last executing test programs: 4.468436884s ago: executing program 1 (id=273): sched_setscheduler(0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open_tree(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x88000) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) 4.137051721s ago: executing program 1 (id=276): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) futex(0x0, 0x1, 0x800001, 0x0, 0x0, 0x0) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f00000000c0)={0xa}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x20}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1004}, {}, {}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r2}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000000148500000017000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000001700000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x1}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c799dbe888a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc680000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a31000000003c0003803800008008000340000000022c0007800a0001006c696d69740000001c0002800c00024000000000000000050c000140000000000000000414000000110001"], 0xcc}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) socket$igmp(0x2, 0x3, 0x2) close(r0) 4.096272401s ago: executing program 1 (id=279): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/2, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10) ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82307201, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) 3.857766466s ago: executing program 2 (id=285): syz_emit_ethernet(0xcc, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) keyctl$session_to_parent(0x12) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000100)) 3.454252364s ago: executing program 3 (id=287): r0 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'veth1_to_bridge\x00', 0x200}, 0x18) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x200ed, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x5, 0x8}, 0x4c58, 0x5, 0x0, 0x4, 0x87, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r1, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, 0x0, 0x24040808) syz_open_dev$sg(0x0, 0xd036, 0x48000) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r3, 0x0, 0xfffffffffffffffe}, 0x18) r4 = socket$kcm(0x21, 0x2, 0x2) recvmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x100) 3.294243347s ago: executing program 4 (id=289): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xd, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, r2, 0x1, 0x70bd29, 0x25d7dbfd, {{}, {}, {0x14, 0x19, {0xffff8000, 0x4, 0x400000, 0x2}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000300)={'#! ', '', [{0x20, 'memory.events\x00'}]}, 0x13) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0xfe, 0x82, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, @perf_bp={&(0x7f0000000080)}, 0x400, 0x200000000000, 0x0, 0x0, 0x0, 0x1fffffff, 0x0, 0x0, 0x40, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000540)='./cgroup\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r5 = inotify_init() inotify_add_watch(r5, &(0x7f0000000040)='.\x00', 0x449) setxattr$incfs_size(&(0x7f0000000580)='./file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x1) 3.286896947s ago: executing program 3 (id=291): getpriority(0x0, 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$inet(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r5, 0x890b, &(0x7f00000000c0)={0x0, {0x2, 0x4e22, @private=0xa010100}, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x20}}, {0x2, 0x4e20, @local}, 0x114, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x3, 0x2}) 3.12498594s ago: executing program 4 (id=292): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000100)) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r1, 0x0, 0x0) unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) read$qrtrtun(r2, 0x0, 0xeffd) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001000)='tcp_probe\x00', r4, 0x0, 0x1}, 0x18) socket(0x2c, 0x3, 0x0) keyctl$chown(0x4, 0x0, 0xee01, 0xee00) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0xfc, 0x2, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x6, 0x1}, 0x2012, 0x10000, 0x8, 0x1, 0x8, 0x20008, 0xb, 0x0, 0x8, 0x0, 0x20000003}, 0x0, 0xffffffffffffffff, r4, 0x2) kexec_load(0x3e00, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x0) unshare(0x2040400) r5 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) unshare(0x2000400) fsmount(r5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff}, 0x80800) splice(r6, 0x0, r6, &(0x7f0000000180)=0x8, 0x6, 0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffccf) 2.779534477s ago: executing program 0 (id=294): r0 = fsopen(0x0, 0x1) r1 = fsmount(r0, 0x0, 0x20) symlinkat(0x0, r1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x18) openat(r1, 0x0, 0x515a02, 0x52abe154ad664fa4) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]}) close_range(r4, 0xffffffffffffffff, 0x0) 2.778640617s ago: executing program 2 (id=295): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="0b00000005000000020000000200000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000160000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e21, @local}, 0x10) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x4) socket$nl_route(0x10, 0x3, 0x0) sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) shutdown(0xffffffffffffffff, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) 2.536997632s ago: executing program 2 (id=296): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) shutdown(0xffffffffffffffff, 0x1) r1 = syz_open_dev$usbfs(0x0, 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, 0x0) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r2, 0x0, 0x0, 0x20004041, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x13}, 0x7}, 0x1c) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r3) ioctl$int_in(r2, 0x5452, &(0x7f0000000000)=0xf34) recvfrom(r2, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}, 0x0, 0x1, 0x0, 0x7, 0x0, 0x0, 0xff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x14}, 0xc000) 2.536529512s ago: executing program 0 (id=297): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f00000000c0)) r2 = syz_open_procfs(r1, &(0x7f0000000000)='net/sco\x00') r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000880)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) sendfile(r3, r4, 0x0, 0x20000023892) r6 = fsopen(&(0x7f00000022c0)='hugetlbfs\x00', 0x1) r7 = fcntl$dupfd(r6, 0x0, r6) fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0) r8 = getpid() r9 = syz_pidfd_open(r8, 0x0) setns(r9, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) pread64(r2, 0x0, 0x0, 0x7fff) sync() 2.368772045s ago: executing program 2 (id=298): socket$netlink(0x10, 0x3, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000300)}) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x40088, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, 0x0, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, 0xffffffffffffffff, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1) 2.367908615s ago: executing program 3 (id=299): bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000140)={'tunl0\x00', 0x0, 0x20, 0x40, 0xef42, 0x7, {{0x6, 0x4, 0x3, 0x2a, 0x18, 0x68, 0x0, 0x5, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x15}, @empty, {[@noop]}}}}}) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10}, 0x144b, 0x10000000000, 0x0, 0x7}, 0x0, 0xb, 0xffffffffffffffff, 0xb) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) syz_usbip_server_init(0xaa7f3cec63cbb9d) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x80000001}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) close(r3) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', r0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000200), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") creat(&(0x7f00000000c0)='./bus\x00', 0x1a2) 2.161554299s ago: executing program 4 (id=300): open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r2}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}]}}) 1.785963826s ago: executing program 0 (id=301): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fe00003, 0x0, 0x0, 0x0, 0x102}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r2}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@deltfilter={0x24, 0x2d, 0x200, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0x4, 0xe}, {0x4, 0xf}}}, 0x24}}, 0x14000000) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'dummy0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0xb4}}, 0x0) socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000740)=ANY=[@ANYBLOB="04010000", @ANYRES16=r6, @ANYBLOB="010028bd7000000000000c000000180001801400020076657468305f746f5f626f6e64000000d800038004000100d0000380cc000180c70002"], 0x104}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYRES16=r7], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10) lsm_get_self_attr(0x64, 0xffffffffffffffff, &(0x7f0000000040)=0xfffffffffffffdb1, 0x0) 1.764297536s ago: executing program 0 (id=302): bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00"], 0x0, 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x100) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000640)=0xcde, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x10) syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x66002) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000100), 0xd5d1, 0x0) syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x0) 1.748437597s ago: executing program 3 (id=303): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000800)={&(0x7f0000000180)='mm_vmscan_write_folio\x00', r1}, 0x18) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) recvmsg$can_j1939(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000003c0)=@ax25={{0x3, @netrom}, [@rose, @remote, @rose, @default, @netrom, @null, @default, @rose]}, 0x80, &(0x7f0000000680)=[{&(0x7f00000004c0)=""/96, 0x60}, {&(0x7f0000000340)=""/21, 0x15}, {&(0x7f0000000540)=""/215, 0xd7}, {&(0x7f0000000640)=""/40, 0x28}], 0x4, &(0x7f00000006c0)=""/244, 0xf4}, 0x20) r2 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x9) fchdir(r3) r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0) getdents(r4, 0x0, 0x2e) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x5, 0x1}, &(0x7f0000000200)=0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x3ac66eac) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = eventfd2(0x0, 0x0) readv(r6, &(0x7f0000000500)=[{&(0x7f0000000000)=""/92, 0x5c}], 0x1) 1.685031748s ago: executing program 0 (id=304): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x18) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0) 1.684564958s ago: executing program 1 (id=305): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x8, &(0x7f0000000580)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'}) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfde1, 0x300, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x4d, 0x0, @wg=@data}}}}}, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000200), 0x3}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) 1.675990458s ago: executing program 1 (id=306): syz_emit_ethernet(0xcc, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) keyctl$session_to_parent(0x12) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000100)) 1.274367676s ago: executing program 4 (id=307): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r0}, 0x4) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[], 0x50) kexec_load(0x0, 0x0, 0x0, 0x0) syz_read_part_table(0x104d, &(0x7f0000001080)="$eJzsz7ENwjAQBdBLQohTsRJsQMMmrMEMVDQsRckYhyA2TIAQ0nuF739LtuXgp7p3Kq91qG0f2yX0dWOIEplzbZmZz3ka15d7TCWiazcdNzXcpojd3M6vlnHO8fNwf7h+7WMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8EceAQAA//8iPg1A") wait4(0x0, 0x0, 0x40000000, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f0000000280)='+}[@\x00') openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mq_timedsend(r1, &(0x7f00000001c0), 