last executing test programs: 1.629000682s ago: executing program 0 (id=277): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0x12, 0x2, 0x8, 0x2}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB='\a\x00'], 0x10) close(r0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001540)={{r1}, &(0x7f00000014c0), &(0x7f0000001500)=r0}, 0x20) 1.590210872s ago: executing program 0 (id=279): r0 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0) write$binfmt_misc(r3, &(0x7f0000000980), 0xfdef) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 1.165012699s ago: executing program 3 (id=294): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000003c0)="71b28209c8", 0x5}], 0x1}, 0x40004) 1.12754735s ago: executing program 4 (id=295): syz_read_part_table(0x5c3, &(0x7f00000005c0)="$eJzs2z9I22kYB/A31lBohw7XqVPbocPRpaVjM7QlSVsqhKiL3KCgiJgpghC5gKAHmkExgzi6iJDFP5Mxg5Oi4Czi4CE4uNyhi+BiDvG97e7wUI8rfD7w48n75vu+T54h4y/wXWsJvzebzUQIofnwrxPNfzjdWUtnvjzPfch3xMvCfPWXH64+Jv48HW99GdeHcb0w/6gxefY5WTtoP3/VvVlpid+PxufxYr3zDsbjni2ltp6MjRezU6XUwH62fDyxt9u2fJrO179Vqitfk596Y2471tZYh0IpjITB0BMKoRD6QvGO+s/Vjt5cPsvW1vrfX2Qa0xtvYy53yzlv2n/4xUxXtfzx9erT2Xel9Z38yYPrXOFv/l0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPy/LKW2noyNF7NTpdTAfrZ8PLG327Z8ms7Xv1WqK1+Tn3pjbjvW1liHQimMhMHQEwohEfpC8Y76z9WO3lw+y9bW+t9fZBrTG29jLnfLOW/af/jFTFe1/PH16tPZd6X1nfzJg+tc4eE9/QAAAAAAAAAAAAAAAAAAAAAIIaQzX57nPuQ7QkiEn0Jr+PG3n1uu9pvxffdEzL2M9TDuL8w/akyefU7WDtrPX3VvVn6N+6PxebxY7/zPh+Ff+yMAAP//17OV3g==") socket$nl_netfilter(0x10, 0x3, 0xc) mknod(0x0, 0x8001420, 0x0) r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r1, 0x2000009) sendfile(r0, r1, 0x0, 0x6) 1.057382041s ago: executing program 3 (id=297): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@nobarrier}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f00000001c0)="f14a18f6913026bbc8e195ec033d173c59594e80b11c263107f65f12606a97894a6d668a", 0x24) sendfile(r2, r0, 0x0, 0x40001) sendfile(r2, r1, 0x0, 0x7ffff000) 994.061333ms ago: executing program 4 (id=298): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0) mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) 974.163483ms ago: executing program 2 (id=299): creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 733.129067ms ago: executing program 0 (id=300): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x14}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x9d, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r2, &(0x7f0000000080), 0x0}, 0x20) 732.868257ms ago: executing program 2 (id=301): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=@newsa={0xf0, 0x1e, 0x713, 0x0, 0x0, {{@in=@broadcast, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88}, {@in6=@local, 0x0, 0x32}, @in6=@mcast1, {0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x6}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x3c}}, 0xf0}}, 0x0) r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmsg$unix(r0, &(0x7f00000000c0)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040801}, 0x20008840) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000080)=0x7, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x45f1, 0x4) recvmmsg(r0, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/57, 0x39}, 0x8}], 0x3ffffffffffff2e, 0x1000400000de, 0x0) 707.487388ms ago: executing program 0 (id=302): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000000020000000900010073797a320000000014000200"], 0x34}}, 0xc800) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000040340000000000000800000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x18) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, r0, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0) 690.304037ms ago: executing program 0 (id=303): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000300)='5', 0x1}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c"], 0x30}], 0x1, 0x0) 685.033058ms ago: executing program 2 (id=304): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) r1 = getpid() unshare(0x2c020400) syz_clone(0x638c1100, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x8020000) 672.520618ms ago: executing program 0 (id=306): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2}, 0x10) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, 0x0, 0x0) 522.505031ms ago: executing program 2 (id=307): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r3, 0x0, 0x8}, 0x18) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffc, 0x6, 0x0, @buffer={0x42, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) 467.003332ms ago: executing program 1 (id=308): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2, 0x0, 0x7}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) arch_prctl$ARCH_GET_CPUID(0x1011) process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 465.997062ms ago: executing program 2 (id=309): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r2}, 0x10) io_setup(0x3, &(0x7f0000000340)) 465.889212ms ago: executing program 3 (id=310): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f00000003c0)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f00000016c0)=[{{0x2, 0x0, 0x1}, {0x2, 0x0, 0x1}}], 0x8) write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0x2046) 459.273702ms ago: executing program 4 (id=311): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = dup(r1) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c0000000306010200000000000000000200000a0500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) 393.332263ms ago: executing program 1 (id=312): r0 = socket(0x1e, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000340), &(0x7f0000000300)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18) sendmsg$tipc(r0, &(0x7f0000000200)={&(0x7f0000000000)=@id={0x1e, 