3: entered promiscuous mode [ 468.416334][T11813] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6956'. [ 468.494162][T11809] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 468.505720][T11809] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 468.515908][T11809] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.6955: Corrupt directory, running e2fsck is recommended [ 468.516413][T11809] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.6955: path /62/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 468.516617][T11809] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 64: comm syz.3.6955: path /62/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 468.610445][T11875] netlink: 'syz.6.6964': attribute type 1 has an invalid length. [ 468.618283][T11875] netlink: 224 bytes leftover after parsing attributes in process `syz.6.6964'. [ 468.619357][T11873] loop3: detected capacity change from 0 to 164 [ 468.619561][T11873] iso9660: Unknown parameter '18446744073709551615' [ 468.662438][T11883] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6966'. [ 468.941806][T11903] loop3: detected capacity change from 0 to 256 [ 468.942307][T11903] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 469.043775][T11908] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 469.063388][T11911] loop3: detected capacity change from 0 to 512 [ 469.070907][T11911] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 469.070936][T11911] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 469.071034][T11911] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.6973: Corrupt directory, running e2fsck is recommended [ 469.071113][T11911] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 469.071201][T11911] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.6973: corrupted in-inode xattr: invalid ea_ino [ 469.071326][T11911] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.6973: couldn't read orphan inode 15 (err -117) [ 469.151691][T11911] bond4: entered promiscuous mode [ 469.184769][T11911] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 469.184869][T11911] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 469.184887][T11911] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.6973: Corrupt directory, running e2fsck is recommended [ 469.185006][T11911] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.6973: path /69/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 469.185419][T11911] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 64: comm syz.3.6973: path /69/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 469.360344][T11965] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6979'. [ 469.388449][T11965] siw: device registration error -23 [ 469.435746][T11974] loop6: detected capacity change from 0 to 256 [ 469.445760][T11974] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 469.464499][T11978] loop3: detected capacity change from 0 to 512 [ 469.471224][T11974] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 469.491811][T11978] EXT4-fs: Ignoring removed orlov option [ 469.497834][T11978] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 469.528231][T11978] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.6984: corrupted in-inode xattr: e_value size too large [ 469.568732][T11978] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.6984: couldn't read orphan inode 15 (err -117) [ 469.640352][T11990] loop3: detected capacity change from 0 to 512 [ 469.651374][T11990] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 469.662933][T11990] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 469.662956][T11990] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.6987: Corrupt directory, running e2fsck is recommended [ 469.684581][T11990] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 469.684744][T11990] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.6987: corrupted in-inode xattr: invalid ea_ino [ 469.684864][T11990] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.6987: couldn't read orphan inode 15 (err -117) [ 469.732474][T11990] bond5: entered promiscuous mode [ 469.812307][T11990] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 469.812338][T11990] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 469.812357][T11990] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.6987: Corrupt directory, running e2fsck is recommended [ 469.812463][T11990] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.6987: path /73/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 469.812708][T11990] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 64: comm syz.3.6987: path /73/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 469.989598][T12043] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 470.045567][T12052] Cannot find del_set index 0 as target [ 470.439100][T12071] netdevsim netdevsim5 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 470.448968][T12071] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 470.458855][T12071] netdevsim netdevsim5 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 470.524940][T12071] netdevsim netdevsim5 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 470.534790][T12071] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 470.544774][T12071] netdevsim netdevsim5 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 470.599539][T12071] netdevsim netdevsim5 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 470.609426][T12071] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 470.619268][T12071] netdevsim netdevsim5 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 470.631142][T12077] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 470.650412][T12086] bond7: entered promiscuous mode [ 470.666567][T12071] netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 470.676803][T12071] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 470.686835][T12071] netdevsim netdevsim5 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 470.713045][ T29] kauditd_printk_skb: 439 callbacks suppressed [ 470.713057][ T29] audit: type=1400 audit(2000000004.795:47506): avc: denied { read } for pid=12124 comm="syz.0.7005" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 470.743054][ T29] audit: type=1400 audit(2000000004.795:47507): avc: denied { open } for pid=12124 comm="syz.0.7005" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 470.767620][ T29] audit: type=1400 audit(2000000004.826:47508): avc: denied { ioctl } for pid=12124 comm="syz.0.7005" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 470.811696][ T342] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 470.819953][ T342] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 470.828300][ T342] netdevsim netdevsim5 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 470.842213][ T29] audit: type=1326 audit(2000000004.921:47509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.0.7007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eef21f749 code=0x7ffc0000 [ 470.847453][T12131] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7007'. [ 470.866103][ T29] audit: type=1326 audit(2000000004.921:47510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.0.7007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eef21f749 code=0x7ffc0000 [ 470.899172][ T29] audit: type=1326 audit(2000000004.931:47511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.0.7007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0eef21f749 code=0x7ffc0000 [ 470.922724][ T342] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 470.922818][ T342] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 470.931026][ T29] audit: type=1326 audit(2000000004.931:47512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.0.7007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eef21f749 code=0x7ffc0000 [ 470.939239][ T342] netdevsim netdevsim5 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 470.962769][ T29] audit: type=1326 audit(2000000004.931:47513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.0.7007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eef21f749 code=0x7ffc0000 [ 470.994521][ T29] audit: type=1326 audit(2000000004.931:47514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.0.7007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0eef21f749 code=0x7ffc0000 [ 471.017988][ T29] audit: type=1326 audit(2000000004.931:47515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12130 comm="syz.0.7007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0eef21f749 code=0x7ffc0000 [ 471.044352][ T342] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 471.052609][ T342] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 471.060930][ T342] netdevsim netdevsim5 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 471.074335][ T342] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 471.082653][ T342] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 471.090942][ T342] netdevsim netdevsim5 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 471.144492][T12147] loop6: detected capacity change from 0 to 1024 [ 471.160282][T12147] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 471.171207][T12147] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 471.199611][T12147] JBD2: no valid journal superblock found [ 471.205383][T12147] EXT4-fs (loop6): Could not load journal inode [ 471.233757][T12156] bond8: entered promiscuous mode [ 471.252833][T12197] x_tables: ip_tables: osf match: only valid for protocol 6 [ 471.256744][T12199] loop3: detected capacity change from 0 to 512 [ 471.267142][T12199] EXT4-fs: Ignoring removed orlov option [ 471.273108][T12199] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 471.294219][T12201] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7020'. [ 471.295320][T12199] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.7008: corrupted in-inode xattr: e_value size too large [ 471.318553][T12199] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.7008: couldn't read orphan inode 15 (err -117) [ 471.630596][T12227] syz.0.7025: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 471.645315][T12227] CPU: 1 UID: 