0x0, 0x6, &(0x7f00000002c0)={0x0, 0x989680}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522eb, 0x0, {0x0, 0x0, 0x74, r4, {0x10, 0x3}, {0x0, 0xfff1}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x4000010) 1.273166476s ago: executing program 2 (id=317): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) epoll_create1(0x80000) syz_clone(0x63081180, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000180)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x200005, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x50) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mkdir(&(0x7f0000000140)='./control\x00', 0x0) 275.213625ms ago: executing program 0 (id=308): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000180)={0x8, &(0x7f0000000380)=[{0xd78, 0x1, 0x3, 0x933}, {0x0, 0x5, 0x1}, {0x7, 0x7, 0x3, 0x7}, {0xfa5e, 0x4, 0x5, 0x3}, {0xd69, 0x0, 0x0, 0x80000000}, {0x2, 0x4, 0x8d, 0xfffffff9}, {0x4, 0x0, 0x9, 0x8}, {0x4, 0x1, 0x4b, 0xa36}]}) kexec_load(0x0, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r1, &(0x7f0000000440)=""/247, 0x26) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(0xffffffffffffffff, &(0x7f00000006c0)=[{0x0}, {0x0}], 0x2) tkill(r0, 0x7) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x4, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff1780c204000186dd6018232500102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa2b000241000000000400000000000000"], 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000280)={@multicast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "0300", 0x8, 0x2c, 0xff, @remote, @local, {[@routing={0x6, 0x0, 0x2, 0x8}]}}}}}, 0x0) 220.554006ms ago: executing program 3 (id=309): close(0x3) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = syz_open_dev$usbfs(0x0, 0x205, 0x8401) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2c, 0x0, 0x0) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, 0x0) pipe2(0x0, 0x800) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) pwritev(0xffffffffffffffff, 0x0, 0x0, 0xc, 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 219.720867ms ago: executing program 2 (id=310): syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[], 0x0) memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) socket$inet_udp(0x2, 0x2, 0x0) socket(0x10, 0x2, 0x0) pipe(&(0x7f0000000080)) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$l2tp6(0xa, 0x2, 0x73) socket$l2tp6(0xa, 0x2, 0x73) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x801, 0x84) socket$igmp(0x2, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x6) socket$inet6_udplite(0xa, 0x2, 0x88) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 163.285487ms ago: executing program 1 (id=311): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x4000, &(0x7f0000000300)={[{@resuid}, {@dioread_nolock}, {@noblock_validity}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") mkdir(&(0x7f0000000140)='./control\x00', 0x0) inotify_init1(0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2c00) rmdir(&(0x7f0000000100)='./control\x00') pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x9000) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000009c0)=';', 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendfile(r1, r0, 0x0, 0x3ffff) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r5, &(0x7f00000009c0)="3bf5", 0x2) sendfile(r5, r4, 0x0, 0x3ffff) 42.550459ms ago: executing program 3 (id=312): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f00000000c0)) r2 = syz_open_procfs(r1, &(0x7f0000000000)='net/sco\x00') r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000880)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) sendfile(r3, r4, 0x0, 0x20000023892) r6 = fsopen(&(0x7f00000022c0)='hugetlbfs\x00', 0x1) r7 = fcntl$dupfd(r6, 0x0, r6) fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0) r8 = getpid() r9 = syz_pidfd_open(r8, 0x0) setns(r9, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) pread64(r2, 0x0, 0x0, 0x7fff) sync() 41.40437ms ago: executing program 4 (id=313): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x18) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7fe00003, 0x0, 0x0, 0x0, 0x102}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r2}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@deltfilter={0x24, 0x2d, 0x200, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0x4, 0xe}, {0x4, 0xf}}}, 0x24}}, 0x14000000) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'dummy0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0xb4}}, 0x0) socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000740)=ANY=[@ANYBLOB="04010000", @ANYRES16=r6, @ANYBLOB="010028bd7000000000000c000000180001801400020076657468305f746f5f626f6e64000000d800038004000100d0000380cc000180c70002"], 0x104}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYRES16=r7], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10) lsm_get_self_attr(0x64, 0xffffffffffffffff, &(0x7f0000000040)=0xfffffffffffffdb1, 0x0) 0s ago: executing program 4 (id=314): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000072000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000200000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) mount$bind(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000540)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2145499, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x89901) r2 = pidfd_getfd(r1, r1, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r3) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r4, &(0x7f0000000540)=""/51, 0x33) r5 = socket$inet_sctp(0x2, 0x5, 0x84) close(r5) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) setns(r2, 0x66020000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.29' (ED25519) to the list of known hosts. [ 25.422087][ T29] audit: type=1400 audit(1758694561.326:62): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.422890][ T3291] cgroup: Unknown subsys name 'net' [ 25.445330][ T29] audit: type=1400 audit(1758694561.326:63): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.473789][ T29] audit: type=1400 audit(1758694561.356:64): avc: denied { unmount } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.605246][ T3291] cgroup: Unknown subsys name 'cpuset' [ 25.611906][ T3291] cgroup: Unknown subsys name 'rlimit' [ 25.740966][ T29] audit: type=1400 audit(1758694561.646:65): avc: denied { setattr } for pid=3291 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.765312][ T29] audit: type=1400 audit(1758694561.646:66): avc: denied { create } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.786762][ T29] audit: type=1400 audit(1758694561.646:67): avc: denied { write } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.793022][ T3294] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 25.807242][ T29] audit: type=1400 audit(1758694561.646:68): avc: denied { read } for pid=3291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.837121][ T29] audit: type=1400 audit(1758694561.646:69): avc: denied { mounton } for pid=3291 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.862638][ T29] audit: type=1400 audit(1758694561.646:70): avc: denied { mount } for pid=3291 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 25.883504][ T3291] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 25.886827][ T29] audit: type=1400 audit(1758694561.726:71): avc: denied { relabelto } for pid=3294 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.726013][ T3306] chnl_net:caif_netlink_parms(): no params data found [ 27.745326][ T3302] chnl_net:caif_netlink_parms(): no params data found [ 27.769956][ T3310] chnl_net:caif_netlink_parms(): no params data found [ 27.799459][ T3303] chnl_net:caif_netlink_parms(): no params data found [ 27.831750][ T3308] chnl_net:caif_netlink_parms(): no params data found [ 27.882285][ T3302] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.889505][ T3302] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.896947][ T3302] bridge_slave_0: entered allmulticast mode [ 27.903383][ T3302] bridge_slave_0: entered promiscuous mode [ 27.923847][ T3302] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.931186][ T3302] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.939470][ T3302] bridge_slave_1: entered allmulticast mode [ 27.946227][ T3302] bridge_slave_1: entered promiscuous mode [ 27.952578][ T3306] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.959796][ T3306] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.967123][ T3306] bridge_slave_0: entered allmulticast mode [ 27.973855][ T3306] bridge_slave_0: entered promiscuous mode [ 27.980707][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.987871][ T3306] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.997653][ T3306] bridge_slave_1: entered allmulticast mode [ 28.004007][ T3306] bridge_slave_1: entered promiscuous mode [ 28.039809][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.047162][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.054781][ T3310] bridge_slave_0: entered allmulticast mode [ 28.061615][ T3310] bridge_slave_0: entered promiscuous mode [ 28.069011][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.077502][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.085145][ T3310] bridge_slave_1: entered allmulticast mode [ 28.092651][ T3310] bridge_slave_1: entered promiscuous mode [ 28.104834][ T3308] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.112504][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.120265][ T3308] bridge_slave_0: entered allmulticast mode [ 28.127064][ T3308] bridge_slave_0: entered promiscuous mode [ 28.152984][ T3308] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.160534][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.168145][ T3308] bridge_slave_1: entered allmulticast mode [ 28.175085][ T3308] bridge_slave_1: entered promiscuous mode [ 28.182455][ T3302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.192979][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.203608][ T3302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.213262][ T3303] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.220472][ T3303] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.227836][ T3303] bridge_slave_0: entered allmulticast mode [ 28.234245][ T3303] bridge_slave_0: entered promiscuous mode [ 28.255918][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.265291][ T3303] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.272847][ T3303] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.280184][ T3303] bridge_slave_1: entered allmulticast mode [ 28.286623][ T3303] bridge_slave_1: entered promiscuous mode [ 28.294193][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.326308][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.336840][ T3303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.347833][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.358477][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.368867][ T3302] team0: Port device team_slave_0 added [ 28.385705][ T3303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.400639][ T3302] team0: Port device team_slave_1 added [ 28.411981][ T3306] team0: Port device team_slave_0 added [ 28.436383][ T3306] team0: Port device team_slave_1 added [ 28.442825][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.450257][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.476965][ T3302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.489232][ T3310] team0: Port device team_slave_0 added [ 28.500529][ T3308] team0: Port device team_slave_0 added [ 28.511736][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.519379][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.546883][ T3302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.558794][ T3310] team0: Port device team_slave_1 added [ 28.570826][ T3303] team0: Port device team_slave_0 added [ 28.577198][ T3308] team0: Port device team_slave_1 added [ 