0x3, 0x2, {0x4e23}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x24040014}, 0x0) 393.111583ms ago: executing program 4 (id=313): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='cdg\x00', 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000004c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='dctcp\x00', 0x6) 358.372274ms ago: executing program 4 (id=314): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ustat(0x3, 0x0) 357.729434ms ago: executing program 3 (id=315): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000000020000000900010073797a320000000014000200"], 0x34}}, 0xc800) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000040340000000000000800000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000357500007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x18) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, r0, 0xe27, 0x0, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0) 346.657343ms ago: executing program 1 (id=316): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f00000003c0)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r1, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r1, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x37, 0x7fffffff}]}) close_range(r2, 0xffffffffffffffff, 0x0) 313.154964ms ago: executing program 2 (id=317): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x24000050}, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0xd000001, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='hybla\x00', 0x6) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d) sendfile(r0, r1, 0x0, 0x8000002b) 312.662434ms ago: executing program 3 (id=327): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB="000000000000000000000000b5b1df1900000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)="2e00000011008b88040f80ec59acbc0413a1f8480f0000005e2900421803001825000a001400000002800000121f", 0x2e}], 0x1}, 0x800) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) 309.022474ms ago: executing program 4 (id=318): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@nobarrier}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f00000001c0)="f14a18f6913026bbc8e195ec033d173c59594e80b11c263107f65f12606a97894a6d668a", 0x24) sendfile(r2, r0, 0x0, 0x40001) sendfile(r2, r1, 0x0, 0x7ffff000) 100.690308ms ago: executing program 3 (id=319): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000380)={0x1}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x0, 0x0, 0x103ff}) 100.101168ms ago: executing program 1 (id=330): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r1}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) 51.737479ms ago: executing program 1 (id=320): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffb}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x0, @dev={0xfe, 0x80, '\x00', 0x36}}}}, &(0x7f0000000040)=0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000080)={r3, 0x8004}, 0xffc4) getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) 0s ago: executing program 1 (id=321): r0 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0) write$binfmt_misc(r3, &(0x7f0000000980), 0xfdef) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.19' (ED25519) to the list of known hosts. [ 25.005573][ T29] audit: type=1400 audit(1753310779.672:62): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.006402][ T3294] cgroup: Unknown subsys name 'net' [ 25.028385][ T29] audit: type=1400 audit(1753310779.672:63): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.055755][ T29] audit: type=1400 audit(1753310779.702:64): avc: denied { unmount } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.211711][ T3294] cgroup: Unknown subsys name 'cpuset' [ 25.217839][ T3294] cgroup: Unknown subsys name 'rlimit' [ 25.386604][ T29] audit: type=1400 audit(1753310780.052:65): avc: denied { setattr } for pid=3294 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.409981][ T29] audit: type=1400 audit(1753310780.052:66): avc: denied { create } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 25.430409][ T29] audit: type=1400 audit(1753310780.052:67): avc: denied { write } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.447201][ T3298] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 25.450863][ T29] audit: type=1400 audit(1753310780.052:68): avc: denied { read } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.479757][ T29] audit: type=1400 audit(1753310780.062:69): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.488041][ T3294] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 25.504732][ T29] audit: type=1400 audit(1753310780.062:70): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 25.536857][ T29] audit: type=1400 audit(1753310780.122:71): avc: denied { relabelto } for pid=3298 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.572513][ T3304] chnl_net:caif_netlink_parms(): no params data found [ 26.648420][ T3304] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.655613][ T3304] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.662972][ T3304] bridge_slave_0: entered allmulticast mode [ 26.669358][ T3304] bridge_slave_0: entered promiscuous mode [ 26.681205][ T3305] chnl_net:caif_netlink_parms(): no params data found [ 26.693119][ T3304] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.700446][ T3304] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.707601][ T3304] bridge_slave_1: entered allmulticast mode [ 26.714141][ T3304] bridge_slave_1: entered promiscuous mode [ 26.720566][ T3310] chnl_net:caif_netlink_parms(): no params data found [ 26.770117][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.779244][ T3308] chnl_net:caif_netlink_parms(): no params data found [ 