0 PID: 12227 Comm: syz.0.7025 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 471.645349][T12227] Tainted: [W]=WARN [ 471.645356][T12227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 471.645370][T12227] Call Trace: [ 471.645377][T12227] [ 471.645384][T12227] __dump_stack+0x1d/0x30 [ 471.645472][T12227] dump_stack_lvl+0xe8/0x140 [ 471.645494][T12227] dump_stack+0x15/0x1b [ 471.645514][T12227] warn_alloc+0x12b/0x1a0 [ 471.645548][T12227] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 471.645610][T12227] __vmalloc_node_range_noprof+0x9d/0xed0 [ 471.645687][T12227] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 471.645707][T12227] ? slow_avc_audit+0x104/0x140 [ 471.645726][T12227] ? should_fail_ex+0x30/0x280 [ 471.645801][T12227] ? xskq_create+0x36/0xe0 [ 471.645816][T12227] vmalloc_user_noprof+0x7d/0xb0 [ 471.645904][T12227] ? xskq_create+0x80/0xe0 [ 471.645937][T12227] xskq_create+0x80/0xe0 [ 471.645950][T12227] xsk_init_queue+0x95/0xf0 [ 471.645962][T12227] xsk_setsockopt+0x3f5/0x640 [ 471.645975][T12227] ? __pfx_xsk_setsockopt+0x10/0x10 [ 471.646037][T12227] __sys_setsockopt+0x184/0x200 [ 471.646105][T12227] __x64_sys_setsockopt+0x64/0x80 [ 471.646123][T12227] x64_sys_call+0x20ec/0x3000 [ 471.646187][T12227] do_syscall_64+0xd2/0x200 [ 471.646253][T12227] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 471.646282][T12227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.646294][T12227] RIP: 0033:0x7f0eef21f749 [ 471.646304][T12227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.646341][T12227] RSP: 002b:00007f0eedc87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 471.646352][T12227] RAX: ffffffffffffffda RBX: 00007f0eef475fa0 RCX: 00007f0eef21f749 [ 471.646384][T12227] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007 [ 471.646391][T12227] RBP: 00007f0eef2a3f91 R08: 0000000000000004 R09: 0000000000000000 [ 471.646398][T12227] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 471.646405][T12227] R13: 00007f0eef476038 R14: 00007f0eef475fa0 R15: 00007ffc6f3c65f8 [ 471.646470][T12227] [ 471.646474][T12227] Mem-Info: [ 471.864008][T12227] active_anon:16206 inactive_anon:24 isolated_anon:0 [ 471.864008][T12227] active_file:26826 inactive_file:2891 isolated_file:0 [ 471.864008][T12227] unevictable:0 dirty:289 writeback:0 [ 471.864008][T12227] slab_reclaimable:3800 slab_unreclaimable:17760 [ 471.864008][T12227] mapped:32895 shmem:11435 pagetables:1767 [ 471.864008][T12227] sec_pagetables:0 bounce:0 [ 471.864008][T12227] kernel_misc_reclaimable:0 [ 471.864008][T12227] free:1775035 free_pcp:43893 free_cma:0 [ 471.909309][T12227] Node 0 active_anon:64916kB inactive_anon:96kB active_file:107304kB inactive_file:11564kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:131668kB dirty:1208kB writeback:0kB shmem:45668kB kernel_stack:4448kB pagetables:6960kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 471.936978][T12227] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 471.966647][T12227] lowmem_reserve[]: 0 2881 7859 7859 [ 471.972044][T12227] Node 0 DMA32 free:2945220kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2950256kB mlocked:0kB bounce:0kB free_pcp:5036kB local_pcp:3528kB free_cma:0kB [ 472.003459][T12227] lowmem_reserve[]: 0 0 4978 4978 [ 472.008576][T12227] Node 0 Normal free:4139460kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:64684kB inactive_anon:96kB active_file:107304kB inactive_file:11564kB unevictable:0kB writepending:1200kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:170496kB local_pcp:85312kB free_cma:0kB [ 472.042014][T12227] lowmem_reserve[]: 0 0 0 0 [ 472.046643][T12227] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 472.059324][T12227] Node 0 DMA32: 3*4kB (M) 3*8kB (M) 2*16kB (M) 2*32kB (M) 3*64kB (M) 3*128kB (M) 2*256kB (M) 4*512kB (M) 3*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2945220kB [ 472.075388][T12227] Node 0 Normal: 5715*4kB (UE) 3405*8kB (UME) 2345*16kB (UME) 1350*32kB (UME) 1165*64kB (UME) 709*128kB (UME) 233*256kB (UME) 114*512kB (UME) 66*1024kB (UME) 28*2048kB (UME) 879*4096kB (UM) = 4139460kB [ 472.095361][T12227] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 472.104700][T12227] 40895 total pagecache pages [ 472.109379][T12227] 27 pages in swap cache [ 472.113631][T12227] Free swap = 124888kB [ 472.117794][T12227] Total swap = 124996kB [ 472.121946][T12227] 2097051 pages RAM [ 472.125738][T12227] 0 pages HighMem/MovableOnly [ 472.130388][T12227] 81087 pages reserved [ 472.168059][T12238] FAULT_INJECTION: forcing a failure. [ 472.168059][T12238] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 472.181162][T12238] CPU: 1 UID: 0 PID: 12238 Comm: syz.0.7030 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 472.181199][T12238] Tainted: [W]=WARN [ 472.181206][T12238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 472.181219][T12238] Call Trace: [ 472.181228][T12238] [ 472.181236][T12238] __dump_stack+0x1d/0x30 [ 472.181258][T12238] dump_stack_lvl+0xe8/0x140 [ 472.181277][T12238] dump_stack+0x15/0x1b [ 472.181293][T12238] should_fail_ex+0x265/0x280 [ 472.181404][T12238] should_fail+0xb/0x20 [ 472.181419][T12238] should_fail_usercopy+0x1a/0x20 [ 472.181515][T12238] _copy_from_user+0x1c/0xb0 [ 472.181566][T12238] kstrtouint_from_user+0x69/0xf0 [ 472.181584][T12238] ? 0xffffffff81000000 [ 472.181597][T12238] ? selinux_file_permission+0x1e4/0x320 [ 472.181632][T12238] proc_fail_nth_write+0x50/0x160 [ 472.181733][T12238] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 472.181772][T12238] vfs_write+0x269/0x960 [ 472.181834][T12238] ? vfs_read+0x4e6/0x770 [ 472.181854][T12238] ? __rcu_read_unlock+0x4f/0x70 [ 472.181913][T12238] ? __fget_files+0x184/0x1c0 [ 472.181940][T12238] ksys_write+0xda/0x1a0 [ 472.181965][T12238] __x64_sys_write+0x40/0x50 [ 472.182054][T12238] x64_sys_call+0x2802/0x3000 [ 472.182074][T12238] do_syscall_64+0xd2/0x200 [ 472.182124][T12238] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 472.182147][T12238] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 472.182174][T12238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.182224][T12238] RIP: 0033:0x7f0eef21e1ff [ 472.182237][T12238] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 472.182253][T12238] RSP: 002b:00007f0eedc87030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 472.182270][T12238] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0eef21e1ff [ 472.182341][T12238] RDX: 0000000000000001 RSI: 00007f0eedc870a0 RDI: 0000000000000009 [ 472.182352][T12238] RBP: 00007f0eedc87090 R08: 0000000000000000 R09: 0000000000000000 [ 472.182421][T12238] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 472.182432][T12238] R13: 00007f0eef476038 R14: 00007f0eef475fa0 R15: 00007ffc6f3c65f8 [ 472.182448][T12238] [ 472.487763][T12254] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 472.497573][T12254] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 472.528589][T12251] bond9: entered promiscuous mode [ 472.552576][T12254] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 472.562455][T12254] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 472.619673][T12254] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 472.629503][T12254] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 472.686123][T12254] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 472.695949][T12254] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 472.698429][T12303] Cannot find del_set index 0 as target [ 472.792728][T12311] loop3: detected capacity change from 0 to 1024 [ 472.804596][T13126] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 472.812877][T13126] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.821537][T13126] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 472.829820][T13126] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.844754][T12311] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 472.860201][T13126] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 472.868462][T13126] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.877108][T12311] EXT4-fs (loop3): mount failed [ 472.881990][T13126] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 472.890389][T13126] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.965358][T12340] loop3: detected capacity change from 0 to 512 [ 472.994180][T12341] lo speed is unknown, defaulting to 1000 [ 473.113269][T12340] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 473.124831][T12340] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 473.134944][T12340] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.7049: Corrupt directory, running e2fsck is recommended [ 473.175085][T12340] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 473.201147][T12340] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.7049: corrupted in-inode xattr: invalid ea_ino [ 473.219061][T12340] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.7049: couldn't read orphan inode 15 (err -117) [ 473.260783][T12340] bond6: entered promiscuous mode [ 473.364066][T12340] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 473.375765][T12340] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 473.385850][T12340] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.7049: Corrupt directory, running e2fsck is recommended [ 473.402279][T12400] loop6: detected capacity change from 0 to 1024 [ 473.412558][T12400] EXT4-fs warning (device loop6): ext4_enable_quotas:7180: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 473.428066][T12400] EXT4-fs (loop6): mount failed [ 473.433251][T12340] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.7049: path /84/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 473.463520][T12340] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 64: comm syz.3.7049: path /84/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 473.744031][T12422] netlink: 'syz.0.7057': attribute type 1 has an invalid length. [ 473.751862][T12422] netlink: 224 bytes leftover after parsing attributes in process `syz.0.7057'. [ 473.781748][T12424] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 473.848101][T12431] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.869122][T12424] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 