last executing test programs: 4.459596605s ago: executing program 1 (id=2644): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 4.443582807s ago: executing program 1 (id=2645): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16, @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000000000f3", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="f4fe81601f00000000fb000800000000000000d34cd9626b203d1e460579eb57454ab386a824872716b6d44d59a4fb3bcfc8a653cc758ee43848d3", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000050000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) setxattr$trusted_overlay_redirect(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600), 0x0, 0x0, 0x0) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$rfkill(r4, 0x0, 0x0) close(r4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r1}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bond_slave_1\x00'}) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0) openat(0xffffffffffffff9c, 0x0, 0x84003, 0x0) socket$rxrpc(0x21, 0x2, 0xa) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r6 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) syz_emit_ethernet(0x4e, &(0x7f0000000e00)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local, {[@rr={0x7, 0x17, 0x12, [@private, @broadcast, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) rt_sigtimedwait(&(0x7f0000000040)={[0xfffffffffffffffd]}, 0x0, 0x0, 0x8) r7 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$VT_RESIZEX(r7, 0x560a, &(0x7f0000000240)={0x4, 0x0, 0x5, 0x0, 0x3, 0x5}) ioctl$GIO_SCRNMAP(r5, 0x4b40, &(0x7f00000002c0)=""/225) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x8922, &(0x7f0000000080)) 4.410605779s ago: executing program 1 (id=2646): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000ac0)={[{@min_batch_time={'min_batch_time', 0x3d, 0xeb92}}, {@init_itable}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x6}}, {@grpid}, {@norecovery}]}, 0x9, 0x61f, &(0x7f0000000c40)="$eJzs3ctvVFUYAPDv3r5bsYUYFRfSxBhIlJYWMMSYCHFLCD52riotBCmU0BotklgS3GiMGxcmrlyI/4WSuHXh1oUbV4akMYaFGJQxd3qnzKNTpo/ptJ3fLxl67r2de75b+vWcOXPOnQDa1nD2TxqxPyKuJhGDZcc6Iz84vPR99/66cS57JFEovP1nEjc+SRbKz5XkXwfyJ/83GMkvacS+jtp6Z+evX5qYnp66lm+Pzl2+Ojo7f/3wxcsTF6YuTF0Zf2X8xPFjx0+MHdnQ9e0pK5++9f6Hg5+defe7bx4kY9//diaJk/Ewjy27rurn9myo5uxnNhyFJffL92c/1xMbPPd28fdg6ffkkaR6B9vW+fz3sSsinonB6Cj73xyMT99saXBAUxWSKLVRQNtJ1pX/vZsfCLDFSv2A0mv7lV4H10qb3CsBtsLiqaUBgKXc74qIUv53Lo0NRm9xbKD/XlIaGVhO/o2NzC3J6vj5pzO3skfUGYdbkT9BsGELN0uj3NXtf1LMzaHoLW7130srxnnTske2/6111j9ctd1w/gMbtnAzIp7N2//uWHf+v1d94r7G6m8o/3vXckUAAAAAAADQvu6cioiXV5r/ly7P/+munP9TNBARJzeh/se//5fezQvJJlQHlFk8FfFazfzff8tnBw915O/z7ynOB+hKz1+cnjoSEU9GxKHo6sm2xypPWzE77/AX+76uV3/5/L/skdVfmguYn+puZ9VC3MmJuYnNuXpob4s3I54rzv89kO+pnP+Ttf9JTfv/+RtZgl9tsI59L94+W+/Y4/MfaJbCtxEHV1z/86i7nax+f47RYn9gtNQrqPX8x1/+UK9++Q+tk7X//avnf09Sfr+e2bWdvzsijs53FuodX2//vzt5p6N0/sxHE3Nz18YiupPTtfvH1xYz7FalfCjlS5b/h15Yffxvuf9flod9EbHQYJ1PPxz4vd4x7T+0Tpb/k6u3/0OV7X9lIfu+OofyQm+M3x76Mb/FWI2zDbX/x4pt+qF8j/E/KFe7GL5uOlYVWhIuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxwaUQ8EUk6slxO05GRiIGIeCr60+mZ2bmXzs98cGUyO1b5+f+DS9tJ6fP/h8q2x6u2j0bE3oj4qqOvuD1ybmZ6stUXDwAAAAAAAAAAAAAAAAAAANvEQHHNf6Gnev1/5o+OVkcHNF1n/lW+Q/vpXPczCz2bGgiw5daf/8BO13j+dzU1DmDr1c//+w8KRVsaDrCF9P+hfa0z/71dALuA9h/aVYNjer3NjgNohYbb/8XmxgEAAAAAAGyKvQfu/JpExMKrfcVHpjs/ZrI/7G5pqwMAWsYcXmhfnTOtjgBoFa/xgWS59M+Ki/3rz/5PmhMQAAAAAAAAAAAAAFDj4H7r/6FdpRGrfIS3uf2wm62y/n+l5He7ANhF6n/0RyNtf6KHADuY1/jA49px6/8BAAAAAAAAAAAAYBvovX5pYnp66trs/M4rvL49wlhbYWFiW4SxqYWHzTlzV0Rsjwvc6kLpFhwtDKPFf5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBl/wcAAP//iyIuwQ==") ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x5f, 0xffffffffffffffff, {0x29}}, './file0\x00'}) 4.375077001s ago: executing program 1 (id=2647): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f00000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000005e5f000000000000000000000000000000040000000000"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000000), &(0x7f0000000040)=r2}, 0x20) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002ac0)=@newtaction={0x88c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xcfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x40, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x20000000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0xe53c0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x4, 0x2, 0x0, 0x0, 0x0, 0xff}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x0) 4.374531281s ago: executing program 1 (id=2648): perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, @perf_config_ext, 0x2280, 0x0, 0x8, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xa, 0x4, 0x40, 0x0, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000240)={r1, 0x0, 0x0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='kmem_cache_free\x00'}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00'}, 0x10) syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x810814, &(0x7f0000000480)=ANY=[], 0x1, 0x1fe, &(0x7f0000000280)="$eJzs2zFrE2EYB/Dn2rRe2sEOTqJw4OJU1E9gkApiQIhk0MlAdWlFSJcoiP08zn4Iv4xLB8kWudzRNtcIjWdyEn8/ON6H/u/geYfmOcKbN3feHx1+OHm39fks0iSLjYjHMY7Yy6tSUq7ptN6OGUnU8bPW0wDAH+n1Bp2me2C5hsPO4FZE7F5J+l8baQgAAAAAAAAAAIDaFjn/vxHxpXr+/3TF/QIA9Tn/v77a5TocdgZ3i/e3Cuf/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOaMJ5Obk/xKy7W8bkREGhHtiNiJiFZE5H9vul8AoL7xZHbuz5n/7Z3i1iQizH8AWAMvX71+3ul2D3pZlkb8OB31R/1iLfKnz7oHD7KpvYunzkaj/uZ5/rDIs9l8a/q9QZ4/ymJOvh337xV5nj150a3ku3G4/O0DwH9pPzt3ab5vllfE/v68PJ/PRXXp/aAyv1txu7WybQAACzj5+OlocHz8dvjXi2Sxp9plQ7+/51trWa0qrlV8T/6JNhR1i/Q6Nzf8wQQs3cU/fTVJm2kIAAAAAAAAAAAAAAC4YhU/OWp6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArJ9fAQAA//+KxFE0") 2.834084687s ago: executing program 3 (id=2679): openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000000c0)=@setlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}, @IFLA_GRE_ERSPAN_DIR={0x5}]}}}]}, 0x44}}, 0x0) bind$inet6(r0, &(0x7f0000f65000)={0xa, 0x4e21, 0x7, @empty, 0xfffffff8}, 0x1c) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)) perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x80, 0x0, 0x13, 0x8, 0x0, 0x0, 0xe, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x16, 0x1, @perf_config_ext={0x4, 0x8}, 0x10504, 0x5, 0xffff88f4, 0x7, 0x693e, 0xab, 0x8, 0x0, 0x200, 0x0, 0x3e}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000100000000000000040000850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) sendto$inet6(r0, 0x0, 0x0, 0x20000002, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) 2.814352828s ago: executing program 3 (id=2681): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000000f6000000006debff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10) setfsgid(0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x4e1e2563543d84f9}, @TCA_TBF_PBURST={0x8, 0x7, 0x1cdf}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0xffff, 0x0, 0x3}, 0x766c, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x78}}, 0x0) 2.78783804s ago: executing program 3 (id=2683): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000004000100ff0f00000501000000000000d32afa9cd1057ff20179839fd578ce7e8abab9c4966dacc96ac0d074cfb4ab2e5a8d8dff6ce717f0f795d54f405848b8f098b280fafb384a988cf5e529d6d80aea1ceb4240ec8b38f482f827a182de2aeb910b3827c608df17504234e84d312d369f8530a19b5de278bdc61fa4065a19392e88b64e13963f9e34e57f7adc445bb4e8396f6ea699ac", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB="00000000ffffffff00"/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) socket$inet6_udplite(0xa, 0x2, 0x88) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) 1.897162961s ago: executing program 3 (id=2691): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7654}]}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) sendmsg$inet(r0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700) 1.330992779s ago: executing program 1 (id=2699): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x103) fcntl$setsig(r0, 0xa, 0x13) fcntl$setlease(r0, 0x400, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00000003c0)) timer_settime(0x0, 0x0, 0x0, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 1.297835682s ago: executing program 2 (id=2700): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000540)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f00000000c0)={0x4, &(0x7f0000000080)=[{0x81, 0x40, 0x2, 0xb42}, {0x1, 0x5, 0x1, 0xffffffff}, {0x2, 0x81, 0x2, 0xffffffff}, {0xffff, 0x40, 0x3}]}) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x6, 0x10010, 0xffffffffffffffff, 0x7c249000) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) 1.274080263s ago: executing program 2 (id=2701): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000004000100ff0f00000501000000000000d32afa9cd1057ff20179839fd578ce7e8abab9c4966dacc96ac0d074cfb4ab2e5a8d8dff6ce717f0f795d54f405848b8f098b280fafb384a988cf5e529d6d80aea1ceb4240ec8b38f482f827a182de2aeb910b3827c608df17504234e84d312d369f8530a19b5de278bdc61fa4065a19392e88b64e13963f9e34e57f7adc445bb4e8396f6ea699ac1f793da3d88d3489966691389c0e0070af7b6b385621", @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000ffffffff00"/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) socket$inet6_udplite(0xa, 0x2, 0x88) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r5, 0x0, 0xf3a, 0x0) tee(r4, r2, 0x8, 0x0) write$binfmt_script(r5, 0x0, 0xfffffe48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r7}, 0x10) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r9, &(0x7f0000003b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0) dup2(r9, r8) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") mkdirat(0xffffffffffffff9c, 0x0, 0x0) r10 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r10, 0x400c6615, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 926.822587ms ago: executing program 0 (id=2710): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0c00, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0500000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="00000600000000000000100c00000000000000002d7ec9e1e0ec928032feff9569bc08903028bb575b6f06d5420a930ca72ded904697c0be3f6ed285cce75669a7387a2ac890db2d188a84ad6a531be1d41c88f873de1eea1a7d868138005c6e7877dd351f6ba501000000935639abbb08cac64fbe14c6b31f612822e4ab9a3ecb148ee045f3db14fa04e6ae22163d80c6378c280044e3b9aa408f06a4", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r1, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000500)='%-5lx \x00'}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'gretap0\x00', &(0x7f0000000700)={'gre0\x00', 0x0, 0x80, 0x8000, 0x8, 0x4, {{0x15, 0x4, 0x3, 0x8, 0x54, 0x64, 0x0, 0xc6, 0x29, 0x0, @multicast2, @broadcast, {[@timestamp={0x44, 0x28, 0x36, 0x0, 0x1, [0x4, 0x5, 0x2, 0x4, 0x1ff, 0x5, 0x5, 0x400, 0x1]}, @lsrr={0x83, 0xb, 0x23, [@local, @multicast1]}, @generic={0x7, 0xb, "321d52aaec6b3e33ea"}]}}}}}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000080000000010000000900030009007a320000000014000480080002400000000008000140000000040900010073797a300000000064000000060a010400000000000000000100000008000b40000000000900010073797a30000000003c000480140001800c000100"], 0xec}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000280)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xd, 0x13, &(0x7f0000000780)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000680)='GPL\x00', 0x7fffffff, 0x0, 0x0, 0x40f00, 0x86, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000840)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000880)={0x1, 0x7, 0x2, 0xfffffff8}, 0x10, 0xffffffffffffffff, r3, 0x3, 0x0, &(0x7f00000008c0)=[{0x5, 0x1, 0x3, 0x1}, {0x4, 0x1, 0x2, 0x3}, {0x5, 0x4, 0x6}], 0x10, 0x80000000, @void, @value}, 0x94) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000cc0)={0x3, 0x4, 0x4, 0xa, 0x0, r2, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0xffffffff, 0x2, 0x8003, 0x0, @void, @value, @void, @value}, 0x50) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r7 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="380000000314010000000000000008000900020073797a310000000008004100736977001400330073797a6b616c6c657230"], 0x38}}, 0x0) 898.690709ms ago: executing program 3 (id=2711): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000004000100ff0f00000501000000000000d32afa9cd1057ff20179839fd578ce7e8abab9c4966dacc96ac0d074cfb4ab2e5a8d8dff6ce717f0f795d54f405848b8f098b280fafb384a988cf5e529d6d80aea1ceb4240ec8b38f482f827a182de2aeb910b3827c608df17504234e84d312d369f8530a19b5de278bdc61fa4065a19392e88b64e13963f9e34e57f7adc445bb4e8396f6ea699ac1f793da3d88d3489966691389c0e0070af7b6b385621", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000ffffffff00"/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) socket$inet6_udplite(0xa, 0x2, 0x88) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r5, 0x0, 0xf3a, 0x0) tee(r4, r2, 0x8, 0x0) write$binfmt_script(r5, 0x0, 0xfffffe48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r7}, 0x10) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg(r9, &(0x7f0000003b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0) dup2(r9, r8) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") mkdirat(0xffffffffffffff9c, 0x0, 0x0) r10 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r10, 0x400c6615, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 797.792316ms ago: executing program 0 (id=2712): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0c00, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0500000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="00000600000000000000100c00000000000000002d7ec9e1e0ec928032feff9569bc08903028bb575b6f06d5420a930ca72ded904697c0be3f6ed285cce75669a7387a2ac890db2d188a84ad6a531be1d41c88f873de1eea1a7d868138005c6e7877dd351f6ba501000000935639abbb08cac64fbe14c6b31f612822e4ab9a3ecb148ee045f3db14fa04e6ae22163d80c6378c280044e3b9aa408f06a4", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r1, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000500)='%-5lx \x00'}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'gretap0\x00', &(0x7f0000000700)={'gre0\x00', 0x0, 0x80, 0x8000, 0x8, 0x4, {{0x15, 0x4, 0x3, 0x8, 0x54, 0x64, 0x0, 0xc6, 0x29, 0x0, @multicast2, @broadcast, {[@timestamp={0x44, 0x28, 0x36, 0x0, 0x1, [0x4, 0x5, 0x2, 0x4, 0x1ff, 0x5, 0x5, 0x400, 0x1]}, @lsrr={0x83, 0xb, 0x23, [@local, @multicast1]}, @generic={0x7, 0xb, "321d52aaec6b3e33ea"}]}}}}}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000080000000010000000900030009007a320000000014000480080002400000000008000140000000040900010073797a300000000064000000060a010400000000000000000100000008000b40000000000900010073797a30000000003c000480140001800c000100"], 0xec}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000280)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0xd, 0x13, &(0x7f0000000780)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000680)='GPL\x00', 0x7fffffff, 0x0, 0x0, 0x40f00, 0x86, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000840)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000880)={0x1, 0x7, 0x2, 0xfffffff8}, 0x10, 0xffffffffffffffff, r3, 0x3, 0x0, &(0x7f00000008c0)=[{0x5, 0x1, 0x3, 0x1}, {0x4, 0x1, 0x2, 0x3}, {0x5, 0x4, 0x6}], 0x10, 0x80000000, @void, @value}, 0x94) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r7 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="380000000314010000000000000008000900020073797a310000000008004100736977001400330073797a6b616c6c657230"], 0x38}}, 0x0) 685.484753ms ago: executing program 0 (id=2714): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = open(&(0x7f0000000180)='./bus\x00', 0x16d27e, 0x0) sendfile(r2, r2, 0x0, 0x8800000) 659.542675ms ago: executing program 0 (id=2716): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x49, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) statx(0xffffffffffffffff, 0x0, 0x6000, 0x4, 0x0) 658.964375ms ago: executing program 0 (id=2718): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r1}, 0x18) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[@rights={{0x18, 0x1, 0x1, [r2, r2]}}], 0x18}, 0x0) 645.781956ms ago: executing program 0 (id=2720): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1018002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") creat(&(0x7f0000000240)='./bus\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f0000004200)='t', 0x1) sendfile(r2, r1, 0x0, 0x3ffff) sendfile(r2, r1, 0x0, 0x7ffff000) 428.739581ms ago: executing program 4 (id=2727): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = open(&(0x7f0000000180)='./bus\x00', 0x16d27e, 0x0) sendfile(r2, r2, 0x0, 0x8800000) 406.109293ms ago: executing program 4 (id=2728): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000002c0)={r0, 0xffffffffffffffff, 0x2, 0x0, @val=@tracing={0x0, 0x1}}, 0x20) 360.165726ms ago: executing program 2 (id=2729): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000000)) fcntl$lock(r2, 0x25, &(0x7f00000000c0)={0x2, 0x0, 0x4004, 0xffffffffffffffff}) 359.580966ms ago: executing program 4 (id=2730): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) lstat(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095", @ANYRESOCT=r1, @ANYRESDEC], &(0x7f0000000380)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000280)={'batadv0\x00', 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x50) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) timerfd_create(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811001e", @ANYRES32, @ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) unshare(0x400) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0) msgsnd(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="01"], 0x9d, 0x0) 358.901696ms ago: executing program 4 (id=2731): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 357.550466ms ago: executing program 2 (id=2732): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000540)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, &(0x7f00000000c0)={0x5, &(0x7f0000000080)=[{0xc, 0x2, 0x3, 0x80000000}, {0x81, 0x40, 0x2, 0xb42}, {0x1, 0x5, 0x1, 0xffffffff}, {0x2, 0x81, 0x2, 0xffffffff}, {0xffff, 0x40, 0x3}]}) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x6, 0x10010, 0xffffffffffffffff, 0x7c249000) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)}, &(0x7f0000000240)=0x10) 343.535317ms ago: executing program 4 (id=2733): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000001600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000040002850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r2}, 0x10) sendto$inet6(r0, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0x2, 0x4e24, 0x0, @local}, 0x1c) 322.261158ms ago: executing program 4 (id=2734): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000020"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) r3 = dup2(r1, r2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x10) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240), 0x4) mount_setattr(0xffffffffffffff9c, 0x0, 0x8900, &(0x7f0000000100)={0x10000d, 0x100006, 0xc0000}, 0x20) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) io_destroy(0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @empty, 0xd}, 0x1c) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_REMOVE(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0xfcffffff00000000}, 0x0) 283.200021ms ago: executing program 2 (id=2735): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16, @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000000000f3", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="f4fe81601f00000000fb000800000000000000d34cd9626b203d1e460579eb57454ab386a824872716b6d44d59a4fb3bcfc8a653cc758ee43848d3", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000050000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) setxattr$trusted_overlay_redirect(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600), 0x0, 0x0, 0x0) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$rfkill(r4, 0x0, 0x0) close(r4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r1}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bond_slave_1\x00'}) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0) openat(0xffffffffffffff9c, 0x0, 0x84003, 0x0) socket$rxrpc(0x21, 0x2, 0xa) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) r6 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) syz_emit_ethernet(0x4e, &(0x7f0000000e00)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local, {[@rr={0x7, 0x17, 0x12, [@private, @broadcast, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) rt_sigtimedwait(&(0x7f0000000040)={[0xfffffffffffffffd]}, 0x0, 0x0, 0x8) syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$GIO_SCRNMAP(r5, 0x4b40, &(0x7f00000002c0)=""/225) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x8922, &(0x7f0000000080)) 282.588031ms ago: executing program 2 (id=2736): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, 0x0, &(0x7f00000001c0)) r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000100000000955ebf55000000000000000000"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000480)='rss_stat\x00', r5, 0x0, 0x6}, 0x18) socketpair(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r7}, 0x10) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4) close_range(r6, 0xffffffffffffffff, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) sendto$packet(r8, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xc, r9, 0x1, 0x0, 0x6, @multicast}, 0x14) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r10}}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) r11 = socket$inet_sctp(0x2, 0x1, 0x84) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r11, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) socket$inet6_sctp(0xa, 0x5, 0x84) bind$isdn_base(0xffffffffffffffff, &(0x7f0000000140), 0x6) 0s ago: executing program 3 (id=2737): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) lstat(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095", @ANYRESOCT=r1, @ANYRESDEC], &(0x7f0000000380)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x24}}, 0x50) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) timerfd_create(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811001e", @ANYRES32, @ANYRES8], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) unshare(0x400) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0) msgsnd(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="01"], 0x9d, 0x0) kernel console output (not intermixed with test programs): 10399] CPU: 1 UID: 0 PID: 10399 Comm: syz.0.2080 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 160.144801][T10399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 160.154903][T10399] Call Trace: [ 160.158184][T10399] [ 160.161114][T10399] dump_stack_lvl+0xf2/0x150 [ 160.165805][T10399] dump_stack+0x15/0x20 [ 160.169968][T10399] dump_header+0x83/0x2d0 [ 160.174303][T10399] oom_kill_process+0x341/0x4c0 [ 160.179216][T10399] out_of_memory+0x9af/0xbe0 [ 160.184078][T10399] ? __rcu_read_unlock+0x4e/0x70 [ 160.189113][T10399] mem_cgroup_out_of_memory+0x13e/0x190 [ 160.194715][T10399] try_charge_memcg+0x51b/0x810 [ 160.199632][T10399] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 160.205871][T10399] __read_swap_cache_async+0x2b7/0x520 [ 160.211344][T10399] swap_cluster_readahead+0x276/0x3f0 [ 160.216734][T10399] swapin_readahead+0xe4/0x760 [ 160.221582][T10399] ? __filemap_get_folio+0x420/0x5b0 [ 160.226958][T10399] ? swap_cache_get_folio+0x77/0x210 [ 160.232340][T10399] do_swap_page+0x3da/0x1ef0 [ 160.236942][T10399] ? hrtimer_start_range_ns+0x53d/0x580 [ 160.242764][T10399] ? hrtimer_try_to_cancel+0x106/0x1d0 [ 160.248342][T10399] ? __rcu_read_lock+0x36/0x50 [ 160.253122][T10399] ? pte_offset_map_nolock+0x124/0x1d0 [ 160.258594][T10399] handle_mm_fault+0x8cb/0x2a30 [ 160.263554][T10399] exc_page_fault+0x3b9/0x650 [ 160.268255][T10399] asm_exc_page_fault+0x26/0x30 [ 160.273106][T10399] RIP: 0033:0x7f606409ffe8 [ 160.277523][T10399] Code: 3c 24 48 89 4c 24 18 e8 c6 57 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 44 89 c7 <48> 89 04 24 e8 1f 58 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 c3 0f 1f [ 160.297169][T10399] RSP: 002b:00007fffdc151640 EFLAGS: 00010293 [ 160.303227][T10399] RAX: 0000000000000000 RBX: 00007f6064225f80 RCX: 00007f606409ffe5 [ 160.311188][T10399] RDX: 00007fffdc151680 RSI: 0000000000000000 RDI: 0000000000000000 [ 160.319149][T10399] RBP: 00007f6064227a80 R08: 0000000000000000 R09: 7fffffffffffffff [ 160.327109][T10399] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000027125 [ 160.335082][T10399] R13: 00007fffdc1517b0 R14: 0000000000000032 R15: ffffffffffffffff [ 160.343051][T10399] [ 160.346854][T10399] memory: usage 306420kB, limit 307200kB, failcnt 2697 [ 160.354127][T10399] memory+swap: usage 293480kB, limit 9007199254740988kB, failcnt 0 [ 160.362270][T10399] kmem: usage 279876kB, limit 9007199254740988kB, failcnt 0 [ 160.367924][T10411] loop2: detected capacity change from 0 to 512 [ 160.369697][T10399] Memory cgroup stats for /syz0: [ 160.410441][T10399] cache 282624 [ 160.418802][T10399] rss 4096 [ 160.421827][T10399] shmem 0 [ 160.425011][T10399] mapped_file 282624 [ 160.428899][T10399] dirty 282624 [ 160.432259][T10399] writeback 0 [ 160.435624][T10399] workingset_refault_anon 14 [ 160.440232][T10399] workingset_refault_file 47 [ 160.444827][T10399] swap 192512 [ 160.448168][T10399] swapcached 16384 [ 160.451875][T10399] pgpgin 223255 [ 160.455405][T10399] pgpgout 223181 [ 160.458937][T10399] pgfault 88358 [ 160.462459][T10399] pgmajfault 10 [ 160.465941][T10399] inactive_anon 0 [ 160.469589][T10399] active_anon 20480 [ 160.473513][T10399] inactive_file 0 [ 160.477155][T10399] active_file 282624 [ 160.481047][T10399] unevictable 0 [ 160.484524][T10399] hierarchical_memory_limit 314572800 [ 160.489890][T10399] hierarchical_memsw_limit 9223372036854771712 [ 160.496078][T10399] total_cache 282624 [ 160.499957][T10399] total_rss 4096 [ 160.503491][T10399] total_shmem 0 [ 160.506980][T10399] total_mapped_file 282624 [ 160.511382][T10399] total_dirty 282624 [ 160.515299][T10399] total_writeback 0 [ 160.519151][T10399] total_workingset_refault_anon 14 [ 160.524259][T10399] total_workingset_refault_file 47 [ 160.529473][T10399] total_swap 192512 [ 160.533277][T10399] total_swapcached 16384 [ 160.537615][T10399] total_pgpgin 223255 [ 160.541842][T10399] total_pgpgout 223181 [ 160.545965][T10399] total_pgfault 88358 [ 160.550045][T10399] total_pgmajfault 10 [ 160.554079][T10399] total_inactive_anon 0 [ 160.558272][T10399] total_active_anon 20480 [ 160.562597][T10399] total_inactive_file 0 [ 160.566785][T10399] total_active_file 282624 [ 160.571218][T10399] total_unevictable 0 [ 160.575223][T10399] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2080,pid=10399,uid=0 [ 160.590240][T10399] Memory cgroup out of memory: Killed process 10399 (syz.0.2080) total-vm:89092kB, anon-rss:608kB, file-rss:16224kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 160.616946][T10411] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 160.639039][T10411] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 160.686791][T10294] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.894453][T10438] loop3: detected capacity change from 0 to 1024 [ 160.903192][T10438] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 160.918128][T10438] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 160.982192][ T29] kauditd_printk_skb: 368 callbacks suppressed [ 160.982204][ T29] audit: type=1400 audit(1726365519.692:28719): avc: denied { getopt } for pid=10450 comm="syz.2.2102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 161.035632][ T29] audit: type=1400 audit(1726365519.752:28720): avc: denied { create } for pid=10454 comm="syz.2.2103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 161.087123][ T29] audit: type=1400 audit(1726365519.802:28721): avc: denied { map_create } for pid=10458 comm="syz.0.2105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 161.106515][ T29] audit: type=1400 audit(1726365519.802:28722): avc: denied { bpf } for pid=10458 comm="syz.0.2105" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 161.127529][ T29] audit: type=1400 audit(1726365519.802:28723): avc: denied { map_read map_write } for pid=10458 comm="syz.0.2105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 161.151175][ T29] audit: type=1400 audit(1726365519.802:28724): avc: denied { read write } for pid=10294 comm="syz-executor" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 161.175757][ T29] audit: type=1400 audit(1726365519.802:28725): avc: denied { open } for pid=10294 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 161.200455][ T29] audit: type=1400 audit(1726365519.802:28726): avc: denied { ioctl } for pid=10294 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=102 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 161.226379][ T29] audit: type=1400 audit(1726365519.862:28727): avc: denied { prog_load } for pid=10458 comm="syz.0.2105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 161.245854][ T29] audit: type=1400 audit(1726365519.862:28728): avc: denied { perfmon } for pid=10458 comm="syz.0.2105" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 161.398557][T10481] No such timeout policy "syz0" [ 161.762386][ T9505] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.784426][T10487] loop3: detected capacity change from 0 to 512 [ 161.796803][T10487] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.809653][T10487] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 161.935795][ T9505] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.272159][T10520] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2132'. [ 162.281095][T10520] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 162.288530][T10520] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.296432][T10520] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 162.303848][T10520] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 162.458453][T10532] loop2: detected capacity change from 0 to 128 [ 162.471471][T10532] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 162.484249][T10532] ext4 filesystem being mounted at /26/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 163.193632][T10294] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 163.217469][T10539] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 163.225874][T10539] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.233328][T10539] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.241946][T10539] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.249560][T10539] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.285490][T10543] netlink: 'syz.0.2140': attribute type 5 has an invalid length. [ 163.515647][T10564] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2147'. [ 163.524635][T10564] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.532033][T10564] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.548286][T10564] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.555863][T10564] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.717898][T10556] chnl_net:caif_netlink_parms(): no params data found [ 163.791947][T10556] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.799136][T10556] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.810811][T10556] bridge_slave_0: entered allmulticast mode [ 163.817459][T10556] bridge_slave_0: entered promiscuous mode [ 163.826777][T10556] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.833870][T10556] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.842133][T10556] bridge_slave_1: entered allmulticast mode [ 163.848679][T10556] bridge_slave_1: entered promiscuous mode [ 163.867823][T10556] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.879045][T10556] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.900061][T10556] team0: Port device team_slave_0 added [ 163.907785][T10556] team0: Port device team_slave_1 added [ 163.931973][T10556] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.938981][T10556] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.964895][T10556] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.976993][T10556] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.983993][T10556] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.010300][T10556] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 164.023582][ T9505] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 164.034697][ T9505] CPU: 1 UID: 0 PID: 9505 Comm: syz-executor Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 164.045575][ T9505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 164.055705][ T9505] Call Trace: [ 164.058968][ T9505] [ 164.061954][ T9505] dump_stack_lvl+0xf2/0x150 [ 164.066608][ T9505] dump_stack+0x15/0x20 [ 164.070832][ T9505] dump_header+0x83/0x2d0 [ 164.075191][ T9505] oom_kill_process+0x341/0x4c0 [ 164.080070][ T9505] out_of_memory+0x9af/0xbe0 [ 164.084724][ T9505] ? __rcu_read_unlock+0x4e/0x70 [ 164.089732][ T9505] mem_cgroup_out_of_memory+0x13e/0x190 [ 164.095279][ T9505] try_charge_memcg+0x51b/0x810 [ 164.100146][ T9505] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 164.106287][ T9505] __read_swap_cache_async+0x2b7/0x520 [ 164.111800][ T9505] swap_cluster_readahead+0x276/0x3f0 [ 164.117175][ T9505] swapin_readahead+0xe4/0x760 [ 164.122066][ T9505] ? __filemap_get_folio+0x420/0x5b0 [ 164.127373][ T9505] ? swap_cache_get_folio+0x77/0x210 [ 164.132914][ T9505] do_swap_page+0x3da/0x1ef0 [ 164.137585][ T9505] ? hrtimer_start_range_ns+0x53d/0x580 [ 164.143134][ T9505] ? hrtimer_try_to_cancel+0x106/0x1d0 [ 164.148629][ T9505] ? __rcu_read_lock+0x36/0x50 [ 164.153385][ T9505] ? pte_offset_map_nolock+0x124/0x1d0 [ 164.158840][ T9505] handle_mm_fault+0x8cb/0x2a30 [ 164.163742][ T9505] exc_page_fault+0x3b9/0x650 [ 164.168458][ T9505] asm_exc_page_fault+0x26/0x30 [ 164.173325][ T9505] RIP: 0033:0x7fd36dd5ffa5 [ 164.177734][ T9505] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e c5 15 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74 [ 164.197396][ T9505] RSP: 002b:00007ffd5ab93128 EFLAGS: 00010246 [ 164.203460][ T9505] RAX: 0000000000000000 RBX: 00000000000000cc RCX: 00007fd36dd5ffa3 [ 164.211498][ T9505] RDX: 00007ffd5ab93140 RSI: 0000000000000000 RDI: 0000000000000000 [ 164.219456][ T9505] RBP: 00007ffd5ab9319c R08: 0000000034b454b0 R09: 7fffffffffffffff [ 164.227489][ T9505] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032 [ 164.235458][ T9505] R13: 0000000000027f45 R14: 0000000000027efe R15: 00007ffd5ab931f0 [ 164.243501][ T9505] [ 164.247147][ T9505] memory: usage 307200kB, limit 307200kB, failcnt 10995 [ 164.254095][ T9505] memory+swap: usage 293076kB, limit 9007199254740988kB, failcnt 0 [ 164.262283][ T9505] kmem: usage 291512kB, limit 9007199254740988kB, failcnt 0 [ 164.269659][ T9505] Memory cgroup stats for /syz3: [ 164.271383][ T9505] cache 131072 [ 164.279774][ T9505] rss 8192 [ 164.282805][ T9505] shmem 0 [ 164.285802][ T9505] mapped_file 131072 [ 164.289752][ T9505] dirty 131072 [ 164.293104][ T9505] writeback 8192 [ 164.296672][ T9505] workingset_refault_anon 63 [ 164.301247][ T9505] workingset_refault_file 147 [ 164.305964][ T9505] swap 180224 [ 164.309239][ T9505] swapcached 36864 [ 164.313011][ T9505] pgpgin 278457 [ 164.316484][ T9505] pgpgout 278416 [ 164.320018][ T9505] pgfault 109926 [ 164.323551][ T9505] pgmajfault 39 [ 164.327030][ T9505] inactive_anon 36864 [ 164.331000][ T9505] active_anon 0 [ 164.334489][ T9505] inactive_file 131072 [ 164.338648][ T9505] active_file 0 [ 164.342090][ T9505] unevictable 0 [ 164.345587][ T9505] hierarchical_memory_limit 314572800 [ 164.350939][ T9505] hierarchical_memsw_limit 9223372036854771712 [ 164.357279][ T9505] total_cache 131072 [ 164.361159][ T9505] total_rss 8192 [ 164.364727][ T9505] total_shmem 0 [ 164.368235][ T9505] total_mapped_file 131072 [ 164.372635][ T9505] total_dirty 131072 [ 164.376592][ T9505] total_writeback 8192 [ 164.380737][ T9505] total_workingset_refault_anon 63 [ 164.386018][ T9505] total_workingset_refault_file 147 [ 164.391287][ T9505] total_swap 180224 [ 164.395242][ T9505] total_swapcached 36864 [ 164.399468][ T9505] total_pgpgin 278457 [ 164.403430][ T9505] total_pgpgout 278416 [ 164.407513][ T9505] total_pgfault 109926 [ 164.411581][ T9505] total_pgmajfault 39 [ 164.415574][ T9505] total_inactive_anon 36864 [ 164.420063][ T9505] total_active_anon 0 [ 164.424039][ T9505] total_inactive_file 131072 [ 164.428649][ T9505] total_active_file 0 [ 164.432665][ T9505] total_unevictable 0 [ 164.436646][ T9505] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.2149,pid=10570,uid=0 [ 164.451923][ T9505] Memory cgroup out of memory: Killed process 10570 (syz.3.2149) total-vm:87116kB, anon-rss:612kB, file-rss:16164kB, shmem-rss:0kB, UID:0 pgtables:108kB oom_score_adj:1000 [ 164.479007][T10556] hsr_slave_0: entered promiscuous mode [ 164.485936][T10556] hsr_slave_1: entered promiscuous mode [ 164.491989][T10556] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 164.499663][T10556] Cannot create hsr debugfs directory [ 164.508311][ T50] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.549260][ T50] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.588020][ T50] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.639080][T10598] loop3: detected capacity change from 0 to 512 [ 164.654569][ T50] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.680407][T10598] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.694147][T10598] ext4 filesystem being mounted at /94/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 164.722085][ T9505] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.765137][T10609] bond1: entered promiscuous mode [ 164.770230][T10609] bond1: entered allmulticast mode [ 164.775876][T10609] 8021q: adding VLAN 0 to HW filter on device bond1 [ 164.797901][T10609] bond1 (unregistering): Released all slaves [ 164.867323][ T50] @ (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.889531][ T50] @ (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.902356][ T50] @ (unregistering): Released all slaves [ 164.914224][ T50] bond0 (unregistering): Released all slaves [ 165.046939][ T50] hsr_slave_0: left promiscuous mode [ 165.053688][ T50] hsr_slave_1: left promiscuous mode [ 165.065480][ T50] veth1_macvtap: left promiscuous mode [ 165.071103][ T50] veth0_macvtap: left promiscuous mode [ 165.076749][ T50] veth1_vlan: left promiscuous mode [ 165.081984][ T50] veth0_vlan: left promiscuous mode [ 165.173379][ T50] team0 (unregistering): Port device team_slave_1 removed [ 165.188405][ T50] team0 (unregistering): Port device team_slave_0 removed [ 165.392791][T10556] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 165.402720][T10556] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 165.413277][T10620] loop2: detected capacity change from 0 to 128 [ 165.423086][T10620] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 165.425269][T10556] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 165.442829][T10620] ext4 filesystem being mounted at /28/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 165.458225][T10556] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 165.469015][T10294] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 165.524027][T10556] 8021q: adding VLAN 0 to HW filter on device bond0 [ 165.547538][T10556] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.560689][ T6033] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.567797][ T6033] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.579483][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.586612][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.658086][T10556] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.664362][T10637] loop3: detected capacity change from 0 to 512 [ 165.676914][T10637] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.689646][T10637] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.709886][ T9505] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.754395][T10653] serio: Serial port ptm0 [ 165.801969][T10556] veth0_vlan: entered promiscuous mode [ 165.811242][T10556] veth1_vlan: entered promiscuous mode [ 165.830297][T10556] veth0_macvtap: entered promiscuous mode [ 165.839091][T10556] veth1_macvtap: entered promiscuous mode [ 165.850614][T10556] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 165.861771][T10556] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 165.871624][T10556] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.880464][T10556] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.889253][T10556] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.898005][T10556] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.912919][T10667] loop3: detected capacity change from 0 to 128 [ 165.924378][T10667] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 165.937310][T10667] ext4 filesystem being mounted at /101/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 166.112020][ T29] kauditd_printk_skb: 9652 callbacks suppressed [ 166.112032][ T29] audit: type=1400 audit(1726365524.822:38381): avc: denied { read write } for pid=10556 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 166.143013][ T29] audit: type=1400 audit(1726365524.822:38382): avc: denied { open } for pid=10556 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 166.167436][ T29] audit: type=1400 audit(1726365524.822:38383): avc: denied { ioctl } for pid=10556 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=104 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 166.411048][T10676] bond1: entered promiscuous mode [ 166.416290][T10676] bond1: entered allmulticast mode [ 166.421752][T10676] 8021q: adding VLAN 0 to HW filter on device bond1 [ 166.432365][T10676] bond1 (unregistering): Released all slaves [ 166.530509][ T29] audit: type=1400 audit(1726365525.242:38384): avc: denied { create } for pid=10684 comm="syz.0.2183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 166.554206][ T29] audit: type=1400 audit(1726365525.242:38385): avc: denied { prog_run } for pid=10684 comm="syz.0.2183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 166.573442][ T29] audit: type=1400 audit(1726365525.272:38386): avc: denied { bind } for pid=10684 comm="syz.0.2183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 166.593086][ T29] audit: type=1400 audit(1726365525.282:38387): avc: denied { name_bind } for pid=10684 comm="syz.0.2183" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 166.615025][ T29] audit: type=1400 audit(1726365525.282:38388): avc: denied { node_bind } for pid=10684 comm="syz.0.2183" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 166.638949][ T29] audit: type=1400 audit(1726365525.352:38389): avc: denied { unmount } for pid=9505 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 166.639605][ T9505] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 166.672224][ T29] audit: type=1400 audit(1726365525.382:38390): avc: denied { listen } for pid=10684 comm="syz.0.2183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 166.715907][T10693] serio: Serial port ptm0 [ 166.728540][T10695] bond1: entered promiscuous mode [ 166.733726][T10695] bond1: entered allmulticast mode [ 166.739060][T10695] 8021q: adding VLAN 0 to HW filter on device bond1 [ 166.750317][T10695] bond1 (unregistering): Released all slaves [ 166.782450][T10699] bond1: entered promiscuous mode [ 166.787583][T10699] bond1: entered allmulticast mode [ 166.793083][T10699] 8021q: adding VLAN 0 to HW filter on device bond1 [ 166.808625][T10699] bond1 (unregistering): Released all slaves [ 166.910026][T10711] loop3: detected capacity change from 0 to 512 [ 166.936754][T10711] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.949544][T10711] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.973372][ T9505] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.011439][T10723] loop3: detected capacity change from 0 to 1024 [ 167.018883][T10723] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 167.021473][T10725] serio: Serial port ptm0 [ 167.033507][T10723] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.109144][T10732] bond1: entered promiscuous mode [ 167.114244][T10732] bond1: entered allmulticast mode [ 167.119655][T10732] 8021q: adding VLAN 0 to HW filter on device bond1 [ 167.134665][T10732] bond1 (unregistering): Released all slaves [ 167.506406][T10741] loop4: detected capacity change from 0 to 512 [ 167.518362][T10741] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.531469][T10741] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 167.554380][T10556] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.591725][T10745] netlink: 'syz.4.2205': attribute type 5 has an invalid length. [ 167.774147][T10753] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2209'. [ 167.777071][T10757] serio: Serial port ptm0 [ 167.859192][ T9505] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.872427][T10766] bond1: entered promiscuous mode [ 167.877699][T10766] bond1: entered allmulticast mode [ 167.884228][T10766] 8021q: adding VLAN 0 to HW filter on device bond1 [ 167.899779][T10766] bond1 (unregistering): Released all slaves [ 167.920123][T10774] netlink: 'syz.3.2217': attribute type 5 has an invalid length. [ 167.963821][T10781] loop3: detected capacity change from 0 to 512 [ 167.977032][T10781] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.990751][T10781] ext4 filesystem being mounted at /114/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.017071][ T9505] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.146522][T10795] loop3: detected capacity change from 0 to 128 [ 168.154777][T10795] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 168.167330][T10795] ext4 filesystem being mounted at /115/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 168.484039][T10798] serio: Serial port ptm0 [ 168.577072][T10807] loop4: detected capacity change from 0 to 512 [ 168.585996][T10807] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.598933][T10807] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.608830][T10810] loop2: detected capacity change from 0 to 128 [ 168.617086][T10810] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 168.630165][T10556] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.662560][T10812] netlink: 'syz.4.2230': attribute type 5 has an invalid length. [ 168.706539][T10820] bond1: entered promiscuous mode [ 168.711619][T10820] bond1: entered allmulticast mode [ 168.719486][T10820] 8021q: adding VLAN 0 to HW filter on device bond1 [ 168.733302][T10825] serio: Serial port ptm0 [ 168.739506][T10820] bond1 (unregistering): Released all slaves [ 168.880639][ T9505] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 168.949991][T10846] loop3: detected capacity change from 0 to 512 [ 168.967016][T10846] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.980183][T10846] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.999693][ T9505] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.029939][T10851] netlink: 'syz.3.2246': attribute type 5 has an invalid length. [ 169.233893][T10863] loop3: detected capacity change from 0 to 128 [ 169.242260][T10863] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 169.254702][T10863] ext4 filesystem being mounted at /126/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 169.428479][T10868] loop2: detected capacity change from 0 to 512 [ 169.447077][T10868] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.459916][T10868] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 169.483633][T10294] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.961360][ T9505] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 170.044167][T10897] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 170.462545][T10907] bond1: entered promiscuous mode [ 170.468068][T10907] bond1: entered allmulticast mode [ 170.473783][T10907] 8021q: adding VLAN 0 to HW filter on device bond1 [ 170.485021][T10907] bond1 (unregistering): Released all slaves [ 170.872359][T10930] netlink: 47 bytes leftover after parsing attributes in process `syz.3.2276'. [ 171.320083][ T29] kauditd_printk_skb: 443 callbacks suppressed [ 171.320099][ T29] audit: type=1400 audit(1726365530.032:38834): avc: denied { read } for pid=10940 comm="syz.2.2280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 171.381131][T10946] bond1: entered promiscuous mode [ 171.386438][T10946] bond1: entered allmulticast mode [ 171.391714][ T29] audit: type=1400 audit(1726365530.092:38835): avc: denied { ioctl } for pid=10945 comm="syz.2.2284" path="socket:[31638]" dev="sockfs" ino=31638 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 171.404592][T10946] 8021q: adding VLAN 0 to HW filter on device bond1 [ 171.416644][ T29] audit: type=1400 audit(1726365530.092:38836): avc: denied { module_request } for pid=10945 comm="syz.2.2284" kmod="netdev-batadv0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 171.445860][ T29] audit: type=1400 audit(1726365530.112:38837): avc: denied { sys_module } for pid=10945 comm="syz.2.2284" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 171.476948][T10946] bond1 (unregistering): Released all slaves [ 171.489919][ T29] audit: type=1326 audit(1726365530.202:38838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10945 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76dc5edef9 code=0x7ffc0000 [ 171.513662][ T29] audit: type=1326 audit(1726365530.202:38839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10945 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76dc5edef9 code=0x7ffc0000 [ 171.537806][ T29] audit: type=1326 audit(1726365530.202:38840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10945 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f76dc5edef9 code=0x7ffc0000 [ 171.561394][ T29] audit: type=1326 audit(1726365530.202:38841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10945 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76dc5edef9 code=0x7ffc0000 [ 171.585202][ T29] audit: type=1326 audit(1726365530.202:38842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10945 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76dc5edef9 code=0x7ffc0000 [ 171.608958][ T29] audit: type=1326 audit(1726365530.202:38843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10945 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76dc5edef9 code=0x7ffc0000 [ 171.634105][T10948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2284'. [ 171.734821][T10957] loop2: detected capacity change from 0 to 512 [ 171.756061][T10957] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.774605][T10957] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.858754][T10971] loop4: detected capacity change from 0 to 128 [ 171.868775][T10971] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 171.892418][T10972] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 171.936860][T10294] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.978369][T10981] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2296'. [ 