26.794186][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.826493][ T3309] chnl_net:caif_netlink_parms(): no params data found [ 26.846929][ T3304] team0: Port device team_slave_0 added [ 26.853416][ T3304] team0: Port device team_slave_1 added [ 26.866194][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.873315][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.880521][ T3310] bridge_slave_0: entered allmulticast mode [ 26.886880][ T3310] bridge_slave_0: entered promiscuous mode [ 26.895121][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.902259][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.909365][ T3310] bridge_slave_1: entered allmulticast mode [ 26.915907][ T3310] bridge_slave_1: entered promiscuous mode [ 26.936853][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.944076][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.951252][ T3305] bridge_slave_0: entered allmulticast mode [ 26.957779][ T3305] bridge_slave_0: entered promiscuous mode [ 26.975213][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 26.982312][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.008384][ T3304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.023986][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.031194][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.038269][ T3305] bridge_slave_1: entered allmulticast mode [ 27.045182][ T3305] bridge_slave_1: entered promiscuous mode [ 27.056057][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.065476][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.072452][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.098413][ T3304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.123711][ T3308] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.130775][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.137962][ T3308] bridge_slave_0: entered allmulticast mode [ 27.144492][ T3308] bridge_slave_0: entered promiscuous mode [ 27.151761][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.173018][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.182293][ T3308] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.189404][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.196609][ T3308] bridge_slave_1: entered allmulticast mode [ 27.202965][ T3308] bridge_slave_1: entered promiscuous mode [ 27.214575][ T3310] team0: Port device team_slave_0 added [ 27.229763][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.247956][ T3310] team0: Port device team_slave_1 added [ 27.272714][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.283009][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.297813][ T3304] hsr_slave_0: entered promiscuous mode [ 27.303924][ T3304] hsr_slave_1: entered promiscuous mode [ 27.309959][ T3309] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.317169][ T3309] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.324327][ T3309] bridge_slave_0: entered allmulticast mode [ 27.330559][ T3309] bridge_slave_0: entered promiscuous mode [ 27.337395][ T3305] team0: Port device team_slave_0 added [ 27.343931][ T3305] team0: Port device team_slave_1 added [ 27.358930][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.365920][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.391831][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.403078][ T3309] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.410135][ T3309] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.417414][ T3309] bridge_slave_1: entered allmulticast mode [ 27.423824][ T3309] bridge_slave_1: entered promiscuous mode [ 27.437533][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.444503][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.470571][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.502110][ T3308] team0: Port device team_slave_0 added [ 27.514034][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.524427][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.534017][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.541028][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.567120][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.578378][ T3308] team0: Port device team_slave_1 added [ 27.596110][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.603181][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.629402][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.653747][ T3310] hsr_slave_0: entered promiscuous mode [ 27.659694][ T3310] hsr_slave_1: entered promiscuous mode [ 27.665629][ T3310] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 27.673301][ T3310] Cannot create hsr debugfs directory [ 27.683734][ T3309] team0: Port device team_slave_0 added [ 27.703453][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.710402][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.736714][ T3308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.747791][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.754833][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.780774][ T3308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.792127][ T3309] team0: Port device team_slave_1 added [ 27.828483][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.835562][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.861741][ T3309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.879324][ T3305] hsr_slave_0: entered promiscuous mode [ 27.885303][ T3305] hsr_slave_1: entered promiscuous mode [ 27.891409][ T3305] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 27.898962][ T3305] Cannot create hsr debugfs directory [ 27.909736][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.916731][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.942698][ T3309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.995544][ T3308] hsr_slave_0: entered promiscuous mode [ 28.002076][ T3308] hsr_slave_1: entered promiscuous mode [ 28.007819][ T3308] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 28.015464][ T3308] Cannot create hsr debugfs directory [ 28.029747][ T3309] hsr_slave_0: entered promiscuous mode [ 28.035816][ T3309] hsr_slave_1: entered promiscuous mode [ 28.041943][ T3309] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 28.049497][ T3309] Cannot create hsr debugfs directory [ 28.119922][ T3304] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 28.134823][ T3304] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 28.153215][ T3304] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 28.163415][ T3304] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 28.210965][ T3310] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 28.219949][ T3310] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 28.238519][ T3310] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 28.249166][ T3310] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 28.272026][ T3305] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 28.280547][ T3305] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 28.289284][ T3305] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 28.297814][ T3305] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 28.331032][ T3309] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 28.339822][ T3309] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 28.359201][ T3309] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 28.371236][ T3309] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 28.406588][ T3308] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 28.415805][ T3308] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 28.424776][ T3308] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 28.439369][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.450473][ T3308] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 28.465391][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.483516][ T3304] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.502982][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.510022][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.518749][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.525854][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.535619][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.545110][ T1084] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.552193][ T1084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.568184][ T1084] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.575248][ T1084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.597930][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.612111][ T3309] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.620890][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.649320][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.656411][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.665265][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.672488][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.687491][ T3305] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.707770][ T3309] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 28.718292][ T3309] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.746959][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.754112][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.762590][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.769710][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.828698][ T3304] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.838302][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.873315][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.894242][ T3308] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.903788][ T3309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.915778][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.931168][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.938295][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.947440][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.954600][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.022692][ T3308] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.067031][ T3310] veth0_vlan: entered promiscuous mode [ 29.096799][ T3310] veth1_vlan: entered promiscuous mode [ 29.110888][ T3304] veth0_vlan: entered promiscuous mode [ 29.119531][ T3304] veth1_vlan: entered promiscuous mode [ 29.144301][ T3310] veth0_macvtap: entered promiscuous mode [ 29.151049][ T3309] veth0_vlan: entered promiscuous mode [ 29.162646][ T3304] veth0_macvtap: entered promiscuous mode [ 29.169798][ T3310] veth1_macvtap: entered promiscuous mode [ 29.179145][ T3304] veth1_macvtap: entered promiscuous mode [ 29.185631][ T3309] veth1_vlan: entered promiscuous mode [ 29.204319][ T3305] veth0_vlan: entered promiscuous mode [ 29.210938][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.224884][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.233463][ T3309] veth0_macvtap: entered promiscuous mode [ 29.242778][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.252878][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.260369][ T3309] veth1_macvtap: entered promiscuous mode [ 29.268226][ T3305] veth1_vlan: entered promiscuous mode [ 29.280839][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.290168][ T3310] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.298952][ T3310] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.307730][ T3310] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.316615][ T3310] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.332351][ T3304] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.341225][ T3304] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.349923][ T3304] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.358706][ T3304] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.369504][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.394383][ T3305] veth0_macvtap: entered promiscuous mode [ 29.402721][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.421269][ T3305] veth1_macvtap: entered promiscuous mode [ 29.442756][ T3309] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.451576][ T3309] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.460302][ T3309] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.469077][ T3309] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.490918][ T3308] veth0_vlan: entered promiscuous mode [ 29.497279][ T3310] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 29.523326][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.535333][ T3308] veth1_vlan: entered promiscuous mode [ 29.551201][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.559386][ T3305] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.568295][ T3305] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.577462][ T3305] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.586754][ T3305] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.626563][ T3308] veth0_macvtap: entered promiscuous mode [ 29.637943][ T3308] veth1_macvtap: entered promiscuous mode [ 29.667856][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.696502][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.709670][ T3308] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.718555][ T3308] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.727313][ T3308] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.736109][ T3308] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.818071][ T3496] IPv6: Can't replace route, no match found [ 29.843425][ T3502] loop1: detected capacity change from 0 to 512 [ 29.854755][ T3501] loop0: detected capacity change from 0 to 512 [ 29.893325][ T3502] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 29.900187][ T3501] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 29.906642][ T3502] EXT4-fs (loop1): filesystem is read-only [ 29.925111][ T3501] EXT4-fs (loop0): mount failed [ 29.946448][ T3513] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 29.958921][ T3513] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 29.971193][ T3513] bond0: (slave ipvlan2): Error -95 calling set_mac_address [ 29.985059][ T3517] process 'syz.4.17' launched '/dev/fd/3' with NULL argv: empty string added [ 30.019269][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 30.019334][ T29] audit: type=1400 audit(1753310784.682:131): avc: denied { create } for pid=3518 comm="syz.4.18" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 30.067008][ T29] audit: type=1400 audit(1753310784.682:132): avc: denied { write } for pid=3518 comm="syz.4.18" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 30.086218][ T29] audit: type=1400 audit(1753310784.682:133): avc: denied { read } for pid=3518 comm="syz.4.18" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 30.132571][ T3526] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21'. [ 30.142898][ T29] audit: type=1400 audit(1753310784.812:134): avc: denied { write } for pid=3522 comm="syz.4.19" name="vlan0" dev="proc" ino=4026533207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 30.216123][ T29] audit: type=1400 audit(1753310784.882:135): avc: denied { bind } for pid=3532 comm="" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 30.256334][ T29] audit: type=1400 audit(1753310784.882:136): avc: denied { setopt } for pid=3532 comm="" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 30.274997][ T29] audit: type=1400 audit(1753310784.902:137): avc: denied { create } for pid=3535 comm="syz.2.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 30.294457][ T29] audit: type=1400 audit(1753310784.912:138): avc: denied { bind } for pid=3535 comm="syz.2.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 30.313516][ T29] audit: type=1400 audit(1753310784.912:139): avc: denied { write } for pid=3535 comm="syz.2.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 30.338043][ T29] audit: type=1400 audit(1753310784.942:140): avc: denied { mount } for pid=3537 comm="syz.2.26" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 30.396842][ T3549] syz.1.32 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 30.498519][ T3562] netlink: 24 bytes leftover after parsing attributes in process `syz.1.38'. [ 30.525752][ T3562] syz.1.38 (3562) used greatest stack depth: 10840 bytes left [ 30.542856][ T3564] netlink: 28 bytes leftover after parsing attributes in process `syz.1.39'. [ 30.779634][ T3566] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 30.820357][ T3583] netlink: 'syz.0.48': attribute type 4 has an invalid length. [ 30.875804][ T3590] netlink: 332 bytes leftover after parsing attributes in process `syz.1.51'. [ 30.939853][ T3600] syz.3.55 uses obsolete (PF_INET,SOCK_PACKET) [ 31.146782][ T3615] loop0: detected capacity change from 0 to 512 [ 31.155489][ T3615] ======================================================= [ 31.155489][ T3615] WARNING: The mand mount option has been deprecated and [ 31.155489][ T3615] and is ignored by this kernel. Remove the mand [ 31.155489][ T3615] option from the mount to silence this warning. [ 31.155489][ T3615] ======================================================= [ 31.204046][ T3615] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 31.217192][ T3615] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 31.230692][ T3615] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.62: corrupted inode contents [ 31.243073][ T3615] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.62: mark_inode_dirty error [ 31.255593][ T3615] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.62: corrupted inode contents [ 31.269991][ T3615] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.62: corrupted inode contents [ 31.283116][ T3615] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.62: mark_inode_dirty error [ 31.298365][ T3615] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.62: corrupted inode contents [ 31.313373][ T3615] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.62: mark_inode_dirty error [ 31.344487][ T3615] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.62: corrupted inode contents [ 31.363154][ T3615] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.62: mark_inode_dirty error [ 31.413385][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.459432][ T3678] netlink: 92 bytes leftover after parsing attributes in process `syz.2.88'. [ 32.468379][ T3678] netem: unknown loss type 0 [ 32.472998][ T3678] netem: change failed [ 32.543089][ T3686] smc: net device bond0 applied user defined pnetid SYZ0 [ 32.552873][ T3686] smc: net device bond0 erased user defined pnetid SYZ0 [ 32.748144][ T3710] loop3: detected capacity change from 0 to 1024 [ 32.761391][ T3710] EXT4-fs: Ignoring removed nomblk_io_submit option [ 32.800681][ T3710] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.854647][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.907650][ T3722] loop1: detected capacity change from 0 to 512 [ 32.935768][ T3722] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.969156][ T3722] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 32.996443][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.011817][ T3735] loop4: detected capacity change from 0 to 1024 [ 33.022701][ T3735] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.039534][ T3735] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 1 with error 28 [ 33.051956][ T3735] EXT4-fs (loop4): This should not happen!! Data will be lost [ 33.051956][ T3735] [ 33.061626][ T3735] EXT4-fs (loop4): Total free blocks count 0 [ 33.067677][ T3735] EXT4-fs (loop4): Free/Dirty block details [ 33.073699][ T3735] EXT4-fs (loop4): free_blocks=0 [ 33.078679][ T3735] EXT4-fs (loop4): dirty_blocks=0 [ 33.083780][ T3735] EXT4-fs (loop4): Block reservation details [ 33.089831][ T3735] EXT4-fs (loop4): i_reserved_data_blocks=0 [ 33.106643][ T3735] syz.4.113 (3735) used greatest stack depth: 10304 bytes left [ 33.115768][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.120076][ T3743] vlan2: entered allmulticast mode [ 33.238225][ T3755] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.255610][ T3755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.120'. [ 33.264656][ T3755] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 33.277198][ T3755] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 33.351129][ T3772] mmap: syz.2.129 (3772) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 33.546807][ T3802] syz.3.134 (3802) used greatest stack depth: 10016 bytes left [ 33.580208][ T3813] Zero length message leads to an empty skb [ 33.708767][ T3831] 9pnet_virtio: no channels available for device 127.0.0.1 [ 33.725135][ T3831] netlink: 16 bytes leftover after parsing attributes in process `syz.3.136'. [ 33.727339][ T3665] syz.0.84 (3665) used greatest stack depth: 9416 bytes left [ 33.804401][ T3839] Driver unsupported XDP return value 0 on prog (id 114) dev N/A, expect packet loss! [ 33.844510][ T3847] loop3: detected capacity change from 0 to 512 [ 33.879394][ T3847] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -13 [ 33.895596][ T3855] loop1: detected capacity change from 0 to 512 [ 33.912171][ T3847] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #13: comm syz.3.140: iget: bad i_size value: 12154757448730 [ 33.933883][ T3855] EXT4-fs (loop1): fragment/cluster size (4096) != block size (2048) [ 33.943557][ T3847] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.140: couldn't read orphan inode 13 (err -117) [ 33.961907][ T3847] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.075297][ T3878] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3878 comm=syz.1.145 [ 34.087737][ T3878] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=3878 comm=syz.1.145 [ 34.112287][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.349269][ T3923] loop3: detected capacity change from 0 to 1024 [ 34.394223][ T3923] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.478078][ T3923] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.161: Allocating blocks 449-513 which overlap fs metadata [ 34.523208][ T3921] EXT4-fs (loop3): pa ffff888106dfd070: logic 48, phys. 177, len 21 [ 34.531464][ T3921] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4 [ 34.545361][ T3948] loop0: detected capacity change from 0 to 2048 [ 34.597921][ T3962] netlink: 'syz.1.168': attribute type 10 has an invalid length. [ 34.605820][ T3962] netlink: 40 bytes leftover after parsing attributes in process `syz.1.168'. [ 34.607376][ T3948] loop0: p1 p3 [ 34.621951][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.637531][ T3948] loop0: p3 start 8388352 is beyond EOD, truncated [ 34.647079][ T3962] dummy0: entered promiscuous mode [ 34.671726][ T3962] bridge0: port 3(dummy0) entered blocking state [ 34.678124][ T3962] bridge0: port 3(dummy0) entered disabled state [ 34.711160][ T3962] dummy0: entered allmulticast mode [ 34.732336][ T3962] bridge0: port 3(dummy0) entered blocking state [ 34.738839][ T3962] bridge0: port 3(dummy0) entered forwarding state [ 35.045193][ T4048] netlink: 