473.900515][T12440] bridge: RTM_NEWNEIGH with invalid ether address [ 473.933563][T12424] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 473.946466][T12431] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.978835][T12450] bond5: entered promiscuous mode [ 473.991051][T12424] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 474.020127][T12431] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.037071][T12489] vlan2: entered allmulticast mode [ 474.062504][T13126] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 474.073622][T13126] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 474.083273][T12431] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.101652][ T135] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 474.113181][ T135] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 474.135643][T12515] loop5: detected capacity change from 0 to 512 [ 474.146254][ T335] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.166058][ T335] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.184341][ T335] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.201858][ T335] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 474.238752][T12515] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 474.250386][T12515] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 474.260536][T12515] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.7068: Corrupt directory, running e2fsck is recommended [ 474.279158][T12515] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 474.287604][T12515] EXT4-fs error (device loop5): ext4_iget_extra_inode:5075: inode #15: comm syz.5.7068: corrupted in-inode xattr: invalid ea_ino [ 474.301224][T12515] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.7068: couldn't read orphan inode 15 (err -117) [ 474.324334][T12515] bond8: entered promiscuous mode [ 474.369611][T12515] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 474.381188][T12515] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 474.391322][T12515] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.7068: Corrupt directory, running e2fsck is recommended [ 474.404596][T12515] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 3: comm syz.5.7068: path /455/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 474.425823][T12515] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 64: comm syz.5.7068: path /455/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 474.491025][T12576] SELinux: policydb version -1411311999 does not match my version range 15-35 [ 474.500291][T12576] SELinux: failed to load policy [ 474.612595][T12584] syz_tun: entered allmulticast mode [ 474.730776][T12587] x_tables: ip_tables: osf match: only valid for protocol 6 [ 474.742615][T12587] loop5: detected capacity change from 0 to 512 [ 474.749479][T12587] EXT4-fs: Ignoring removed bh option [ 474.764670][T12587] ext4 filesystem being mounted at /457/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 474.883557][T12600] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 475.012768][T12614] x_tables: ip_tables: osf match: only valid for protocol 6 [ 475.024755][T12614] loop3: detected capacity change from 0 to 512 [ 475.038291][T12614] EXT4-fs: Ignoring removed bh option [ 475.060148][T12614] ext4 filesystem being mounted at /91/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 475.425418][T12641] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.479174][T12641] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.529171][T12641] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.585250][T12641] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.631631][T12655] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 475.631668][T12655] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.679295][T12655] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 475.679357][T12655] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.727494][T12655] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 475.737332][T12655] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.783958][T12655] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 475.784069][T12655] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.798142][T12674] loop5: detected capacity change from 0 to 1024 [ 475.813005][T12674] __quota_error: 171 callbacks suppressed [ 475.813020][T12674] Quota error (device loop5): v2_read_file_info: Number of blocks too big for quota file size (6144 > 256). [ 475.813102][T12674] EXT4-fs warning (device loop5): ext4_enable_quotas:7180: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 475.813165][T12674] EXT4-fs (loop5): mount failed [ 475.840353][T12680] loop5: detected capacity change from 0 to 512 [ 475.858685][T12680] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 475.858761][T12680] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 475.858777][T12680] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.7101: Corrupt directory, running e2fsck is recommended [ 475.858880][T12680] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 475.858953][T12680] EXT4-fs error (device loop5): ext4_iget_extra_inode:5075: inode #15: comm syz.5.7101: corrupted in-inode xattr: invalid ea_ino [ 475.859057][T12680] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.7101: couldn't read orphan inode 15 (err -117) [ 475.859476][T12680] EXT4-fs mount: 25 callbacks suppressed [ 475.859489][T12680] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 475.959156][T12680] bond9: entered promiscuous mode [ 476.005817][T12680] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 476.017420][T12680] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 476.027589][T12680] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.7101: Corrupt directory, running e2fsck is recommended [ 476.040891][T12680] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 3: comm syz.5.7101: path /463/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 476.061548][T12680] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 64: comm syz.5.7101: path /463/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 476.111611][T31081] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 476.171445][T12729] netlink: 36 bytes leftover after parsing attributes in process `syz.6.7105'. [ 476.415807][ T29] audit: type=1326 audit(2000000010.776:47685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12739 comm="syz.1.7108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 476.417804][T12744] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 476.439990][ T29] audit: type=1326 audit(2000000010.776:47686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12739 comm="syz.1.7108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 476.470666][ T29] audit: type=1326 audit(2000000010.776:47687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12739 comm="syz.1.7108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 476.494259][ T29] audit: type=1326 audit(2000000010.776:47688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12739 comm="syz.1.7108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 476.517852][ T29] audit: type=1326 audit(2000000010.776:47689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12739 comm="syz.1.7108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 476.541437][ T29] audit: type=1326 audit(2000000010.776:47690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12739 comm="syz.1.7108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 476.564892][ T29] audit: type=1326 audit(2000000010.776:47691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12739 comm="syz.1.7108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 476.588483][ T29] audit: type=1326 audit(2000000010.776:47692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12739 comm="syz.1.7108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 476.612328][ T29] audit: type=1326 audit(2000000010.776:47693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12739 comm="syz.1.7108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 476.680444][T12750] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.726427][T12750] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.773881][T12750] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.821671][T12750] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.873694][ T12] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.884927][ T12] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.895972][ T12] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.906972][ T12] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.931882][T12769] SELinux: policydb version -1411311999 does not match my version range 15-35 [ 476.940873][T12769] SELinux: failed to load policy [ 477.065616][T12772] loop6: detected capacity change from 0 to 512 [ 477.073704][T12772] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 477.085232][T12772] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 477.095421][T12772] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.7114: Corrupt directory, running e2fsck is recommended [ 477.108588][T12772] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117 [ 477.117104][T12772] EXT4-fs error (device loop6): ext4_iget_extra_inode:5075: inode #15: comm syz.6.7114: corrupted in-inode xattr: invalid ea_ino [ 477.130815][T12772] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.7114: couldn't read orphan inode 15 (err -117) [ 477.143433][T12772] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 477.166651][T12772] bond7: entered promiscuous mode [ 477.188322][ T12] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 477.196566][ T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.232882][ T12] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 477.241133][ T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.249535][ T12] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 477.257716][ T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.266369][ T12] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 477.274636][ T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.282988][T12827] lo: entered allmulticast mode [ 477.287954][T12824] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7117'. [ 477.289310][T12772] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 477.308498][T12772] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 477.318617][T12772] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.7114: Corrupt directory, running e2fsck is recommended [ 477.331945][T12772] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 3: comm syz.6.7114: path /164/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 477.347677][T12830] siw: device registration error -23 [ 477.362704][T12772] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 64: comm syz.6.7114: path /164/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 477.469981][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 477.560020][T12844] SELinux: policydb version -1411311999 does not match my version range 15-35 [ 477.569307][T12844] SELinux: failed to load policy [ 477.717479][T12855] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 477.730505][T12857] FAULT_INJECTION: forcing a failure. [ 477.730505][T12857] name failslab, interval 1, probability 0, space 0, times 0 [ 477.743188][T12857] CPU: 1 UID: 0 PID: 12857 Comm: syz.1.7127 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 477.743209][T12857] Tainted: [W]=WARN [ 477.743338][T12857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 477.743350][T12857] Call Trace: [ 477.743354][T12857] [ 477.743358][T12857] __dump_stack+0x1d/0x30 [ 477.743373][T12857] dump_stack_lvl+0xe8/0x140 [ 477.743385][T12857] dump_stack+0x15/0x1b [ 477.743395][T12857] should_fail_ex+0x265/0x280 [ 477.743447][T12857] should_failslab+0x8c/0xb0 [ 477.743464][T12857] __kmalloc_noprof+0xa5/0x570 [ 477.743481][T12857] ? sel_write_validatetrans+0x1c7/0x370 [ 477.743495][T12857] ? _copy_from_user+0x89/0xb0 [ 477.743590][T12857] sel_write_validatetrans+0x1c7/0x370 [ 477.743605][T12857] ? __pfx_sel_write_validatetrans+0x10/0x10 [ 477.743636][T12857] vfs_write+0x269/0x960 [ 477.743650][T12857] ? __rcu_read_unlock+0x4f/0x70 [ 477.743665][T12857] ? __fget_files+0x184/0x1c0 [ 477.743705][T12857] ksys_write+0xda/0x1a0 [ 477.743737][T12857] __x64_sys_write+0x40/0x50 [ 477.743763][T12857] x64_sys_call+0x2802/0x3000 [ 477.743785][T12857] do_syscall_64+0xd2/0x200 [ 477.743798][T12857] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 477.743814][T12857] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 477.743899][T12857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.743959][T12857] RIP: 0033:0x7fb05136f749 [ 477.743969][T12857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 477.743980][T12857] RSP: 002b:00007fb04fdcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 477.743992][T12857] RAX: ffffffffffffffda RBX: 00007fb0515c5fa0 RCX: 00007fb05136f749 [ 477.744000][T12857] RDX: 0000000000000079 RSI: 0000200000001cc0 RDI: 0000000000000006 [ 477.744007][T12857] RBP: 00007fb04fdcf090 R08: 0000000000000000 R09: 0000000000000000 [ 477.744062][T12857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 477.744069][T12857] R13: 00007fb0515c6038 R14: 00007fb0515c5fa0 R15: 00007fffdd824bc8 [ 477.744080][T12857] [ 477.954639][ T342] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.971329][ T342] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.982859][ T342] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.992487][ T342] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.010877][T12871] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7130'. [ 478.026971][T12873] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7131'. [ 478.054215][T12877] syz_tun: entered allmulticast mode [ 478.069576][T12879] bond10: entered promiscuous mode [ 478.189939][T12919] loop3: detected capacity change from 0 to 1024 [ 478.197071][T12919] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 478.208017][T12919] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 478.218634][T12919] JBD2: no valid journal superblock found [ 478.224416][T12919] EXT4-fs (loop3): Could not load journal inode [ 479.046182][T12952] loop3: detected capacity change from 0 to 512 [ 479.050351][T12952] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 479.103285][T12952] EXT4-fs (loop3): 1 truncate cleaned up [ 479.137151][T12952] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 479.153175][T12962] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 479.164301][T12958] netlink: 36 bytes leftover after parsing attributes in process `syz.6.7144'. [ 479.260257][T12952] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7143'. [ 479.312767][T12972] loop6: detected capacity change from 0 to 1024 [ 479.330144][T12972] EXT4-fs warning (device loop6): ext4_enable_quotas:7180: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 479.377686][T12972] EXT4-fs (loop6): mount failed [ 479.394116][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 479.456808][T12984] loop3: detected capacity change from 0 to 128 [ 479.588345][T12989] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 479.598222][T12989] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.667135][T12990] loop6: detected capacity change from 0 to 512 [ 479.766093][T12990] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 479.774337][T12990] EXT4-fs (loop6): orphan cleanup on readonly fs [ 479.783276][T12990] EXT4-fs error (device loop6): ext4_do_update_inode:5632: inode #16: comm +}[@: corrupted inode contents [ 479.796911][T12990] EXT4-fs error (device loop6): ext4_dirty_inode:6517: inode #16: comm +}[@: mark_inode_dirty error [ 479.808277][T12990] EXT4-fs error (device loop6): ext4_do_update_inode:5632: inode #16: comm +}[@: corrupted inode contents [ 479.820617][T12990] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #16: comm +}[@: mark_inode_dirty error [ 479.832154][T12990] EXT4-fs error (device loop6): ext4_do_update_inode:5632: inode #16: comm +}[@: corrupted inode contents [ 479.844176][T12990] EXT4-fs error (device loop6) in ext4_orphan_del:301: Corrupt filesystem [ 479.854424][T12990] EXT4-fs error (device loop6): ext4_do_update_inode:5632: inode #16: comm +}[@: corrupted inode contents [ 479.866968][T12990] EXT4-fs error (device loop6): ext4_truncate:4637: inode #16: comm +}[@: mark_inode_dirty error [ 479.878100][T12990] EXT4-fs error (device loop6) in ext4_process_orphan:343: Corrupt filesystem [ 479.887945][T12990] EXT4-fs (loop6): 1 truncate cleaned up [ 479.894516][T13126] EXT4-fs error (device loop6): ext4_release_dquot:6981: comm kworker/u8:10: Failed to release dquot type 1 [ 479.924192][T12990] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 479.936964][T12990] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 479.966200][T12986] lo speed is unknown, defaulting to 1000 [ 480.000987][T12989] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 480.010867][T12989] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.090290][T12989] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 480.100129][T12989] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.177241][T12989] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 480.187089][T12989] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.207888][T13034] loop5: detected capacity change from 0 to 512 [ 480.209644][T13033] netlink: 56 bytes leftover after parsing attributes in process `syz.1.7155'. [ 480.214579][T13034] EXT4-fs: Ignoring removed orlov option [ 480.228328][T13033] tipc: Started in network mode [ 480.229350][T13034] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 480.233694][T13033] tipc: Node identity 4, cluster identity 4711 [ 480.233705][T13033] tipc: Node number set to 4 [ 480.242974][T13034] EXT4-fs error (device loop5): ext4_iget_extra_inode:5075: inode #15: comm syz.5.7156: corrupted in-inode xattr: e_value size too large [ 480.267731][T13034] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.7156: couldn't read orphan inode 15 (err -117) [ 480.280943][T13034] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 480.320249][T31081] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 480.333083][T13040] Cannot find del_set index 0 as target [ 480.348797][T13045] x_tables: ip_tables: osf match: only valid for protocol 6 [ 480.375802][T13045] loop3: detected capacity change from 0 to 512 [ 480.386585][T13045] EXT4-fs: Ignoring removed bh option [ 480.403002][T13058] loop6: detected capacity change from 0 to 512 [ 480.403288][T13045] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 480.423728][T13045] ext4 filesystem being mounted at /101/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 480.434318][T13058] EXT4-fs (loop6): can't read group descriptor 0 [ 480.490003][T13058] loop6: detected capacity change from 0 to 4096 [ 480.496681][T13058] EXT4-fs: Ignoring removed nomblk_io_submit option [ 480.505013][T13058] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 480.537306][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 481.177699][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 481.198205][T13082] loop3: detected capacity change from 0 to 512 [ 481.205272][T13082] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 481.216444][T13082] EXT4-fs (loop3): 1 truncate cleaned up [ 481.222599][T13082] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 481.239220][ T29] kauditd_printk_skb: 5621 callbacks suppressed [ 481.239234][ T29] audit: type=1326 audit(2000000015.833:53313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.3.7165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 481.240738][T13082] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7165'. [ 481.251884][ T29] audit: type=1326 audit(2000000015.833:53314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.3.7165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 481.301656][ T29] audit: type=1326 audit(2000000015.833:53315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.3.7165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 481.325331][ T29] audit: type=1326 audit(2000000015.833:53316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.3.7165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 