last executing test programs: 3m20.924353323s ago: executing program 4 (id=204): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000002000000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x26044041}, 0x0) close(r2) 3m20.718092284s ago: executing program 4 (id=211): r0 = socket(0x10, 0x3, 0x9) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a14"], 0x28}}, 0x0) 3m20.638550662s ago: executing program 4 (id=215): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2b, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)='%pS \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000400)={'sit0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000640)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000006800010000000000fbdbdf25020000000000000006000700040000000c000880050004000100000008000600f200000008000500", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x4402}, 0x0) 3m20.570780269s ago: executing program 4 (id=219): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x9f) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x2c, 0x10, 0x1, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, 0x5d1a0}, [@IFLA_ADDRESS={0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008004}, 0x48800) 3m20.428020163s ago: executing program 4 (id=225): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x8d110, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb5, 0x1, @perf_bp={0x0, 0xa}, 0x14101, 0x4, 0x9, 0x1, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/32], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000780)='./file0/../file0\x00', 0x0, 0xa06002, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x1080860, 0x0) 3m20.388152967s ago: executing program 3 (id=227): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r1}, 0x18) io_uring_setup(0x2c6e, &(0x7f0000000300)={0x0, 0x66e0, 0x800, 0x0, 0x30}) 3m20.304563926s ago: executing program 3 (id=229): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r0, 0x1000) r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="268292", 0x3}, {&(0x7f00000000c0)="018fc7c7ab739e69240d165fe0678092489b93d6f264144dcbb3f332f360f806d4f3feef1435c9d041f9fa1bae6f0fd2db977a8f9845daa2303937b72d45286ba54b1b10bb21e3533572e3cca5c78b22c386a57c7d850670e25e0b3c", 0x5c}], 0x2) 3m19.95978183s ago: executing program 4 (id=238): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff000000009408000000001700638af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000008000000850000006900000095"], &(0x7f0000005d80)='syzkaller\x00', 0xc}, 0x94) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000001140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) 3m19.808424575s ago: executing program 3 (id=243): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) writev(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) 3m19.697984666s ago: executing program 3 (id=247): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000003"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) 3m19.629938263s ago: executing program 3 (id=249): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x8d110, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb5, 0x1, @perf_bp={0x0, 0xa}, 0x14101, 0x4, 0x9, 0x1, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800"/32], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000780)='./file0/../file0\x00', 0x0, 0xa06002, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x1080860, 0x0) 3m19.523957874s ago: executing program 3 (id=250): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r2}) keyctl$KEYCTL_MOVE(0x1e, r2, 0xffffffffffffffff, r3, 0x0) 3m4.894197324s ago: executing program 32 (id=238): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff000000009408000000001700638af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000008000000850000006900000095"], &(0x7f0000005d80)='syzkaller\x00', 0xc}, 0x94) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000001140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) 3m4.501961673s ago: executing program 33 (id=250): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r2}) keyctl$KEYCTL_MOVE(0x1e, r2, 0xffffffffffffffff, r3, 0x0) 2m54.67717453s ago: executing program 6 (id=821): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000380), &(0x7f00000005c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r2}, 0x10) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r3, &(0x7f00000005c0)="f5", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffdfc, @rand_addr=' \x01\x00'}, 0x1c) 2m54.640377274s ago: executing program 6 (id=823): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32, @ANYBLOB="00000000100000001c001a80080002"], 0x44}}, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000071000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="0c000180080001000300010020"], 0x44}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x20040884}, 0x40000) r2 = socket(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) 2m54.621391576s ago: executing program 6 (id=826): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000200), &(0x7f0000000280)=r1}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x100000000000000}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_u}]}}) 2m54.471628141s ago: executing program 6 (id=833): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000180)='./file0/file0\x00', 0x0, 0xa95058, 0x0) syz_clone(0x24011, 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x181097, 0x0) 2m54.293004329s ago: executing program 6 (id=847): bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeb0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) 2m54.115193397s ago: executing program 6 (id=856): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001400)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a00fe050900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000a0000010900020073797a31000000000900010073797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) close(r0) recvmsg(r1, &(0x7f0000002240)={0x0, 0x0, 0x0}, 0x0) 2m54.101928878s ago: executing program 34 (id=856): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001400)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a00fe050900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000a0000010900020073797a31000000000900010073797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) close(r0) recvmsg(r1, &(0x7f0000002240)={0x0, 0x0, 0x0}, 0x0) 2.988395669s ago: executing program 2 (id=5767): memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f0000000100)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @rand_addr=0x4}, 0x3}}, 0x24) r1 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x717e, 0x80, 0x14, 0x150}, &(0x7f0000000140)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, 0x0, 0x0) 2.801685318s ago: executing program 2 (id=5783): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback, 0x1}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x885) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x40810}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4008011}, 0x4004) close(0x4) 1.820304327s ago: executing program 0 (id=5786): r0 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@usrquota}, {@nodiscard}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y") r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x80081, 0x36) pwrite64(r1, &(0x7f0000000140)='2', 0x155c2, 0x8000c64) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRESDEC=0x0, @ANYRESDEC=r0, @ANYRESDEC=r2, @ANYRES64=r2, @ANYRESHEX=r1, @ANYRES32=r0, @ANYRESDEC], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3], &(0x7f0000000780)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18) renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', r2, &(0x7f0000000980)='./file0\x00', 0x0) 1.819653167s ago: executing program 2 (id=5798): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x40) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000080)={0x24, r2, 0x62c21a4ade68aba1, 0x70bd23, 0xfffffffd, {{0x32}, {@val={0x8, 0x117, 0x59}, @val={0x8}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0) 1.764914932s ago: executing program 2 (id=5788): setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0xb, 0x528, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb8, 0x1, @perf_config_ext={0x1f5a685a}, 0x4dc8, 0x10000, 0xfffffffc, 0x1, 0x1008, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = syz_io_uring_setup(0x354, &(0x7f0000000240)={0x0, 0x6862, 0x80, 0x1, 0x1c0}, &(0x7f00000002c0)=0x0, &(0x7f0000000300)=0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6000, @fd=r1, 0x0, 0x0}) io_uring_enter(r2, 0x10847ba, 0x95c, 0xe, 0x0, 0x2e) 1.745111615s ago: executing program 0 (id=5789): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000100)='netlink_extack\x00', r0}, 0x18) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, 0x0, 0x800) syz_pidfd_open(0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000001140)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe880000000000000000000000000101ac1414bb0000000000000000000000000000ce8a8caf947dde0000000000000a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000032000000ac14143500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffffffffffff00000000000000000000000800000000000200000000000000000000000000000200000000000000000000000a"], 0x1a0}}, 0x0) 1.677533821s ago: executing program 5 (id=5790): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000180)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x2, &(0x7f0000002400)=0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x2b, 0x81}]}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r2}, 0x38) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3, 0x0, 0x2}, 0x18) io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x6, 0x0, 0x0, 0x2}]) 1.646890124s ago: executing program 0 (id=5791): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r4, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000300)="b9ff030768f1258c989e14f05c71", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.625677756s ago: executing program 0 (id=5792): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) fcntl$getownex(r0, 0x10, 0x0) r2 = getpid() r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd27, 0x25dfdbfb, {0x25, 0x0, 0xfeff}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30) 857.586724ms ago: executing program 2 (id=5794): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20040018}, 0x0) sendmsg$inet(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0xff0f}], 0x1}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) setsockopt$sock_attach_bpf(r0, 0x1, 0x21, &(0x7f0000000040), 0x4) recvmsg(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0) close(r1) 856.788664ms ago: executing program 0 (id=5807): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, 0x0, 0x0) socket$unix(0x1, 0x2, 0x0) socket$unix(0x1, 0x2, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) syz_read_part_table(0x5ff, &(0x7f0000000600)="$eJzs1D+LXFUYB+DfnZ25dyYQdsGAIkIWAlZhLSRFwEGXoJImWUIUCzvBKhYGgqaaxaQUEVthbSJICOwX0EZkEgg2VsEyBHuDCLLikbl33NlgYbEL64bnKc55zznv+XO5595wpPXSTEqpRpm0zX4yqOdDz3RVnVKXsjvh8/euX5mH/bx1+9SdZGP90uXk2Oa7SVZfyHCx+mAR/vDkvmV5p2SUx3uSq/kBspnkg4e32rC/WGWlqz5azGj2//wcbdvjj79Pe2/GowwzyJfJ2a+7scnbz77yTq+qFrewem03HBzU/tOT7cVNkwe7a64mx9f6rya5N+85PUv6pYun3bdWXdh7hXtdtdR9Bk8a/avngE7Pfm2Pp8s3bl6tv+i3zUdfnXj4c1JKufZSKWWym3cyybCe/eSq9mUvHeKZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAp9P2eLpcz+MHHzaPXn6/P2+tlL9KKUmaJLOUYddfZbR8rMzqbB7M/jfufzpKM67+6Svl4q9bx9cGdwe5uDXf93Q12jtta6er6/2fgMPUvv+bV9/87Pr49zvprsAnf1x4cdiFTVuOkt/q4eTEtSS9+cTBoR0ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPife/2N86sb65cuJ6n6wyS9lVvT2cCZ57qEkjz/3ZlvrtxbP3tu1l6bFX/W55tmp9w/9/j2yo+nfrq7lI2mS/+2lzQZJP1+17HdloNDeTj+098BAAD//6bsZIk=") bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8002}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) 855.954294ms ago: executing program 7 (id=5808): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="4000aa000a0002"], 0x28}, 0x1, 0x0, 0x0, 0x44800}, 0x0) 855.196714ms ago: executing program 5 (id=5809): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000200), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x2000000}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x1a2) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0xa4c42, 0x108) fallocate(r2, 0x0, 0xbf5, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f0000000040)={0xc, r2, 0x0, 0x0, 0x0, 0xfffffffffe000001}) 813.695958ms ago: executing program 7 (id=5811): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x5b1d071468882d03, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)=0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="5400ffff0000", 0x6, 0x0, 0x0, 0x2}]) 658.972244ms ago: executing program 2 (id=5797): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x1c1002, 0x0) write(r3, &(0x7f0000004200)='t', 0x1) sendfile(r3, r2, 0x0, 0x3ffff) sendfile(r3, r2, 0x0, 0x7ffff000) 633.225086ms ago: executing program 5 (id=5799): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001011ff00000000000100070000000000000000ff0200000000000000000000000000014f194e20"], 0xfdef) 632.177096ms ago: executing program 7 (id=5814): r0 = syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@usrquota}, {@nodiscard}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y") r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x80081, 0x36) pwrite64(r1, &(0x7f0000000140)='2', 0x155c2, 0x8000c64) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRESDEC=0x0, @ANYRESDEC=r0, @ANYRESDEC=r2, @ANYRES64=r2, @ANYRESHEX=r1, @ANYRES32=r0, @ANYRESDEC], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3], &(0x7f0000000780)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18) renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', r2, &(0x7f0000000980)='./file0\x00', 0x0) 483.683941ms ago: executing program 1 (id=5800): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e) close(0x3) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000cbd70100400000005000000080009000200000008000c000000000008000b00000000000600010007"], 0x40}, 0x1, 0x0, 0x0, 0x40811}, 0x4030) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}, 0x2}}, 0x26) 457.809084ms ago: executing program 1 (id=5801): socket(0xa, 0x5, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0xfffffffa) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000014000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000015000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000021c0)={0x686d3e7a, 0xe5, 0x6, 0x5, 0x9, "b195758a38b6e9b9839719204e74a28f4b0966"}) 338.044556ms ago: executing program 5 (id=5803): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r2 = accept(r0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000140000000400000005"], 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000200), &(0x7f00000002c0)=@tcp6=r2}, 0x20) recvfrom$unix(r2, 0x0, 0x0, 0x40000050, 0x0, 0x0) 336.982666ms ago: executing program 1 (id=5804): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x7fff}, 0x18) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r2) getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="4800000010000305ff810000fddbdf2500000000", @ANYRES32=r3, @ANYBLOB="1748000040000200280012800a000100767863616e0000001800028014000100000000", @ANYRES32=r3], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0) 325.927687ms ago: executing program 7 (id=5805): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000400000000000000000000850000002c000000850000002a00000095"], &(0x7f0000000200)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001680)={r4, r3, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x4, 0x0, 0x1}}, 0x3c) syz_emit_ethernet(0xfdef, &(0x7f0000000380)=ANY=[], 0x0) 299.0675ms ago: executing program 1 (id=5806): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c000180060001"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) 238.075256ms ago: executing program 1 (id=5810): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001a80)={{r0}, &(0x7f0000000940), &(0x7f0000001a40)='%-5lx \x00'}, 0x20) recvmmsg(0xffffffffffffffff, &(0x7f0000006940)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)=""/6, 0x6}], 0x1}, 0x85}], 0x1, 0x40, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$sock(r2, &(0x7f00000044c0), 0x4000000000001c0, 0x0) recvfrom(r3, &(0x7f0000000040)=""/60, 0xdb, 0x40, 0x0, 0x0) 237.407106ms ago: executing program 7 (id=5812): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000500)='kfree\x00', r1}, 0x18) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x30, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x46) write$qrtrtun(r2, &(0x7f0000000340)="66bb0b760dc0f4ff", 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40) 236.735816ms ago: executing program 5 (id=5823): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000050b6850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x71b5, &(0x7f0000000040)={0x0, 0x9272, 0xc000, 0xfffffffe, 0xad}) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffec5, 0x0}, 0x4000000) io_uring_enter(r1, 0xf00, 0x2, 0x17, 0x0, 0x0) 136.970326ms ago: executing program 1 (id=5813): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) rt_sigprocmask(0x0, &(0x7f0000000040)={[0xfffffffffffffff9]}, 0x0, 0x8) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r3, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r1], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) r4 = gettid() sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newlink={0xc4, 0x10, 0x1, 0x1, 0x25dfdbff, {0x0, 0x0, 0x0, r3, 0x10b85, 0x49060}, [@IFLA_NET_NS_PID={0x8, 0x13, r4}, @IFLA_NUM_TX_QUEUES={0x8}, @IFLA_MTU={0x8, 0x4, 0xfffffff9}, @IFLA_VFINFO_LIST={0x4}, @IFLA_LINKINFO={0x88, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x78, 0x2, 0x0, 0x1, [@IFLA_VLAN_INGRESS_QOS={0x4c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x10, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x8, 0x100}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x4}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0xfffffff9}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x2, 0xc3}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x4}}]}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x10, 0xd}}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x10001, 0x8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x1, 0xfff}}]}]}}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x90}, 0x0) 136.608586ms ago: executing program 7 (id=5815): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x5, 0x2, 0x0, 0x70bd2d, 0x25dfdbff}, 0x10}}, 0x4040014) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x7e}) 27.950047ms ago: executing program 5 (id=5816): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) fcntl$getownex(r0, 0x10, 0x0) r2 = getpid() r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x70bd27, 0x25dfdbfb, {0x25, 0x0, 0xfeff}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30) 0s ago: executing program 0 (id=5817): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x4008032, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x2, 0x49, 0x1, 0xffffffffffffffff, 0xfffffffe}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1, 0x0, 0x6}, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd0}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x9a167000) kernel console output (not intermixed with test programs): EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 169.169166][T13874] EXT4-fs (loop2): 1 truncate cleaned up [ 169.182825][T13883] wg2: entered promiscuous mode [ 169.187792][T13883] wg2: entered allmulticast mode [ 169.213679][T13874] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.228850][T13874] ÿÿÿÿÿÿ: renamed from vlan1 [ 169.256544][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.299009][T13894] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13894 comm=syz.2.4164 [ 169.432649][T13912] 8021q: adding VLAN 0 to HW filter on device bond6 [ 169.440374][T13912] bridge0: port 2(bond6) entered blocking state [ 169.446684][T13912] bridge0: port 2(bond6) entered disabled state [ 169.453178][T13912] bond6: entered allmulticast mode [ 169.459632][T13912] bond6: entered promiscuous mode [ 170.102136][T13935] net_ratelimit: 5 callbacks suppressed [ 170.102166][T13935] netlink: zone id is out of range [ 170.112952][T13935] netlink: zone id is out of range [ 170.118993][T13935] netlink: zone id is out of range [ 170.124265][T13935] netlink: zone id is out of range [ 170.129576][T13935] netlink: zone id is out of range [ 170.134764][T13935] netlink: zone id is out of range [ 170.139946][T13935] netlink: zone id is out of range [ 170.145138][T13935] netlink: zone id is out of range [ 170.150270][T13935] netlink: zone id is out of range [ 170.155467][T13935] netlink: zone id is out of range [ 170.178184][T13939] IPv6: NLM_F_CREATE should be specified when creating new route [ 170.470581][T13972] netlink: 'syz.5.4193': attribute type 13 has an invalid length. [ 170.547825][T13972] gretap0: refused to change device tx_queue_len [ 170.726182][T13991] bridge: RTM_NEWNEIGH with invalid ether address [ 171.280311][T14038] __nla_validate_parse: 11 callbacks suppressed [ 171.280329][T14038] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4225'. [ 172.076449][T14106] loop2: detected capacity change from 0 to 2048 [ 172.135822][T14106] Alternate GPT is invalid, using primary GPT. [ 172.142296][T14106] loop2: p2 p3 p7 [ 172.150055][T14109] netlink: 'syz.0.4256': attribute type 21 has an invalid length. [ 172.152079][T14111] syz_tun: entered allmulticast mode [ 172.212769][T14111] dvmrp6: entered allmulticast mode [ 172.231369][T14109] netlink: 'syz.0.4256': attribute type 1 has an invalid length. [ 172.239203][T14109] netlink: 144 bytes leftover after parsing attributes in process `syz.0.4256'. [ 172.265301][T14110] syz_tun: left allmulticast mode [ 172.323517][T14118] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4260'. [ 172.328833][ T29] kauditd_printk_skb: 117 callbacks suppressed [ 172.328848][ T29] audit: type=1326 audit(685.308:5677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz.0.4262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 172.353319][T14118] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4260'. [ 172.373460][ T29] audit: type=1326 audit(685.338:5678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz.0.4262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 172.396575][ T29] audit: type=1326 audit(685.338:5679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz.0.4262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 172.419462][ T29] audit: type=1326 audit(685.338:5680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz.0.4262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 172.442588][ T29] audit: type=1326 audit(685.338:5681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz.0.4262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 172.465538][ T29] audit: type=1326 audit(685.348:5682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz.0.4262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 172.488446][ T29] audit: type=1326 audit(685.348:5683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz.0.4262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 172.511380][ T29] audit: type=1326 audit(685.348:5684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz.0.4262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 172.534394][ T29] audit: type=1326 audit(685.348:5685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz.0.4262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 172.557260][ T29] audit: type=1326 audit(685.348:5686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14121 comm="syz.0.4262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 172.615694][T14126] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4263'. [ 172.653867][T14130] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4264'. [ 172.675404][T14132] netlink: 8 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 173.024031][T14162] ref_ctr_offset mismatch. inode: 0x1296 offset: 0x7 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x2 [ 173.278381][T14181] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4288'. [ 173.290734][T14185] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4292'. [ 173.303817][T14189] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4293'. [ 173.350504][T14192] vlan1: entered allmulticast mode [ 173.445439][T14201] syzkaller0: entered allmulticast mode [ 173.461729][T14201] syzkaller0 (unregistering): left allmulticast mode [ 173.613913][T14226] loop5: detected capacity change from 0 to 4096 [ 173.622506][T14226] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.665611][ T3875] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x60 [ 173.836133][T14253] netlink: 'syz.7.4318': attribute type 1 has an invalid length. [ 173.900843][T14259] loop2: detected capacity change from 0 to 4096 [ 173.937592][T14259] EXT4-fs: Ignoring removed nomblk_io_submit option [ 173.944811][T14253] bond4: entered promiscuous mode [ 173.950096][T14253] 8021q: adding VLAN 0 to HW filter on device bond4 [ 173.978231][T14259] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 173.991767][ T4940] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.077789][T14266] loop7: detected capacity change from 0 to 512 [ 174.099632][T14266] EXT4-fs (loop7): first meta block group too large: 100663296 (group descriptor block count 1) [ 174.186201][T14271] veth0_macvtap: left promiscuous mode [ 174.191812][T14271] veth0_macvtap: entered promiscuous mode [ 174.197784][T14271] veth0_macvtap: entered allmulticast mode [ 174.395762][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.522401][T14293] netlink: 'syz.2.4337': attribute type 1 has an invalid length. [ 174.536138][T14296] loop1: detected capacity change from 0 to 512 [ 174.544109][T14296] EXT4-fs (loop1): first meta block group too large: 100663296 (group descriptor block count 1) [ 174.692541][T14317] loop7: detected capacity change from 0 to 4096 [ 174.699515][T14317] EXT4-fs: Ignoring removed nomblk_io_submit option [ 174.709261][T14317] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.743303][T14319] Falling back ldisc for ttyS3. [ 174.957278][ T5787] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.968080][T14345] netlink: 'syz.5.4361': attribute type 1 has an invalid length. [ 175.003353][T14350] loop5: detected capacity change from 0 to 2048 [ 175.014434][T14350] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.155239][ T4940] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.167875][T14354] loop7: detected capacity change from 0 to 1024 [ 175.174789][T14354] EXT4-fs: Ignoring removed orlov option [ 175.180792][T14354] EXT4-fs (loop7): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 175.194630][T14354] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.265584][ T5787] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.325603][T14363] SELinux: failed to load policy [ 175.566250][T14384] loop7: detected capacity change from 0 to 2048 [ 175.569183][T14382] loop5: detected capacity change from 0 to 4096 [ 175.584302][T14382] EXT4-fs: Ignoring removed nomblk_io_submit option [ 175.593675][T14382] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.608150][T14384] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.847614][ T5787] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.959655][T14407] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 176.045613][ T4940] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.151563][T14419] loop5: detected capacity change from 0 to 8192 [ 176.242051][T14440] loop5: detected capacity change from 0 to 1024 [ 176.262378][T14440] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.321638][T14450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.330129][T14450] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.356251][T14452] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=14452 comm=syz.7.4399 [ 176.369482][T14452] __nla_validate_parse: 5 callbacks suppressed [ 176.369493][T14452] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4399'. [ 176.563484][ T4940] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.579579][T14455] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14455 comm=syz.2.4403 [ 176.610583][T14457] loop5: detected capacity change from 0 to 1024 [ 176.617944][T14457] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 176.629196][T14457] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #11: comm GPL: iget: bogus i_mode (1) [ 176.640071][T14457] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm GPL: couldn't read orphan inode 11 (err -117) [ 176.652147][T14457] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.668144][T14457] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.697560][T14464] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4406'. [ 176.728511][T14470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4420'. [ 176.737431][T14470] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4420'. [ 176.746374][T14470] netlink: 'syz.2.4420': attribute type 6 has an invalid length. [ 176.757013][T14470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4420'. [ 176.766158][T14470] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4420'. [ 176.775206][T14470] netlink: 'syz.2.4420': attribute type 6 has an invalid length. [ 176.804598][T14476] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4413'. [ 176.813780][T14476] batadv0: left allmulticast mode [ 176.818984][T14476] batadv0: left promiscuous mode [ 176.824271][T14476] bridge0: port 1(batadv0) entered disabled state [ 176.999343][T14498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4424'. [ 177.155816][T14510] netlink: 96 bytes leftover after parsing attributes in process `syz.7.4428'. [ 177.380481][T14533] netlink: 64 bytes leftover after parsing attributes in process `syz.7.4436'. [ 177.418333][ T29] kauditd_printk_skb: 201 callbacks suppressed [ 177.418347][ T29] audit: type=1326 audit(690.398:5888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14534 comm="syz.7.4437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 177.447518][ T29] audit: type=1326 audit(690.398:5889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14534 comm="syz.7.4437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 177.473171][ T29] audit: type=1326 audit(690.448:5890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14534 comm="syz.7.4437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 177.496224][ T29] audit: type=1326 audit(690.448:5891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14534 comm="syz.7.4437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 177.519181][ T29] audit: type=1326 audit(690.448:5892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14534 comm="syz.7.4437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 177.542120][ T29] audit: type=1326 audit(690.448:5893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14534 comm="syz.7.4437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 177.565067][ T29] audit: type=1326 audit(690.448:5894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14534 comm="syz.7.4437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 177.589491][ T29] audit: type=1326 audit(690.448:5895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14534 comm="syz.7.4437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 177.612409][ T29] audit: type=1326 audit(690.458:5896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14534 comm="syz.7.4437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 177.635358][ T29] audit: type=1326 audit(690.458:5897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14534 comm="syz.7.4437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 177.689926][T14541] netlink: 'syz.5.4440': attribute type 12 has an invalid length. [ 177.823466][T14553] loop1: detected capacity change from 0 to 2048 [ 177.834653][T14553] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.937217][T14511] syz.0.4427 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0 [ 177.951180][T14511] CPU: 0 UID: 0 PID: 14511 Comm: syz.0.4427 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 177.951237][T14511] Tainted: [W]=WARN [ 177.951253][T14511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 177.951275][T14511] Call Trace: [ 177.951282][T14511] [ 177.951292][T14511] __dump_stack+0x1d/0x30 [ 177.951314][T14511] dump_stack_lvl+0xe8/0x140 [ 177.951334][T14511] dump_stack+0x15/0x1b [ 177.951356][T14511] dump_header+0x81/0x220 [ 177.951440][T14511] oom_kill_process+0x342/0x400 [ 177.951548][T14511] out_of_memory+0x979/0xb80 [ 177.951611][T14511] try_charge_memcg+0x610/0xa10 [ 177.951658][T14511] obj_cgroup_charge_pages+0xa6/0x150 [ 177.951684][T14511] __memcg_kmem_charge_page+0x9f/0x170 [ 177.951706][T14511] __alloc_frozen_pages_noprof+0x188/0x360 [ 177.951764][T14511] alloc_pages_mpol+0xb3/0x260 [ 177.951796][T14511] alloc_pages_noprof+0x90/0x130 [ 177.951872][T14511] __vmalloc_node_range_noprof+0x7a5/0xed0 [ 177.951991][T14511] __kvmalloc_node_noprof+0x483/0x670 [ 177.952026][T14511] ? ip_set_alloc+0x24/0x30 [ 177.952204][T14511] ? ip_set_alloc+0x24/0x30 [ 177.952289][T14511] ? __kmalloc_cache_noprof+0x249/0x4a0 [ 177.952338][T14511] ip_set_alloc+0x24/0x30 [ 177.952391][T14511] hash_netiface_create+0x282/0x740 [ 177.952498][T14511] ? __pfx_hash_netiface_create+0x10/0x10 [ 177.952535][T14511] ip_set_create+0x3cc/0x970 [ 177.952562][T14511] ? save_fpregs_to_fpstate+0x100/0x160 [ 177.952695][T14511] nfnetlink_rcv_msg+0x4c6/0x590 [ 177.952806][T14511] netlink_rcv_skb+0x123/0x220 [ 177.952846][T14511] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 177.952922][T14511] nfnetlink_rcv+0x167/0x16c0 [ 177.953026][T14511] ? ebitmap_get_bit+0x35/0xf0 [ 177.953126][T14511] ? constraint_expr_eval+0x8ef/0x9a0 [ 177.953225][T14511] ? dev_map_hash_lookup_elem+0x6e/0xd0 [ 177.953264][T14511] ? __rcu_read_unlock+0x4f/0x70 [ 177.953347][T14511] ? bpf_trace_run2+0x124/0x1c0 [ 177.953403][T14511] ? should_fail_ex+0x30/0x280 [ 177.953426][T14511] ? should_failslab+0x8c/0xb0 [ 177.953470][T14511] ? should_fail_ex+0x30/0x280 [ 177.953550][T14511] ? dev_map_hash_lookup_elem+0x6e/0xd0 [ 177.953581][T14511] ? should_fail_ex+0x30/0x280 [ 177.953597][T14511] ? selinux_nlmsg_lookup+0x99/0x890 [ 177.953675][T14511] ? __rcu_read_unlock+0x34/0x70 [ 177.953704][T14511] ? __netlink_lookup+0x266/0x2a0 [ 177.953785][T14511] netlink_unicast+0x5c0/0x690 [ 177.953814][T14511] netlink_sendmsg+0x58b/0x6b0 [ 177.953831][T14511] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.953848][T14511] __sock_sendmsg+0x145/0x180 [ 177.953880][T14511] ____sys_sendmsg+0x31e/0x4e0 [ 177.953943][T14511] ___sys_sendmsg+0x17b/0x1d0 [ 177.953981][T14511] __x64_sys_sendmsg+0xd4/0x160 [ 177.954008][T14511] x64_sys_call+0x191e/0x3000 [ 177.954035][T14511] do_syscall_64+0xd2/0x200 [ 177.954058][T14511] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 177.954176][T14511] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 177.954228][T14511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.954255][T14511] RIP: 0033:0x7f7b9941f6c9 [ 177.954268][T14511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.954291][T14511] RSP: 002b:00007f7b97e87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 177.954307][T14511] RAX: ffffffffffffffda RBX: 00007f7b99675fa0 RCX: 00007f7b9941f6c9 [ 177.954317][T14511] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000004 [ 177.954330][T14511] RBP: 00007f7b994a1f91 R08: 0000000000000000 R09: 0000000000000000 [ 177.954343][T14511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 177.954357][T14511] R13: 00007f7b99676038 R14: 00007f7b99675fa0 R15: 00007ffcc7145678 [ 177.954374][T14511] [ 178.315068][T14511] memory: usage 307200kB, limit 307200kB, failcnt 467 [ 178.321848][T14511] memory+swap: usage 307536kB, limit 9007199254740988kB, failcnt 0 [ 178.329758][T14511] kmem: usage 239540kB, limit 9007199254740988kB, failcnt 0 [ 178.337130][T14511] Memory cgroup stats for /syz0: [ 178.339255][T14511] cache 69238784 [ 178.347795][T14511] rss 4096 [ 178.350813][T14511] shmem 0 [ 178.353966][T14511] mapped_file 0 [ 178.357424][T14511] dirty 0 [ 178.360393][T14511] writeback 0 [ 178.363791][T14511] workingset_refault_anon 230 [ 178.368467][T14511] workingset_refault_file 640 [ 178.373231][T14511] swap 344064 [ 178.376521][T14511] swapcached 36864 [ 178.380240][T14511] pgpgin 217476 [ 178.383739][T14511] pgpgout 200561 [ 178.387283][T14511] pgfault 244778 [ 178.390864][T14511] pgmajfault 57 [ 178.394397][T14511] inactive_anon 36864 [ 178.398380][T14511] active_anon 0 [ 178.401846][T14511] inactive_file 8192 [ 178.405788][T14511] active_file 0 [ 178.409248][T14511] unevictable 69238784 [ 178.413342][T14511] hierarchical_memory_limit 314572800 [ 178.418734][T14511] hierarchical_memsw_limit 9223372036854771712 [ 178.424922][T14511] total_cache 69238784 [ 178.428994][T14511] total_rss 4096 [ 178.432550][T14511] total_shmem 0 [ 178.436046][T14511] total_mapped_file 0 [ 178.440111][T14511] total_dirty 0 [ 178.443660][T14511] total_writeback 0 [ 178.447462][T14511] total_workingset_refault_anon 230 [ 178.452662][T14511] total_workingset_refault_file 640 [ 178.457892][T14511] total_swap 344064 [ 178.461778][T14511] total_swapcached 36864 [ 178.466061][T14511] total_pgpgin 217476 [ 178.470041][T14511] total_pgpgout 200561 [ 178.474137][T14511] total_pgfault 244778 [ 178.478221][T14511] total_pgmajfault 57 [ 178.482294][T14511] total_inactive_anon 36864 [ 178.486925][T14511] total_active_anon 0 [ 178.490914][T14511] total_inactive_file 8192 [ 178.495348][T14511] total_active_file 0 [ 178.499370][T14511] total_unevictable 69238784 [ 178.503972][T14511] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.4427,pid=14509,uid=0 [ 178.518752][T14511] Memory cgroup out of memory: Killed process 14509 (syz.0.4427) total-vm:96136kB, anon-rss:1140kB, file-rss:22496kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:0 [ 178.536367][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.601655][T14568] loop1: detected capacity change from 0 to 4096 [ 178.635261][T14570] xt_hashlimit: max too large, truncated to 1048576 [ 178.639417][T14568] EXT4-fs: Ignoring removed nomblk_io_submit option [ 178.672133][T14568] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.837130][T14511] syz.0.4427 (14511) used greatest stack depth: 7240 bytes left [ 178.861769][T14590] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 178.872313][T14590] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.996030][T14590] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 179.006462][T14590] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.043424][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.073615][T14612] loop1: detected capacity change from 0 to 1024 [ 179.080365][T14612] EXT4-fs: Ignoring removed orlov option [ 179.093522][T14612] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.113885][T14590] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 