'syz.1.190': attribute type 13 has an invalid length. [ 35.095896][ T29] kauditd_printk_skb: 236 callbacks suppressed [ 35.095912][ T29] audit: type=1326 audit(1753310789.762:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4057 comm="syz.0.193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668145e9a9 code=0x7ffc0000 [ 35.168367][ T4062] loop2: detected capacity change from 0 to 1024 [ 35.181842][ T4062] EXT4-fs: Ignoring removed nobh option [ 35.187574][ T4062] EXT4-fs: Ignoring removed oldalloc option [ 35.193557][ T29] audit: type=1326 audit(1753310789.762:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4057 comm="syz.0.193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7f668145e9a9 code=0x7ffc0000 [ 35.217129][ T29] audit: type=1326 audit(1753310789.762:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4057 comm="syz.0.193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668145e9a9 code=0x7ffc0000 [ 35.240425][ T29] audit: type=1326 audit(1753310789.772:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4057 comm="syz.0.193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668145e9a9 code=0x7ffc0000 [ 35.269590][ T4048] bridge0: port 3(dummy0) entered disabled state [ 35.276089][ T4048] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.283294][ T4048] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.318381][ T4062] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.338564][ T4048] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 35.353658][ T4048] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 35.386746][ T29] audit: type=1400 audit(1753310790.052:381): avc: denied { append } for pid=4060 comm="syz.2.194" path="/43/file1/cgroup.controllers" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 35.398811][ T4062] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 35.439900][ T4048] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.448967][ T4048] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.458150][ T4048] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.467226][ T4048] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.484279][ T29] audit: type=1400 audit(1753310790.152:382): avc: denied { map } for pid=4060 comm="syz.2.194" path="/43/file1/cgroup.controllers" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 35.603972][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.695161][ T29] audit: type=1400 audit(1753310790.362:383): avc: denied { cpu } for pid=4094 comm="syz.4.207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 35.790869][ T29] audit: type=1400 audit(1753310790.452:384): avc: denied { mount } for pid=4103 comm="syz.1.210" name="/" dev="ramfs" ino=6319 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 35.812957][ T29] audit: type=1400 audit(1753310790.452:385): avc: denied { wake_alarm } for pid=4091 comm="syz.3.206" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 35.881473][ C1] hrtimer: interrupt took 30553 ns [ 35.889971][ T29] audit: type=1400 audit(1753310790.542:386): avc: denied { create } for pid=4111 comm="syz.1.211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 35.921150][ T4112] support for cryptoloop has been removed. Use dm-crypt instead. [ 35.974457][ T4114] loop1: detected capacity change from 0 to 2048 [ 36.002901][ T4114] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.033181][ T4118] netlink: 32 bytes leftover after parsing attributes in process `syz.2.213'. [ 36.058268][ T4114] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 36.125314][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.163478][ T4131] sd 0:0:1:0: device reset [ 36.176149][ T4126] loop9: detected capacity change from 0 to 7 [ 36.182737][ T4126] Buffer I/O error on dev loop9, logical block 0, async page read [ 36.190913][ T4126] Buffer I/O error on dev loop9, logical block 0, async page read [ 36.198797][ T4126] loop9: unable to read partition table [ 36.215448][ T4126] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 36.215448][ T4126] ) failed (rc=-5) [ 36.349748][ T4158] loop2: detected capacity change from 0 to 512 [ 36.358073][ T4158] EXT4-fs: Ignoring removed oldalloc option [ 36.388601][ T4158] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.232: Parent and EA inode have the same ino 15 [ 36.404021][ T4158] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 36.435214][ T4158] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.232: Parent and EA inode have the same ino 15 [ 36.451162][ T4158] EXT4-fs (loop2): 1 orphan inode deleted [ 36.457205][ T4158] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.484805][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.757909][ T4214] loop2: detected capacity change from 0 to 2048 [ 36.791911][ T4214] Alternate GPT is invalid, using primary GPT. [ 36.798313][ T4214] loop2: p1 p2 p3 [ 36.817651][ T4221] SELinux: failed to load policy [ 36.836224][ T4223] loop2: detected capacity change from 0 to 1024 [ 36.843597][ T4223] EXT4-fs: test_dummy_encryption option not supported [ 36.854360][ T4225] atomic_op ffff88811a4f6928 conn xmit_atomic 0000000000000000 [ 37.129803][ T4250] netlink: 14 bytes leftover after parsing attributes in process `syz.2.269'. [ 37.145683][ T4250] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 37.156449][ T4250] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 37.173089][ T4250] bond0 (unregistering): Released all slaves [ 37.373722][ T4274] loop2: detected capacity change from 0 to 256 [ 37.382191][ T4274] FAT-fs (loop2): bogus number of FAT sectors [ 37.388390][ T4274] FAT-fs (loop2): Can't find a valid FAT filesystem [ 37.407886][ T4278] netlink: 8 bytes leftover after parsing attributes in process `syz.1.281'. [ 37.553650][ T4289] sd 