481.348843][ T29] audit: type=1326 audit(2000000015.833:53317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.3.7165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 481.372400][ T29] audit: type=1326 audit(2000000015.833:53318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.3.7165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 481.395908][ T29] audit: type=1326 audit(2000000015.833:53319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.3.7165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 481.419458][ T29] audit: type=1326 audit(2000000015.833:53320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.3.7165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 481.442908][ T29] audit: type=1326 audit(2000000015.833:53321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.3.7165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 481.466576][ T29] audit: type=1326 audit(2000000015.833:53322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13081 comm="syz.3.7165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 481.502118][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 481.569905][T13100] loop3: detected capacity change from 0 to 512 [ 481.576701][T13100] EXT4-fs: Ignoring removed orlov option [ 481.582583][T13100] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 481.591532][T13100] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.7170: corrupted in-inode xattr: e_value size too large [ 481.605988][T13100] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.7170: couldn't read orphan inode 15 (err -117) [ 481.618414][T13100] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 481.643053][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 481.664594][T13108] vlan2: entered allmulticast mode [ 481.669766][T13108] dummy0: entered allmulticast mode [ 481.710729][T13113] tracefs: Unknown parameter 'fsname' [ 481.736659][T13115] loop6: detected capacity change from 0 to 1024 [ 481.737229][T13117] loop3: detected capacity change from 0 to 512 [ 481.743973][T13115] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 481.751301][T13117] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 481.760273][T13115] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 481.771736][T13117] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 481.783658][T13115] JBD2: no valid journal superblock found [ 481.791510][T13117] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.7173: Corrupt directory, running e2fsck is recommended [ 481.797138][T13115] EXT4-fs (loop6): Could not load journal inode [ 481.810640][T13117] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 481.824758][T13117] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.7173: corrupted in-inode xattr: invalid ea_ino [ 481.838309][T13117] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.7173: couldn't read orphan inode 15 (err -117) [ 481.850628][T13117] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 481.863348][T12775] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 481.876387][T13117] bond7: entered promiscuous mode [ 481.919938][T13117] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 481.931456][T13117] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 481.941536][T13117] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.7173: Corrupt directory, running e2fsck is recommended [ 481.954649][T13117] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.7173: path /106/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 481.974774][T13117] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 64: comm syz.3.7173: path /106/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 482.009458][ T12] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 482.017731][ T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.030004][ T12] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 482.038223][ T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.047259][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 482.056642][ T12] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 482.064872][ T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.074865][ T12] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 482.075569][T13172] Cannot find del_set index 0 as target [ 482.083174][ T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.104012][T13176] loop3: detected capacity change from 0 to 1024 [ 482.111926][T13176] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 482.126826][T13176] EXT4-fs (loop3): mount failed [ 482.353557][T13190] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7178'. [ 482.436316][T13201] bond11: entered promiscuous mode [ 482.542290][T13242] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.587293][T13242] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.636683][T13242] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.683113][T13242] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.703676][T13250] dvmrp1: entered allmulticast mode [ 482.738393][ T135] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.749854][ T31] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.760998][ T31] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.772778][ T135] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.079423][T13290] loop6: detected capacity change from 0 to 1024 [ 483.086530][T13290] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 483.097046][T13296] SELinux: policydb version -1411311999 does not match my version range 15-35 [ 483.097514][T13290] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 483.106594][T13296] SELinux: failed to load policy [ 483.116743][T13290] JBD2: no valid journal superblock found [ 483.126728][T13290] EXT4-fs (loop6): Could not load journal inode [ 483.346427][T13316] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7200'. [ 483.381019][T13325] x_tables: ip_tables: osf match: only valid for protocol 6 [ 483.391857][T13325] loop3: detected capacity change from 0 to 512 [ 483.398470][T13325] EXT4-fs: Ignoring removed bh option [ 483.415479][T13325] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 483.429975][T13325] ext4 filesystem being mounted at /114/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 483.651678][T13334] syz_tun: entered allmulticast mode [ 483.753358][T13339] netlink: 14 bytes leftover after parsing attributes in process `syz.5.7206'. [ 483.762556][T13339] hsr_slave_0: left promiscuous mode [ 483.768532][T13339] hsr_slave_1: left promiscuous mode [ 483.877400][T13345] netdevsim netdevsim5 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 483.887252][T13345] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 483.897114][T13345] netdevsim netdevsim5 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 483.908738][T13349] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7209'. [ 483.917861][T13349] netlink: 32 bytes leftover after parsing attributes in process `syz.6.7209'. [ 483.927068][T13349] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7209'. [ 483.935941][T13349] netlink: 2 bytes leftover after parsing attributes in process `syz.6.7209'. [ 483.945178][T13349] netlink: 32 bytes leftover after parsing attributes in process `syz.6.7209'. [ 483.956633][T13345] netdevsim netdevsim5 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 483.966466][T13345] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 483.976318][T13345] netdevsim netdevsim5 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 483.987740][T13356] FAULT_INJECTION: forcing a failure. [ 483.987740][T13356] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 484.000997][T13356] CPU: 0 UID: 0 PID: 13356 Comm: syz.0.7211 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 484.001028][T13356] Tainted: [W]=WARN [ 484.001034][T13356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 484.001045][T13356] Call Trace: [ 484.001052][T13356] [ 484.001059][T13356] __dump_stack+0x1d/0x30 [ 484.001103][T13356] dump_stack_lvl+0xe8/0x140 [ 484.001120][T13356] dump_stack+0x15/0x1b [ 484.001136][T13356] should_fail_ex+0x265/0x280 [ 484.001185][T13356] should_fail_alloc_page+0xf2/0x100 [ 484.001211][T13356] __alloc_frozen_pages_noprof+0xff/0x360 [ 484.001262][T13356] alloc_pages_mpol+0xb3/0x260 [ 484.001283][T13356] vma_alloc_folio_noprof+0x1aa/0x300 [ 484.001303][T13356] handle_mm_fault+0xec2/0x2be0 [ 484.001452][T13356] ? vma_start_read+0x141/0x1f0 [ 484.001508][T13356] do_user_addr_fault+0x630/0x1080 [ 484.001528][T13356] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 484.001551][T13356] exc_page_fault+0x62/0xa0 [ 484.001589][T13356] asm_exc_page_fault+0x26/0x30 [ 484.001607][T13356] RIP: 0033:0x7f0eef1ccc5b [ 484.001620][T13356] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01 [ 484.001636][T13356] RSP: 002b:00007f0eedc84e10 EFLAGS: 00010246 [ 484.001650][T13356] RAX: 00007f0eedc86f30 RBX: 00007f0eef44a640 RCX: 0000000000000000 [ 484.001744][T13356] RDX: 00007f0eedc86f78 RSI: 00007f0eef280df8 RDI: 00007f0eedc84e30 [ 484.001755][T13356] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 484.001766][T13356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 484.001779][T13356] R13: 00007f0eef476038 R14: 00007f0eef475fa0 R15: 00007ffc6f3c65f8 [ 484.001816][T13356] [ 484.001828][T13356] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 484.188700][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 484.229467][T13365] bond6: entered promiscuous mode [ 484.229501][T13369] loop3: detected capacity change from 0 to 1024 [ 484.242247][T13345] netdevsim netdevsim5 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 484.252037][T13345] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 484.261938][T13345] netdevsim netdevsim5 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 484.273842][T13369] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 484.288750][T13369] EXT4-fs (loop3): mount failed [ 484.324160][T13363] loop6: detected capacity change from 0 to 1024 [ 484.335889][T13345] netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 484.345793][T13345] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 