28.590514][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.597686][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.624218][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.640307][ T3303] team0: Port device team_slave_1 added [ 28.656868][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.664329][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.691171][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.702619][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.710235][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.737643][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.764036][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.771245][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.798121][ T3308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.812392][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.819573][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.846212][ T3308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.857398][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.864718][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.891885][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.907606][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.914671][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.941698][ T3303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.965889][ T3302] hsr_slave_0: entered promiscuous mode [ 28.972153][ T3302] hsr_slave_1: entered promiscuous mode [ 28.978696][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.986135][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.012517][ T3303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.043449][ T3306] hsr_slave_0: entered promiscuous mode [ 29.050243][ T3306] hsr_slave_1: entered promiscuous mode [ 29.056702][ T3306] debugfs: 'hsr0' already exists in 'hsr' [ 29.062538][ T3306] Cannot create hsr debugfs directory [ 29.076703][ T3308] hsr_slave_0: entered promiscuous mode [ 29.082747][ T3308] hsr_slave_1: entered promiscuous mode [ 29.088983][ T3308] debugfs: 'hsr0' already exists in 'hsr' [ 29.095148][ T3308] Cannot create hsr debugfs directory [ 29.140348][ T3310] hsr_slave_0: entered promiscuous mode [ 29.146653][ T3310] hsr_slave_1: entered promiscuous mode [ 29.152638][ T3310] debugfs: 'hsr0' already exists in 'hsr' [ 29.158694][ T3310] Cannot create hsr debugfs directory [ 29.188745][ T3303] hsr_slave_0: entered promiscuous mode [ 29.195021][ T3303] hsr_slave_1: entered promiscuous mode [ 29.200991][ T3303] debugfs: 'hsr0' already exists in 'hsr' [ 29.206844][ T3303] Cannot create hsr debugfs directory [ 29.380418][ T3306] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 29.389679][ T3306] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 29.401505][ T3306] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 29.412294][ T3306] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 29.430170][ T3308] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 29.440001][ T3308] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 29.448886][ T3308] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 29.457578][ T3308] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 29.487279][ T3302] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 29.498247][ T3302] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 29.508406][ T3302] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 29.525232][ T3302] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 29.565313][ T3310] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 29.575143][ T3310] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 29.585611][ T3310] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 29.609706][ T3310] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 29.622682][ T3303] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 29.635567][ T3303] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 29.646908][ T3303] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 29.658708][ T3303] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 29.679689][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.708703][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.723556][ T3306] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.740135][ T172] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.747427][ T172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.764374][ T172] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.771966][ T172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.783118][ T3308] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.794390][ T3302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.813710][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.821487][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.838319][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.846000][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.871624][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.882404][ T3302] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.910311][ T159] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.917692][ T159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.933898][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.943848][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.951703][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.974673][ T159] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.982097][ T159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.004984][ T3308] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.022044][ T159] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.029419][ T159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.045443][ T3303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.080932][ T3303] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.103075][ T159] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.110371][ T159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.151281][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.160358][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.168191][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.189483][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.201772][ T3302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.218702][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.340759][ T3303] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.393607][ T3308] veth0_vlan: entered promiscuous mode [ 30.411477][ T3306] veth0_vlan: entered promiscuous mode [ 30.423239][ T3310] veth0_vlan: entered promiscuous mode [ 30.434989][ T3308] veth1_vlan: entered promiscuous mode [ 30.447367][ T3310] veth1_vlan: entered promiscuous mode [ 30.470910][ T3306] veth1_vlan: entered promiscuous mode [ 30.480688][ T3308] veth0_macvtap: entered promiscuous mode [ 30.492943][ T3302] veth0_vlan: entered promiscuous mode [ 30.508136][ T3308] veth1_macvtap: entered promiscuous mode [ 30.517363][ T3302] veth1_vlan: entered promiscuous mode [ 30.529462][ T3310] veth0_macvtap: entered promiscuous mode [ 30.543647][ T3306] veth0_macvtap: entered promiscuous mode [ 30.553440][ T3310] veth1_macvtap: entered promiscuous mode [ 30.574404][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.583094][ T3306] veth1_macvtap: entered promiscuous mode [ 30.593972][ T3302] veth0_macvtap: entered promiscuous mode [ 30.607236][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.617272][ T3302] veth1_macvtap: entered promiscuous mode [ 30.626076][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.634937][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.661436][ T51] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.675233][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.683098][ T51] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.693508][ T3303] veth0_vlan: entered promiscuous mode [ 30.706970][ T51] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.716593][ T159] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.729488][ T3303] veth1_vlan: entered promiscuous mode [ 30.740169][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.748391][ T159] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.758680][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.772784][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 30.772799][ T29] audit: type=1400 audit(1758694566.676:81): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/root/syzkaller.RNJCGp/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 30.806163][ T29] audit: type=1400 audit(1758694566.686:82): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 30.824128][ T3303] veth0_macvtap: entered promiscuous mode [ 30.829903][ T29] audit: type=1400 audit(1758694566.686:83): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/root/syzkaller.RNJCGp/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 30.839594][ T3303] veth1_macvtap: entered promiscuous mode [ 30.861783][ T29] audit: type=1400 audit(1758694566.686:84): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 30.869112][ T159] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.893343][ T29] audit: type=1400 audit(1758694566.686:85): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/root/syzkaller.RNJCGp/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 30.907666][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.931636][ T29] audit: type=1400 audit(1758694566.686:86): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/root/syzkaller.RNJCGp/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3848 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 30.943500][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.968220][ T29] audit: type=1400 audit(1758694566.686:87): avc: denied { unmount } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 31.001906][ T29] audit: type=1400 audit(1758694566.906:88): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 31.026537][ T29] audit: type=1400 audit(1758694566.906:89): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="gadgetfs" ino=3889 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 31.057957][ T3308] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 31.059052][ T159] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.085821][ T29] audit: type=1400 audit(1758694566.996:90): avc: denied { read write } for pid=3308 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 31.116651][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.134695][ T159] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.150444][ T3475] syz.2.3 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 31.166657][ T3475] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 31.182921][ T159] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.196087][ T3475] veth1_macvtap: left promiscuous mode [ 31.221865][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.258271][ T3483] syz.0.1 uses obsolete (PF_INET,SOCK_PACKET) [ 31.336124][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.351899][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.365777][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.386160][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.403837][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.415438][ T37] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.426532][ T37] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.442452][ T37] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.444555][ C1] hrtimer: interrupt took 46447 ns [ 31.452388][ T37] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.467488][ T37] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.193887][ T3524] loop1: detected capacity change from 0 to 512 [ 32.255304][ T3524] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.286796][ T3524] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 32.328639][ T3531] process 'syz.4.15' launched '/dev/fd/7' with NULL argv: empty string added [ 32.617945][ T3538] syzkaller0: entered promiscuous mode [ 32.624069][ T3538] syzkaller0: entered allmulticast mode [ 32.697475][ T3524] ¬í (3524) used greatest stack depth: 10208 