0:0:1:0: device reset [ 37.664251][ T4301] loop4: detected capacity change from 0 to 1024 [ 37.685955][ T4309] capability: warning: `syz.2.292' uses deprecated v2 capabilities in a way that may be insecure [ 37.697234][ T4301] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.711428][ T4312] loop3: detected capacity change from 0 to 1024 [ 37.723261][ T4312] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.724621][ T4301] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.290: Allocating blocks 449-513 which overlap fs metadata [ 37.773116][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.776171][ T4300] EXT4-fs (loop4): pa ffff888106c2d070: logic 48, phys. 177, len 21 [ 37.790279][ T4300] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4 [ 37.810795][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.844506][ T4322] loop4: detected capacity change from 0 to 2048 [ 37.859708][ T4318] SELinux: Context system_u:object_r:syslogd_var_run_t:s0 is not valid (left unmapped). [ 37.895962][ T4325] loop3: detected capacity change from 0 to 1024 [ 37.903158][ T4322] Alternate GPT is invalid, using primary GPT. [ 37.909553][ T4322] loop4: p1 p2 p3 [ 37.914273][ T4325] EXT4-fs: Ignoring removed oldalloc option [ 37.920338][ T4325] EXT4-fs: Ignoring removed bh option [ 37.950390][ T4325] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.133309][ T4325] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.297: Allocating blocks 1-17 which overlap fs metadata [ 38.174351][ T4334] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.297: Allocating blocks 1-17 which overlap fs metadata [ 38.427097][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.519789][ T4412] SELinux: ebitmap start bit (132096) is beyond the end of the bitmap (1472) [ 38.539792][ T4412] SELinux: failed to load policy [ 38.633401][ T4431] netlink: 14 bytes leftover after parsing attributes in process `syz.3.327'. [ 38.658468][ T4433] loop4: detected capacity change from 0 to 1024 [ 38.687256][ T4431] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 38.711470][ T4433] EXT4-fs: Ignoring removed oldalloc option [ 38.717471][ T4433] EXT4-fs: Ignoring removed bh option [ 38.725195][ T4431] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 38.743058][ T4431] bond0 (unregistering): Released all slaves [ 38.754272][ T4433] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.946459][ T4433] ================================================================== [ 38.954738][ T4433] BUG: KCSAN: data-race in __writeback_single_inode / xas_set_mark [ 38.962628][ T4433] [ 38.964972][ T4433] write to 0xffff888109117254 of 4 bytes by task 4442 on cpu 1: [ 38.972586][ T4433] xas_set_mark+0x12b/0x140 [ 38.977085][ T4433] __folio_start_writeback+0x1dd/0x440 [ 38.982536][ T4433] ext4_bio_write_folio+0x5ad/0x9f0 [ 38.987731][ T4433] mpage_submit_folio+0xe4/0x170 [ 38.992657][ T4433] mpage_process_page_bufs+0x39b/0x4a0 [ 38.998118][ T4433] mpage_prepare_extent_to_map+0x741/0xaa0 [ 39.003919][ T4433] ext4_do_writepages+0x6ea/0x21c0 [ 39.009011][ T4433] ext4_writepages+0x176/0x300 [ 39.013755][ T4433] do_writepages+0x1c3/0x310 [ 39.018326][ T4433] file_write_and_wait_range+0x156/0x2c0 [ 39.023941][ T4433] generic_buffers_fsync_noflush+0x45/0x120 [ 39.029814][ T4433] ext4_sync_file+0x1ab/0x690 [ 39.034475][ T4433] vfs_fsync_range+0x10d/0x130 [ 39.039219][ T4433] ext4_buffered_write_iter+0x34f/0x3c0 [ 39.044742][ T4433] ext4_file_write_iter+0x383/0xf00 [ 39.049950][ T4433] iter_file_splice_write+0x5f2/0x970 [ 39.055310][ T4433] direct_splice_actor+0x156/0x2a0 [ 39.060513][ T4433] splice_direct_to_actor+0x312/0x680 [ 39.065868][ T4433] do_splice_direct+0xda/0x150 [ 39.070636][ T4433] do_sendfile+0x380/0x650 [ 39.075049][ T4433] __x64_sys_sendfile64+0x105/0x150 [ 39.080223][ T4433] x64_sys_call+0xb39/0x2fb0 [ 39.084881][ T4433] do_syscall_64+0xd2/0x200 [ 39.089391][ T4433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 39.095268][ T4433] [ 39.097578][ T4433] read to 0xffff888109117254 of 4 bytes by task 4433 on cpu 0: [ 39.105095][ T4433] __writeback_single_inode+0x1f9/0x7c0 [ 39.110624][ T4433] writeback_single_inode+0x167/0x3e0 [ 39.115997][ T4433] sync_inode_metadata+0x5b/0x90 [ 39.121109][ T4433] generic_buffers_fsync_noflush+0xd9/0x120 [ 39.127018][ T4433] ext4_sync_file+0x1ab/0x690 [ 39.131679][ T4433] vfs_fsync_range+0x10d/0x130 [ 39.136440][ T4433] ext4_buffered_write_iter+0x34f/0x3c0 [ 39.142055][ T4433] ext4_file_write_iter+0x383/0xf00 [ 39.147240][ T4433] iter_file_splice_write+0x5f2/0x970 [ 39.152599][ T4433] direct_splice_actor+0x156/0x2a0 [ 39.157742][ T4433] splice_direct_to_actor+0x312/0x680 [ 39.163096][ T4433] do_splice_direct+0xda/0x150 [ 39.167840][ T4433] do_sendfile+0x380/0x650 [ 39.172236][ T4433] __x64_sys_sendfile64+0x105/0x150 [ 39.177477][ T4433] x64_sys_call+0xb39/0x2fb0 [ 39.182063][ T4433] do_syscall_64+0xd2/0x200 [ 39.186555][ T4433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 39.192435][ T4433] [ 39.194778][ T4433] value changed: 0x0a000021 -> 0x04000021 [ 39.200572][ T4433] [ 39.202890][ T4433] Reported by Kernel Concurrency Sanitizer on: [ 39.209037][ T4433] CPU: 0 UID: 0 PID: 4433 Comm: syz.4.318 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(voluntary) [ 39.221356][ T4433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.231406][ T4433] ================================================================== [ 39.296174][ T4433] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.318: Allocating blocks 1-17 which overlap fs metadata [ 39.331659][ T4442] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.318: Allocating blocks 1-17 which overlap fs metadata [ 39.558364][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.