171.987492][T10981] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 171.995082][T10981] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 172.014637][T10984] loop3: detected capacity change from 0 to 128 [ 172.022421][T10981] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 172.029894][T10981] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 172.036072][T10984] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 172.038748][T10985] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 172.074704][T10984] ext4 filesystem being mounted at /134/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 172.193530][T10994] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 172.221311][T10996] loop4: detected capacity change from 0 to 1024 [ 172.255020][T10996] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 172.274210][T10964] syz.0.2290 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 172.285540][T10964] CPU: 1 UID: 0 PID: 10964 Comm: syz.0.2290 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 172.297210][T10964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 172.307272][T10964] Call Trace: [ 172.310548][T10964] [ 172.313582][T10964] dump_stack_lvl+0xf2/0x150 [ 172.318185][T10964] dump_stack+0x15/0x20 [ 172.322367][T10964] dump_header+0x83/0x2d0 [ 172.326787][T10964] oom_kill_process+0x341/0x4c0 [ 172.331669][T10964] out_of_memory+0x9af/0xbe0 [ 172.336290][T10964] ? __rcu_read_unlock+0x4e/0x70 [ 172.341431][T10964] mem_cgroup_out_of_memory+0x13e/0x190 [ 172.347053][T10964] try_charge_memcg+0x51b/0x810 [ 172.351927][T10964] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 172.358040][T10964] __read_swap_cache_async+0x2b7/0x520 [ 172.363650][T10964] swap_cluster_readahead+0x276/0x3f0 [ 172.369055][T10964] swapin_readahead+0xe4/0x760 [ 172.373831][T10964] ? __filemap_get_folio+0x420/0x5b0 [ 172.379144][T10964] ? swap_cache_get_folio+0x77/0x210 [ 172.384687][T10964] do_swap_page+0x3da/0x1ef0 [ 172.389291][T10964] ? cgroup_rstat_updated+0x99/0x550 [ 172.394749][T10964] ? __rcu_read_lock+0x36/0x50 [ 172.399612][T10964] ? pte_offset_map_nolock+0x124/0x1d0 [ 172.405184][T10964] handle_mm_fault+0x8cb/0x2a30 [ 172.410090][T10964] exc_page_fault+0x3b9/0x650 [ 172.414879][T10964] asm_exc_page_fault+0x26/0x30 [ 172.419745][T10964] RIP: 0033:0x7f606406de56 [ 172.424162][T10964] Code: fb e8 ee 81 fa ff 85 c0 b8 00 00 00 00 48 0f 45 d8 48 89 d8 5b c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 83 ec 28 31 f6 <64> 48 8b 04 25 28 00 00 00 48 89 44 24 18 31 c0 89 f8 48 69 c0 83 [ 172.443792][T10964] RSP: 002b:00007fffdc151680 EFLAGS: 00010246 [ 172.449861][T10964] RAX: 000000000002a0a1 RBX: 00007f6064225f80 RCX: 0000000000029fe0 [ 172.457925][T10964] RDX: 00000000000000c1 RSI: 0000000000000000 RDI: 00000000000003e8 [ 172.466045][T10964] RBP: 00007f6064227a80 R08: 000000000b8953b3 R09: 7fffffffffffffff [ 172.474080][T10964] R10: 00007f6064d650b8 R11: 00007f6064d65080 R12: 000000000002a24a [ 172.482056][T10964] R13: 00007fffdc1517b0 R14: 0000000000000032 R15: ffffffffffffffff [ 172.490216][T10964] [ 172.495089][T10964] memory: usage 307200kB, limit 307200kB, failcnt 3114 [ 172.501948][T10964] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 172.510590][T10964] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0 [ 172.517962][T10964] Memory cgroup stats for /syz0: [ 172.519323][T10964] cache 0 [ 172.527204][T10964] rss 0 [ 172.530104][T10964] shmem 0 [ 172.533029][T10964] mapped_file 0 [ 172.534837][T10996] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 172.536513][T10964] dirty 0 [ 172.552044][T10964] writeback 4096 [ 172.555638][T10964] workingset_refault_anon 85 [ 172.560243][T10964] workingset_refault_file 198 [ 172.564957][T10964] swap 212992 [ 172.568314][T10964] swapcached 8192 [ 172.571963][T10964] pgpgin 232907 [ 172.575456][T10964] pgpgout 232905 [ 172.579045][T10964] pgfault 101369 [ 172.582583][T10964] pgmajfault 37 [ 172.586064][T10964] inactive_anon 8192 [ 172.590006][T10964] active_anon 0 [ 172.593457][T10964] inactive_file 0 [ 172.597122][T10964] active_file 0 [ 172.600572][T10964] unevictable 0 [ 172.604021][T10964] hierarchical_memory_limit 314572800 [ 172.609446][T10964] hierarchical_memsw_limit 9223372036854771712 [ 172.615731][T10964] total_cache 0 [ 172.619185][T10964] total_rss 0 [ 172.622459][T10964] total_shmem 0 [ 172.625944][T10964] total_mapped_file 0 [ 172.629977][T10964] total_dirty 0 [ 172.633420][T10964] total_writeback 4096 [ 172.637516][T10964] total_workingset_refault_anon 85 [ 172.642620][T10964] total_workingset_refault_file 198 [ 172.647852][T10964] total_swap 212992 [ 172.651717][T10964] total_swapcached 8192 [ 172.656012][T10964] total_pgpgin 232907 [ 172.660033][T10964] total_pgpgout 232905 [ 172.664177][T10964] total_pgfault 101369 [ 172.668357][T10964] total_pgmajfault 37 [ 172.672342][T10964] total_inactive_anon 8192 [ 172.676885][T10964] total_active_anon 0 [ 172.680961][T10964] total_inactive_file 0 [ 172.685232][T10964] total_active_file 0 [ 172.689467][T10964] total_unevictable 0 [ 172.694082][T10964] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2290,pid=10964,uid=0 [ 172.709755][T10964] Memory cgroup out of memory: Killed process 10964 (syz.0.2290) total-vm:89296kB, anon-rss:740kB, file-rss:16180kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 172.728394][ T9505] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 173.025204][T11012] loop3: detected capacity change from 0 to 512 [ 173.048921][T11012] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.065213][T11012] ext4 filesystem being mounted at /138/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 173.087674][T10556] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.213494][ T9505] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.265507][T11031] bond1: entered promiscuous mode [ 173.265524][T11031] bond1: entered allmulticast mode [ 173.265712][T11031] 8021q: adding VLAN 0 to HW filter on device bond1 [ 173.287405][T11025] loop2: detected capacity change from 0 to 128 [ 173.296263][T11031] bond1 (unregistering): Released all slaves [ 173.321103][T11038] netlink: 'syz.4.2314': attribute type 5 has an invalid length. [ 173.337842][T11025] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 173.355041][T11025] ext4 filesystem being mounted at /47/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 173.414400][T10294] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 173.515101][T11065] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 173.567092][T11078] loop2: detected capacity change from 0 to 1024 [ 173.574921][T11078] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 173.586246][T11078] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.599213][T11083] serio: Serial port ptm0 [ 173.627782][T11081] loop4: detected capacity change from 0 to 128 [ 173.649317][T11081] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 173.696437][T11081] ext4 filesystem being mounted at /32/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 173.710904][T11091] loop3: detected capacity change from 0 to 512 [ 173.747632][T11091] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.766454][T11091] ext4 filesystem being mounted at /146/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 173.766592][T10556] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 173.799193][ T9505] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.810897][T10154] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 173.813629][T11097] tipc: Started in network mode [ 173.821890][T10154] CPU: 0 UID: 0 PID: 10154 Comm: syz-executor Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 173.826868][T11097] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 173.837918][T10154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 173.837936][T10154] Call Trace: [ 173.837944][T10154] [ 173.837957][T10154] dump_stack_lvl+0xf2/0x150 [ 173.867761][T10154] dump_stack+0x15/0x20 [ 173.871927][T10154] dump_header+0x83/0x2d0 [ 173.876297][T10154] oom_kill_process+0x341/0x4c0 [ 173.881178][T10154] out_of_memory+0x9af/0xbe0 [ 173.885879][T10154] ? __rcu_read_unlock+0x4e/0x70 [ 173.891092][T10154] mem_cgroup_out_of_memory+0x13e/0x190 [ 173.896720][T10154] try_charge_memcg+0x51b/0x810 [ 173.901588][T10154] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 173.907771][T10154] __read_swap_cache_async+0x2b7/0x520 [ 173.913321][T10154] swap_cluster_readahead+0x276/0x3f0 [ 173.918715][T10154] swapin_readahead+0xe4/0x760 [ 173.923566][T10154] ? __filemap_get_folio+0x420/0x5b0 [ 173.928869][T10154] ? swap_cache_get_folio+0x77/0x210 [ 173.934241][T10154] do_swap_page+0x3da/0x1ef0 [ 173.938844][T10154] ? hrtimer_start_range_ns+0x53d/0x580 [ 173.944430][T10154] ? hrtimer_try_to_cancel+0x106/0x1d0 [ 173.950059][T10154] ? __rcu_read_lock+0x36/0x50 [ 173.954833][T10154] ? pte_offset_map_nolock+0x124/0x1d0 [ 173.960289][T10154] handle_mm_fault+0x8cb/0x2a30 [ 173.965167][T10154] exc_page_fault+0x3b9/0x650 [ 173.969852][T10154] asm_exc_page_fault+0x26/0x30 [ 173.974790][T10154] RIP: 0033:0x7f606409ffa5 [ 173.979195][T10154] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e c5 15 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74 [ 173.998927][T10154] RSP: 002b:00007fffdc151898 EFLAGS: 00010246 [ 174.005104][T10154] RAX: 0000000000000000 RBX: 00000000000000db RCX: 00007f606409ffa3 [ 174.013134][T10154] RDX: 00007fffdc1518b0 RSI: 0000000000000000 RDI: 0000000000000000 [ 174.021130][T10154] RBP: 00007fffdc15190c R08: 000000002a33f37b R09: 7fffffffffffffff [ 174.029162][T10154] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032 [ 174.037181][T10154] R13: 000000000002a5db R14: 000000000002a54d R15: 00007fffdc151960 [ 174.045179][T10154] [ 174.050345][T11097] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 174.052554][T10154] memory: usage 307200kB, limit 307200kB, failcnt 3375 [ 174.058799][T11097] tipc: Enabled bearer , priority 10 [ 174.066233][T10154] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0 [ 174.066247][T10154] kmem: usage 307156kB, limit 9007199254740988kB, failcnt 0 [ 174.066258][T10154] Memory cgroup stats for /syz0: [ 174.088385][T10154] cache 12288 [ 174.096715][T10154] rss 4096 [ 174.099740][T10154] shmem 0 [ 174.102667][T10154] mapped_file 12288 [ 174.106515][T10154] dirty 12288 [ 174.109798][T10154] writeback 4096 [ 174.113336][T10154] workingset_refault_anon 125 [ 174.118071][T10154] workingset_refault_file 262 [ 174.122614][T11100] netlink: 47 bytes leftover after parsing attributes in process `syz.4.2339'. [ 174.122734][T10154] swap 212992 [ 174.122742][T10154] swapcached 32768 [ 174.138801][T10154] pgpgin 236065 [ 174.142249][T10154] pgpgout 236054 [ 174.145956][T10154] pgfault 104746 [ 174.149501][T10154] pgmajfault 49 [ 174.153010][T10154] inactive_anon 32768 [ 174.157042][T10154] active_anon 0 [ 174.160530][T10154] inactive_file 12288 [ 174.164533][T10154] active_file 0 [ 174.167986][T10154] unevictable 0 [ 174.171436][T10154] hierarchical_memory_limit 314572800 [ 174.176950][T10154] hierarchical_memsw_limit 9223372036854771712 [ 174.183171][T10154] total_cache 12288 [ 174.187235][T10154] total_rss 4096 [ 174.190978][T10154] total_shmem 0 [ 174.194438][T10154] total_mapped_file 12288 [ 174.198947][T10154] total_dirty 12288 [ 174.202795][T10154] total_writeback 4096 [ 174.207052][T10154] total_workingset_refault_anon 125 [ 174.212369][T10154] total_workingset_refault_file 262 [ 174.217615][T10154] total_swap 212992 [ 174.221434][T10154] total_swapcached 32768 [ 174.225723][T10154] total_pgpgin 236065 [ 174.229703][T10154] total_pgpgout 236054 [ 174.233892][T10154] total_pgfault 104746 [ 174.238020][T10154] total_pgmajfault 49 [ 174.242124][T10154] total_inactive_anon 32768 [ 174.246737][T10154] total_active_anon 0 [ 174.250722][T10154] total_inactive_file 12288 [ 174.255308][T10154] total_active_file 0 [ 174.259365][T10154] total_unevictable 0 [ 174.263572][T10154] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2322,pid=11051,uid=0 [ 174.278629][T10154] Memory cgroup out of memory: Killed process 11051 (syz.0.2322) total-vm:87116kB, anon-rss:608kB, file-rss:16164kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 174.423460][T11118] loop3: detected capacity change from 0 to 128 [ 174.437454][T11118] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 174.442068][T11119] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 174.464994][T11118] ext4 filesystem being mounted at /149/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 174.484146][T10294] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.541449][T11122] bond1: entered promiscuous mode [ 174.546621][T11122] bond1: entered allmulticast mode [ 174.555753][T11122] 8021q: adding VLAN 0 to HW filter on device bond1 [ 174.583824][T11122] bond1 (unregistering): Released all slaves [ 174.726379][T11135] serio: Serial port ptm0 [ 174.751206][ T3269] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 174.762149][ T3269] CPU: 0 UID: 0 PID: 3269 Comm: syz-executor Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 174.773099][ T3269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 174.783160][ T3269] Call Trace: [ 174.786447][ T3269] [ 174.789456][ T3269] dump_stack_lvl+0xf2/0x150 [ 174.794253][ T3269] dump_stack+0x15/0x20 [ 174.798438][ T3269] dump_header+0x83/0x2d0 [ 174.802796][ T3269] oom_kill_process+0x341/0x4c0 [ 174.807663][ T3269] out_of_memory+0x9af/0xbe0 [ 174.812258][ T3269] ? __rcu_read_unlock+0x4e/0x70 [ 174.817201][ T3269] mem_cgroup_out_of_memory+0x13e/0x190 [ 174.822753][ T3269] try_charge_memcg+0x51b/0x810 [ 174.827602][ T3269] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 174.833937][ T3269] __read_swap_cache_async+0x2b7/0x520 [ 174.839398][ T3269] swap_cluster_readahead+0x276/0x3f0 [ 174.844917][ T3269] swapin_readahead+0xe4/0x760 [ 174.849800][ T3269] ? __filemap_get_folio+0x420/0x5b0 [ 174.855082][ T3269] ? save_fpregs_to_fpstate+0x102/0x160 [ 174.860685][ T3269] ? swap_cache_get_folio+0x77/0x210 [ 174.865967][ T3269] do_swap_page+0x3da/0x1ef0 [ 174.870596][ T3269] ? hrtimer_start_range_ns+0x53d/0x580 [ 174.876142][ T3269] ? hrtimer_try_to_cancel+0x106/0x1d0 [ 174.881596][ T3269] ? __rcu_read_lock+0x36/0x50 [ 174.886389][ T3269] ? pte_offset_map_nolock+0x124/0x1d0 [ 174.891904][ T3269] handle_mm_fault+0x8cb/0x2a30 [ 174.896823][ T3269] exc_page_fault+0x3b9/0x650 [ 174.901501][ T3269] asm_exc_page_fault+0x26/0x30 [ 174.906441][ T3269] RIP: 0033:0x7f30c1fcffa5 [ 174.910899][ T3269] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e c5 15 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74 [ 174.930656][ T3269] RSP: 002b:00007ffcc5de8be8 EFLAGS: 00010246 [ 174.936853][ T3269] RAX: 0000000000000000 RBX: 0000000000000576 RCX: 00007f30c1fcffa3 [ 174.944845][ T3269] RDX: 00007ffcc5de8c00 RSI: 0000000000000000 RDI: 0000000000000000 [ 174.952810][ T3269] RBP: 00007ffcc5de8c5c R08: 0000000027090ecd R09: 7fffffffffffffff [ 174.960827][ T3269] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032 [ 174.968826][ T3269] R13: 000000000002a9ae R14: 000000000002a90d R15: 00007ffcc5de8cb0 [ 174.976804][ T3269] [ 174.979919][ T3269] memory: usage 307200kB, limit 307200kB, failcnt 15613 [ 174.986885][ T3269] memory+swap: usage 356556kB, limit 9007199254740988kB, failcnt 0 [ 174.994794][ T3269] kmem: usage 287444kB, limit 9007199254740988kB, failcnt 0 [ 175.002071][ T3269] Memory cgroup stats for /syz1: [ 175.030416][ T3269] cache 106496 [ 175.038879][ T3269] rss 0 [ 175.041639][ T3269] shmem 0 [ 175.044592][ T3269] mapped_file 106496 [ 175.048472][ T3269] dirty 106496 [ 175.051843][ T3269] writeback 0 [ 175.055279][ T3269] workingset_refault_anon 105 [ 175.059947][ T3269] workingset_refault_file 140 [ 175.064642][ T3269] swap 63053824 [ 175.068174][ T3269] swapcached 0 [ 175.071619][ T3269] pgpgin 369331 [ 175.075078][ T3269] pgpgout 369305 [ 175.078618][ T3269] pgfault 188221 [ 175.082156][ T3269] pgmajfault 51 [ 175.085635][ T3269] inactive_anon 0 [ 175.089256][ T3269] active_anon 0 [ 175.092770][ T3269] inactive_file 0 [ 175.096423][ T3269] active_file 106496 [ 175.100309][ T3269] unevictable 0 [ 175.103751][ T3269] hierarchical_memory_limit 314572800 [ 175.113580][ T3269] hierarchical_memsw_limit 9223372036854771712 [ 175.119938][ T3269] total_cache 106496 [ 175.123829][ T3269] total_rss 0 [ 175.127198][ T3269] total_shmem 0 [ 175.130665][ T3269] total_mapped_file 106496 [ 175.135177][ T3269] total_dirty 106496 [ 175.139149][ T3269] total_writeback 0 [ 175.142968][ T3269] total_workingset_refault_anon 105 [ 175.148184][ T3269] total_workingset_refault_file 140 [ 175.153548][ T3269] total_swap 63053824 [ 175.157660][ T3269] total_swapcached 0 [ 175.161577][ T3269] total_pgpgin 369331 [ 175.165611][ T3269] total_pgpgout 369305 [ 175.169757][ T3269] total_pgfault 188221 [ 175.173812][ T3269] total_pgmajfault 51 [ 175.174554][ T35] tipc: Node number set to 1 [ 175.177783][ T3269] total_inactive_anon 