bytes left [ 32.749826][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.773916][ T3540] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.790680][ T3562] loop0: detected capacity change from 0 to 128 [ 33.867737][ T3565] syz.0.27: attempt to access beyond end of device [ 33.867737][ T3565] loop0: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 33.867898][ T3568] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0 [ 33.902111][ T3565] syz.0.27: attempt to access beyond end of device [ 33.902111][ T3565] loop0: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 33.916984][ T3567] IPVS: stopping backup sync thread 3568 ... [ 33.955335][ T3570] loop1: detected capacity change from 0 to 2048 [ 33.974350][ T3565] syz.0.27: attempt to access beyond end of device [ 33.974350][ T3565] loop0: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 33.995822][ T3570] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.024741][ T3570] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.029801][ T3574] syzkaller0: entered promiscuous mode [ 34.035556][ T3565] syz.0.27: attempt to access beyond end of device [ 34.035556][ T3565] loop0: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 34.041341][ T3574] syzkaller0: entered allmulticast mode [ 34.060802][ T3565] syz.0.27: attempt to access beyond end of device [ 34.060802][ T3565] loop0: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 34.074483][ T3565] syz.0.27: attempt to access beyond end of device [ 34.074483][ T3565] loop0: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 34.088580][ T3565] syz.0.27: attempt to access beyond end of device [ 34.088580][ T3565] loop0: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 34.103702][ T3565] syz.0.27: attempt to access beyond end of device [ 34.103702][ T3565] loop0: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 34.117744][ T3565] syz.0.27: attempt to access beyond end of device [ 34.117744][ T3565] loop0: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 34.123894][ T3577] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.30: bg 0: block 345: padding at end of block bitmap is not set [ 34.131562][ T3565] syz.0.27: attempt to access beyond end of device [ 34.131562][ T3565] loop0: rw=2049, sector=289, nr_sectors = 8 limit=128 [ 34.164840][ T3577] EXT4-fs (loop1): Remounting filesystem read-only [ 34.172141][ T12] EXT4-fs warning (device loop1): ext4_convert_unwritten_extents:4984: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30 [ 34.273091][ T3579] veth0_vlan: entered allmulticast mode [ 34.310040][ T3579] veth0_vlan: left promiscuous mode [ 34.342586][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.386772][ T3579] veth0_vlan: entered promiscuous mode [ 34.448117][ T3583] loop1: detected capacity change from 0 to 1024 [ 34.466501][ T3583] ======================================================= [ 34.466501][ T3583] WARNING: The mand mount option has been deprecated and [ 34.466501][ T3583] and is ignored by this kernel. Remove the mand [ 34.466501][ T3583] option from the mount to silence this warning. [ 34.466501][ T3583] ======================================================= [ 34.561388][ T3585] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.574093][ T3583] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.592558][ T3583] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.34: Allocating blocks 385-513 which overlap fs metadata [ 34.612250][ T3583] EXT4-fs (loop1): pa ffff8881071cb070: logic 16, phys. 129, len 24 [ 34.620462][ T3583] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 34.637128][ T3583] syz.1.34 (3583) used greatest stack depth: 10136 bytes left [ 34.661991][ T3585] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.676991][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.695018][ T3589] loop3: detected capacity change from 0 to 1024 [ 34.703126][ T3591] tipc: Started in network mode [ 34.708416][ T3591] tipc: Node identity 4, cluster identity 4711 [ 34.714921][ T3591] tipc: Node number set to 4 [ 34.725990][ T3589] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.743512][ T3585] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.768047][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.829225][ T3585] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.893358][ T37] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.910523][ T37] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.925093][ T37] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.933642][ T37] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.967627][ T3606] netlink: 16 bytes leftover after parsing attributes in process `syz.4.42'. [ 35.240022][ T3616] netlink: 4 bytes leftover after parsing attributes in process `syz.4.46'. [ 36.108723][ T3639] loop1: detected capacity change from 0 to 128 [ 36.223464][ T3643] loop2: detected capacity change from 0 to 1024 [ 36.248424][ T3643] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.264619][ T3645] netlink: 'syz.0.51': attribute type 4 has an invalid length. [ 36.270166][ T3643] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.49: Allocating blocks 385-513 which overlap fs metadata [ 36.377730][ T29] kauditd_printk_skb: 144 callbacks suppressed [ 36.377750][ T29] audit: type=1400 audit(1758694572.226:235): avc: denied { connect } for pid=3640 comm="syz.3.50" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 36.430070][ T3651] EXT4-fs (loop2): pa ffff8881072530e0: logic 16, phys. 129, len 24 [ 36.438764][ T3651] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 36.523663][ T3653] 9pnet_fd: Insufficient options for proto=fd [ 36.689029][ T29] audit: type=1400 audit(1758694572.596:236): avc: denied { create } for pid=3654 comm="syz.0.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 36.726657][ T29] audit: type=1400 audit(1758694572.626:237): avc: denied { mount } for pid=3654 comm="syz.0.53" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 36.749097][ T29] audit: type=1400 audit(1758694572.626:238): avc: denied { write } for pid=3654 comm="syz.0.53" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 36.770417][ T29] audit: type=1400 audit(1758694572.626:239): avc: denied { open } for pid=3654 comm="syz.0.53" path="/10/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 36.793636][ T29] audit: type=1400 audit(1758694572.636:240): avc: denied { unmount } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 36.816055][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.077690][ T3679] loop2: detected capacity change from 0 to 512 [ 38.097372][ T3679] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.110631][ T3679] ext4 filesystem being mounted at /10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 39.201794][ T3690] loop3: detected capacity change from 0 to 512 [ 39.223424][ T29] audit: type=1400 audit(1758694575.126:241): avc: denied { read } for pid=3693 comm="syz.1.64" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 39.247253][ T29] audit: type=1400 audit(1758694575.126:242): avc: denied { open } for pid=3693 comm="syz.1.64" path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 39.281473][ T3690] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 39.294653][ T3690] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 39.371935][ T29] audit: type=1400 audit(1758694575.216:243): avc: denied { ioctl } for pid=3693 comm="syz.1.64" path="/dev/input/event0" dev="devtmpfs" ino=242 ioctlcmd=0x4591 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 39.398691][ T29] audit: type=1400 audit(1758694575.266:244): avc: denied { write } for pid=3693 comm="syz.1.64" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 39.431716][ T3690] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.63: invalid indirect mapped block 4294967295 (level 0) [ 39.498822][ T3690] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.63: invalid indirect mapped block 4294967295 (level 1) [ 39.513914][ T3690] EXT4-fs (loop3): 1 orphan inode deleted [ 39.519954][ T3690] EXT4-fs (loop3): 1 truncate cleaned up [ 39.532973][ T3690] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.600938][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.694408][ T3698] loop0: detected capacity change from 0 to 1024 [ 39.726850][ T3698] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.757312][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.046100][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.067487][ T3747] loop1: detected capacity change from 0 to 512 [ 41.081238][ T3747] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 41.104269][ T3750] loop3: detected capacity change from 0 to 1024 [ 41.124213][ T3747] EXT4-fs (loop1): 1 truncate cleaned up [ 41.136646][ T3750] EXT4-fs (loop3): stripe (8) is not aligned with cluster size (4096), stripe is disabled [ 41.146338][ T3747] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.174726][ T3750] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 41.184858][ T3750] EXT4-fs (loop3): orphan cleanup on readonly fs [ 41.203817][ T3750] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 41.218919][ T3750] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 41.229088][ T3750] EXT4-fs error (device loop3): ext4_free_blocks:6696: comm syz.3.80: Freeing blocks not in datazone - block = 0, count = 4096 [ 41.253199][ T3750] EXT4-fs (loop3): Remounting filesystem read-only [ 41.274587][ T3750] EXT4-fs (loop3): 1 orphan inode deleted [ 41.283025][ T3750] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 41.301190][ T3750] netlink: 4 bytes leftover after parsing attributes in process `syz.3.80'. [ 41.310409][ T3750] hsr_slave_0: left promiscuous mode [ 41.316789][ T3750] hsr_slave_1: left promiscuous mode [ 41.365572][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.409117][ T3767] loop0: detected capacity change from 0 to 512 [ 41.416311][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 41.416326][ T29] audit: type=1400 audit(1758694577.316:252): avc: denied { mount } for pid=3768 comm="syz.3.84" name="/" dev="ramfs" ino=5525 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 41.446928][ T3767] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 41.466871][ T3767] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.83: invalid indirect mapped block 4294967295 (level 0) [ 41.483386][ T3767] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #16: comm syz.0.83: invalid indirect mapped block 4294967295 (level 1) [ 41.499090][ T3767] EXT4-fs (loop0): 1 orphan inode deleted [ 41.505223][ T3767] EXT4-fs (loop0): 1 truncate cleaned up [ 41.512184][ T3767] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.541140][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.825595][ T29] audit: type=1400 audit(1758694577.736:253): avc: denied { read write } for pid=3779 comm="syz.0.87" name="uhid" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 41.849409][ T29] audit: type=1400 audit(1758694577.736:254): avc: denied { open } for pid=3779 comm="syz.0.87" path="/dev/uhid" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 41.875581][ T3370] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 41.883088][ T3370] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 41.890689][ T3370] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 41.898303][ T3370] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 41.905750][ T3370] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 41.913221][ T3370] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 41.921164][ T3370] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 41.928809][ T3370] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 41.936509][ T3370] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 41.944980][ T3370] hid-generic 0003:0004:0000.0001: unknown main item tag 0x0 [ 41.955671][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.964968][ T3370] hid-generic 0003:0004:0000.0001: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 41.990838][ T3786] tipc: Started in network mode [ 41.996150][ T3786] tipc: Node identity 3295230ee4f8, cluster identity 4711 [ 42.003690][ T3786] tipc: Enabled bearer , priority 0 [ 42.030847][ T29] audit: type=1400 audit(1758694577.936:255): avc: denied { ioctl } for pid=3785 comm="syz.1.88" path="socket:[5550]" dev="sockfs" ino=5550 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 42.042530][ T3784] fido_id[3784]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 42.074051][ T3786] syzkaller0: entered promiscuous mode [ 42.081137][ T3786] syzkaller0: entered allmulticast mode [ 42.091248][ T3793] futex_wake_op: syz.0.100 tries to shift op by 144; fix this program [ 42.116151][ T3786] tipc: Resetting bearer [ 42.124391][ T3785] tipc: Resetting bearer [ 42.134820][ T3785] tipc: Disabling bearer [ 42.233866][ T3799] loop1: detected capacity change from 0 to 128 [ 42.830792][ T29] audit: type=1326 audit(1758694578.736:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3808 comm="syz.4.