179.124278][T14590] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.156734][T14612] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 179.183459][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.214825][T14590] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 179.225177][T14590] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.316285][ T3850] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 179.324665][ T3850] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.348529][ T3850] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 179.356793][ T3850] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.374877][ T3850] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 179.383102][ T3850] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.411659][ T3850] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 179.419923][ T3850] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.080590][T14671] loop1: detected capacity change from 0 to 512 [ 180.094788][T14662] pim6reg1: entered promiscuous mode [ 180.100127][T14662] pim6reg1: entered allmulticast mode [ 180.136899][T14671] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.242385][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.362376][T14694] hsr_slave_1 (unregistering): left promiscuous mode [ 180.478143][T14697] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 180.484707][T14697] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 180.492964][T14697] vhci_hcd vhci_hcd.0: Device attached [ 180.542057][T14698] vhci_hcd: connection closed [ 180.542362][ T3850] vhci_hcd: stop threads [ 180.551340][ T3850] vhci_hcd: release socket [ 180.555811][ T3850] vhci_hcd: disconnect device [ 181.392258][T14782] __nla_validate_parse: 15 callbacks suppressed [ 181.392278][T14782] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4535'. [ 181.474936][T14793] loop7: detected capacity change from 0 to 2048 [ 181.484746][T14793] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.660552][ T5787] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.925364][T14818] netdevsim netdevsim2: Direct firmware load for ÿÿÿÿ failed with error -2 [ 182.151368][T14825] loop1: detected capacity change from 0 to 1024 [ 182.158121][T14825] EXT4-fs: Ignoring removed orlov option [ 182.165846][T14825] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 182.184219][T14825] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.208658][T14825] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 65 with error 28 [ 182.221185][T14825] EXT4-fs (loop1): This should not happen!! Data will be lost [ 182.221185][T14825] [ 182.230873][T14825] EXT4-fs (loop1): Total free blocks count 0 [ 182.236947][T14825] EXT4-fs (loop1): Free/Dirty block details [ 182.237495][T14834] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4560'. [ 182.242885][T14825] EXT4-fs (loop1): free_blocks=0 [ 182.242936][T14825] EXT4-fs (loop1): dirty_blocks=0 [ 182.242983][T14825] EXT4-fs (loop1): Block reservation details [ 182.242997][T14825] EXT4-fs (loop1): i_reserved_data_blocks=0 [ 182.274682][T14835] netlink: 'syz.0.4559': attribute type 4 has an invalid length. [ 182.275665][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.294047][T14834] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4560'. [ 182.372867][T14843] loop2: detected capacity change from 0 to 512 [ 182.383607][T14843] EXT4-fs: Ignoring removed bh option [ 182.394628][T14843] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 182.403727][T14843] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 182.416824][T14843] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 182.471272][ T29] kauditd_printk_skb: 157 callbacks suppressed [ 182.471285][ T29] audit: type=1400 audit(695.448:6055): avc: denied { write } for pid=14850 comm="syz.7.4569" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 182.507135][T14843] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e002e01c, mo2=0006] [ 182.517042][T14853] netdevsim netdevsim1: Direct firmware load for ÿÿÿÿ failed with error -2 [ 182.522991][ T29] audit: type=1400 audit(695.498:6056): avc: denied { read } for pid=14850 comm="syz.7.4569" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 182.544985][T14843] System zones: 0-2, 18-18, 34-35 [ 182.550607][T14843] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.579283][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.607719][T14859] loop2: detected capacity change from 0 to 128 [ 182.616564][T14859] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 182.649528][ T29] audit: type=1400 audit(695.628:6057): avc: denied { setattr } for pid=14858 comm="syz.2.4572" path="/967/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 182.693488][ T29] audit: type=1400 audit(695.628:6058): avc: denied { execute } for pid=14858 comm="syz.2.4572" path="/967/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file1" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 182.744398][ T3328] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 182.755527][ T29] audit: type=1326 audit(695.738:6059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14863 comm="syz.1.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 182.778422][ T29] audit: type=1326 audit(695.738:6060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14863 comm="syz.1.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 182.801555][ T29] audit: type=1326 audit(695.768:6061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14863 comm="syz.1.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 182.837819][ T29] audit: type=1326 audit(695.818:6062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14863 comm="syz.1.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 182.860850][ T29] audit: type=1326 audit(695.818:6063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14863 comm="syz.1.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 182.884589][ T29] audit: type=1326 audit(695.818:6064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14863 comm="syz.1.4576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 182.915703][T14873] sch_fq: defrate 0 ignored. [ 183.172943][T14891] loop1: detected capacity change from 0 to 512 [ 183.185475][T14891] EXT4-fs error (device loop1): ext4_iget_extra_inode:5075: inode #15: comm syz.1.4583: corrupted in-inode xattr: invalid ea_ino [ 183.202336][T14891] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.4583: couldn't read orphan inode 15 (err -117) [ 183.215219][T14891] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.329334][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.821762][T14917] loop7: detected capacity change from 0 to 2048 [ 183.947310][T14915] net_ratelimit: 5 callbacks suppressed [ 183.947324][T14915] Set syz1 is full, maxelem 65536 reached [ 183.965041][T14917] Alternate GPT is invalid, using primary GPT. [ 183.971397][T14917] loop7: p2 p3 p7 [ 184.234518][T14942] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4602'. [ 184.344368][T14956] netlink: 'syz.5.4611': attribute type 4 has an invalid length. [ 184.352168][T14956] netlink: 152 bytes leftover after parsing attributes in process `syz.5.4611'. [ 184.381237][T14956] .`: renamed from bond0 [ 184.611951][T14970] loop5: detected capacity change from 0 to 2048 [ 184.710859][T14974] loop7: detected capacity change from 0 to 512 [ 184.739719][T14970] Alternate GPT is invalid, using primary GPT. [ 184.739894][T14962] Set syz1 is full, maxelem 65536 reached [ 184.746174][T14970] loop5: p2 p3 p7 [ 184.765411][T14974] EXT4-fs (loop7): orphan cleanup on readonly fs [ 184.780091][T14974] EXT4-fs error (device loop7): ext4_orphan_get:1418: comm syz.7.4617: bad orphan inode 13 [ 184.821166][T14974] ext4_test_bit(bit=12, block=18) = 1 [ 184.826795][T14974] is_bad_inode(inode)=0 [ 184.830960][T14974] NEXT_ORPHAN(inode)=2130706432 [ 184.835916][T14974] max_ino=32 [ 184.839113][T14974] i_nlink=1 [ 184.868400][T14974] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 184.977532][ T5787] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.018744][T14999] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4627'. [ 185.040163][T15002] netlink: 'syz.0.4630': attribute type 29 has an invalid length. [ 185.057786][T15002] netlink: 'syz.0.4630': attribute type 29 has an invalid length. [ 185.079080][T15002] netlink: 500 bytes leftover after parsing attributes in process `syz.0.4630'. [ 185.395901][T15037] loop1: detected capacity change from 0 to 1764 [ 185.650071][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 185.656973][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 185.663345][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 185.670161][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 185.686866][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 185.704219][T15070] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15070 comm=syz.0.4658 [ 185.723372][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 185.740020][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 185.750094][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 185.770303][T15072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4659'. [ 185.798852][T15072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4659'. [ 186.174126][T15099] netlink: 16402 bytes leftover after parsing attributes in process `+}[@'. [ 186.437204][T15120] loop7: detected capacity change from 0 to 512 [ 186.456893][T15120] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 186.499087][T15120] EXT4-fs (loop7): 1 truncate cleaned up [ 186.525554][T15120] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 186.558929][T15127] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4682'. [ 186.599542][T15120] ÿÿÿÿÿÿ: renamed from vlan1 [ 186.653588][ T5787] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.130134][T15142] loop2: detected capacity change from 0 to 2048 [ 187.402758][T15157] loop1: detected capacity change from 0 to 164 [ 187.416448][T15142] Alternate GPT is invalid, using primary GPT. [ 187.423009][T15142] loop2: p2 p3 p7 [ 187.428236][T15157] syz.1.4704: attempt to access beyond end of device [ 187.428236][T15157] loop1: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 187.464425][T15157] syz.1.4704: attempt to access beyond end of device [ 187.464425][T15157] loop1: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 187.636801][ T29] kauditd_printk_skb: 337 callbacks suppressed [ 187.636833][ T29] audit: type=1400 audit(700.618:6402): avc: denied { create } for pid=15175 comm="syz.1.4700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 187.682853][ T29] audit: type=1400 audit(700.648:6403): avc: denied { setopt } for pid=15175 comm="syz.1.4700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 187.701900][ T29] audit: type=1400 audit(700.658:6404): avc: denied { ioctl } for pid=15175 comm="syz.1.4700" path="socket:[47056]" dev="sockfs" ino=47056 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 187.726259][ T29] audit: type=1400 audit(700.658:6405): avc: denied { bind } for pid=15175 comm="syz.1.4700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 187.745046][ T29] audit: type=1400 audit(700.658:6406): avc: denied { map } for pid=15175 comm="syz.1.4700" path="socket:[47055]" dev="sockfs" ino=47055 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 187.767601][ T29] audit: type=1400 audit(700.658:6407): avc: denied { read } for pid=15175 comm="syz.1.4700" path="socket:[47055]" dev="sockfs" ino=47055 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 187.772873][T15181] loop2: detected capacity change from 0 to 164 [ 187.798360][ T29] audit: type=1400 audit(700.748:6408): avc: denied { create } for pid=15180 comm="syz.2.4706" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 187.818141][ T29] audit: type=1400 audit(700.748:6409): avc: denied { write } for pid=15180 comm="syz.2.4706" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 187.840551][T15183] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4705'. [ 187.876989][T15181] syz.2.4706: attempt to access beyond end of device [ 187.876989][T15181] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 187.891121][T15181] syz.2.4706: attempt to access beyond end of device [ 187.891121][T15181] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 187.925068][T15189] blktrace: Concurrent blktraces are not allowed on loop15 [ 187.942267][ T29] audit: type=1400 audit(700.908:6410): avc: denied { create } for pid=15188 comm="syz.7.4710" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 187.962500][ T29] audit: type=1400 audit(700.908:6411): avc: denied { write } for pid=15188 comm="syz.7.4710" name="file0" dev="tmpfs" ino=4163 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 188.042667][T15197] loop5: detected capacity change from 0 to 2048 [ 188.201175][T15208] IPv6: NLM_F_CREATE should be specified when creating new route [ 188.241089][T15197] Alternate GPT is invalid, using primary GPT. [ 