0 [ 175.186605][ T3269] total_active_anon 0 [ 175.190577][ T3269] total_inactive_file 0 [ 175.195054][ T3269] total_active_file 106496 [ 175.199516][ T3269] total_unevictable 0 [ 175.203487][ T3269] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.2347,pid=11116,uid=0 [ 175.218684][ T3269] Memory cgroup out of memory: Killed process 11116 (syz.1.2347) total-vm:87116kB, anon-rss:612kB, file-rss:16108kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 175.239522][ T9505] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 175.270820][T11146] loop4: detected capacity change from 0 to 512 [ 175.297567][T11146] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.311763][T11146] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.339173][T10556] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.339904][T11152] netlink: 'syz.3.2359': attribute type 5 has an invalid length. [ 175.427001][T11164] netlink: 47 bytes leftover after parsing attributes in process `syz.2.2365'. [ 175.532916][T11181] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 175.566903][T11183] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 175.579552][T11178] loop3: detected capacity change from 0 to 128 [ 175.593515][T11178] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 175.615328][T11178] ext4 filesystem being mounted at /153/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 176.298878][ T9505] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 176.317999][T11197] bond1: entered promiscuous mode [ 176.323102][T11197] bond1: entered allmulticast mode [ 176.369123][ T29] kauditd_printk_skb: 561 callbacks suppressed [ 176.369136][ T29] audit: type=1400 audit(1726365535.082:39402): avc: denied { prog_run } for pid=11200 comm="syz.1.2380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 176.386182][T11197] 8021q: adding VLAN 0 to HW filter on device bond1 [ 176.408116][ T29] audit: type=1400 audit(1726365535.112:39403): avc: denied { create } for pid=11200 comm="syz.1.2380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 176.427913][ T29] audit: type=1400 audit(1726365535.112:39404): avc: denied { bind } for pid=11200 comm="syz.1.2380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 176.447735][ T29] audit: type=1400 audit(1726365535.112:39405): avc: denied { name_bind } for pid=11200 comm="syz.1.2380" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 176.468821][ T29] audit: type=1400 audit(1726365535.112:39406): avc: denied { node_bind } for pid=11200 comm="syz.1.2380" saddr=::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 176.491011][ T29] audit: type=1400 audit(1726365535.112:39407): avc: denied { listen } for pid=11200 comm="syz.1.2380" laddr=::1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 176.512801][ T29] audit: type=1400 audit(1726365535.112:39408): avc: denied { connect } for pid=11200 comm="syz.1.2380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 176.532724][ T29] audit: type=1400 audit(1726365535.112:39409): avc: denied { setopt } for pid=11200 comm="syz.1.2380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 176.552473][ T29] audit: type=1400 audit(1726365535.112:39410): avc: denied { write } for pid=11200 comm="syz.1.2380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 176.572454][ T29] audit: type=1326 audit(1726365535.112:39411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11179 comm="syz.4.2372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7ffc0000 [ 176.611897][T11197] bond1 (unregistering): Released all slaves [ 176.633961][T11213] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2385'. [ 176.677245][T11225] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 176.682812][T11224] loop4: detected capacity change from 0 to 512 [ 176.724049][T11229] bond1: entered promiscuous mode [ 176.729218][T11229] bond1: entered allmulticast mode [ 176.734663][T11229] 8021q: adding VLAN 0 to HW filter on device bond1 [ 176.749897][T11229] bond1 (unregistering): Released all slaves [ 176.760194][T11224] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.773217][T11224] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.913025][T11250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2399'. [ 176.923978][T10556] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.955289][T11255] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2398'. [ 176.978548][T11261] bpf: Bad value for 'uid' [ 177.118623][ T3269] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 177.129833][ T3269] CPU: 1 UID: 0 PID: 3269 Comm: syz-executor Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 177.136130][T11278] syz.3.2409[11278] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 177.140714][ T3269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 177.140752][ T3269] Call Trace: [ 177.152532][T11278] syz.3.2409[11278] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 177.163037][ T3269] [ 177.163051][ T3269] dump_stack_lvl+0xf2/0x150 [ 177.163080][ T3269] dump_stack+0x15/0x20 [ 177.189409][ T3269] dump_header+0x83/0x2d0 [ 177.193746][ T3269] oom_kill_process+0x341/0x4c0 [ 177.198596][ T3269] out_of_memory+0x9af/0xbe0 [ 177.203285][ T3269] ? __rcu_read_unlock+0x4e/0x70 [ 177.208253][ T3269] mem_cgroup_out_of_memory+0x13e/0x190 [ 177.213803][ T3269] try_charge_memcg+0x51b/0x810 [ 177.218655][ T3269] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 177.224762][ T3269] __read_swap_cache_async+0x2b7/0x520 [ 177.230259][ T3269] swap_cluster_readahead+0x276/0x3f0 [ 177.235700][ T3269] swapin_readahead+0xe4/0x760 [ 177.240461][ T3269] ? __filemap_get_folio+0x420/0x5b0 [ 177.245825][ T3269] ? swap_cache_get_folio+0x77/0x210 [ 177.251128][ T3269] do_swap_page+0x3da/0x1ef0 [ 177.255754][ T3269] ? hrtimer_start_range_ns+0x53d/0x580 [ 177.261299][ T3269] ? hrtimer_try_to_cancel+0x106/0x1d0 [ 177.266885][ T3269] ? __rcu_read_lock+0x36/0x50 [ 177.271740][ T3269] ? pte_offset_map_nolock+0x124/0x1d0 [ 177.277288][ T3269] handle_mm_fault+0x8cb/0x2a30 [ 177.282154][ T3269] exc_page_fault+0x3b9/0x650 [ 177.286904][ T3269] asm_exc_page_fault+0x26/0x30 [ 177.291768][ T3269] RIP: 0033:0x7f30c1fcffa5 [ 177.296169][ T3269] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e c5 15 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74 [ 177.315797][ T3269] RSP: 002b:00007ffcc5de8be8 EFLAGS: 00010246 [ 177.321854][ T3269] RAX: 0000000000000000 RBX: 000000000000058c RCX: 00007f30c1fcffa3 [ 177.329826][ T3269] RDX: 00007ffcc5de8c00 RSI: 0000000000000000 RDI: 0000000000000000 [ 177.337874][ T3269] RBP: 00007ffcc5de8c5c R08: 000000000106275e R09: 7fffffffffffffff [ 177.345903][ T3269] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032 [ 177.353901][ T3269] R13: 000000000002b246 R14: 000000000002b18c R15: 00007ffcc5de8cb0 [ 177.361893][ T3269] [ 177.365243][ T3269] memory: usage 307200kB, limit 307200kB, failcnt 15846 [ 177.372488][ T3269] memory+swap: usage 368768kB, limit 9007199254740988kB, failcnt 0 [ 177.380446][ T3269] kmem: usage 307072kB, limit 9007199254740988kB, failcnt 0 [ 177.388074][ T3269] Memory cgroup stats for /syz1: [ 177.390037][ T3269] cache 106496 [ 177.398438][ T3269] rss 0 [ 177.401256][ T3269] shmem 0 [ 177.404201][ T3269] mapped_file 106496 [ 177.408219][ T3269] dirty 106496 [ 177.411586][ T3269] writeback 0 [ 177.415014][ T3269] workingset_refault_anon 160 [ 177.419687][ T3269] workingset_refault_file 140 [ 177.424352][ T3269] swap 63045632 [ 177.427936][ T3269] swapcached 4096 [ 177.431799][ T3269] pgpgin 369815 [ 177.435285][ T3269] pgpgout 369788 [ 177.438919][ T3269] pgfault 189255 [ 177.442457][ T3269] pgmajfault 77 [ 177.445982][ T3269] inactive_anon 0 [ 177.449613][ T3269] active_anon 4096 [ 177.453322][ T3269] inactive_file 0 [ 177.457037][ T3269] active_file 106496 [ 177.460918][ T3269] unevictable 0 [ 177.464363][ T3269] hierarchical_memory_limit 314572800 [ 177.469757][ T3269] hierarchical_memsw_limit 9223372036854771712 [ 177.475920][ T3269] total_cache 106496 [ 177.479833][ T3269] total_rss 0 [ 177.483103][ T3269] total_shmem 0 [ 177.486577][ T3269] total_mapped_file 106496 [ 177.490981][ T3269] total_dirty 106496 [ 177.494894][ T3269] total_writeback 0 [ 177.498688][ T3269] total_workingset_refault_anon 160 [ 177.503878][ T3269] total_workingset_refault_file 140 [ 177.509105][ T3269] total_swap 63045632 [ 177.513079][ T3269] total_swapcached 4096 [ 177.517272][ T3269] total_pgpgin 369815 [ 177.521250][ T3269] total_pgpgout 369788 [ 177.525328][ T3269] total_pgfault 189255 [ 177.529429][ T3269] total_pgmajfault 77 [ 177.533400][ T3269] total_inactive_anon 0 [ 177.537611][ T3269] total_active_anon 4096 [ 177.541839][ T3269] total_inactive_file 0 [ 177.546011][ T3269] total_active_file 106496 [ 177.550727][ T3269] total_unevictable 0 [ 177.554931][ T3269] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.2386,pid=11215,uid=0 [ 177.569970][ T3269] Memory cgroup out of memory: Killed process 11215 (syz.1.2386) total-vm:87116kB, anon-rss:584kB, file-rss:15972kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 177.636119][T11283] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2412'. [ 177.661078][T11292] netlink: 'syz.0.2414': attribute type 5 has an invalid length. [ 177.679517][T11294] syz.3.2415[11294] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 177.679652][T11294] syz.3.2415[11294] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 177.680040][T11296] loop2: detected capacity change from 0 to 1024 [ 177.713196][T11294] Falling back ldisc for ptm1. [ 177.720262][T11296] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 177.729924][T11296] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 177.740966][T11296] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz.2.2416: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 177.759103][T11296] EXT4-fs (loop2): get root inode failed [ 177.764837][T11296] EXT4-fs (loop2): mount failed [ 177.817753][T11311] loop2: detected capacity change from 0 to 512 [ 177.872873][T11317] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 177.966942][T11322] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2425'. [ 178.158045][T11312] syz.4.2423 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 178.169214][T11312] CPU: 1 UID: 0 PID: 11312 Comm: syz.4.2423 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 178.180202][T11312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 178.190420][T11312] Call Trace: [ 178.193698][T11312] [ 178.196628][T11312] dump_stack_lvl+0xf2/0x150 [ 178.201291][T11312] dump_stack+0x15/0x20 [ 178.205446][T11312] dump_header+0x83/0x2d0 [ 178.209778][T11312] oom_kill_process+0x341/0x4c0 [ 178.214630][T11312] out_of_memory+0x9af/0xbe0 [ 178.219267][T11312] ? __rcu_read_unlock+0x4e/0x70 [ 178.224203][T11312] mem_cgroup_out_of_memory+0x13e/0x190 [ 178.229762][T11312] try_charge_memcg+0x51b/0x810 [ 178.234678][T11312] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 178.240759][T11312] __read_swap_cache_async+0x2b7/0x520 [ 178.246285][T11312] swap_cluster_readahead+0x276/0x3f0 [ 178.251765][T11312] swapin_readahead+0xe4/0x760 [ 178.256616][T11312] ? __filemap_get_folio+0x420/0x5b0 [ 178.261926][T11312] ? swap_cache_get_folio+0x77/0x210 [ 178.267211][T11312] do_swap_page+0x3da/0x1ef0 [ 178.271802][T11312] ? cgroup_rstat_updated+0x99/0x550 [ 178.277112][T11312] ? __rcu_read_lock+0x36/0x50 [ 178.281894][T11312] ? pte_offset_map_nolock+0x124/0x1d0 [ 178.287572][T11312] handle_mm_fault+0x8cb/0x2a30 [ 178.292432][T11312] exc_page_fault+0x3b9/0x650 [ 178.297211][T11312] asm_exc_page_fault+0x26/0x30 [ 178.302150][T11312] RIP: 0033:0x7f3191a119dc [ 178.306552][T11312] Code: 72 64 0f 1f 40 00 69 3d d6 3c e1 00 e8 03 00 00 48 8d 1d b7 45 2e 00 e8 82 c4 12 00 eb 0c 48 81 c3 d8 00 00 00 48 39 dd 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 d8 00 00 [ 178.326239][T11312] RSP: 002b:00007ffc06932600 EFLAGS: 00010202 [ 178.332296][T11312] RAX: 0000000000000000 RBX: 00007f3191cf7060 RCX: 0000000000000000 [ 178.340260][T11312] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555585b39808 [ 178.348295][T11312] RBP: 00007f3191cf7a80 R08: 0000000000000000 R09: 7fffffffffffffff [ 178.356264][T11312] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000002b9c7 [ 178.364364][T11312] R13: 00007ffc06932700 R14: 0000000000000032 R15: ffffffffffffffff [ 178.372347][T11312] [ 178.375644][T11312] memory: usage 307200kB, limit 307200kB, failcnt 13380 [ 178.382587][T11312] memory+swap: usage 293608kB, limit 9007199254740988kB, failcnt 0 [ 178.390852][T11312] kmem: usage 274004kB, limit 9007199254740988kB, failcnt 0 [ 178.398274][T11312] Memory cgroup stats for /syz4: [ 178.400095][T11312] cache 118784 [ 178.408447][T11312] rss 4096 [ 178.411459][T11312] shmem 0 [ 178.414384][T11312] mapped_file 118784 [ 178.418350][T11312] dirty 118784 [ 178.421709][T11312] writeback 4096 [ 178.425262][T11312] workingset_refault_anon 117 [ 178.429933][T11312] workingset_refault_file 143 [ 178.434672][T11312] swap 192512 [ 178.437945][T11312] swapcached 8192 [ 178.441627][T11312] pgpgin 260963 [ 178.445106][T11312] pgpgout 260932 [ 178.448644][T11312] pgfault 132577 [ 178.452238][T11312] pgmajfault 46 [ 178.455707][T11312] inactive_anon 8192 [ 178.459594][T11312] active_anon 0 [ 178.463037][T11312] inactive_file 118784 [ 178.467185][T11312] active_file 0 [ 178.470627][T11312] unevictable 0 [ 178.474120][T11312] hierarchical_memory_limit 314572800 [ 178.479583][T11312] hierarchical_memsw_limit 9223372036854771712 [ 178.485816][T11312] total_cache 118784 [ 178.489764][T11312] total_rss 4096 [ 178.493294][T11312] total_shmem 0 [ 178.496776][T11312] total_mapped_file 118784 [ 178.501217][T11312] total_dirty 118784 [ 178.505265][T11312] total_writeback 4096 [ 178.509341][T11312] total_workingset_refault_anon 117 [ 178.514550][T11312] total_workingset_refault_file 143 [ 178.519800][T11312] total_swap 192512 [ 178.523590][T11312] total_swapcached 8192 [ 178.527759][T11312] total_pgpgin 260963 [ 178.531836][T11312] total_pgpgout 260932 [ 178.535970][T11312] total_pgfault 132577 [ 178.540140][T11312] total_pgmajfault 46 [ 178.544233][T11312] total_inactive_anon 8192 [ 178.548678][T11312] total_active_anon 0 [ 178.552632][T11312] total_inactive_file 118784 [ 178.557220][T11312] total_active_file 0 [ 178.561181][T11312] total_unevictable 0 [ 178.565238][T11312] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.2423,pid=11312,uid=0 [ 178.580211][T11312] Memory cgroup out of memory: Killed process 11312 (syz.4.2423) total-vm:87116kB, anon-rss:612kB, file-rss:16036kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 178.671838][T11333] netlink: 'syz.0.2429': attribute type 5 has an invalid length. [ 178.773864][T11347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2436'. [ 178.875034][T11359] loop2: detected capacity change from 0 to 512 [ 178.886246][T11359] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.886523][T11359] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.917233][T11355] bond_slave_1: mtu less than device minimum [ 178.955121][T11360] loop4: detected capacity change from 0 to 128 [ 178.966221][T10294] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.976929][T11360] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 178.990928][T11360] ext4 filesystem being mounted at /53/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 179.008426][T11368] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 179.055295][T11374] netlink: 47 bytes leftover after parsing attributes in process `syz.2.2445'. [ 179.380932][T11377] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2446'. [ 179.466177][T11385] FAULT_INJECTION: forcing a failure. [ 179.466177][T11385] name failslab, interval 1, probability 0, space 0, times 0 [ 179.478933][T11385] CPU: 0 UID: 0 PID: 11385 Comm: syz.0.2449 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 179.489720][T11385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 179.499783][T11385] Call Trace: [ 179.503074][T11385] [ 179.506052][T11385] dump_stack_lvl+0xf2/0x150 [ 179.510680][T11385] dump_stack+0x15/0x20 [ 179.511776][T11387] loop3: detected capacity change from 0 to 1024 [ 179.514938][T11385] should_fail_ex+0x229/0x230 [ 179.514968][T11385] ? audit_log_start+0x34c/0x6b0 [ 179.514990][T11385] should_failslab+0x8f/0xb0 [ 179.522664][T11387] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 179.526133][T11385] kmem_cache_alloc_noprof+0x4c/0x290 [ 179.526167][T11385] audit_log_start+0x34c/0x6b0 [ 179.532106][T11388] bond_slave_1: mtu less than device minimum [ 179.535926][T11385] audit_seccomp+0x4b/0x130 [ 179.535958][T11385] __seccomp_filter+0x6fa/0x1180 [ 179.570671][T11385] ? proc_fail_nth_write+0x130/0x160 [ 179.575967][T11385] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 179.581788][T11385] ? vfs_write+0x5a5/0x900 [ 179.586226][T11385] ? __fget_files+0x1da/0x210 [ 179.590919][T11385] __secure_computing+0x9f/0x1c0 [ 179.595897][T11385] syscall_trace_enter+0xd1/0x1f0 [ 