484.354145][T13363] EXT4-fs (loop6): stripe (32769) is not aligned with cluster size (16), stripe is disabled [ 484.355693][T13345] netdevsim netdevsim5 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 484.379822][T13363] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 484.417891][ T342] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.426142][ T342] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 484.434399][ T342] netdevsim netdevsim5 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 484.468105][ T342] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.476344][ T342] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 484.484720][ T342] netdevsim netdevsim5 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 484.499457][T13435] loop3: detected capacity change from 0 to 512 [ 484.502339][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 484.516511][ T342] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.524957][ T342] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 484.533518][ T342] netdevsim netdevsim5 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 484.548125][T13435] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 484.559692][T13435] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 484.561370][ T342] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 484.569899][T13435] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.7218: Corrupt directory, running e2fsck is recommended [ 484.577939][ T342] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 484.592024][T13441] FAULT_INJECTION: forcing a failure. [ 484.592024][T13441] name failslab, interval 1, probability 0, space 0, times 0 [ 484.599072][ T342] netdevsim netdevsim5 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 484.620349][T13441] CPU: 0 UID: 0 PID: 13441 Comm: syz.5.7221 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 484.620385][T13441] Tainted: [W]=WARN [ 484.620502][T13441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 484.620578][T13441] Call Trace: [ 484.620584][T13441] [ 484.620592][T13441] __dump_stack+0x1d/0x30 [ 484.620616][T13441] dump_stack_lvl+0xe8/0x140 [ 484.620638][T13441] dump_stack+0x15/0x1b [ 484.620659][T13441] should_fail_ex+0x265/0x280 [ 484.620744][T13441] ? __se_sys_memfd_create+0x1cc/0x590 [ 484.620777][T13441] should_failslab+0x8c/0xb0 [ 484.620805][T13441] __kmalloc_cache_noprof+0x4c/0x4a0 [ 484.620833][T13441] ? fput+0x8f/0xc0 [ 484.620861][T13441] __se_sys_memfd_create+0x1cc/0x590 [ 484.620918][T13441] __x64_sys_memfd_create+0x31/0x40 [ 484.620940][T13441] x64_sys_call+0x2ac2/0x3000 [ 484.620963][T13441] do_syscall_64+0xd2/0x200 [ 484.620986][T13441] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 484.621070][T13441] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 484.621102][T13441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.621123][T13441] RIP: 0033:0x7f38419df749 [ 484.621153][T13441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 484.621170][T13441] RSP: 002b:00007f3840446e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 484.621190][T13441] RAX: ffffffffffffffda RBX: 000000000000079b RCX: 00007f38419df749 [ 484.621204][T13441] RDX: 00007f3840446ef0 RSI: 0000000000000000 RDI: 00007f3841a64960 [ 484.621218][T13441] RBP: 0000200000000180 R08: 00007f3840446bb7 R09: 00007f3840446e40 [ 484.621231][T13441] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000100 [ 484.621264][T13441] R13: 00007f3840446ef0 R14: 00007f3840446eb0 R15: 0000200000000940 [ 484.621284][T13441] [ 484.632514][T13435] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 484.815689][T13435] EXT4-fs error (device loop3): ext4_iget_extra_inode:5075: inode #15: comm syz.3.7218: corrupted in-inode xattr: invalid ea_ino [ 484.829292][T13435] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.7218: couldn't read orphan inode 15 (err -117) [ 484.842908][T13435] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 484.903397][T13435] bond8: entered promiscuous mode [ 484.915668][T13492] netlink: 'syz.1.7226': attribute type 1 has an invalid length. [ 484.936881][T13492] xt_hashlimit: max too large, truncated to 1048576 [ 484.950642][T13495] loop5: detected capacity change from 0 to 512 [ 484.960824][T13435] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 484.972381][T13435] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 484.972971][T13495] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 484.982551][T13435] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.7218: Corrupt directory, running e2fsck is recommended [ 484.994009][T13495] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 484.994034][T13495] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.7227: Corrupt directory, running e2fsck is recommended [ 485.007343][T13435] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.7218: path /118/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 485.020178][T13495] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 485.058520][T13495] EXT4-fs error (device loop5): ext4_iget_extra_inode:5075: inode #15: comm syz.5.7227: corrupted in-inode xattr: invalid ea_ino [ 485.071997][T13435] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 64: comm syz.3.7218: path /118/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 485.072190][T13495] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.7227: couldn't read orphan inode 15 (err -117) [ 485.105037][T13495] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 485.130498][T13495] bond10: entered promiscuous mode [ 485.157009][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 485.176660][T13495] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 485.188365][T13495] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 485.198550][T13495] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.7227: Corrupt directory, running e2fsck is recommended [ 485.211800][T13495] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 3: comm syz.5.7227: path /477/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 485.217625][T13543] program syz.3.7231 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 485.241925][T13495] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 64: comm syz.5.7227: path /477/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 485.275374][T13545] loop3: detected capacity change from 0 to 2048 [ 485.291336][T31081] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 485.307902][T13550] loop5: detected capacity change from 0 to 512 [ 485.314534][T13550] EXT4-fs: Ignoring removed orlov option [ 485.320454][T13550] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 485.329778][T13550] EXT4-fs error (device loop5): ext4_iget_extra_inode:5075: inode #15: comm syz.5.7232: corrupted in-inode xattr: e_value size too large [ 485.344588][T13550] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.7232: couldn't read orphan inode 15 (err -117) [ 485.357032][T13550] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 485.378734][T31081] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 485.408714][T13560] loop5: detected capacity change from 0 to 128 [ 485.417717][T13560] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 54) [ 485.425729][T13560] FAT-fs (loop5): Filesystem has been set read-only [ 485.570005][T13559] FAT-fs (loop5): error, fat_free: invalid cluster chain (i_pos 54) [ 485.595981][T13589] netdevsim netdevsim5 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 485.605858][T13589] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 485.615726][T13589] netdevsim netdevsim5 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 485.703664][T13589] netdevsim netdevsim5 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 485.713488][T13589] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 485.723350][T13589] netdevsim netdevsim5 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 485.777780][T13606] loop3: detected capacity change from 0 to 512 [ 485.785835][T13589] netdevsim netdevsim5 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 485.795674][T13589] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 485.799906][T13606] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 485.805564][T13589] netdevsim netdevsim5 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 485.829286][T13606] EXT4-fs (loop3): 1 truncate cleaned up [ 485.835301][T13606] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 485.867387][T13606] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7241'. [ 485.885254][T13612] netlink: 36 bytes leftover after parsing attributes in process `syz.6.7242'. [ 485.896459][T13589] netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 485.906417][T13589] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 485.916277][T13589] netdevsim netdevsim5 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 485.937418][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 486.751386][T13639] lo speed is unknown, defaulting to 1000 [ 486.791763][T13663] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7250'. [ 487.435076][T13666] syz_tun: entered allmulticast mode [ 487.575650][ T29] kauditd_printk_skb: 325 callbacks suppressed [ 487.575666][ T29] audit: type=1326 audit(2000000022.486:53646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13670 comm="syz.1.7253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 487.606007][ T29] audit: type=1326 audit(2000000022.486:53647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13670 comm="syz.1.7253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 487.629720][ T29] audit: type=1326 audit(2000000022.486:53648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13670 comm="syz.1.7253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 487.653320][ T29] audit: type=1326 audit(2000000022.486:53649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13670 comm="syz.1.7253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 487.677012][ T29] audit: type=1326 audit(2000000022.486:53650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13670 comm="syz.1.7253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb05136f749 