188.247432][T15197] loop5: p2 p3 p7 [ 188.722212][T15242] netlink: 131740 bytes leftover after parsing attributes in process `syz.0.4725'. [ 190.571037][T15419] loop1: detected capacity change from 0 to 2048 [ 190.624980][T15419] Alternate GPT is invalid, using primary GPT. [ 190.631439][T15419] loop1: p2 p3 p7 [ 190.704561][T15438] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22 [ 190.712767][T15438] netdevsim netdevsim7: Direct firmware load for . failed with error -22 [ 190.837760][T15448] loop1: detected capacity change from 0 to 512 [ 190.846414][T15446] loop7: detected capacity change from 0 to 1024 [ 190.853119][T15446] EXT4-fs: Ignoring removed orlov option [ 190.874569][T15446] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.887871][T15448] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.943231][T15462] wg2: left promiscuous mode [ 190.947876][T15462] wg2: left allmulticast mode [ 190.955883][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.969944][T15462] veth4: left promiscuous mode [ 190.974973][T15462] veth4: left allmulticast mode [ 191.004119][T15462] bond3: left promiscuous mode [ 191.009106][T15462] xfrm1: left promiscuous mode [ 191.040616][ T6353] netdevsim netdevsim5 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 191.049209][ T6353] netdevsim netdevsim5 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.067894][ T6353] netdevsim netdevsim5 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 191.076311][ T6353] netdevsim netdevsim5 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.087738][ T3880] netdevsim netdevsim5 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 191.096187][ T3880] netdevsim netdevsim5 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.114959][ T3880] netdevsim netdevsim5 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 191.123464][ T3880] netdevsim netdevsim5 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.188508][T15475] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4770'. [ 191.197452][T15475] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4770'. [ 191.231829][T15478] netlink: 'syz.5.4771': attribute type 1 has an invalid length. [ 191.278663][T15478] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 191.287216][T15478] bond0: (slave batadv3): making interface the new active one [ 191.296089][T15478] bond0: (slave batadv3): Enslaving as an active interface with an up link [ 191.346627][T15485] loop2: detected capacity change from 0 to 2048 [ 191.393270][T15485] loop2: p2 < > p4 [ 191.397765][T15485] loop2: p4 size 262144 extends beyond EOD, truncated [ 191.569395][T15498] bridge: RTM_NEWNEIGH with invalid ether address [ 191.579451][T15496] loop1: detected capacity change from 0 to 2048 [ 191.608717][T15500] net_ratelimit: 39 callbacks suppressed [ 191.608734][T15500] A link change request failed with some changes committed already. Interface vlan2 may have been left with an inconsistent configuration, please check. [ 191.633575][T15496] Alternate GPT is invalid, using primary GPT. [ 191.640045][T15496] loop1: p2 p3 p7 [ 191.700811][ T5787] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.811844][T15514] blktrace: Concurrent blktraces are not allowed on loop3 [ 191.872633][T15521] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4798'. [ 192.118444][T15534] netlink: 'syz.1.4791': attribute type 1 has an invalid length. [ 192.154128][T15534] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 192.162370][T15534] bond5: (slave batadv1): making interface the new active one [ 192.171847][T15534] bond5: (slave batadv1): Enslaving as an active interface with an up link [ 192.293455][T15552] netlink: 'syz.1.4797': attribute type 10 has an invalid length. [ 192.324620][T15552] team0 (unregistering): Port device team_slave_0 removed [ 192.724574][T15572] sock: sock_set_timeout: `syz.2.4805' (pid 15572) tries to set negative timeout [ 192.786130][T15550] Set syz1 is full, maxelem 65536 reached [ 192.854736][ T29] kauditd_printk_skb: 93 callbacks suppressed [ 192.854751][ T29] audit: type=1400 audit(705.838:6505): avc: denied { watch } for pid=15580 comm="syz.7.4810" path="/823/file0" dev="tmpfs" ino=4273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 192.939878][ T29] audit: type=1400 audit(705.918:6506): avc: denied { tracepoint } for pid=15589 comm="syz.1.4815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 192.959201][ T29] audit: type=1400 audit(705.918:6507): avc: denied { read } for pid=15589 comm="syz.1.4815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 192.984314][T15593] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4826'. [ 193.059186][ T29] audit: type=1400 audit(706.038:6508): avc: denied { create } for pid=15594 comm="syz.0.4828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 193.080515][ T29] audit: type=1400 audit(706.058:6509): avc: denied { write } for pid=15594 comm="syz.0.4828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 193.108075][ T29] audit: type=1400 audit(706.058:6510): avc: denied { read } for pid=15595 comm="syz.1.4816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 193.173067][ T29] audit: type=1400 audit(706.138:6511): avc: denied { create } for pid=15606 comm="syz.1.4820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 193.192020][ T29] audit: type=1400 audit(706.138:6512): avc: denied { connect } for pid=15606 comm="syz.1.4820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 193.211033][ T29] audit: type=1400 audit(706.148:6513): avc: denied { setopt } for pid=15606 comm="syz.1.4820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 193.432572][T15621] netlink: 'syz.7.4825': attribute type 1 has an invalid length. [ 193.471332][T15621] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 193.486166][T15621] bond5: (slave batadv1): making interface the new active one [ 193.504248][T15621] bond5: (slave batadv1): Enslaving as an active interface with an up link [ 193.581716][T15630] loop1: detected capacity change from 0 to 2048 [ 193.625766][T15630] Alternate GPT is invalid, using primary GPT. [ 193.632181][T15630] loop1: p2 p3 p7 [ 193.670050][ T29] audit: type=1400 audit(706.648:6514): avc: denied { create } for pid=15633 comm="syz.7.4832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 193.930565][T15661] netlink: 'syz.2.4847': attribute type 1 has an invalid length. [ 194.007728][T15667] netlink: 'syz.5.4849': attribute type 7 has an invalid length. [ 194.015578][T15667] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4849'. [ 194.046622][T15665] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 194.090844][T15665] bond5: (slave batadv1): making interface the new active one [ 194.134657][T15665] bond5: (slave batadv1): Enslaving as an active interface with an up link [ 194.528294][T15686] loop2: detected capacity change from 0 to 512 [ 194.535809][T15686] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 194.547168][T15686] EXT4-fs (loop2): 1 truncate cleaned up [ 194.553223][T15686] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.566392][T15686] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4857'. [ 194.660932][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.021689][T15711] netlink: 'syz.2.4866': attribute type 1 has an invalid length. [ 195.056818][T15711] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 195.074829][T15711] bond6: (slave batadv2): making interface the new active one [ 195.092475][T15711] bond6: (slave batadv2): Enslaving as an active interface with an up link [ 195.252123][T15737] loop1: detected capacity change from 0 to 1024 [ 195.293919][T15737] EXT4-fs: Ignoring removed mblk_io_submit option [ 195.342779][T15745] netlink: 'syz.7.4882': attribute type 1 has an invalid length. [ 195.352301][T15737] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.430704][T15751] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4879'. [ 195.454664][T15750] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 195.462122][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.472753][T15750] bond6: (slave batadv2): making interface the new active one [ 195.510884][T15750] bond6: (slave batadv2): Enslaving as an active interface with an up link [ 195.531678][T15755] netlink: 'syz.1.4884': attribute type 10 has an invalid length. [ 195.539574][T15755] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4884'. [ 195.548933][T15755] dummy0: entered promiscuous mode [ 195.554271][T15755] batman_adv: batadv0: Interface activated: dummy0 [ 195.560884][T15755] batadv0: mtu less than device minimum [ 195.566854][T15755] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 195.577608][T15755] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 195.588583][T15755] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 195.599515][T15755] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 195.610355][T15755] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 195.621112][T15755] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 195.637533][T15755] batman_adv: batadv0: Interface deactivated: dummy0 [ 195.644255][T15755] batman_adv: batadv0: Removing interface: dummy0 [ 195.720899][T15763] netlink: 'syz.0.4883': attribute type 12 has an invalid length. [ 195.812788][T15770] geneve3: entered promiscuous mode [ 195.818068][T15770] geneve3: entered allmulticast mode [ 195.939478][T15784] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 195.954452][T15789] loop2: detected capacity change from 0 to 1024 [ 195.961072][T15789] EXT4-fs: Ignoring removed i_version option [ 195.967121][T15789] EXT4-fs: Ignoring removed nomblk_io_submit option [ 195.981999][T15784] bond3: (slave batadv2): making interface the new active one [ 196.024330][T15789] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.046176][T15784] bond3: (slave batadv2): Enslaving as an active interface with an up link [ 196.121351][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.208082][T15799] loop5: detected capacity change from 0 to 512 [ 196.216423][T15799] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.4902: inode has both inline data and extents flags [ 196.229934][T15799] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.4902: couldn't read orphan inode 15 (err -117) [ 196.242865][T15799] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.286556][T15799] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters [ 196.311753][ T4940] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.347483][T15817] loop7: detected capacity change from 0 to 2048 [ 196.398016][T15817] Alternate GPT is invalid, using primary GPT. [ 196.404377][T15817] loop7: p2 p3 p7 [ 196.481630][T15824] loop2: detected capacity change from 0 to 512 [ 196.539837][T15824] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.555115][T15824] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #15: comm syz.2.4923: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 196.572505][T15824] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 196.583082][T15824] EXT4-fs error (device loop2): ext4_xattr_block_get:597: inode #15: comm syz.2.4923: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 196.599880][T15824] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 196.610281][T15824] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.4923: bg 0: block 18: invalid block bitmap [ 196.624007][T15824] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.4923: Failed to acquire dquot type 1 [ 196.653422][T15815] net_ratelimit: 14 callbacks suppressed [ 196.653464][T15815] Set syz1 is full, maxelem 65536 reached [ 196.666005][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.049483][T15846] loop5: detected capacity change from 0 to 1024 [ 197.095962][T15846] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 197.140881][T15846] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4193: comm syz.5.4920: Allocating blocks 449-513 which overlap fs metadata [ 197.175216][T15845] EXT4-fs (loop5): pa ffff8881076845b0: logic 48, phys. 177, len 21 [ 197.183256][T15845] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 4 [ 197.234171][ T4940] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.503304][T15868] loop5: detected capacity change from 0 to 1024 [ 197.510059][T15868] EXT4-fs: inline encryption not supported [ 197.515986][T15868] EXT4-fs: Ignoring removed orlov option [ 197.531979][T15872] loop7: detected capacity change from 0 to 1024 [ 197.538678][T15868] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 197.553241][T15872] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 197.565768][ T3410] page_pool_release_retry() stalled pool shutdown: id 56, 50 inflight 120 sec [ 197.584220][T15868] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e840c018, mo2=0002] [ 197.620494][T15868] System zones: 0-1, 3-12 [ 197.631516][T15868] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 197.688229][ T5787] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.737852][ T4940] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.857932][T15891] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4938'. [ 