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe12e0eec9 code=0x7ffc0000 [ 42.855658][ T29] audit: type=1326 audit(1758694578.736:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3808 comm="syz.4.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe12e0eec9 code=0x7ffc0000 [ 42.880437][ T29] audit: type=1326 audit(1758694578.736:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3808 comm="syz.4.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe12e0eec9 code=0x7ffc0000 [ 42.881490][ T3811] netlink: 12 bytes leftover after parsing attributes in process `syz.4.95'. [ 42.904464][ T29] audit: type=1326 audit(1758694578.736:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3808 comm="syz.4.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbe12e0eec9 code=0x7ffc0000 [ 42.936996][ T29] audit: type=1326 audit(1758694578.736:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3808 comm="syz.4.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe12e0eec9 code=0x7ffc0000 [ 42.960803][ T29] audit: type=1326 audit(1758694578.746:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3808 comm="syz.4.94" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe12e0eec9 code=0x7ffc0000 [ 43.024376][ T3813] loop2: detected capacity change from 0 to 512 [ 43.036832][ T3813] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 43.059174][ T3813] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.96: invalid indirect mapped block 4294967295 (level 0) [ 43.075147][ T3813] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.96: invalid indirect mapped block 4294967295 (level 1) [ 43.110853][ T3813] EXT4-fs (loop2): 1 orphan inode deleted [ 43.116964][ T3813] EXT4-fs (loop2): 1 truncate cleaned up [ 43.125854][ T3813] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.161559][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.180965][ T3824] loop0: detected capacity change from 0 to 512 [ 43.189132][ T3824] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 43.200997][ T3824] EXT4-fs (loop0): 1 truncate cleaned up [ 43.208522][ T3824] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.747551][ T3837] futex_wake_op: syz.4.106 tries to shift op by 144; fix this program [ 44.142253][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.358572][ T3849] netlink: 4 bytes leftover after parsing attributes in process `syz.0.108'. [ 44.369921][ T3851] loop4: detected capacity change from 0 to 512 [ 44.397101][ T3853] loop2: detected capacity change from 0 to 128 [ 44.401288][ T3851] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.431168][ T3851] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 44.465950][ T3857] tipc: Enabled bearer , priority 0 [ 44.473644][ T3857] syzkaller0: entered promiscuous mode [ 44.479321][ T3857] syzkaller0: entered allmulticast mode [ 44.527540][ T3860] loop0: detected capacity change from 0 to 128 [ 44.545605][ T3857] tipc: Resetting bearer [ 44.569739][ T3856] tipc: Resetting bearer [ 44.580776][ T3856] tipc: Disabling bearer [ 44.597982][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.647724][ T3862] loop4: detected capacity change from 0 to 512 [ 44.664684][ T3862] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 44.676499][ T3862] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.113: invalid indirect mapped block 4294967295 (level 0) [ 44.692111][ T3862] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #16: comm syz.4.113: invalid indirect mapped block 4294967295 (level 1) [ 44.710661][ T3862] EXT4-fs (loop4): 1 orphan inode deleted [ 44.716628][ T3862] EXT4-fs (loop4): 1 truncate cleaned up [ 44.721054][ T3869] loop1: detected capacity change from 0 to 512 [ 44.725058][ T3862] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.789976][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.834408][ T3878] netlink: 48 bytes leftover after parsing attributes in process `syz.4.117'. [ 44.890855][ T3883] netlink: 'syz.4.119': attribute type 4 has an invalid length. [ 44.905637][ T2994] udevd[2994]: worker [3482] terminated by signal 33 (Unknown signal 33) [ 44.985852][ T3885] loop4: detected capacity change from 0 to 2048 [ 45.008095][ T3887] loop1: detected capacity change from 0 to 1024 [ 45.016508][ T3887] EXT4-fs (loop1): stripe (8) is not aligned with cluster size (4096), stripe is disabled [ 45.027735][ T3887] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 45.037058][ T3887] EXT4-fs (loop1): orphan cleanup on readonly fs [ 45.044155][ T3887] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 45.059582][ T3887] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 45.066749][ T3887] EXT4-fs error (device loop1): ext4_free_blocks:6696: comm syz.1.122: Freeing blocks not in datazone - block = 0, count = 4096 [ 45.080377][ T3887] EXT4-fs (loop1): Remounting filesystem read-only [ 45.087822][ T3887] EXT4-fs (loop1): 1 orphan inode deleted [ 45.094164][ T3887] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 45.111254][ T3887] netlink: 4 bytes leftover after parsing attributes in process `syz.1.122'. [ 45.120352][ T3887] hsr_slave_0: left promiscuous mode [ 45.126041][ T3887] hsr_slave_1: left promiscuous mode [ 45.228494][ T3891] netlink: 128 bytes leftover after parsing attributes in process `syz.4.123'. [ 45.237786][ T3891] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 45.254867][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.347737][ T3895] wg2: entered promiscuous mode [ 45.352668][ T3895] wg2: entered allmulticast mode [ 45.400942][ T3901] tipc: Started in network mode [ 45.406295][ T3901] tipc: Node identity a6eb4fd5b64e, cluster identity 4711 [ 45.414144][ T3901] tipc: Enabled bearer , priority 0 [ 45.422427][ T3901] syzkaller0: entered promiscuous mode [ 45.428131][ T3901] syzkaller0: entered allmulticast mode [ 45.439148][ T3901] tipc: Resetting bearer [ 45.446748][ T3900] tipc: Resetting bearer [ 45.453688][ T3900] tipc: Disabling bearer [ 45.691913][ T3906] SELinux: Context /usr/sbin/cups-browsed is not valid (left unmapped). [ 45.942365][ T3912] tipc: Enabled bearer , priority 0 [ 45.961981][ T3909] syzkaller0: entered promiscuous mode [ 45.967625][ T3909] syzkaller0: entered allmulticast mode [ 45.980197][ T3914] loop0: detected capacity change from 0 to 1024 [ 45.988732][ T3909] tipc: Resetting bearer [ 45.996391][ T3908] tipc: Resetting bearer [ 45.996480][ T3914] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.132: Failed to acquire dquot type 0 [ 46.014527][ T3914] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 46.030309][ T3914] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #13: comm syz.0.132: corrupted inode contents [ 46.031049][ T3908] tipc: Disabling bearer [ 46.044465][ T3914] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #13: comm syz.0.132: mark_inode_dirty error [ 46.061059][ T3914] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #13: comm syz.0.132: corrupted inode contents [ 46.074339][ T3914] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #13: comm syz.0.132: mark_inode_dirty error [ 46.088139][ T3914] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #13: comm syz.0.132: corrupted inode contents [ 46.100798][ T3914] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 46.110599][ T3914] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #13: comm syz.0.132: corrupted inode contents [ 46.122991][ T3914] EXT4-fs error (device loop0): ext4_truncate:4666: inode #13: comm syz.0.132: mark_inode_dirty error [ 46.135604][ T3914] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 46.147006][ T3914] EXT4-fs (loop0): 1 truncate cleaned up [ 46.153472][ T3914] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.190384][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.310630][ T3925] syzkaller0: entered promiscuous mode [ 46.316565][ T3925] syzkaller0: entered allmulticast mode [ 46.581355][ T29] kauditd_printk_skb: 923 callbacks suppressed [ 46.581372][ T29] audit: type=1400 audit(1758694582.486:1183): avc: denied { read } for pid=3937 comm="syz.3.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 46.609633][ T29] audit: type=1400 audit(1758694582.486:1184): avc: denied { write } for pid=3937 comm="syz.3.138" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 46.637936][ T29] audit: type=1400 audit(1758694582.546:1185): avc: denied { ioctl } for pid=3937 comm="syz.3.138" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 46.670594][ T29] audit: type=1400 audit(1758694582.576:1186): avc: denied { execmem } for pid=3943 comm="syz.2.139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 47.077622][ T3949] tipc: Enabled bearer , priority 0 [ 47.107636][ T3949] syzkaller0: entered promiscuous mode [ 47.113544][ T3949] syzkaller0: entered allmulticast mode [ 47.170520][ T3949] tipc: Resetting bearer [ 47.178909][ T3948] tipc: Resetting bearer [ 47.187991][ T3948] tipc: Disabling bearer [ 47.261154][ T29] audit: type=1400 audit(1758694583.166:1187): avc: denied { create } for pid=3952 comm="syz.1.152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 47.300468][ T29] audit: type=1400 audit(1758694583.206:1188): avc: denied { create } for pid=3955 comm="syz.0.142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 47.310266][ T3954] syzkaller0: entered promiscuous mode [ 47.326385][ T3954] syzkaller0: entered allmulticast mode [ 47.342855][ T29] audit: type=1400 audit(1758694583.246:1189): avc: denied { write } for pid=3955 comm="syz.0.142" name="001" dev="devtmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 47.382959][ T3956] usb usb8: usbfs: process 3956 (syz.0.142) did not claim interface 0 before use [ 47.394351][ T3959] netlink: 8 bytes leftover after parsing attributes in process `syz.3.144'. [ 47.403295][ T3959] netlink: 'syz.3.144': attribute type 5 has an invalid length. [ 47.568198][ T3971] netlink: 'syz.0.158': attribute type 4 has an invalid length. [ 47.577182][ T3969] futex_wake_op: syz.2.147 tries to shift op by 144; fix this program [ 47.696626][ T29] audit: type=1400 audit(1758694583.596:1190): avc: denied { load_policy } for pid=3972 comm="syz.0.148" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 47.714268][ T3973] SELinux: failed to load policy [ 47.862225][ T3981] loop0: detected capacity change from 0 to 1024 [ 47.887381][ T3981] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.933906][ T3981] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.150: Allocating blocks 465-513 which overlap fs metadata [ 47.980797][ T29] audit: type=1400 audit(1758694583.836:1191): avc: denied { read write open } for pid=3977 comm="syz.0.150" path="/35/file1/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 48.040359][ T3981] EXT4-fs (loop0): pa ffff8881072531c0: logic 256, phys. 369, len 9 [ 48.049230][ T3981] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 3 [ 48.148501][ T3981] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 18: block 113:freeing already freed block (bit 7); block bitmap corrupt. [ 48.191595][ T3988] netlink: 32 bytes leftover after parsing attributes in process `syz.4.153'. [ 48.206798][ T29] audit: type=1326 audit(1758694584.086:1192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3987 comm="syz.4.