179.600946][T11385] ? fpregs_assert_state_consistent+0x83/0xa0 [ 179.607566][T11385] do_syscall_64+0xaa/0x1c0 [ 179.612132][T11385] ? clear_bhb_loop+0x55/0xb0 [ 179.616815][T11385] ? clear_bhb_loop+0x55/0xb0 [ 179.621568][T11385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.627493][T11385] RIP: 0033:0x7f606406def9 [ 179.631983][T11385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.651606][T11385] RSP: 002b:00007f6062ce7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 179.660031][T11385] RAX: ffffffffffffffda RBX: 00007f6064225f80 RCX: 00007f606406def9 [ 179.668015][T11385] RDX: 0000000020000240 RSI: 000000000000560a RDI: 0000000000000008 [ 179.675997][T11385] RBP: 00007f6062ce7090 R08: 0000000000000000 R09: 0000000000000000 [ 179.683974][T11385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 179.691958][T11385] R13: 0000000000000000 R14: 00007f6064225f80 R15: 00007fffdc151548 [ 179.700105][T11385] [ 179.833423][T11402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 179.846066][T11402] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.913425][T11410] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2456'. [ 179.961340][T11412] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2460'. [ 180.050676][T11421] bond1: entered promiscuous mode [ 180.055925][T11421] bond1: entered allmulticast mode [ 180.061562][T11421] 8021q: adding VLAN 0 to HW filter on device bond1 [ 180.078146][T11421] bond1 (unregistering): Released all slaves [ 180.090249][T11419] macsec1: entered promiscuous mode [ 180.095632][T11419] macsec1: entered allmulticast mode [ 180.167916][T11424] bond_slave_1: mtu less than device minimum [ 180.287808][T11439] bond1: entered promiscuous mode [ 180.292957][T11439] bond1: entered allmulticast mode [ 180.298695][T11439] 8021q: adding VLAN 0 to HW filter on device bond1 [ 180.312260][T11439] bond1 (unregistering): Released all slaves [ 180.396696][T11447] netlink: 'syz.2.2474': attribute type 5 has an invalid length. [ 180.529464][T11458] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 180.669152][T11464] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2481'. [ 180.713652][T11468] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2482'. [ 180.745213][T11472] loop4: detected capacity change from 0 to 1024 [ 180.752172][T11472] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 180.786415][T11455] syz.2.2478 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 180.797424][T11455] CPU: 0 UID: 0 PID: 11455 Comm: syz.2.2478 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 180.808430][T11455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 180.818554][T11455] Call Trace: [ 180.821898][T11455] [ 180.824834][T11455] dump_stack_lvl+0xf2/0x150 [ 180.829549][T11455] dump_stack+0x15/0x20 [ 180.833782][T11455] dump_header+0x83/0x2d0 [ 180.838128][T11455] oom_kill_process+0x341/0x4c0 [ 180.843445][T11455] out_of_memory+0x9af/0xbe0 [ 180.848092][T11455] ? __rcu_read_unlock+0x4e/0x70 [ 180.853050][T11455] mem_cgroup_out_of_memory+0x13e/0x190 [ 180.858624][T11455] try_charge_memcg+0x51b/0x810 [ 180.863608][T11455] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 180.869704][T11455] __read_swap_cache_async+0x2b7/0x520 [ 180.875253][T11455] swap_cluster_readahead+0x276/0x3f0 [ 180.880889][T11455] swapin_readahead+0xe4/0x760 [ 180.885760][T11455] ? __filemap_get_folio+0x420/0x5b0 [ 180.891065][T11455] ? __lruvec_stat_mod_folio+0xdb/0x120 [ 180.896696][T11455] ? swap_cache_get_folio+0x77/0x210 [ 180.902126][T11455] do_swap_page+0x3da/0x1ef0 [ 180.906814][T11455] ? cgroup_rstat_updated+0x99/0x550 [ 180.912111][T11455] ? __rcu_read_lock+0x36/0x50 [ 180.916981][T11455] ? pte_offset_map_nolock+0x124/0x1d0 [ 180.922434][T11455] handle_mm_fault+0x8cb/0x2a30 [ 180.927291][T11455] exc_page_fault+0x3b9/0x650 [ 180.932152][T11455] asm_exc_page_fault+0x26/0x30 [ 180.937044][T11455] RIP: 0033:0x7f76dc4c19b8 [ 180.941448][T11455] Code: 31 d2 48 f7 f1 48 01 d8 49 39 c4 4c 0f 42 e0 83 3d e8 60 2e 00 00 0f 8e 99 fd ff ff e8 21 e5 fe ff 49 39 c4 72 64 0f 1f 40 00 <69> 3d d6 3c e1 00 e8 03 00 00 48 8d 1d b7 45 2e 00 e8 82 c4 12 00 [ 180.961084][T11455] RSP: 002b:00007ffe213d3b60 EFLAGS: 00010206 [ 180.967141][T11455] RAX: 000000000002c1e7 RBX: 00007f76dc7a7a80 RCX: 000000000002bf20 [ 180.975187][T11455] RDX: 00000000000002c7 RSI: 00007ffe213d3b40 RDI: 0000000000000001 [ 180.983253][T11455] RBP: 00007f76dc7a7a80 R08: 000000002a67f4a0 R09: 7fffffffffffffff [ 180.991547][T11455] R10: 00007f76dd2e30b8 R11: 00007f76dd2e3080 R12: 000000000002c42b [ 180.999516][T11455] R13: 00007ffe213d3c60 R14: 0000000000000032 R15: ffffffffffffffff [ 181.007697][T11455] [ 181.010840][T11455] memory: usage 307200kB, limit 307200kB, failcnt 2918 [ 181.017779][T11455] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0 [ 181.025696][T11455] kmem: usage 307084kB, limit 9007199254740988kB, failcnt 0 [ 181.032981][T11455] Memory cgroup stats for /syz2: [ 181.033137][T11455] cache 110592 [ 181.041564][T11455] rss 0 [ 181.044320][T11455] shmem 0 [ 181.047366][T11455] mapped_file 110592 [ 181.051604][T11455] dirty 110592 [ 181.055056][T11455] writeback 0 [ 181.058333][T11455] workingset_refault_anon 48 [ 181.062927][T11455] workingset_refault_file 69 [ 181.067661][T11455] swap 196608 [ 181.070935][T11455] swapcached 4096 [ 181.074568][T11455] pgpgin 307169 [ 181.078017][T11455] pgpgout 307141 [ 181.081644][T11455] pgfault 148814 [ 181.085262][T11455] pgmajfault 30 [ 181.088719][T11455] inactive_anon 0 [ 181.092344][T11455] active_anon 4096 [ 181.096073][T11455] inactive_file 0 [ 181.099728][T11455] active_file 110592 [ 181.103612][T11455] unevictable 0 [ 181.107084][T11455] hierarchical_memory_limit 314572800 [ 181.112502][T11455] hierarchical_memsw_limit 9223372036854771712 [ 181.118716][T11455] total_cache 110592 [ 181.122634][T11455] total_rss 0 [ 181.125999][T11455] total_shmem 0 [ 181.129450][T11455] total_mapped_file 110592 [ 181.133857][T11455] total_dirty 110592 [ 181.137774][T11455] total_writeback 0 [ 181.141647][T11455] total_workingset_refault_anon 48 [ 181.146788][T11455] total_workingset_refault_file 69 [ 181.151913][T11455] total_swap 196608 [ 181.155761][T11455] total_swapcached 4096 [ 181.159973][T11455] total_pgpgin 307169 [ 181.164058][T11455] total_pgpgout 307141 [ 181.168146][T11455] total_pgfault 148814 [ 181.172262][T11455] total_pgmajfault 30 [ 181.176423][T11455] total_inactive_anon 0 [ 181.180655][T11455] total_active_anon 4096 [ 181.184954][T11455] total_inactive_file 0 [ 181.189112][T11455] total_active_file 110592 [ 181.193559][T11455] total_unevictable 0 [ 181.197556][T11455] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2478,pid=11455,uid=0 [ 181.212537][T11455] Memory cgroup out of memory: Killed process 11455 (syz.2.2478) total-vm:87116kB, anon-rss:612kB, file-rss:16044kB, shmem-rss:0kB, UID:0 pgtables:108kB oom_score_adj:1000 [ 181.268072][T11478] netlink: 'syz.1.2486': attribute type 5 has an invalid length. [ 181.441565][ T29] kauditd_printk_skb: 800 callbacks suppressed [ 181.441578][ T29] audit: type=1400 audit(1726365540.152:40210): avc: denied { read write } for pid=9505 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 181.499169][ T29] audit: type=1400 audit(1726365540.152:40211): avc: denied { open } for pid=9505 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 181.523857][ T29] audit: type=1400 audit(1726365540.152:40212): avc: denied { ioctl } for pid=9505 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 181.549537][ T29] audit: type=1400 audit(1726365540.172:40213): avc: denied { create } for pid=11491 comm="syz.3.2492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 181.570499][ T29] audit: type=1400 audit(1726365540.172:40214): avc: denied { write } for pid=11491 comm="syz.3.2492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 181.589676][T11497] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2493'. [ 181.591103][ T29] audit: type=1400 audit(1726365540.172:40215): avc: denied { read } for pid=11491 comm="syz.3.2492" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 181.620527][ T29] audit: type=1400 audit(1726365540.202:40216): avc: denied { create } for pid=11493 comm="syz.3.2493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 181.640651][ T29] audit: type=1400 audit(1726365540.202:40217): avc: denied { ioctl } for pid=11493 comm="syz.3.2493" path="socket:[33480]" dev="sockfs" ino=33480 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 181.665777][ T29] audit: type=1400 audit(1726365540.212:40218): avc: denied { module_request } for pid=11493 comm="syz.3.2493" kmod="netdev-batadv0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 181.689494][ T29] audit: type=1400 audit(1726365540.262:40219): avc: denied { sys_module } for pid=11493 comm="syz.3.2493" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 181.774665][T11511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2499'. [ 181.783676][T11511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2499'. [ 181.804937][T11511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2499'. [ 181.814165][T11511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2499'. [ 181.835283][T11516] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 181.843285][T11516] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 181.846683][T11512] loop2: detected capacity change from 0 to 128 [ 181.859748][T11512] ext4 filesystem being mounted at /91/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 182.000971][T11520] netlink: 'syz.4.2500': attribute type 5 has an invalid length. [ 182.117082][T11525] vhci_hcd: invalid port number 157 [ 182.122418][T11525] vhci_hcd: default hub control req: c1ef v21ba i009d l29779 [ 182.678354][T11539] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 183.016733][T11551] loop4: detected capacity change from 0 to 1024 [ 183.031859][T10294] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 183.042762][T10294] CPU: 1 UID: 0 PID: 10294 Comm: syz-executor Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 183.053704][T10294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 183.063762][T10294] Call Trace: [ 183.067054][T10294] [ 183.069981][T10294] dump_stack_lvl+0xf2/0x150 [ 183.074584][T10294] dump_stack+0x15/0x20 [ 183.078756][T10294] dump_header+0x83/0x2d0 [ 183.083101][T10294] oom_kill_process+0x341/0x4c0 [ 183.087979][T10294] out_of_memory+0x9af/0xbe0 [ 183.092580][T10294] ? __rcu_read_unlock+0x4e/0x70 [ 183.097567][T10294] mem_cgroup_out_of_memory+0x13e/0x190 [ 183.103173][T10294] try_charge_memcg+0x51b/0x810 [ 183.108053][T10294] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 183.114283][T10294] __read_swap_cache_async+0x2b7/0x520 [ 183.119746][T10294] swap_cluster_readahead+0x276/0x3f0 [ 183.125164][T10294] swapin_readahead+0xe4/0x760 [ 183.129981][T10294] ? __filemap_get_folio+0x420/0x5b0 [ 183.135265][T10294] ? swap_cache_get_folio+0x77/0x210 [ 183.140548][T10294] do_swap_page+0x3da/0x1ef0 [ 183.145144][T10294] ? hrtimer_start_range_ns+0x53d/0x580 [ 183.150763][T10294] ? hrtimer_try_to_cancel+0x106/0x1d0 [ 183.156220][T10294] ? __rcu_read_lock+0x36/0x50 [ 183.160978][T10294] ? pte_offset_map_nolock+0x124/0x1d0 [ 183.166501][T10294] handle_mm_fault+0x8cb/0x2a30 [ 183.171370][T10294] exc_page_fault+0x3b9/0x650 [ 183.176055][T10294] asm_exc_page_fault+0x26/0x30 [ 183.180910][T10294] RIP: 0033:0x7f76dc61ffa5 [ 183.185318][T10294] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e c5 15 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74 [ 183.204960][T10294] RSP: 002b:00007ffe213d3d48 EFLAGS: 00010246 [ 183.211033][T10294] RAX: 0000000000000000 RBX: 00000000000000d8 RCX: 00007f76dc61ffa3 [ 183.218993][T10294] RDX: 00007ffe213d3d60 RSI: 0000000000000000 RDI: 0000000000000000 [ 183.226975][T10294] RBP: 00007ffe213d3dbc R08: 00000000392242c7 R09: 7fffffffffffffff [ 183.234967][T10294] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032 [ 183.243021][T10294] R13: 000000000002c9a9 R14: 000000000002c94e R15: 00007ffe213d3e10 [ 183.251084][T10294] [ 183.254303][T10294] memory: usage 307200kB, limit 307200kB, failcnt 3051 [ 183.261289][T10294] memory+swap: usage 295684kB, limit 9007199254740988kB, failcnt 0 [ 183.269410][T10294] kmem: usage 282872kB, limit 9007199254740988kB, failcnt 0 [ 183.276833][T10294] Memory cgroup stats for /syz2: [ 183.279828][T10294] cache 110592 [ 183.288540][T10294] rss 0 [ 183.291384][T10294] shmem 0 [ 183.294388][T10294] mapped_file 110592 [ 183.298298][T10294] dirty 110592 [ 183.301756][T10294] writeback 0 [ 183.305079][T10294] workingset_refault_anon 66 [ 183.309668][T10294] workingset_refault_file 69 [ 183.314284][T10294] swap 188416 [ 183.317615][T10294] swapcached 12288 [ 183.321324][T10294] pgpgin 307329 [ 183.324792][T10294] pgpgout 307299 [ 183.328321][T10294] pgfault 149162 [ 183.332121][T10294] pgmajfault 42 [ 183.335587][T10294] inactive_anon 0 [ 183.339216][T10294] active_anon 12288 [ 183.343016][T10294] inactive_file 0 [ 183.346720][T10294] active_file 110592 [ 183.350606][T10294] unevictable 0 [ 183.354060][T10294] hierarchical_memory_limit 314572800 [ 183.359549][T10294] hierarchical_memsw_limit 9223372036854771712 [ 183.365710][T10294] total_cache 110592 [ 183.369591][T10294] total_rss 0 [ 183.373000][T10294] total_shmem 0 [ 183.376465][T10294] total_mapped_file 110592 [ 183.380881][T10294] total_dirty 110592 [ 183.384683][T11551] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 183.384815][T10294] total_writeback 0 [ 183.398269][T10294] total_workingset_refault_anon 66 [ 183.401425][T11551] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 183.403390][T10294] total_workingset_refault_file 69 [ 183.403400][T10294] total_swap 188416 [ 183.403406][T10294] total_swapcached 12288 [ 183.426826][T10294] total_pgpgin 307329 [ 183.427287][T11551] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #2: comm syz.4.2513: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 183.430788][T10294] total_pgpgout 307299 [ 183.430798][T10294] total_pgfault 149162 [ 183.456907][T10294] total_pgmajfault 42 [ 183.460881][T10294] total_inactive_anon 0 [ 183.465052][T10294] total_active_anon 12288 [ 183.469753][T10294] total_inactive_file 0 [ 183.470405][T11551] EXT4-fs (loop4): get root inode failed [ 183.473988][T10294] total_active_file 110592 [ 183.479558][T11551] EXT4-fs (loop4): mount failed [ 183.483947][T10294] total_unevictable 0 [ 183.492944][T10294] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.2507,pid=11537,uid=0 [ 183.507988][T10294] Memory cgroup out of memory: Killed process 11537 (syz.2.2507) total-vm:87116kB, anon-rss:612kB, file-rss:16164kB, shmem-rss:0kB, UID:0 pgtables:108kB oom_score_adj:1000 [ 183.622178][T11580] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 183.628765][T11580] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 183.636591][T11580] vhci_hcd vhci_hcd.0: Device attached [ 183.656819][T11580] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 183.664135][T11580] vhci_hcd: invalid port number 23 [ 183.679710][T11582] loop4: detected capacity change from 0 to 128 [ 183.686812][T11585] vhci_hcd: connection closed [ 183.686969][ T6033] vhci_hcd: stop threads [ 183.695915][ T6033] vhci_hcd: release socket [ 183.700350][ T6033] vhci_hcd: disconnect device [ 183.707077][T11583] loop3: detected capacity change from 0 to 128 [ 183.721278][T11583] ext4 filesystem being mounted at /181/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 183.731759][T11582] ext4 filesystem being mounted at /70/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 183.843310][T11602] loop4: detected capacity change from 0 to 256 [ 183.858157][T11602] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 184.134282][T11610] loop2: detected capacity change from 0 to 1024 [ 184.141521][T11610] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 184.151396][T11610] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 184.162459][T11610] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz.2.2533: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 184.180602][T11610] EXT4-fs (loop2): get root inode failed [ 184.186532][T11610] EXT4-fs (loop2): mount failed [ 184.228703][T11617] loop2: detected capacity change from 0 to 1024 [ 184.236149][T11617] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 184.246349][T11617] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 184.257176][T11617] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz.2.2536: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 184.275488][T11617] EXT4-fs (loop2): get root inode failed [ 184.281411][T11617] EXT4-fs (loop2): mount failed [ 184.369380][T11626] loop2: detected capacity change from 0 to 128 [ 184.396818][T11626] ext4 filesystem being mounted at /101/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 184.527525][T11642] __nla_validate_parse: 5 callbacks suppressed [ 184.527584][T11642] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2543'. [ 184.597155][T11653] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 