197.867469][T15891] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4938'. [ 197.873294][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 197.876772][ T4120] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 197.922799][T15893] loop1: detected capacity change from 0 to 512 [ 197.968113][ T29] kauditd_printk_skb: 149 callbacks suppressed [ 197.968195][ T29] audit: type=1400 audit(710.948:6662): avc: denied { mounton } for pid=15887 comm="syz.7.4937" path="/proc/1941/task" dev="proc" ino=51502 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 198.032010][ T29] audit: type=1400 audit(710.978:6663): avc: denied { mount } for pid=15887 comm="syz.7.4937" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 198.076563][T15893] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 198.119614][ T29] audit: type=1400 audit(711.068:6664): avc: denied { unmount } for pid=15894 comm="syz.5.4940" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 198.158390][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.429837][T15919] loop2: detected capacity change from 0 to 512 [ 198.450825][T15919] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 198.473143][ T29] audit: type=1400 audit(711.448:6665): avc: denied { create } for pid=15920 comm="syz.5.4950" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 198.492072][ T29] audit: type=1400 audit(711.448:6666): avc: denied { connect } for pid=15920 comm="syz.5.4950" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 198.511198][ T29] audit: type=1400 audit(711.448:6667): avc: denied { ioctl } for pid=15920 comm="syz.5.4950" path="socket:[51553]" dev="sockfs" ino=51553 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 198.544747][T15919] EXT4-fs (loop2): 1 truncate cleaned up [ 198.557857][T15919] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 198.583940][ T29] audit: type=1400 audit(711.498:6668): avc: denied { write } for pid=15920 comm="syz.5.4950" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 198.602826][ T29] audit: type=1400 audit(711.538:6669): avc: denied { watch_reads } for pid=15922 comm="syz.0.4951" path="/1034/file0" dev="tmpfs" ino=5363 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 198.779418][ T29] audit: type=1400 audit(711.758:6670): avc: denied { map } for pid=15918 comm="syz.2.4949" path="/1036/bus/cgroup.controllers" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 198.831811][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.885225][ T29] audit: type=1400 audit(711.868:6671): avc: denied { getopt } for pid=15945 comm="syz.0.4958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 198.935190][T15953] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4959'. [ 198.944697][T15953] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4959'. [ 199.020541][T15959] xt_hashlimit: max too large, truncated to 1048576 [ 199.088155][T15970] netlink: 8 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 199.364146][T15985] validate_nla: 1 callbacks suppressed [ 199.364217][T15985] netlink: 'syz.1.4975': attribute type 21 has an invalid length. [ 199.377711][T15985] netlink: 'syz.1.4975': attribute type 1 has an invalid length. [ 199.385538][T15985] netlink: 144 bytes leftover after parsing attributes in process `syz.1.4975'. [ 199.653919][T15994] xt_hashlimit: max too large, truncated to 1048576 [ 199.920893][T16015] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4996'. [ 200.059400][T16027] netlink: 'syz.7.4989': attribute type 3 has an invalid length. [ 200.078470][T16029] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4990'. [ 200.099073][T16029] bond7: entered allmulticast mode [ 200.253346][T16039] syz_tun: entered allmulticast mode [ 200.302840][T16039] dvmrp6: entered allmulticast mode [ 200.315311][T16046] ref_ctr_offset mismatch. inode: 0x118f offset: 0x7 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0 [ 200.315845][T16038] syz_tun: left allmulticast mode [ 200.874911][T16084] netlink: 'syz.0.5027': attribute type 10 has an invalid length. [ 200.886062][T16084] bond0: (slave dummy0): Releasing backup interface [ 200.908548][T16084] team0: Port device dummy0 added [ 200.924017][T16084] netlink: 'syz.0.5027': attribute type 10 has an invalid length. [ 200.933283][T16084] team0: Port device dummy0 removed [ 200.939849][T16084] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 200.979420][T16088] syz_tun: entered allmulticast mode [ 200.989023][T16088] dvmrp6: entered allmulticast mode [ 201.006405][T16087] syz_tun: left allmulticast mode [ 201.161908][T16107] tipc: Bearer : already 2 bearers with priority 10 [ 201.169240][T16107] tipc: Bearer : trying with adjusted priority [ 201.203281][T16107] tipc: New replicast peer: 255.255.255.83 [ 201.209170][T16107] tipc: Enabled bearer , priority 9 [ 201.252490][T16115] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5030'. [ 201.301092][T16125] syz_tun: entered allmulticast mode [ 201.321217][T16125] dvmrp6: entered allmulticast mode [ 201.335033][T16124] syz_tun: left allmulticast mode [ 201.419511][T16132] 9pnet: Could not find request transport: 0xffffffffffffffff [ 201.443960][T16137] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5040'. [ 201.548007][T16150] vlan1: entered allmulticast mode [ 201.614770][T16155] syz_tun: entered allmulticast mode [ 201.624735][T16155] dvmrp6: entered allmulticast mode [ 201.632184][T16154] syz_tun: left allmulticast mode [ 202.049008][T16163] syz_tun: entered allmulticast mode [ 202.057129][T16162] syz_tun: left allmulticast mode [ 202.070202][ T6353] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 202.093001][ T6353] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 202.104458][ T6353] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 202.113224][ T3880] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 202.156166][T16171] syz_tun: entered allmulticast mode [ 202.161942][T16168] syz_tun: left allmulticast mode [ 202.436738][ T3410] hid_parser_main: 30 callbacks suppressed [ 202.436759][ T3410] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 202.479536][ T3410] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 202.661941][T16223] syzkaller0: entered allmulticast mode [ 202.669420][T16223] syzkaller0 (unregistering): left allmulticast mode [ 203.415764][ T29] kauditd_printk_skb: 120 callbacks suppressed [ 203.415780][ T29] audit: type=1326 audit(716.398:6792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16232 comm="syz.1.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 203.473860][ T29] audit: type=1326 audit(716.428:6793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16232 comm="syz.1.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 203.496884][ T29] audit: type=1326 audit(716.428:6794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16232 comm="syz.1.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 203.519886][ T29] audit: type=1326 audit(716.428:6795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16232 comm="syz.1.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 203.542825][ T29] audit: type=1326 audit(716.428:6796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16232 comm="syz.1.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 203.565770][ T29] audit: type=1326 audit(716.428:6797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16232 comm="syz.1.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 203.588725][ T29] audit: type=1326 audit(716.438:6798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16232 comm="syz.1.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 203.611798][ T29] audit: type=1326 audit(716.438:6799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16232 comm="syz.1.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 203.634835][ T29] audit: type=1326 audit(716.438:6800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16232 comm="syz.1.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 203.658002][ T29] audit: type=1326 audit(716.438:6801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16232 comm="syz.1.5081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 203.731456][T16254] __nla_validate_parse: 6 callbacks suppressed [ 203.731468][T16254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5085'. [ 203.749867][T16256] netlink: 96 bytes leftover after parsing attributes in process `syz.0.5098'. [ 203.897978][T16271] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.5094'. [ 203.913729][T16273] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5096'. [ 204.048551][T16285] netlink: 'syz.7.5103': attribute type 1 has an invalid length. [ 204.059005][T16288] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 204.062860][T16285] 8021q: adding VLAN 0 to HW filter on device bond7 [ 204.065607][T16288] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 204.065734][T16288] vhci_hcd vhci_hcd.0: Device attached [ 204.119198][T16289] vhci_hcd: connection closed [ 204.119354][ T3887] vhci_hcd: stop threads [ 204.128403][ T3887] vhci_hcd: release socket [ 204.132814][ T3887] vhci_hcd: disconnect device [ 204.231170][T16299] macvtap0: refused to change device tx_queue_len [ 204.417440][T16319] netlink: 'syz.0.5125': attribute type 1 has an invalid length. [ 204.444963][T16319] bond4: entered promiscuous mode [ 204.450202][T16319] 8021q: adding VLAN 0 to HW filter on device bond4 [ 204.464003][T16322] veth0_macvtap: left promiscuous mode [ 204.469568][T16322] veth0_macvtap: entered promiscuous mode [ 204.475580][T16322] veth0_macvtap: entered allmulticast mode [ 204.524445][T16319] bond4: (slave bridge10): making interface the new active one [ 204.532059][T16319] bridge10: entered promiscuous mode [ 204.554190][T16319] bond4: (slave bridge10): Enslaving as an active interface with an up link [ 204.829622][T16352] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5131'. [ 204.853465][T16352] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5131'. [ 205.538638][T16384] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5144'. [ 205.548577][T16384] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5144'. [ 205.561305][T16385] veth0_macvtap: left promiscuous mode [ 205.566877][T16385] veth0_macvtap: entered promiscuous mode [ 205.572666][T16385] veth0_macvtap: entered allmulticast mode [ 206.369560][T16426] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5162'. [ 206.493403][T16431] Falling back ldisc for ttyS3. [ 206.773493][ T3880] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x60 [ 206.912104][T16453] loop1: detected capacity change from 0 to 1024 [ 206.923940][T16450] loop7: detected capacity change from 0 to 4096 [ 206.931700][T16453] EXT4-fs: Ignoring removed orlov option [ 206.937772][T16453] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 206.949526][T16450] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.965183][T16453] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.066118][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.151033][ T5787] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.503678][ T29] kauditd_printk_skb: 335 callbacks suppressed [ 208.503696][ T29] audit: type=1326 audit(721.488:7137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16508 comm="syz.7.5193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 208.533113][ T29] audit: type=1326 audit(721.488:7138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16508 comm="syz.7.5193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 208.574375][ T29] audit: type=1326 audit(721.488:7139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16508 comm="syz.7.5193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 208.597436][ T29] audit: type=1326 audit(721.488:7140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16508 comm="syz.7.5193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 208.620757][ T29] audit: type=1326 audit(721.488:7141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16508 comm="syz.7.5193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 208.643778][ T29] audit: type=1326 audit(721.488:7142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16508 comm="syz.7.5193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 208.666693][ T29] audit: type=1326 audit(721.488:7143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16514 comm="syz.7.5193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f66679c1f85 code=0x7ffc0000 [ 208.689681][ T29] audit: type=1326 audit(721.538:7144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16509 comm="syz.2.5192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbee391f6c9 code=0x7ffc0000 [ 208.712738][ T29] audit: type=1326 audit(721.538:7145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16509 comm="syz.2.5192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbee391f6c9 code=0x7ffc0000 [ 208.735628][ T29] audit: type=1326 audit(721.538:7146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16509 