code=0x7ffc0000 [ 487.681032][T13679] loop3: detected capacity change from 0 to 512 [ 487.707702][T13679] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 487.719307][T13679] EXT4-fs (loop3): 1 truncate cleaned up [ 487.725851][T13679] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 487.742429][ T29] audit: type=1326 audit(2000000022.664:53651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13678 comm="syz.3.7255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 487.766065][ T29] audit: type=1326 audit(2000000022.664:53652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13678 comm="syz.3.7255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 487.791947][T13679] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7255'. [ 487.810814][ T29] audit: type=1326 audit(2000000022.706:53653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13678 comm="syz.3.7255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 487.834461][ T29] audit: type=1326 audit(2000000022.706:53654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13678 comm="syz.3.7255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 487.858050][ T29] audit: type=1326 audit(2000000022.706:53655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13678 comm="syz.3.7255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f6460f749 code=0x7ffc0000 [ 487.894447][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 487.914620][T13685] loop3: detected capacity change from 0 to 512 [ 487.921813][T13685] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 487.935401][T13685] netem: change failed [ 487.975166][T13694] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7258'. [ 488.023324][T13700] loop3: detected capacity change from 0 to 512 [ 488.030524][T13700] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 488.042121][T13700] EXT4-fs (loop3): 1 truncate cleaned up [ 488.048280][T13700] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 488.068804][T13700] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7260'. [ 488.102129][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 488.136437][T13708] loop3: detected capacity change from 0 to 1024 [ 488.143990][T13708] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 488.154954][T13708] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 488.165389][T13708] JBD2: no valid journal superblock found [ 488.171236][T13708] EXT4-fs (loop3): Could not load journal inode [ 488.425083][ T342] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 488.433403][ T342] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 488.441700][ T342] netdevsim netdevsim5 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 488.450085][ T342] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 488.458318][ T342] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 488.466622][ T342] netdevsim netdevsim5 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 488.488733][ T31] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 488.496961][ T31] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 488.505299][ T31] netdevsim netdevsim5 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 488.513482][ T31] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 488.521897][ T31] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 488.530398][ T31] netdevsim netdevsim5 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 488.582030][T13746] bond7: entered promiscuous mode [ 488.686012][T13792] netlink: 830 bytes leftover after parsing attributes in process `syz.0.7274'. [ 488.921339][T13800] loop6: detected capacity change from 0 to 512 [ 488.928050][T13800] EXT4-fs: Ignoring removed orlov option [ 488.934634][T13800] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 488.953518][T13800] EXT4-fs error (device loop6): ext4_iget_extra_inode:5075: inode #15: comm syz.6.7278: corrupted in-inode xattr: e_value size too large [ 488.968117][T13800] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.7278: couldn't read orphan inode 15 (err -117) [ 488.980887][T13800] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 489.028964][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 489.073132][T13823] program syz.6.7283 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 489.155863][T13832] Cannot find del_set index 0 as target [ 489.164417][T13829] loop6: detected capacity change from 0 to 2048 [ 489.175339][T13830] loop3: detected capacity change from 0 to 4096 [ 489.184529][T13830] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 489.218190][T13830] lo speed is unknown, defaulting to 1000 [ 489.309370][T13862] loop6: detected capacity change from 0 to 512 [ 489.332418][T13862] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 489.344005][T13862] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 489.354203][T13862] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.7287: Corrupt directory, running e2fsck is recommended [ 489.424122][T13862] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117 [ 489.438400][T13862] EXT4-fs error (device loop6): ext4_iget_extra_inode:5075: inode #15: comm syz.6.7287: corrupted in-inode xattr: invalid ea_ino [ 489.466131][T13862] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.7287: couldn't read orphan inode 15 (err -117) [ 489.484919][T13862] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 489.541003][T13862] bond8: entered promiscuous mode [ 489.602546][T13909] netdevsim netdevsim5 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 489.612340][T13909] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 489.622267][T13909] netdevsim netdevsim5 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 489.648602][T13862] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 489.660275][T13862] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 489.670481][T13862] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.7287: Corrupt directory, running e2fsck is recommended [ 489.687154][T13862] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 3: comm syz.6.7287: path /196/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 489.712659][T13862] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 64: comm syz.6.7287: path /196/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 489.763430][T13909] netdevsim netdevsim5 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 489.773412][T13909] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 489.783445][T13909] netdevsim netdevsim5 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 489.802073][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 489.830657][T13909] netdevsim netdevsim5 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 489.840522][T13909] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 489.840786][T13933] loop6: detected capacity change from 0 to 512 [ 489.850415][T13909] netdevsim netdevsim5 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 489.868918][T13933] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 489.880511][T13933] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 489.890690][T13933] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.7295: Corrupt directory, running e2fsck is recommended [ 489.904057][T13933] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117 [ 489.904678][ T9298] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 489.912425][T13933] EXT4-fs error (device loop6): ext4_iget_extra_inode:5075: inode #15: comm syz.6.7295: corrupted in-inode xattr: invalid ea_ino [ 489.935757][T13909] netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 489.945643][T13909] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 489.947811][T13933] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.7295: couldn't read orphan inode 15 (err -117) [ 489.955582][T13909] netdevsim netdevsim5 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 489.968628][T13933] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 490.005382][T13933] bond9: entered promiscuous mode [ 490.043368][T13933] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 490.054968][T13933] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 490.054992][T13933] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.7295: Corrupt directory, running e2fsck is recommended [ 490.055162][T13933] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 3: comm syz.6.7295: path /198/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 490.055506][T13933] EXT4-fs error (device loop6): ext4_readdir:264: inode #2: block 64: comm syz.6.7295: path /198/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 490.120237][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 490.139227][T13982] loop6: detected capacity change from 0 to 128 [ 490.764935][T13995] loop3: detected capacity change from 0 to 1024 [ 490.772916][T13995] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 490.787806][T13995] EXT4-fs (loop3): mount failed [ 490.830268][T14004] loop3: detected capacity change from 0 to 512 [ 490.839884][T14004] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 490.847966][T14004] EXT4-fs (loop3): orphan cleanup on readonly fs [ 490.856156][T14004] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #16: comm syz.3.7302: corrupted inode contents [ 490.868520][T14004] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #16: comm syz.3.7302: mark_inode_dirty error [ 490.880364][T14004] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #16: comm syz.3.7302: corrupted inode contents [ 490.892681][T14004] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.7302: mark_inode_dirty error [ 490.904275][T14004] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #16: comm syz.3.7302: corrupted inode contents [ 490.916708][T14004] EXT4-fs error (device loop3) in ext4_orphan_del:301: Corrupt filesystem [ 490.926328][T14004] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #16: comm syz.3.7302: corrupted inode contents [ 490.940736][T14014] Cannot find del_set index 0 as target [ 490.948249][T14004] EXT4-fs error (device loop3): ext4_truncate:4637: inode #16: comm syz.3.7302: mark_inode_dirty error [ 