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe12e0eec9 code=0x7ffc0000 [ 48.392468][ T3995] loop4: detected capacity change from 0 to 512 [ 48.415686][ T3995] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 48.431006][ T3995] EXT4-fs (loop4): 1 truncate cleaned up [ 48.450933][ T3995] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.479879][ T4000] pim6reg: entered allmulticast mode [ 48.519923][ T4002] loop3: detected capacity change from 0 to 128 [ 48.531801][ T4000] pim6reg: left allmulticast mode [ 48.568620][ T4000] loop1: detected capacity change from 0 to 512 [ 48.583285][ T4002] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 48.591767][ T4002] FAT-fs (loop3): Filesystem has been set read-only [ 48.599360][ T4002] bio_check_eod: 143 callbacks suppressed [ 48.599375][ T4002] syz.3.159: attempt to access beyond end of device [ 48.599375][ T4002] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 48.619545][ T4002] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 48.627970][ T4002] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 48.637822][ T4000] EXT4-fs (loop1): too many log groups per flexible block group [ 48.645810][ T4000] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 48.653133][ T4002] syz.3.159: attempt to access beyond end of device [ 48.653133][ T4002] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 48.667201][ T4001] syz.3.159: attempt to access beyond end of device [ 48.667201][ T4001] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 48.668100][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.681726][ T4000] EXT4-fs (loop1): mount failed [ 48.696525][ T4002] syz.3.159: attempt to access beyond end of device [ 48.696525][ T4002] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 48.710089][ T4001] syz.3.159: attempt to access beyond end of device [ 48.710089][ T4001] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 48.727355][ T4002] syz.3.159: attempt to access beyond end of device [ 48.727355][ T4002] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 48.734954][ T4007] netlink: 'syz.2.161': attribute type 4 has an invalid length. [ 48.741731][ T4002] syz.3.159: attempt to access beyond end of device [ 48.741731][ T4002] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 48.780228][ T4002] syz.3.159: attempt to access beyond end of device [ 48.780228][ T4002] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 48.797740][ T4001] syz.3.159: attempt to access beyond end of device [ 48.797740][ T4001] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 48.805804][ T4013] loop1: detected capacity change from 0 to 512 [ 48.811523][ T4001] syz.3.159: attempt to access beyond end of device [ 48.811523][ T4001] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 48.865981][ T4013] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.905186][ T4013] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.927785][ T4013] EXT4-fs (loop1): shut down requested (0) [ 48.940102][ T4013] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 48.964584][ T4013] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 48.974070][ T4013] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=15 [ 48.986702][ T4013] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 48.991264][ T4024] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 49.059120][ T4026] mmap: syz.1.164 (4026) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 49.093971][ T4013] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=15 [ 49.116182][ T4013] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 49.169076][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.225382][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.280611][ T4031] loop1: detected capacity change from 0 to 512 [ 49.289112][ T4031] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 49.365264][ T4031] EXT4-fs (loop1): 1 truncate cleaned up [ 49.372161][ T4031] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.395630][ T4031] EXT4-fs error (device loop1): ext4_ext_precache:632: inode #15: comm syz.1.167: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 49.459820][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.619662][ T4049] Zero length message leads to an empty skb [ 50.563957][ T4059] loop2: detected capacity change from 0 to 512 [ 50.565270][ T4060] netlink: 'syz.1.174': attribute type 4 has an invalid length. [ 50.580923][ T4059] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 50.624808][ T4059] EXT4-fs (loop2): 1 truncate cleaned up [ 50.640036][ T4059] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.673082][ T4071] netlink: 12 bytes leftover after parsing attributes in process `syz.1.179'. [ 50.762489][ T4059] netdevsim netdevsim2: Direct firmware load for ./file0/file1 failed with error -2 [ 50.822114][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.930272][ T4078] SELinux: failed to load policy [ 51.136600][ T4083] netlink: 48 bytes leftover after parsing attributes in process `syz.2.184'. [ 51.320782][ T4089] loop2: detected capacity change from 0 to 512 [ 51.378266][ T4089] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.414638][ T4089] ext4 filesystem being mounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 51.444432][ T4093] loop0: detected capacity change from 0 to 512 [ 51.525740][ T4093] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 51.535082][ T4093] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 51.581024][ T4093] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 51.587368][ T3386] IPVS: starting estimator thread 0... [ 51.590228][ T4093] System zones: 0-2, 18-18, 34-35 [ 51.596907][ T4097] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4097 comm=syz.1.189 [ 51.601188][ T4093] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 51.617506][ T29] kauditd_printk_skb: 71 callbacks suppressed [ 51.617523][ T29] audit: type=1400 audit(1758694587.526:1264): avc: denied { create } for pid=4096 comm="syz.1.189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 51.685677][ T4099] IPVS: using max 2832 ests per chain, 141600 per kthread [ 51.827199][ T4093] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 51.867377][ T4093] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 51.879963][ T4093] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 51.913619][ T4093] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.187: bg 0: block 353: padding at end of block bitmap is not set [ 51.966327][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.007091][ T4107] loop4: detected capacity change from 0 to 1024 [ 52.025116][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.037449][ T4107] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 52.049868][ T29] audit: type=1400 audit(1758694587.536:1265): avc: denied { read } for pid=4096 comm="syz.1.189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 52.070489][ T29] audit: type=1400 audit(1758694587.736:1266): avc: denied { remount } for pid=4092 comm="syz.0.187" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 52.090625][ T29] audit: type=1400 audit(1758694587.806:1267): avc: denied { write } for pid=4092 comm="syz.0.187" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 52.111467][ T29] audit: type=1400 audit(1758694587.806:1268): avc: denied { nlmsg_write } for pid=4092 comm="syz.0.187" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 52.142218][ T4113] tipc: Started in network mode [ 52.147284][ T4113] tipc: Node identity de00369bf91c, cluster identity 4711 [ 52.155107][ T4113] tipc: Enabled bearer , priority 0 [ 52.163335][ T4113] syzkaller0: entered promiscuous mode [ 52.169255][ T4113] syzkaller0: entered allmulticast mode [ 52.181597][ T4107] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.192: Invalid block bitmap block 0 in block_group 0 [ 52.196448][ T4107] Quota error (device loop4): write_blk: dquota write failed [ 52.204189][ T4107] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 52.214472][ T4107] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.192: Failed to acquire dquot type 0 [ 52.228883][ T4113] tipc: Resetting bearer [ 52.231719][ T4107] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.192: Freeing blocks not in datazone - block = 0, count = 4096 [ 52.248498][ T4111] tipc: Resetting bearer [ 52.248663][ T4107] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.192: Invalid inode bitmap blk 0 in block_group 0 [ 52.267588][ T37] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-7 [ 52.267730][ T4107] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 52.276960][ T37] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:2: Failed to release dquot type 0 [ 52.364726][ T4107] EXT4-fs (loop4): 1 orphan inode deleted [ 52.367662][ T4111] tipc: Disabling bearer [ 52.370875][ T4107] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.485283][ T4107] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.579983][ T29] audit: type=1400 audit(1758694588.486:1269): avc: denied { read write } for pid=4122 comm="syz.1.205" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 52.605113][ T29] audit: type=1400 audit(1758694588.486:1270): avc: denied { open } for pid=4122 comm="syz.1.205" path="/dev/sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 53.159276][ T4107] infiniband syz2: set active [ 53.164206][ T4107] infiniband syz2: added bond0 [ 53.315090][ T4107] RDS/IB: syz2: added [ 53.331212][ T4107] smc: adding ib device syz2 with port count 1 [ 53.357441][ T4107] smc: ib device syz2 port 1 has pnetid [ 53.488040][ T4139] SELinux: failed to load policy [ 53.624041][ T4143] loop0: detected capacity change from 0 to 8192 [ 53.671893][ T4107] syz.4.192 (4107) used greatest stack depth: 9312 bytes left [ 53.754673][ T4150] syzkaller0: entered promiscuous mode [ 53.760352][ T4150] syzkaller0: entered allmulticast mode [ 53.836607][ T4153] tipc: Enabled bearer , priority 0 [ 53.844040][ T4153] syzkaller0: entered promiscuous mode [ 53.849572][ T4153] syzkaller0: entered allmulticast mode [ 53.860863][ T4153] tipc: Resetting bearer [ 53.868857][ T4152] tipc: Resetting bearer [ 53.876503][ T4152] tipc: Disabling bearer [ 53.887013][ T4157] netlink: 5 bytes leftover after parsing attributes in process `syz.4.208'. [ 53.896057][ T4157] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 53.903456][ T4157] 0ªî{X¹¦: entered allmulticast mode [ 53.909670][ T4157] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 53.930099][ T4158] loop1: detected capacity change from 0 to 512 [ 53.946909][ T4158] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.959963][ T4158] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 54.358558][ T4171] loop4: detected capacity change from 0 to 128 [ 54.383037][ T4170] loop3: detected capacity change from 0 to 512 [ 54.411492][ T4170] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 54.463077][ T4171] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 54.471204][ T4171] FAT-fs (loop4): Filesystem has been set read-only [ 54.485957][ T4173] loop2: detected capacity change from 0 to 512 [ 54.495015][ T4171] bio_check_eod: 13330 callbacks suppressed [ 54.495032][ T4171] syz.4.211: attempt to access beyond end of device [ 54.495032][ T4171] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 54.515246][ T4171] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 54.523121][ T4171] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 54.531600][ T4169] syz.4.211: attempt to access beyond end of device [ 54.531600][ T4169] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 54.547589][ T4171] syz.4.211: attempt to access beyond end of device [ 54.547589][ T4171] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 54.553693][ T4170] EXT4-fs (loop3): 1 truncate cleaned up [ 54.563478][ T4171] syz.4.211: attempt to access beyond end of device [ 54.563478][ T4171] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 54.582650][ T4170] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.596497][ T4169] syz.4.211: attempt to access beyond end of device [ 54.596497][ T4169] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 54.610227][ T4171] syz.4.211: attempt to access beyond end of device [ 54.610227][ T4171] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 54.625236][ T4169] syz.4.211: attempt to access beyond end of device [ 54.625236][ T4169] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 54.640014][ T4173] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.212: bg 0: block 5: invalid block bitmap [ 54.654140][ T4173] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 54.664615][ T4171] syz.4.211: attempt to access beyond end of device [ 54.664615][ T4171] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 54.672142][ T4173] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.212: invalid indirect mapped block 3 (level 2) [ 54.678491][ T4171] syz.4.211: attempt to access beyond end of device [ 54.678491][ T4171] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 54.706054][ T4171] syz.4.211: attempt to access beyond end of device [ 54.706054][ T4171] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 54.730775][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.735197][ T4173] EXT4-fs (loop2): 2 truncates cleaned up [ 54.789481][ T4173] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.844169][ T4170] netdevsim netdevsim3: Direct firmware load for ./file0/file1 failed with error -2 [ 54.981143][ T4173] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.992611][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.062142][ T4173] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.098001][ T4189] loop1: detected capacity change from 0 to 1024 [ 55.127448][ T4189] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.146524][ T4173] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.160950][ T4189] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.216: Allocating blocks 465-513 which overlap fs metadata [ 55.177184][ T4189] EXT4-fs (loop1): pa ffff8881071cb150: logic 256, phys. 369, len 9 [ 55.185544][ T4189] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 3 [ 55.216843][ T4189] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 18: block 113:freeing already freed block (bit 7); block bitmap corrupt. [ 55.301026][ T4173] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.313667][ T4194] veth1_macvtap: left promiscuous mode [ 55.320722][ T4194] macsec0: entered allmulticast mode [ 55.353211][ T110] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.369882][ T110] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.382873][ T110] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.395732][ T110] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.406352][ T4196] netlink: 4 bytes leftover after parsing attributes in process `syz.4.218'. [ 55.446178][ T4202] bridge_slave_0: left allmulticast mode [ 55.452162][ T4202] bridge_slave_0: left promiscuous mode [ 55.458187][ T4202] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.468111][ T4202] bridge_slave_1: left allmulticast mode [ 55.473942][ T4202] bridge_slave_1: left promiscuous mode [ 55.480191][ T4202] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.490454][ T4202] bond0: (slave bond_slave_0): Releasing backup interface [ 55.501715][ T4202] bond0: (slave bond_slave_1): Releasing backup interface [ 55.502538][ T4203] netlink: 'syz.4.219': attribute type 10 has an invalid length. [ 55.517127][ T4203] netlink: 40 bytes leftover after parsing attributes in process `syz.4.219'. [ 55.538326][ T4202] team0: Port device team_slave_0 removed [ 55.547422][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.559895][ T4202] team0: Port device team_slave_1 removed [ 55.567997][ T4202] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 55.575725][ T4202] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 55.586080][ T4202] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 55.590938][ T4205] loop2: detected capacity change from 0 to 512 [ 55.595080][ T4202] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 55.619218][ T4205] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.623549][ T4203] batman_adv: batadv0: Adding interface: veth1_vlan [ 55.636826][ T4205] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.639697][ T4203] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.680039][ T4203] batman_adv: batadv0: Interface activated: veth1_vlan [ 55.727117][ T4209] loop4: detected capacity change from 0 to 2048 [ 55.736558][ T4209] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.767654][ T4213] netlink: 'syz.0.223': attribute type 4 has an invalid length. [ 55.799725][ T4215] loop0: detected capacity change from 0 to 512 [ 55.827493][ T4215] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.843336][ T4215] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.888343][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.906115][ T4215] sd 0:0:1:0: device reset [ 55.930209][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.937105][ T4223] netlink: 8 bytes leftover after parsing attributes in process `syz.1.235'. [ 55.950194][ T4223] netlink: 'syz.1.235': attribute type 5 has an invalid length. [ 56.048640][ T4229] SELinux: failed to load policy [ 56.192378][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.323332][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.452078][ T4251] loop3: detected capacity change from 0 to 1024 [ 56.678159][ T4251] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.705670][ T4251] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.236: Allocating blocks 465-513 which overlap fs metadata [ 56.722651][ T4251] EXT4-fs (loop3): pa ffff8881071cb150: logic 256, phys. 369, len 9 [ 56.730982][ T4251] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 3 [ 56.743653][ T4251] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 18: block 113:freeing already freed block (bit 7); block bitmap corrupt. [ 56.891632][ T4257] loop1: detected capacity change from 0 to 1024 [ 56.916139][ T4257] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.936614][ T4257] netlink: 4 bytes leftover after parsing attributes in process `syz.1.237'. [ 56.978797][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.113949][ T4264] netlink: 24 bytes leftover after parsing attributes in process `syz.0.238'. [ 57.158222][ T29] kauditd_printk_skb: 136 callbacks suppressed [ 57.158240][ T29] audit: type=1400 audit(1758694593.066:1407): avc: denied { block_suspend } for pid=4266 comm="syz.1.240" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 57.246615][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.260963][ T4269] SELinux: failed to load policy [ 57.295417][ T4275] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 57.330937][ T4279] tipc: Enabled bearer , priority 0 [ 57.349628][ T4281] loop2: detected capacity change from 0 to 512 [ 57.356829][ T4279] syzkaller0: entered promiscuous mode [ 57.362369][ T4279] syzkaller0: entered allmulticast mode [ 57.373498][ T4279] tipc: Resetting bearer [ 57.392881][ T4281] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.398025][ T4286] loop3: detected capacity change from 0 to 512 [ 57.407090][ T4281] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.424194][ T4278] tipc: Resetting bearer [ 57.436556][ T4278] tipc: Disabling bearer [ 57.443225][ T4286] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.247: bg 0: block 5: invalid block bitmap [ 57.454273][ T4281] EXT4-fs (loop2): shut down requested (0) [ 57.462595][ T4286] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 57.476733][ T4281] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 57.477562][ T4286] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.247: invalid indirect mapped block 3 (level 2) [ 57.486475][ T4281] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 57.499906][ T4286] EXT4-fs (loop3): 2 truncates cleaned up [ 57.509857][ T4281] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=15 [ 57.524610][ T4286] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.538143][ T4281] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 57.547346][ T4281] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=15 [ 57.556685][ T4281] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 57.566085][ T4288] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 57.592021][ T4290] netlink: 4 bytes leftover after parsing attributes in process `syz.4.248'. [ 57.606541][ T29] audit: type=1326 audit(1758694593.516:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4284 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c496aeec9 code=0x7ffc0000 [ 57.630894][ T29] audit: type=1326 audit(1758694593.516:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4284 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c496aeec9 code=0x7ffc0000 [ 57.654956][ T29] audit: type=1326 audit(1758694593.516:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4284 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8c496aeec9 code=0x7ffc0000 [ 57.664581][ T4290] batman_adv: batadv0: Interface deactivated: veth1_vlan [ 57.678410][ T29] audit: type=1326 audit(1758694593.516:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4284 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c496aeec9 code=0x7ffc0000 [ 57.678490][ T29] audit: type=1326 audit(1758694593.516:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4284 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8c496aeec9 code=0x7ffc0000 [ 57.685638][ T4290] batman_adv: batadv0: Removing interface: veth1_vlan [ 57.743140][ T29] audit: type=1326 audit(1758694593.516:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4284 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c496aeec9 code=0x7ffc0000 [ 57.767462][ T29] audit: type=1326 audit(1758694593.516:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4284 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8c496aeec9 code=0x7ffc0000 [ 57.791326][ T29] audit: type=1326 audit(1758694593.516:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4284 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c496aeec9 code=0x7ffc0000 [ 57.800459][ T4294] netlink: 8 bytes leftover after parsing attributes in process `syz.1.249'. [ 57.815276][ T29] audit: type=1326 audit(1758694593.516:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4284 comm="syz.3.