comm="syz.2.5192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbee391f6c9 code=0x7ffc0000 [ 210.084127][T16555] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5212'. [ 210.485175][T16580] loop2: detected capacity change from 0 to 4096 [ 210.504030][T16580] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.546778][T16579] Falling back ldisc for ttyS3. [ 210.775257][ T3862] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x60 [ 210.800624][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.321620][T16610] geneve3: entered promiscuous mode [ 211.326892][T16610] geneve3: entered allmulticast mode [ 212.169301][T16632] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5251'. [ 213.391788][T16692] loop2: detected capacity change from 0 to 1024 [ 213.419939][T16694] netlink: 'syz.1.5264': attribute type 1 has an invalid length. [ 213.444455][T16692] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 213.470413][T16698] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5264'. [ 213.517231][T16694] 8021q: adding VLAN 0 to HW filter on device bond6 [ 213.578106][T16698] bond6 (unregistering): Released all slaves [ 213.695021][T16707] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 213.796531][T16716] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5271'. [ 213.836463][T16718] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16718 comm=syz.5.5273 [ 213.900618][ T29] kauditd_printk_skb: 61 callbacks suppressed [ 213.900632][ T29] audit: type=1326 audit(726.878:7208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16722 comm="syz.7.5275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 213.930808][ T29] audit: type=1326 audit(726.908:7209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16722 comm="syz.7.5275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 213.954071][ T29] audit: type=1326 audit(726.908:7210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16722 comm="syz.7.5275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 213.976961][ T29] audit: type=1326 audit(726.908:7211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16722 comm="syz.7.5275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 214.000903][ T29] audit: type=1326 audit(726.908:7212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16722 comm="syz.7.5275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 214.023912][ T29] audit: type=1326 audit(726.908:7213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16722 comm="GPL" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 214.046432][ T29] audit: type=1326 audit(726.908:7214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16722 comm="GPL" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 214.068780][ T29] audit: type=1326 audit(726.908:7215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16722 comm="GPL" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 214.091151][ T29] audit: type=1326 audit(726.908:7216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16722 comm="GPL" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 214.113604][ T29] audit: type=1326 audit(726.908:7217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16722 comm="GPL" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f666798f6c9 code=0x7ffc0000 [ 214.138778][T16723] loop7: detected capacity change from 0 to 1024 [ 214.146062][T16723] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 214.157902][T16723] EXT4-fs error (device loop7): ext4_orphan_get:1392: inode #11: comm GPL: iget: bogus i_mode (1) [ 214.168650][T16723] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm GPL: couldn't read orphan inode 11 (err -117) [ 214.180403][T16723] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.197171][T16723] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.216433][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.716300][T16731] netlink: 'syz.5.5279': attribute type 1 has an invalid length. [ 214.731908][T16731] 8021q: adding VLAN 0 to HW filter on device bond7 [ 214.747060][T16731] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5279'. [ 214.770402][T16731] bond7 (unregistering): Released all slaves [ 214.999881][T16748] loop1: detected capacity change from 0 to 4096 [ 215.009823][T16748] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 215.050338][T16760] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5300'. [ 215.216835][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.232885][T16763] loop7: detected capacity change from 0 to 1024 [ 215.251567][T16763] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 215.564266][T16783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5296'. [ 215.573484][T16783] bridge_slave_1: left allmulticast mode [ 215.579183][T16783] bridge_slave_1: left promiscuous mode [ 215.585115][T16783] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.603628][T16783] bridge_slave_0: left promiscuous mode [ 215.609327][T16783] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.070824][ T5787] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.123630][T16797] loop2: detected capacity change from 0 to 128 [ 216.980585][T16810] netlink: 'syz.2.5307': attribute type 1 has an invalid length. [ 217.000054][T16809] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5305'. [ 217.016722][T16810] 8021q: adding VLAN 0 to HW filter on device bond8 [ 217.029670][T16809] bond6: left allmulticast mode [ 217.034819][T16809] bond6: left promiscuous mode [ 217.039894][T16809] bridge0: port 2(bond6) entered disabled state [ 217.049217][T16809] batadv2: left allmulticast mode [ 217.054309][T16809] batadv2: left promiscuous mode [ 217.059495][T16809] bridge0: port 1(batadv2) entered disabled state [ 217.070480][T16810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5307'. [ 217.160305][T16828] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=16828 comm=syz.1.5309 [ 217.183295][T16810] bond8 (unregistering): Released all slaves [ 217.197026][T16828] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5309'. [ 217.211972][T16832] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5316'. [ 217.220889][T16832] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5316'. [ 217.229899][T16832] netlink: 'syz.0.5316': attribute type 6 has an invalid length. [ 217.238364][T16832] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5316'. [ 217.247258][T16832] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5316'. [ 217.256342][T16832] netlink: 'syz.0.5316': attribute type 6 has an invalid length. [ 217.333132][T16837] Falling back ldisc for ttyS3. [ 217.619528][T16850] SELinux: failed to load policy [ 217.977254][T16862] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=16862 comm=syz.2.5341 [ 218.008619][T16862] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5341'. [ 218.057178][T16871] netlink: 64 bytes leftover after parsing attributes in process `syz.1.5331'. [ 218.137360][T16881] netlink: 'syz.0.5333': attribute type 1 has an invalid length. [ 218.166546][T16881] 8021q: adding VLAN 0 to HW filter on device bond5 [ 218.184338][T16881] bond5 (unregistering): Released all slaves [ 218.309940][T16898] SELinux: failed to load policy [ 218.581222][T16928] geneve2: entered promiscuous mode [ 218.586572][T16928] geneve2: entered allmulticast mode [ 219.361288][ T29] kauditd_printk_skb: 145 callbacks suppressed [ 219.361303][ T29] audit: type=1326 audit(732.338:7363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16930 comm="syz.5.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 219.392150][ T29] audit: type=1326 audit(732.368:7364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16930 comm="syz.5.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 219.415224][ T29] audit: type=1326 audit(732.368:7365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16930 comm="syz.5.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 219.438238][ T29] audit: type=1326 audit(732.368:7366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16930 comm="syz.5.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 219.461370][ T29] audit: type=1326 audit(732.368:7367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16930 comm="syz.5.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 219.484276][ T29] audit: type=1326 audit(732.368:7368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16930 comm="syz.5.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 219.507086][ T29] audit: type=1326 audit(732.368:7369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16930 comm="syz.5.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 219.529977][ T29] audit: type=1326 audit(732.368:7370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16930 comm="syz.5.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 219.552867][ T29] audit: type=1326 audit(732.368:7371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16930 comm="syz.5.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 219.575825][ T29] audit: type=1326 audit(732.368:7372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16930 comm="syz.5.5362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 219.627065][T16938] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16938 comm=syz.0.5365 [ 219.832718][T16965] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=16965 comm=syz.5.5374 [ 219.846030][T16963] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 219.930456][T16972] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=16972 comm=syz.7.5390 [ 220.045397][T16985] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16985 comm=syz.7.5382 [ 220.522697][T16999] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 220.555925][T17005] netlink: 'syz.7.5393': attribute type 6 has an invalid length. [ 220.564438][T17005] netlink: 'syz.7.5393': attribute type 6 has an invalid length. [ 220.574930][T17007] __nla_validate_parse: 14 callbacks suppressed [ 220.574949][T17007] netlink: 96 bytes leftover after parsing attributes in process `syz.0.5404'. [ 220.692864][T17017] netlink: 64 bytes leftover after parsing attributes in process `syz.5.5397'. [ 220.741322][T17028] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5415'. [ 220.819626][T17041] loop7: detected capacity change from 0 to 1024 [ 220.826931][T17041] EXT4-fs: Ignoring removed orlov option [ 220.850357][T17041] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 220.877287][T17049] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5424'. [ 220.887396][ T5787] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.953252][T17059] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5408'. [ 221.006428][T17066] loop1: detected capacity change from 0 to 1024 [ 221.013710][T17066] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 221.024782][T17066] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 221.035759][T17066] JBD2: no valid journal superblock found [ 221.041487][T17066] EXT4-fs (loop1): Could not load journal inode [ 221.113749][T17083] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5427'. [ 221.128789][T17081] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5426'. [ 221.298767][T17109] netlink: 'syz.1.5437': attribute type 27 has an invalid length. [ 221.307149][T17109] dummy0: left promiscuous mode [ 221.317090][ T3887] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 221.326281][ T3887] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 221.344654][ T3887] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 221.363188][ T3887] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 221.380566][T17113] xt_hashlimit: max too large, truncated to 1048576 [ 221.467458][T17120] loop2: detected capacity change from 0 to 512 [ 221.480311][T17120] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.5454: error while reading EA inode 32 err=-116 [ 221.503489][T17120] EXT4-fs (loop2): Remounting filesystem read-only [ 221.514478][T17120] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 221.527094][T17120] EXT4-fs (loop2): 1 orphan inode deleted [ 221.533624][T17120] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 221.576074][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.670248][T17145] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5464'. [ 221.849294][T17161] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5458'. [ 221.858503][T17161] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5458'. [ 221.967280][T17169] loop1: detected capacity change from 0 to 512 [ 221.983870][T17169] EXT4-fs error (device loop1): ext4_init_orphan_info:581: comm syz.1.5456: inode #0: comm syz.1.5456: iget: illegal inode # [ 222.002978][T17169] EXT4-fs (loop1): get orphan inode failed [ 222.009065][T17169] EXT4-fs (loop1): mount failed [ 222.857716][T17159] syz.1.5456 (17159) used greatest stack depth: 7048 bytes left [ 222.981397][T17143] Set syz1 is full, maxelem 65536 reached [ 223.123846][T17224] netlink: 'syz.0.5484': attribute type 27 has an invalid length. [ 223.168351][T17224] wg2: left promiscuous mode [ 223.173046][T17224] wg2: left allmulticast mode [ 