184.601023][T11631] chnl_net:caif_netlink_parms(): no params data found [ 184.603746][T11653] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 184.618274][T11653] vhci_hcd vhci_hcd.0: Device attached [ 184.633567][T11653] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 184.641839][T11653] vhci_hcd: invalid port number 23 [ 184.647551][T11654] vhci_hcd: connection closed [ 184.653788][ T50] vhci_hcd: stop threads [ 184.662882][ T50] vhci_hcd: release socket [ 184.667399][ T50] vhci_hcd: disconnect device [ 184.678189][T11631] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.685423][T11631] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.692741][T11631] bridge_slave_0: entered allmulticast mode [ 184.699344][T11631] bridge_slave_0: entered promiscuous mode [ 184.706588][T11631] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.713703][T11631] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.720950][T11631] bridge_slave_1: entered allmulticast mode [ 184.727413][T11631] bridge_slave_1: entered promiscuous mode [ 184.752450][T11631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 184.762748][T11631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 184.782207][T11631] team0: Port device team_slave_0 added [ 184.789239][T11631] team0: Port device team_slave_1 added [ 184.803665][T11631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.810655][T11631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.836832][T11631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.848123][T11631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.855130][T11631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.881184][T11631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.905849][T11631] hsr_slave_0: entered promiscuous mode [ 184.912086][T11631] hsr_slave_1: entered promiscuous mode [ 184.918147][T11631] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 184.925747][T11631] Cannot create hsr debugfs directory [ 184.963894][ T6043] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.997319][ T6043] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.057871][ T6043] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.117191][ T6043] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.212649][T11672] loop2: detected capacity change from 0 to 128 [ 185.221164][T11672] ext4 filesystem being mounted at /108/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 185.243894][ T6043] @ (unregistering): (slave bond_slave_0): Releasing backup interface [ 185.256526][ T6043] @ (unregistering): (slave bond_slave_1): Releasing backup interface [ 185.266715][ T6043] @ (unregistering): Released all slaves [ 185.275265][ T6043] bond0 (unregistering): Released all slaves [ 185.315657][ T6043] tipc: Disabling bearer [ 185.320993][ T6043] tipc: Left network mode [ 185.366253][T11678] loop3: detected capacity change from 0 to 1024 [ 185.373003][T11678] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 185.397447][ T6043] hsr_slave_0: left promiscuous mode [ 185.403265][ T6043] hsr_slave_1: left promiscuous mode [ 185.410301][ T6043] veth1_macvtap: left promiscuous mode [ 185.415914][ T6043] veth0_macvtap: left promiscuous mode [ 185.423157][ T6043] veth1_vlan: left promiscuous mode [ 185.518917][ T6043] team0 (unregistering): Port device team_slave_1 removed [ 185.529855][ T6043] team0 (unregistering): Port device team_slave_0 removed [ 185.658243][T11686] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 185.664855][T11686] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 185.672582][T11686] vhci_hcd vhci_hcd.0: Device attached [ 185.680170][T11686] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 185.687956][T11686] vhci_hcd: invalid port number 23 [ 185.693840][T11687] vhci_hcd: connection closed [ 185.694155][ T6056] vhci_hcd: stop threads [ 185.703358][ T6056] vhci_hcd: release socket [ 185.707818][ T6056] vhci_hcd: disconnect device [ 185.786490][ T6043] IPVS: stop unused estimator thread 0... [ 185.818423][T11631] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 185.827903][T11631] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 185.837233][T11631] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 185.846297][T11631] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 185.884011][T11631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.897047][T11631] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.907517][ T6043] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.914716][ T6043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.925962][ T6043] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.933075][ T6043] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.002632][T11631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.072563][T11631] veth0_vlan: entered promiscuous mode [ 186.081151][T11631] veth1_vlan: entered promiscuous mode [ 186.096312][T11631] veth0_macvtap: entered promiscuous mode [ 186.113345][T11631] veth1_macvtap: entered promiscuous mode [ 186.115290][T11700] loop2: detected capacity change from 0 to 1024 [ 186.125315][T11631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 186.127011][T11700] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 186.136602][T11631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 186.149752][T11700] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 186.151539][T11631] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.168646][T11631] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.177579][T11631] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.186322][T11631] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.204126][T11700] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz.2.2558: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 186.224187][T11700] EXT4-fs (loop2): get root inode failed [ 186.229998][T11700] EXT4-fs (loop2): mount failed [ 186.467760][T11727] loop3: detected capacity change from 0 to 1024 [ 186.475431][T11727] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 186.485038][T11727] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 186.495801][T11727] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #2: comm syz.3.2568: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 186.514049][T11727] EXT4-fs (loop3): get root inode failed [ 186.519874][T11727] EXT4-fs (loop3): mount failed [ 186.541799][T11730] loop3: detected capacity change from 0 to 128 [ 186.640098][ T29] kauditd_printk_skb: 296 callbacks suppressed [ 186.640112][ T29] audit: type=1400 audit(1726365545.352:40516): avc: denied { unmount } for pid=9505 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 186.738550][T11734] loop3: detected capacity change from 0 to 128 [ 186.746708][T11734] EXT4-fs mount: 17 callbacks suppressed [ 186.746719][T11734] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 186.764784][T11734] ext4 filesystem being mounted at /193/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 186.783924][ T9505] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 186.802143][T11740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2572'. [ 186.811297][T11740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2572'. [ 186.829651][T11740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2572'. [ 186.838696][T11740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2572'. [ 186.866869][T11740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2572'. [ 186.875988][T11740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2572'. [ 187.002025][ T29] audit: type=1326 audit(1726365545.712:40517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11751 comm="syz.4.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7fc00000 [ 187.025714][ T29] audit: type=1326 audit(1726365545.712:40518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11751 comm="syz.4.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3191b3def9 code=0x7fc00000 [ 187.049349][ T29] audit: type=1326 audit(1726365545.712:40519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11751 comm="syz.4.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7fc00000 [ 187.073078][ T29] audit: type=1326 audit(1726365545.712:40520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11751 comm="syz.4.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7fc00000 [ 187.080015][T11764] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2580'. [ 187.096791][ T29] audit: type=1326 audit(1726365545.712:40521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11751 comm="syz.4.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7fc00000 [ 187.096875][ T29] audit: type=1326 audit(1726365545.712:40522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11751 comm="syz.4.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7fc00000 [ 187.110944][T11763] loop4: detected capacity change from 0 to 128 [ 187.129493][ T29] audit: type=1326 audit(1726365545.712:40523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11751 comm="syz.4.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7fc00000 [ 187.129597][ T29] audit: type=1326 audit(1726365545.712:40524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11751 comm="syz.4.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7fc00000 [ 187.207006][ T29] audit: type=1326 audit(1726365545.712:40525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11751 comm="syz.4.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7fc00000 [ 187.253258][T11774] 9pnet_fd: Insufficient options for proto=fd [ 187.268005][T11763] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 187.296635][T11763] ext4 filesystem being mounted at /79/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 187.320683][T10556] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 187.330455][T11780] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2588'. [ 187.349244][T11780] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2588'. [ 187.450771][T11792] loop4: detected capacity change from 0 to 512 [ 187.466406][T11792] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.480799][T11792] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.606393][T10556] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.622779][T11806] netlink: 'syz.4.2596': attribute type 5 has an invalid length. [ 187.646374][T11808] loop4: detected capacity change from 0 to 1024 [ 187.653462][T11808] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 187.663077][T11808] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 187.674297][T11808] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #2: comm syz.4.2597: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 187.692655][T11808] EXT4-fs (loop4): get root inode failed [ 187.698436][T11808] EXT4-fs (loop4): mount failed [ 187.811774][T11813] loop4: detected capacity change from 0 to 128 [ 187.819966][T11813] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 187.833151][T11813] ext4 filesystem being mounted at /85/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 187.851228][T10556] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 188.155421][T11831] netlink: 'syz.3.2606': attribute type 10 has an invalid length. [ 188.165595][T11831] team0: Port device netdevsim1 added [ 188.172837][T11831] netlink: 'syz.3.2606': attribute type 10 has an invalid length. [ 188.183146][T11831] team0: Port device netdevsim1 removed [ 188.190716][T11831] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 188.201104][T11831] syz.3.2606[11831] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.201244][T11831] syz.3.2606[11831] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.252169][T11837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.272486][T11837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.388631][T11850] syz.1.2613[11850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.388786][T11850] syz.1.2613[11850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.809948][T11871] loop4: detected capacity change from 0 to 1024 [ 188.829084][T11871] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 188.839134][T11871] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 188.850380][T11871] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #2: comm syz.4.2621: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 188.868777][T11871] EXT4-fs (loop4): get root inode failed [ 188.874463][T11871] EXT4-fs (loop4): mount failed [ 188.898837][T11875] loop4: detected capacity change from 0 to 128 [ 188.906837][T11875] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 188.919065][T11875] ext4 filesystem being mounted at /92/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 188.936287][T10556] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 188.977023][T11881] loop4: detected capacity change from 0 to 128 [ 189.068022][T11883] loop4: detected capacity change from 0 to 512 [ 189.086213][T11883] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.098919][T11883] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 189.119492][T10556] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.136517][T11888] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 189.143028][T11888] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 189.150873][T11888] vhci_hcd vhci_hcd.0: Device attached [ 189.157957][T11888] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 189.165426][T11888] vhci_hcd: invalid port number 23 [ 189.171034][T11889] vhci_hcd: connection closed [ 189.171208][ T6043] vhci_hcd: stop threads [ 189.180263][ T6043] vhci_hcd: release socket [ 189.184806][ T6043] vhci_hcd: disconnect device [ 189.672696][T11905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 189.681730][T11905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 189.690386][T11905] __nla_validate_parse: 14 callbacks suppressed [ 189.690401][T11905] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2631'. [ 189.737771][T11911] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 189.746738][T11911] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.164424][T11915] loop2: detected capacity change from 0 to 128 [ 190.242607][T11921] loop3: detected capacity change from 0 to 1024 [ 190.249544][T11921] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 190.269305][T11921] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.305937][T11932] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 190.312493][T11932] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 190.320406][T11932] vhci_hcd vhci_hcd.0: Device attached [ 190.327249][T11932] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 190.334945][T11932] vhci_hcd: invalid port number 23 [ 190.341167][T11933] vhci_hcd: connection closed [ 190.341409][ T50] vhci_hcd: stop threads [ 190.350480][ T50] vhci_hcd: release socket [ 190.354978][ T50] vhci_hcd: disconnect device [ 190.881195][T11944] bond_slave_1: mtu less than device minimum [ 191.086088][ T9505] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.118705][T11954] loop3: detected capacity change from 0 to 128 [ 191.203380][T11961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2653'. [ 191.218910][T11961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2653'. [ 191.252551][T11961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2653'. [ 191.262579][T11961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2653'. [ 191.294927][T11969] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 191.303845][T11961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2653'. [ 191.321065][T11961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2653'. [ 191.340483][T11975] bond_slave_1: mtu less than device minimum [ 191.521740][T11988] netlink: 'syz.2.2664': attribute type 5 has an invalid length. [ 191.551551][T11990] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2665'. [ 191.579702][T11990] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2665'. [ 191.612377][T11993] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 191.623457][T11990] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2665'. [ 191.747339][T12002] syz.2.2669[12002] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 191.747399][T12002] syz.2.2669[12002] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 191.853432][T10154] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 191.876218][T10154] CPU: 1 UID: 0 PID: 10154 Comm: syz-executor Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 191.887159][T10154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 191.897248][T10154] Call Trace: [ 191.900527][T10154] [ 191.903454][T10154] dump_stack_lvl+0xf2/0x150 [ 191.908365][T10154] dump_stack+0x15/0x20 [ 191.912530][T10154] dump_header+0x83/0x2d0 [ 191.916935][T10154] oom_kill_process+0x341/0x4c0 [ 191.921843][T10154] out_of_memory+0x9af/0xbe0 [ 191.926529][T10154] ? __rcu_read_unlock+0x4e/0x70 [ 191.931522][T10154] mem_cgroup_out_of_memory+0x13e/0x190 [ 191.937089][T10154] try_charge_memcg+0x51b/0x810 [ 