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c496aeec9 code=0x7ffc0000 [ 57.848067][ T4294] netlink: 8 bytes leftover after parsing attributes in process `syz.1.249'. [ 57.860783][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.873193][ T4286] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.894120][ T4296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.249'. [ 58.080536][ T4286] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.111370][ T4297] loop2: detected capacity change from 0 to 8192 [ 58.343707][ T4297] loop2: p1 p2 p4 < > [ 58.347861][ T4297] loop2: partition table partially beyond EOD, truncated [ 58.458205][ T4297] loop2: p1 start 16777224 is beyond EOD, truncated [ 58.465316][ T4297] loop2: p2 size 515840 extends beyond EOD, truncated [ 58.722956][ T4286] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.011113][ T4297] loop2: p4 start 16777216 is beyond EOD, truncated [ 59.019548][ T4308] __nla_validate_parse: 1 callbacks suppressed [ 59.019597][ T4308] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 59.043870][ T4286] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 59.093781][ T4318] loop0: detected capacity change from 0 to 512 [ 59.101523][ T4308] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 59.108996][ T4308] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 59.118323][ T4318] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 59.129467][ T4319] SELinux: policydb magic number 0x4c5047 does not match expected magic number 0xf97cff8c [ 59.141641][ T4308] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 59.149194][ T4308] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 59.158651][ T4318] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 59.173531][ T4319] SELinux: failed to load policy [ 59.182490][ T4318] EXT4-fs (loop0): 1 truncate cleaned up [ 59.233321][ T4318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.259550][ T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.279968][ T4324] loop4: detected capacity change from 0 to 512 [ 59.293241][ T4324] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 59.302583][ T4324] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 59.314103][ T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.323996][ T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.333255][ T12] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.342113][ T4324] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 59.351213][ T4324] System zones: 0-2, 18-18, 34-35 [ 59.360641][ T4324] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 59.376799][ T4324] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 59.386669][ T4324] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 59.396741][ T4324] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 59.436019][ T4324] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.258: bg 0: block 353: padding at end of block bitmap is not set [ 59.451645][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.214092][ T4349] loop1: detected capacity change from 0 to 512 [ 60.226678][ T4349] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.241084][ T4349] sd 0:0:1:0: device reset [ 61.060886][ T4364] bridge_slave_0: left allmulticast mode [ 61.066824][ T4364] bridge_slave_0: left promiscuous mode [ 61.072820][ T4364] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.083772][ T4364] bridge_slave_1: left allmulticast mode [ 61.089637][ T4364] bridge_slave_1: left promiscuous mode [ 61.095530][ T4364] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.148154][ T4364] bond0: (slave bond_slave_0): Releasing backup interface [ 61.157581][ T4368] netlink: 12 bytes leftover after parsing attributes in process `syz.3.270'. [ 61.207614][ T4364] bond0: (slave bond_slave_1): Releasing backup interface [ 61.216182][ T4369] netlink: 16 bytes leftover after parsing attributes in process `syz.3.270'. [ 61.230958][ T4367] netlink: 'syz.0.269': attribute type 10 has an invalid length. [ 61.238917][ T4367] netlink: 40 bytes leftover after parsing attributes in process `syz.0.269'. [ 61.269794][ T4364] team0: Port device team_slave_0 removed [ 61.283174][ T4364] team0: Port device team_slave_1 removed [ 61.283525][ T4373] loop1: detected capacity change from 0 to 512 [ 61.296852][ T4373] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 61.306321][ T4373] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 61.306823][ T4364] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 61.322702][ T4364] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 61.331517][ T4373] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 61.341791][ T4364] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 61.349541][ T4364] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 61.354820][ T4373] System zones: 0-2, 18-18, 34-35 [ 61.369755][ T4373] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 61.381029][ T4376] netlink: 4 bytes leftover after parsing attributes in process `syz.2.272'. [ 61.383017][ T4373] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 61.444693][ T4368] 8021q: adding VLAN 0 to HW filter on device bond1 [ 61.457425][ T4367] batman_adv: batadv0: Adding interface: veth1_vlan [ 61.464333][ T4367] batman_adv: batadv0: The MTU of interface veth1_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.492826][ T4373] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 61.530721][ T4367] batman_adv: batadv0: Interface activated: veth1_vlan [ 61.547947][ T4373] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.271: bg 0: block 353: padding at end of block bitmap is not set [ 61.613974][ T4366] infiniband syz!: set active [ 61.619056][ T4366] infiniband syz!: added team_slave_0 [ 61.720942][ T4366] RDS/IB: syz!: added [ 61.745309][ T4366] smc: adding ib device syz! with port count 1 [ 61.754562][ T4366] smc: ib device syz! port 1 has pnetid [ 61.767029][ T4381] loop2: detected capacity change from 0 to 2048 [ 61.948205][ T4395] loop3: detected capacity change from 0 to 512 [ 61.955079][ T4393] Driver unsupported XDP return value 0 on prog (id 185) dev N/A, expect packet loss! [ 61.994958][ T4395] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.117711][ T4407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 62.144108][ T4407] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 62.169432][ T4409] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 62.176069][ T4409] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 62.184039][ T4409] vhci_hcd vhci_hcd.0: Device attached [ 62.230779][ T4409] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(7) [ 62.237439][ T4409] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 62.245243][ T4409] vhci_hcd vhci_hcd.0: Device attached [ 62.267265][ T4409] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 62.276259][ T4409] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 62.351571][ T4410] vhci_hcd: connection closed [ 62.351679][ T4414] vhci_hcd: connection closed [ 62.364604][ T12] vhci_hcd: stop threads [ 62.373860][ T12] vhci_hcd: release socket [ 62.378451][ T12] vhci_hcd: disconnect device [ 62.384828][ T12] vhci_hcd: stop threads [ 62.389561][ T12] vhci_hcd: release socket [ 62.389545][ T23] vhci_hcd: vhci_device speed not set [ 62.399691][ T12] vhci_hcd: disconnect device [ 62.424136][ T29] kauditd_printk_skb: 74 callbacks suppressed [ 62.424154][ T29] audit: type=1400 audit(1758694598.326:1491): avc: denied { connect } for pid=4422 comm="syz.3.286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 62.436240][ T4423] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 62.473782][ T29] audit: type=1400 audit(1758694598.346:1492): avc: denied { bind } for pid=4422 comm="syz.3.286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 62.493686][ T29] audit: type=1400 audit(1758694598.366:1493): avc: denied { relabelto } for pid=4422 comm="syz.3.286" name="file0" dev="tmpfs" ino=266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 62.520731][ T29] audit: type=1400 audit(1758694598.366:1494): avc: denied { associate } for pid=4422 comm="syz.3.286" name="file0" dev="tmpfs" ino=266 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0" [ 62.548341][ T29] audit: type=1400 audit(1758694598.366:1495): avc: denied { write } for pid=4417 comm="syz.2.285" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 62.659489][ T29] audit: type=1400 audit(1758694598.566:1496): avc: denied { rmdir } for pid=3308 comm="syz-executor" name="file0" dev="tmpfs" ino=266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 62.701411][ T4426] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0 [ 62.744428][ T29] audit: type=1400 audit(1758694598.646:1497): avc: denied { read } for pid=4424 comm="syz.3.287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 62.831249][ T29] audit: type=1400 audit(1758694598.736:1498): avc: denied { watch watch_reads } for pid=4431 comm="syz.4.289" path="/syzcgroup/unified/syz4" dev="cgroup2" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 63.154695][ T29] audit: type=1326 audit(1758694598.976:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4439 comm="syz.0.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b4fb2eec9 code=0x7ffc0000 [ 63.178830][ T29] audit: type=1326 audit(1758694598.976:1500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4439 comm="syz.0.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5b4fb2eec9 code=0x7ffc0000 [ 63.597616][ T4458] netlink: 8 bytes leftover after parsing attributes in process `syz.2.296'. [ 63.606584][ T4458] netlink: 8 bytes leftover after parsing attributes in process `syz.2.296'. [ 63.620055][ T4455] netlink: 8 bytes leftover after parsing attributes in process `syz.2.296'. [ 63.629182][ T4455] netlink: 8 bytes leftover after parsing attributes in process `syz.2.296'. [ 63.771286][ T4461] loop3: detected capacity change from 0 to 512 [ 63.796915][ T4461] ext4 filesystem being mounted at /50/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.902313][ T4485] loop4: detected capacity change from 0 to 8192 [ 65.913848][ T4500] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.932409][ T4501] netlink: 4 bytes leftover after parsing attributes in process `syz.4.307'. [ 65.936684][ T4500] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.965962][ T4504] loop1: detected capacity change from 0 to 512 [ 65.973588][ T4504] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 65.986233][ T4504] EXT4-fs (loop1): 1 truncate cleaned up [ 65.992937][ T4485] loop4: p1 p2 p4 < > [ 65.997303][ T4485] loop4: partition table partially beyond EOD, truncated [ 66.005601][ T4485] loop4: p1 start 16777224 is beyond EOD, truncated [ 66.012332][ T4485] loop4: p2 size 515840 extends beyond EOD, truncated [ 66.019951][ T4485] loop4: p4 start 16777216 is beyond EOD, truncated [ 66.152642][ T4509] ================================================================== [ 66.161024][ T4509] BUG: KCSAN: data-race in filemap_write_and_wait_range / xas_set_mark [ 66.169283][ T4509] [ 66.171702][ T4509] write to 0xffff888105ad20f4 of 4 bytes by task 4504 on cpu 0: [ 66.179499][ T4509] xas_set_mark+0x12b/0x140 [ 66.184098][ T4509] __folio_start_writeback+0x1dd/0x440 [ 66.189739][ T4509] ext4_bio_write_folio+0x5ad/0x9f0 [ 66.195146][ T4509] mpage_process_page_bufs+0x4a1/0x620 [ 66.200706][ T4509] mpage_prepare_extent_to_map+0x786/0xc00 [ 66.207036][ T4509] ext4_do_writepages+0xa05/0x2750 [ 66.212158][ T4509] ext4_writepages+0x176/0x300 [ 66.217015][ T4509] do_writepages+0x1c3/0x310 [ 66.221606][ T4509] file_write_and_wait_range+0x156/0x2c0 [ 66.227250][ T4509] generic_buffers_fsync_noflush+0x45/0x120 [ 66.233433][ T4509] ext4_sync_file+0x1ab/0x690 [ 66.238120][ T4509] vfs_fsync_range+0x10a/0x130 [ 66.242973][ T4509] ext4_buffered_write_iter+0x34f/0x3c0 [ 66.248549][ T4509] ext4_file_write_iter+0xdbf/0xf00 [ 66.253849][ T4509] iter_file_splice_write+0x666/0xa60 [ 66.259439][ T4509] direct_splice_actor+0x156/0x2a0 [ 66.264728][ T4509] splice_direct_to_actor+0x312/0x680 [ 66.270385][ T4509] do_splice_direct+0xda/0x150 [ 66.275172][ T4509] do_sendfile+0x380/0x650 [ 66.279861][ T4509] __x64_sys_sendfile64+0x105/0x150 [ 66.285153][ T4509] x64_sys_call+0x2bb0/0x2ff0 [ 66.289919][ T4509] do_syscall_64+0xd2/0x200 [ 66.294520][ T4509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.300810][ T4509] [ 66.303148][ T4509] read to 0xffff888105ad20f4 of 4 bytes by task 4509 on cpu 1: [ 66.310870][ T4509] filemap_write_and_wait_range+0xfc/0x340 [ 66.316735][ T4509] filemap_invalidate_pages+0xa4/0x1a0 [ 66.322378][ T4509] kiocb_invalidate_pages+0x6e/0x80 [ 66.327579][ T4509] __iomap_dio_rw+0x5d4/0x1250 [ 66.332446][ T4509] iomap_dio_rw+0x40/0x90 [ 66.336957][ T4509] ext4_file_write_iter+0xad9/0xf00 [ 66.342161][ T4509] iter_file_splice_write+0x666/0xa60 [ 66.347613][ T4509] direct_splice_actor+0x156/0x2a0 [ 66.352781][ T4509] splice_direct_to_actor+0x312/0x680 [ 66.358255][ T4509] do_splice_direct+0xda/0x150 [ 66.363012][ T4509] do_sendfile+0x380/0x650 [ 66.367834][ T4509] __x64_sys_sendfile64+0x105/0x150 [ 66.373239][ T4509] x64_sys_call+0x2bb0/0x2ff0 [ 66.378466][ T4509] do_syscall_64+0xd2/0x200 [ 66.383175][ T4509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.389075][ T4509] [ 66.391540][ T4509] value changed: 0x0a000021 -> 0x04000021 [ 66.397421][ T4509] [ 66.399741][ T4509] Reported by Kernel Concurrency Sanitizer on: [ 66.405989][ T4509] CPU: 1 UID: 0 PID: 4509 Comm: syz.1.311 Not tainted syzkaller #0 PREEMPT(voluntary) [ 66.415722][ T4509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 66.426036][ T4509] ==================================================================