490.964703][T14004] EXT4-fs error (device loop3) in ext4_process_orphan:343: Corrupt filesystem [ 490.975007][T14018] Cannot find del_set index 0 as target [ 490.981902][T14004] EXT4-fs (loop3): 1 truncate cleaned up [ 490.987851][ T342] EXT4-fs error (device loop3): ext4_release_dquot:6981: comm kworker/u8:6: Failed to release dquot type 1 [ 491.002322][T14018] loop6: detected capacity change from 0 to 512 [ 491.009651][T14018] EXT4-fs: Ignoring removed bh option [ 491.015884][T14004] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 491.029707][T14004] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.041864][T14018] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 491.055881][T14018] ext4 filesystem being mounted at /200/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 491.133688][T14030] loop3: detected capacity change from 0 to 8192 [ 491.335077][T14048] support for the xor transformation has been removed. [ 491.447150][T14057] bridge1: entered allmulticast mode [ 491.454203][T14057] team0: Failed to send port change of device bridge1 via netlink (err -105) [ 491.463110][T14057] team0: Failed to send options change via netlink (err -105) [ 491.470907][T14057] team0: Port device bridge1 added [ 491.505926][T14063] syz_tun (unregistering): left allmulticast mode [ 491.705495][T14068] loop3: detected capacity change from 0 to 8192 [ 491.772838][ T6945] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.926944][T14108] loop0: detected capacity change from 0 to 2048 [ 491.940328][T14110] loop6: detected capacity change from 0 to 2364 [ 491.953604][T14110] iso9660: Bad value for 'dmode' [ 491.964289][T14108] loop0: p1 < > [ 492.098122][T14133] loop3: detected capacity change from 0 to 512 [ 492.147113][T14141] loop0: detected capacity change from 0 to 256 [ 492.317004][ T31] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 492.325243][ T31] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 492.333666][ T31] netdevsim netdevsim5 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 492.381524][ T31] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 492.389897][ T31] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 492.398345][ T31] netdevsim netdevsim5 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 492.412157][ T31] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 492.420377][ T31] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 492.428729][ T31] netdevsim netdevsim5 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 492.437063][ T31] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 492.445263][ T31] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 492.453600][ T31] netdevsim netdevsim5 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 492.750237][ T1052] lo speed is unknown, defaulting to 1000 [ 492.845511][ T29] kauditd_printk_skb: 203 callbacks suppressed [ 492.845526][ T29] audit: type=1400 audit(2000000028.016:53857): avc: denied { shutdown } for pid=14215 comm="syz.1.7369" lport=34535 faddr=fe80::38 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 492.857921][T14225] loop3: detected capacity change from 0 to 512 [ 493.323009][T14252] lo speed is unknown, defaulting to 1000 [ 494.007768][T14297] loop6: detected capacity change from 0 to 512 [ 494.299691][ T29] audit: type=1400 audit(2000000029.537:53858): avc: denied { connect } for pid=14317 comm="syz.6.7395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 494.338588][ T29] audit: type=1400 audit(2000000029.558:53859): avc: denied { accept } for pid=14317 comm="syz.6.7395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 494.552526][T14335] lo speed is unknown, defaulting to 1000 [ 494.578571][T14341] ip6gre1: entered promiscuous mode [ 494.707248][ T29] audit: type=1400 audit(2000000029.957:53860): avc: denied { append } for pid=14359 comm="syz.0.7402" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 494.907795][ T29] audit: type=1400 audit(2000000030.167:53861): avc: denied { write } for pid=14377 comm="syz.0.7406" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 494.931183][ T29] audit: type=1400 audit(2000000030.167:53862): avc: denied { open } for pid=14377 comm="syz.0.7406" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 495.034426][T14384] netlink: 'syz.6.7409': attribute type 11 has an invalid length. [ 495.080917][ T29] audit: type=1400 audit(2000000030.230:53863): avc: denied { ioctl } for pid=14377 comm="syz.0.7406" path="/dev/rtc0" dev="devtmpfs" ino=244 ioctlcmd=0x700f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 495.569874][T14410] lo speed is unknown, defaulting to 1000 [ 495.964102][T14450] loop6: detected capacity change from 0 to 256 [ 495.972832][T14450] vfat: Bad value for 'fmask' [ 496.022735][T14455] lo speed is unknown, defaulting to 1000 [ 496.067404][T14465] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7424'. [ 496.156253][ T29] audit: type=1400 audit(2000000031.478:53864): avc: denied { bind } for pid=14480 comm="syz.3.7426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 496.175925][ T29] audit: type=1400 audit(2000000031.478:53865): avc: denied { name_bind } for pid=14480 comm="syz.3.7426" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 496.197075][ T29] audit: type=1400 audit(2000000031.478:53866): avc: denied { node_bind } for pid=14480 comm="syz.3.7426" saddr=::ffff:0.0.0.0 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 496.684967][T14521] loop6: detected capacity change from 0 to 512 [ 496.964857][T14541] lo speed is unknown, defaulting to 1000 [ 497.615241][ T29] kauditd_printk_skb: 215 callbacks suppressed [ 497.615257][ T29] audit: type=1326 audit(2000000033.021:54082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14598 comm="syz.1.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb0513a2005 code=0x7ffc0000 [ 497.645496][ T29] audit: type=1326 audit(2000000033.021:54083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14598 comm="syz.1.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb0513a2005 code=0x7ffc0000 [ 497.669070][ T29] audit: type=1326 audit(2000000033.021:54084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14598 comm="syz.1.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb0513a2005 code=0x7ffc0000 [ 497.692650][ T29] audit: type=1326 audit(2000000033.021:54085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14598 comm="syz.1.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb0513a2005 code=0x7ffc0000 [ 497.716242][ T29] audit: type=1326 audit(2000000033.021:54086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14598 comm="syz.1.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb0513a2005 code=0x7ffc0000 [ 497.739852][ T29] audit: type=1326 audit(2000000033.021:54087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14598 comm="syz.1.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb0513a2005 code=0x7ffc0000 [ 497.763467][ T29] audit: type=1326 audit(2000000033.021:54088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14598 comm="syz.1.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb0513a2005 code=0x7ffc0000 [ 497.787129][ T29] audit: type=1326 audit(2000000033.021:54089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14598 comm="syz.1.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb0513a2005 code=0x7ffc0000 [ 497.810723][ T29] audit: type=1326 audit(2000000033.021:54090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14598 comm="syz.1.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb0513a2005 code=0x7ffc0000 [ 497.834344][ T29] audit: type=1326 audit(2000000033.021:54091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14598 comm="syz.1.7465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb0513a2005 code=0x7ffc0000 [ 497.862693][T14635] loop0: detected capacity change from 0 to 512 [ 498.259746][ T342] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 498.268332][ T342] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 498.276784][ T342] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 498.285245][ T342] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 498.343197][T14673] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7495'. [ 498.395668][T14680] lo speed is unknown, defaulting to 1000 [ 499.900343][T14791] ================================================================== [ 499.908542][T14791] BUG: KCSAN: data-race in fifo_open / wait_for_partner [ 499.915542][T14791] [ 499.917870][T14791] read-write to 0xffff88811dc7496c of 4 bytes by task 14787 on cpu 0: [ 499.926012][T14791] fifo_open+0x17f/0x5d0 [ 499.930269][T14791] do_dentry_open+0x649/0xa20 [ 499.934941][T14791] vfs_open+0x37/0x1e0 [ 499.939019][T14791] path_openat+0x1c5e/0x2170 [ 499.943613][T14791] do_filp_open+0x109/0x230 [ 499.948124][T14791] do_sys_openat2+0xa6/0x110 [ 499.952717][T14791] __x64_sys_creat+0x65/0x90 [ 499.957314][T14791] x64_sys_call+0x2da3/0x3000 [ 499.961995][T14791] do_syscall_64+0xd2/0x200 [ 499.966503][T14791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.972505][T14791] [ 499.974839][T14791] read to 0xffff88811dc7496c of 4 bytes by task 14791 on cpu 1: [ 499.982474][T14791] wait_for_partner+0xf7/0x1c0 [ 499.987306][T14791] fifo_open+0x4b1/0x5d0 [ 499.991556][T14791] do_dentry_open+0x649/0xa20 [ 499.996236][T14791] vfs_open+0x37/0x1e0 [ 500.000310][T14791] path_openat+0x1c5e/0x2170 [ 500.004909][T14791] do_filp_open+0x109/0x230 [ 500.009420][T14791] do_sys_openat2+0xa6/0x110 [ 500.014006][T14791] __x64_sys_openat+0xf2/0x120 [ 500.018768][T14791] x64_sys_call+0x2eab/0x3000 [ 500.023445][T14791] do_syscall_64+0xd2/0x200 [ 500.027944][T14791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.033841][T14791] [ 500.036163][T14791] value changed: 0x00000002 -> 0x00000001 [ 500.041871][T14791] [ 500.044183][T14791] Reported by Kernel Concurrency Sanitizer on: [ 500.050334][T14791] CPU: 1 UID: 0 PID: 14791 Comm: syz.6.7534 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 500.061890][T14791] Tainted: [W]=WARN [ 500.065693][T14791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 500.075755][T14791] ==================================================================