191.942323][T10154] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 191.948500][T10154] __read_swap_cache_async+0x2b7/0x520 [ 191.953981][T10154] swap_cluster_readahead+0x276/0x3f0 [ 191.959434][T10154] swapin_readahead+0xe4/0x760 [ 191.964206][T10154] ? __filemap_get_folio+0x420/0x5b0 [ 191.969509][T10154] ? swap_cache_get_folio+0x77/0x210 [ 191.974811][T10154] do_swap_page+0x3da/0x1ef0 [ 191.979472][T10154] ? xdp_do_check_flushed+0x187/0x1d0 [ 191.985542][T10154] ? __rcu_read_lock+0x36/0x50 [ 191.990394][T10154] ? pte_offset_map_nolock+0x124/0x1d0 [ 191.995850][T10154] handle_mm_fault+0x8cb/0x2a30 [ 192.000705][T10154] exc_page_fault+0x3b9/0x650 [ 192.005401][T10154] asm_exc_page_fault+0x26/0x30 [ 192.010258][T10154] RIP: 0033:0x7f606409ffa5 [ 192.014660][T10154] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e c5 15 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74 [ 192.034321][T10154] RSP: 002b:00007fffdc151898 EFLAGS: 00010246 [ 192.040377][T10154] RAX: 0000000000000000 RBX: 0000000000000148 RCX: 00007f606409ffa3 [ 192.048340][T10154] RDX: 00007fffdc1518b0 RSI: 0000000000000000 RDI: 0000000000000000 [ 192.056422][T10154] RBP: 00007fffdc15190c R08: 000000001c4c36de R09: 7fffffffffffffff [ 192.064395][T10154] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032 [ 192.072392][T10154] R13: 000000000002eac3 R14: 000000000002ea75 R15: 00007fffdc151960 [ 192.080461][T10154] [ 192.083840][T10154] memory: usage 307200kB, limit 307200kB, failcnt 3652 [ 192.091044][T10154] memory+swap: usage 307404kB, limit 9007199254740988kB, failcnt 0 [ 192.099121][T10154] kmem: usage 306456kB, limit 9007199254740988kB, failcnt 0 [ 192.106418][T10154] Memory cgroup stats for /syz0: [ 192.109681][T12012] loop4: detected capacity change from 0 to 128 [ 192.164079][T10154] cache 761856 [ 192.167523][T10154] rss 0 [ 192.170349][T10154] shmem 0 [ 192.173286][T10154] mapped_file 761856 [ 192.177274][T10154] dirty 761856 [ 192.180668][T10154] writeback 0 [ 192.184029][T10154] workingset_refault_anon 157 [ 192.188761][T10154] workingset_refault_file 371 [ 192.193501][T10154] swap 208896 [ 192.196895][T10154] swapcached 0 [ 192.200876][T10154] pgpgin 244019 [ 192.204379][T10154] pgpgout 243833 [ 192.208021][T10154] pgfault 115328 [ 192.211554][T10154] pgmajfault 88 [ 192.215016][T10154] inactive_anon 0 [ 192.218636][T10154] active_anon 0 [ 192.222102][T10154] inactive_file 761856 [ 192.226177][T10154] active_file 0 [ 192.229759][T10154] unevictable 0 [ 192.233205][T10154] hierarchical_memory_limit 314572800 [ 192.238666][T10154] hierarchical_memsw_limit 9223372036854771712 [ 192.244879][T10154] total_cache 761856 [ 192.248769][T10154] total_rss 0 [ 192.252103][T10154] total_shmem 0 [ 192.255660][T10154] total_mapped_file 761856 [ 192.260150][T10154] total_dirty 761856 [ 192.264082][T10154] total_writeback 0 [ 192.267946][T10154] total_workingset_refault_anon 157 [ 192.273193][T10154] total_workingset_refault_file 371 [ 192.278448][T10154] total_swap 208896 [ 192.282275][T10154] total_swapcached 0 [ 192.286169][T10154] total_pgpgin 244019 [ 192.290151][T10154] total_pgpgout 243833 [ 192.294234][T10154] total_pgfault 115328 [ 192.298311][T10154] total_pgmajfault 88 [ 192.302896][T10154] total_inactive_anon 0 [ 192.307182][T10154] total_active_anon 0 [ 192.311364][T10154] total_inactive_file 761856 [ 192.316035][T10154] total_active_file 0 [ 192.320024][T10154] total_unevictable 0 [ 192.323997][T10154] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2651,pid=11955,uid=0 [ 192.338997][T10154] Memory cgroup out of memory: Killed process 11955 (syz.0.2651) total-vm:89164kB, anon-rss:612kB, file-rss:16188kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 192.339842][T12012] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 192.374841][T12012] ext4 filesystem being mounted at /113/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 192.399561][T12021] bond1: entered promiscuous mode [ 192.404768][T12021] bond1: entered allmulticast mode [ 192.419894][T12021] 8021q: adding VLAN 0 to HW filter on device bond1 [ 192.455412][T12021] bond1 (unregistering): Released all slaves [ 192.466956][T10556] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 192.565427][T12043] loop2: detected capacity change from 0 to 1024 [ 192.572260][T12043] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 192.582651][T12043] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.583673][T12045] loop4: detected capacity change from 0 to 128 [ 192.616920][T12047] loop0: detected capacity change from 0 to 128 [ 192.624761][T12047] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 192.637408][T12047] ext4 filesystem being mounted at /139/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 192.731817][ T29] kauditd_printk_skb: 512 callbacks suppressed [ 192.731829][ T29] audit: type=1326 audit(1726365551.442:41038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12052 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7ffc0000 [ 192.762184][ T29] audit: type=1326 audit(1726365551.462:41039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12052 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3191b3def9 code=0x7ffc0000 [ 192.785969][ T29] audit: type=1326 audit(1726365551.462:41040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12052 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7ffc0000 [ 192.809604][ T29] audit: type=1326 audit(1726365551.462:41041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12052 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3191b3def9 code=0x7ffc0000 [ 192.833234][ T29] audit: type=1326 audit(1726365551.462:41042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12052 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3191b3def9 code=0x7ffc0000 [ 192.857021][ T29] audit: type=1326 audit(1726365551.462:41043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12052 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3191b3def9 code=0x7ffc0000 [ 193.140873][T12052] syz.4.2689 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 193.151917][T12052] CPU: 0 UID: 0 PID: 12052 Comm: syz.4.2689 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 193.162773][T12052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 193.172837][T12052] Call Trace: [ 193.176117][T12052] [ 193.179066][T12052] dump_stack_lvl+0xf2/0x150 [ 193.183782][T12052] dump_stack+0x15/0x20 [ 193.188025][T12052] dump_header+0x83/0x2d0 [ 193.192366][T12052] oom_kill_process+0x341/0x4c0 [ 193.197224][T12052] out_of_memory+0x9af/0xbe0 [ 193.201815][T12052] ? __rcu_read_unlock+0x4e/0x70 [ 193.206749][T12052] mem_cgroup_out_of_memory+0x13e/0x190 [ 193.212322][T12052] try_charge_memcg+0x51b/0x810 [ 193.217169][T12052] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 193.223375][T12052] __read_swap_cache_async+0x2b7/0x520 [ 193.228951][T12052] swap_cluster_readahead+0x276/0x3f0 [ 193.234354][T12052] swapin_readahead+0xe4/0x760 [ 193.239132][T12052] ? __filemap_get_folio+0x420/0x5b0 [ 193.244445][T12052] ? swap_cache_get_folio+0x77/0x210 [ 193.250029][T12052] do_swap_page+0x3da/0x1ef0 [ 193.254707][T12052] ? cgroup_rstat_updated+0x99/0x550 [ 193.259991][T12052] ? __rcu_read_lock+0x36/0x50 [ 193.264749][T12052] ? pte_offset_map_nolock+0x124/0x1d0 [ 193.270206][T12052] handle_mm_fault+0x8cb/0x2a30 [ 193.275132][T12052] exc_page_fault+0x3b9/0x650 [ 193.279809][T12052] asm_exc_page_fault+0x26/0x30 [ 193.284659][T12052] RIP: 0033:0x7f3191a11a0e [ 193.289105][T12052] Code: 0c 85 c0 74 e7 48 89 df 48 81 c3 d8 00 00 00 e8 18 ed ff ff 48 39 dd 75 df 0f 1f 00 8b 05 86 60 2e 00 85 c0 0f 8e 35 fd ff ff bd e4 fe ff 49 39 c4 73 a0 48 8d 1d 61 45 2e 00 83 3d 66 60 2e [ 193.308784][T12052] RSP: 002b:00007ffc06932600 EFLAGS: 00010202 [ 193.315133][T12052] RAX: 0000000000000001 RBX: 00007f3191cf7a80 RCX: 0000000000000000 [ 193.323130][T12052] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555585b39808 [ 193.331139][T12052] RBP: 00007f3191cf7a80 R08: 0000000000000000 R09: 7fffffffffffffff [ 193.339158][T12052] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000002f40c [ 193.347235][T12052] R13: 00007ffc06932700 R14: 0000000000000032 R15: ffffffffffffffff [ 193.355295][T12052] [ 193.358459][T12052] memory: usage 307200kB, limit 307200kB, failcnt 13574 [ 193.365757][T12052] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0 [ 193.373649][T12052] kmem: usage 307120kB, limit 9007199254740988kB, failcnt 0 [ 193.381071][T12052] Memory cgroup stats for /syz4: [ 193.389544][T10154] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 193.418881][T12052] cache 57344 [ 193.422225][T12052] rss 0 [ 193.425022][T12052] shmem 0 [ 193.427965][T12052] mapped_file 57344 [ 193.431830][T12052] dirty 57344 [ 193.435278][T12052] writeback 0 [ 193.438557][T12052] workingset_refault_anon 158 [ 193.443220][T12052] workingset_refault_file 224 [ 193.447910][T12052] swap 196608 [ 193.451244][T12052] swapcached 20480 [ 193.455020][T12052] pgpgin 270554 [ 193.458469][T12052] pgpgout 270535 [ 193.462006][T12052] pgfault 146167 [ 193.465560][T12052] pgmajfault 60 [ 193.469009][T12052] inactive_anon 0 [ 193.472697][T12052] active_anon 20480 [ 193.476640][T12052] inactive_file 0 [ 193.480277][T12052] active_file 57344 [ 193.484067][T12052] unevictable 0 [ 193.487537][T12052] hierarchical_memory_limit 314572800 [ 193.492911][T12052] hierarchical_memsw_limit 9223372036854771712 [ 193.499078][T12052] total_cache 57344 [ 193.502916][T12052] total_rss 0 [ 193.506276][T12052] total_shmem 0 [ 193.509785][T12052] total_mapped_file 57344 [ 193.514116][T12052] total_dirty 57344 [ 193.518051][T12052] total_writeback 0 [ 193.521850][T12052] total_workingset_refault_anon 158 [ 193.527056][T12052] total_workingset_refault_file 224 [ 193.532247][T12052] total_swap 196608 [ 193.536059][T12052] total_swapcached 20480 [ 193.540354][T12052] total_pgpgin 270554 [ 193.544333][T12052] total_pgpgout 270535 [ 193.548464][T12052] total_pgfault 146167 [ 193.552535][T12052] total_pgmajfault 60 [ 193.556520][T12052] total_inactive_anon 0 [ 193.560749][T12052] total_active_anon 20480 [ 193.565103][T12052] total_inactive_file 0 [ 193.569272][T12052] total_active_file 57344 [ 193.573587][T12052] total_unevictable 0 [ 193.577569][T12052] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.2689,pid=12052,uid=0 [ 193.592729][T12052] Memory cgroup out of memory: Killed process 12052 (syz.4.2689) total-vm:87116kB, anon-rss:612kB, file-rss:16168kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 193.614585][T12058] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 193.621141][T12058] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 193.628967][T12058] vhci_hcd vhci_hcd.0: Device attached [ 193.643649][T10294] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.653927][T12058] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 193.661896][T12058] vhci_hcd: invalid port number 23 [ 193.673580][T12059] vhci_hcd: connection closed [ 193.673759][ T50] vhci_hcd: stop threads [ 193.682724][ T50] vhci_hcd: release socket [ 193.687211][ T50] vhci_hcd: disconnect device [ 193.758140][T12070] loop2: detected capacity change from 0 to 512 [ 193.776049][T12070] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.788792][T12070] ext4 filesystem being mounted at /142/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 193.906335][ T29] audit: type=1326 audit(1726365552.622:41044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12069 comm="syz.2.2696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76dc5edef9 code=0x7fc00000 [ 193.930009][ T29] audit: type=1326 audit(1726365552.622:41045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12069 comm="syz.2.2696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f76dc5edef9 code=0x7fc00000 [ 193.953717][ T29] audit: type=1326 audit(1726365552.622:41046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12069 comm="syz.2.2696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76dc5edef9 code=0x7fc00000 [ 193.977594][ T29] audit: type=1326 audit(1726365552.622:41047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12069 comm="syz.2.2696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76dc5edef9 code=0x7fc00000 [ 194.011706][T10294] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.152579][T12087] loop2: detected capacity change from 0 to 128 [ 194.160561][T12087] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 194.172979][T12087] ext4 filesystem being mounted at /144/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 194.293292][T12104] loop0: detected capacity change from 0 to 1024 [ 194.300531][T12104] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 194.310335][T12104] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 194.321078][T12104] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #2: comm syz.0.2709: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 194.339187][T12104] EXT4-fs (loop0): get root inode failed [ 194.344859][T12104] EXT4-fs (loop0): mount failed [ 194.413819][T12107] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 194.539395][T12113] loop3: detected capacity change from 0 to 128 [ 194.543455][T12115] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 194.548182][T12113] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 194.565715][T12113] ext4 filesystem being mounted at /216/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 194.674191][T12136] loop0: detected capacity change from 0 to 1024 [ 194.682935][T12136] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 194.693607][T12136] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.807128][T12146] netlink: 'syz.4.2724': attribute type 21 has an invalid length. [ 194.815389][T12146] __nla_validate_parse: 16 callbacks suppressed [ 194.815404][T12146] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2724'. [ 194.858126][T12150] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2726'. [ 194.904953][T10294] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 195.011538][T12170] bond_slave_1: mtu less than device minimum [ 195.054370][T12172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.063278][T12172] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.265175][ T9505] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 195.285677][T12177] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2737'. [ 195.396239][T12142] ================================================================== [ 195.404358][T12142] BUG: KCSAN: data-race in generic_buffers_fsync_noflush / inode_cgwb_move_to_attached [ 195.413988][T12142] [ 195.416306][T12142] write to 0xffff888100765ce8 of 8 bytes by task 12136 on cpu 1: [ 195.424018][T12142] inode_cgwb_move_to_attached+0x9b/0x300 [ 195.429755][T12142] writeback_single_inode+0x395/0x4a0 [ 195.435221][T12142] sync_inode_metadata+0x5c/0x90 [ 195.440161][T12142] generic_buffers_fsync_noflush+0xe4/0x130 [ 195.446061][T12142] ext4_sync_file+0x20b/0x6c0 [ 195.450743][T12142] vfs_fsync_range+0x122/0x140 [ 195.455515][T12142] ext4_buffered_write_iter+0x338/0x380 [ 195.461058][T12142] ext4_file_write_iter+0x29f/0xe30 [ 195.466354][T12142] iter_file_splice_write+0x5e6/0x970 [ 195.471748][T12142] direct_splice_actor+0x16c/0x2c0 [ 195.476867][T12142] splice_direct_to_actor+0x305/0x670 [ 195.482261][T12142] do_splice_direct+0xd7/0x150 [ 195.487035][T12142] do_sendfile+0x3ab/0x950 [ 195.491448][T12142] __x64_sys_sendfile64+0x110/0x150 [ 195.496670][T12142] x64_sys_call+0xed5/0x2d60 [ 195.501284][T12142] do_syscall_64+0xc9/0x1c0 [ 195.505788][T12142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.511703][T12142] [ 195.514025][T12142] read to 0xffff888100765ce8 of 8 bytes by task 12142 on cpu 0: [ 195.521661][T12142] generic_buffers_fsync_noflush+0x89/0x130 [ 195.527690][T12142] ext4_sync_file+0x20b/0x6c0 [ 195.532663][T12142] vfs_fsync_range+0x122/0x140 [ 195.537442][T12142] ext4_buffered_write_iter+0x338/0x380 [ 195.542995][T12142] ext4_file_write_iter+0x29f/0xe30 [ 195.548198][T12142] iter_file_splice_write+0x5e6/0x970 [ 195.553576][T12142] direct_splice_actor+0x16c/0x2c0 [ 195.558685][T12142] splice_direct_to_actor+0x305/0x670 [ 195.564068][T12142] do_splice_direct+0xd7/0x150 [ 195.568929][T12142] do_sendfile+0x3ab/0x950 [ 195.573340][T12142] __x64_sys_sendfile64+0x110/0x150 [ 195.578545][T12142] x64_sys_call+0xed5/0x2d60 [ 195.583147][T12142] do_syscall_64+0xc9/0x1c0 [ 195.587656][T12142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.593581][T12142] [ 195.595899][T12142] value changed: 0x0000000000000080 -> 0x0000000000000004 [ 195.603005][T12142] [ 195.605333][T12142] Reported by Kernel Concurrency Sanitizer on: [ 195.611480][T12142] CPU: 0 UID: 0 PID: 12142 Comm: syz.0.2720 Not tainted 6.11.0-rc7-syzkaller-00149-g0babf683783d #0 [ 195.622247][T12142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 195.632302][T12142] ================================================================== [ 195.653216][T10154] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.