223.193928][T17224] veth0_macvtap: left promiscuous mode [ 223.199511][T17224] veth0_macvtap: left allmulticast mode [ 223.209429][T17230] loop1: detected capacity change from 0 to 1024 [ 223.233615][T17224] ip6gre1: left promiscuous mode [ 223.239386][T17230] EXT4-fs: Ignoring removed orlov option [ 223.254969][T17224] bond4: left promiscuous mode [ 223.259861][T17224] bridge10: left promiscuous mode [ 223.290228][T17230] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 223.339100][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.413659][T17251] pim6reg1: entered promiscuous mode [ 223.418998][T17251] pim6reg1: entered allmulticast mode [ 224.344841][T17291] netlink: 'syz.7.5512': attribute type 27 has an invalid length. [ 224.355628][T17293] loop2: detected capacity change from 0 to 512 [ 224.378596][T17291] veth0_macvtap: left promiscuous mode [ 224.384388][T17291] veth0_macvtap: left allmulticast mode [ 224.404849][T17293] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.449644][T17291] bond4: left promiscuous mode [ 224.465660][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.482401][ T6353] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.501760][ T6353] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.521798][ T6353] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.531062][ T6353] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.813398][T17322] xt_hashlimit: max too large, truncated to 1048576 [ 224.979795][T17343] loop7: detected capacity change from 0 to 512 [ 225.014925][T17343] EXT4-fs error (device loop7): ext4_init_orphan_info:581: comm syz.7.5529: inode #0: comm syz.7.5529: iget: illegal inode # [ 225.075167][T17343] EXT4-fs (loop7): get orphan inode failed [ 225.081146][T17343] EXT4-fs (loop7): mount failed [ 225.124850][T17356] netlink: 'syz.5.5533': attribute type 27 has an invalid length. [ 225.149720][T17356] veth0_macvtap: left promiscuous mode [ 225.155306][T17356] veth0_macvtap: left allmulticast mode [ 225.324685][ T29] kauditd_printk_skb: 252 callbacks suppressed [ 225.324699][ T29] audit: type=1326 audit(738.308:7625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17370 comm="syz.5.5543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 225.400921][ T29] audit: type=1400 audit(738.338:7626): avc: denied { bind } for pid=17372 comm="syz.0.5546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 225.420737][ T29] audit: type=1326 audit(738.338:7627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17370 comm="syz.5.5543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 225.443712][ T29] audit: type=1326 audit(738.338:7628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17370 comm="syz.5.5543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 225.466678][ T29] audit: type=1326 audit(738.338:7629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17370 comm="syz.5.5543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 225.489580][ T29] audit: type=1326 audit(738.338:7630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17370 comm="syz.5.5543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 225.512555][ T29] audit: type=1326 audit(738.338:7631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17370 comm="syz.5.5543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 225.535483][ T29] audit: type=1326 audit(738.338:7632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17370 comm="syz.5.5543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 225.558392][ T29] audit: type=1326 audit(738.338:7633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17370 comm="syz.5.5543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 225.581331][ T29] audit: type=1326 audit(738.338:7634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17370 comm="syz.5.5543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f42dfe3f6c9 code=0x7ffc0000 [ 225.746150][T17388] netlink: 'syz.2.5554': attribute type 27 has an invalid length. [ 225.808962][T17388] bond7: left allmulticast mode [ 226.037348][T17334] syz.7.5529 (17334) used greatest stack depth: 6136 bytes left [ 226.144492][T17418] __nla_validate_parse: 10 callbacks suppressed [ 226.144512][T17418] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5563'. [ 226.160446][T17418] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5563'. [ 226.204866][T17422] loop1: detected capacity change from 0 to 2048 [ 226.214449][T17422] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 226.283745][T17433] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5565'. [ 226.377058][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.913627][T17447] loop7: detected capacity change from 0 to 128 [ 226.925125][T17444] netlink: 'syz.2.5576': attribute type 4 has an invalid length. [ 226.928793][T17447] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 227.012554][ T5787] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 227.061272][T17455] loop1: detected capacity change from 0 to 512 [ 227.078858][T17455] EXT4-fs: Ignoring removed bh option [ 227.085493][T17455] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 227.094594][T17455] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 227.121848][T17455] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 227.133100][T17455] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e002e01c, mo2=0006] [ 227.144986][T17455] System zones: 0-2, 18-18, 34-35 [ 227.150686][T17455] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 227.189222][T17465] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5584'. [ 227.207875][T17465] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5584'. [ 227.217623][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.390203][T17487] netlink: 'syz.1.5592': attribute type 4 has an invalid length. [ 227.398792][T17485] sch_fq: defrate 0 ignored. [ 227.736531][T17502] loop2: detected capacity change from 0 to 512 [ 227.853400][T17502] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.5603: corrupted in-inode xattr: invalid ea_ino [ 227.895723][T17502] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.5603: couldn't read orphan inode 15 (err -117) [ 227.943830][T17502] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.149250][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.680820][T17533] netlink: 'syz.5.5611': attribute type 4 has an invalid length. [ 228.707656][T17537] netlink: 'syz.7.5624': attribute type 4 has an invalid length. [ 228.715466][T17537] netlink: 152 bytes leftover after parsing attributes in process `syz.7.5624'. [ 228.725809][T17537] .`: renamed from bond0 [ 228.737915][T17539] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5612'. [ 228.747273][T17539] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5612'. [ 228.818533][T17556] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5620'. [ 229.109540][T17577] netlink: 'syz.0.5631': attribute type 4 has an invalid length. [ 229.727987][T17591] loop1: detected capacity change from 0 to 512 [ 229.747110][T17591] EXT4-fs (loop1): orphan cleanup on readonly fs [ 229.764752][T17591] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.5637: bad orphan inode 13 [ 229.777333][T17602] loop2: detected capacity change from 0 to 512 [ 229.795064][T17591] ext4_test_bit(bit=12, block=18) = 1 [ 229.800550][T17591] is_bad_inode(inode)=0 [ 229.804777][T17591] NEXT_ORPHAN(inode)=2130706432 [ 229.809690][T17591] max_ino=32 [ 229.812938][T17591] i_nlink=1 [ 229.827101][T17591] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 229.892325][T17602] EXT4-fs error (device loop2): ext4_init_orphan_info:581: comm syz.2.5634: inode #0: comm syz.2.5634: iget: illegal inode # [ 229.933203][T17602] EXT4-fs (loop2): get orphan inode failed [ 229.945489][T17602] EXT4-fs (loop2): mount failed [ 229.953629][T17610] netem: change failed [ 230.157952][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.197449][T17625] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5645'. [ 230.249305][T17627] netlink: 'syz.5.5648': attribute type 29 has an invalid length. [ 230.262248][T17627] netlink: 'syz.5.5648': attribute type 29 has an invalid length. [ 230.478090][T17587] syz.2.5634 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 230.485466][ T29] kauditd_printk_skb: 227 callbacks suppressed [ 230.485496][ T29] audit: type=1400 audit(743.458:7862): avc: denied { connect } for pid=17645 comm="syz.5.5655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 230.492244][T17587] CPU: 0 UID: 0 PID: 17587 Comm: syz.2.5634 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 230.492325][T17587] Tainted: [W]=WARN [ 230.492337][T17587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 230.492353][T17587] Call Trace: [ 230.492362][T17587] [ 230.492372][T17587] __dump_stack+0x1d/0x30 [ 230.492420][T17587] dump_stack_lvl+0xe8/0x140 [ 230.492449][T17587] dump_stack+0x15/0x1b [ 230.492475][T17587] dump_header+0x81/0x220 [ 230.492544][T17587] oom_kill_process+0x342/0x400 [ 230.492592][T17587] out_of_memory+0x979/0xb80 [ 230.492711][T17587] try_charge_memcg+0x610/0xa10 [ 230.492760][T17587] obj_cgroup_charge_pages+0xa6/0x150 [ 230.492791][T17587] __memcg_kmem_charge_page+0x9f/0x170 [ 230.492844][T17587] __alloc_frozen_pages_noprof+0x188/0x360 [ 230.492877][T17587] alloc_pages_mpol+0xb3/0x260 [ 230.492918][T17587] ? alloc_pages_noprof+0xf4/0x130 [ 230.492949][T17587] alloc_pages_noprof+0x90/0x130 [ 230.493049][T17587] __vmalloc_node_range_noprof+0x7a5/0xed0 [ 230.493182][T17587] __kvmalloc_node_noprof+0x483/0x670 [ 230.493244][T17587] ? ip_set_alloc+0x24/0x30 [ 230.493287][T17587] ? ip_set_alloc+0x24/0x30 [ 230.493391][T17587] ? __kmalloc_cache_noprof+0x249/0x4a0 [ 230.493496][T17587] ip_set_alloc+0x24/0x30 [ 230.493715][T17587] hash_netiface_create+0x282/0x740 [ 230.493767][T17587] ? __pfx_hash_netiface_create+0x10/0x10 [ 230.493817][T17587] ip_set_create+0x3cc/0x970 [ 230.493878][T17587] ? __nla_parse+0x40/0x60 [ 230.493916][T17587] nfnetlink_rcv_msg+0x4c6/0x590 [ 230.494086][T17587] netlink_rcv_skb+0x123/0x220 [ 230.494132][T17587] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 230.494243][T17587] nfnetlink_rcv+0x167/0x16c0 [ 230.494377][T17587] ? __list_del_entry_valid_or_report+0x65/0x130 [ 230.494419][T17587] ? should_fail_ex+0x30/0x280 [ 230.494446][T17587] ? should_failslab+0x8c/0xb0 [ 230.494484][T17587] ? should_fail_ex+0x30/0x280 [ 230.494584][T17587] ? should_fail_ex+0x30/0x280 [ 230.494611][T17587] ? selinux_nlmsg_lookup+0x99/0x890 [ 230.494656][T17587] ? __rcu_read_unlock+0x34/0x70 [ 230.494693][T17587] ? __netlink_lookup+0x266/0x2a0 [ 230.494725][T17587] netlink_unicast+0x5c0/0x690 [ 230.494825][T17587] netlink_sendmsg+0x58b/0x6b0 [ 230.494868][T17587] ? __pfx_netlink_sendmsg+0x10/0x10 [ 230.494895][T17587] __sock_sendmsg+0x145/0x180 [ 230.494934][T17587] ____sys_sendmsg+0x31e/0x4e0 [ 230.495037][T17587] ___sys_sendmsg+0x17b/0x1d0 [ 230.495152][T17587] __x64_sys_sendmsg+0xd4/0x160 [ 230.495185][T17587] x64_sys_call+0x191e/0x3000 [ 230.495302][T17587] do_syscall_64+0xd2/0x200 [ 230.495374][T17587] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 230.495412][T17587] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 230.495457][T17587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.495561][T17587] RIP: 0033:0x7fbee391f6c9 [ 230.495587][T17587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.495612][T17587] RSP: 002b:00007fbee237f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 230.495639][T17587] RAX: ffffffffffffffda RBX: 00007fbee3b75fa0 RCX: 00007fbee391f6c9 [ 230.495656][T17587] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000004 [ 230.495671][T17587] RBP: 00007fbee39a1f91 R08: 0000000000000000 R09: 0000000000000000 [ 230.495696][T17587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 230.495713][T17587] R13: 00007fbee3b76038 R14: 00007fbee3b75fa0 R15: 00007ffcaab2fbc8 [ 230.495740][T17587] [ 230.495790][T17587] memory: usage 307200kB, limit 307200kB, failcnt 418 [ 230.866941][T17587] memory+swap: usage 313516kB, limit 9007199254740988kB, failcnt 0 [ 230.874881][T17587] kmem: usage 245376kB, limit 9007199254740988kB, failcnt 0 [ 230.882186][T17587] Memory cgroup stats for /syz2: [ 230.882876][T17587] cache 62861312 [ 230.891453][T17587] rss 442368 [ 230.894689][T17587] shmem 62832640 [ 230.898255][T17587] mapped_file 28672 [ 230.902195][T17587] dirty 0 [ 230.905178][T17587] writeback 0 [ 230.908527][T17587] workingset_refault_anon 2079 [ 230.913337][T17587] workingset_refault_file 474 [ 230.918025][T17587] swap 6467584 [ 230.921409][T17587] swapcached 0 [ 230.924876][T17587] pgpgin 280827 [ 230.928358][T17587] pgpgout 265371 [ 230.931943][T17587] pgfault 294957 [ 230.935563][T17587] pgmajfault 316 [ 230.939132][T17587] inactive_anon 61358080 [ 230.943440][T17587] active_anon 1916928 [ 230.947443][T17587] inactive_file 32768 [ 230.951434][T17587] active_file 0 [ 230.955011][T17587] unevictable 0 [ 230.958476][T17587] hierarchical_memory_limit 314572800 [ 230.963921][T17587] hierarchical_memsw_limit 9223372036854771712 [ 230.970098][T17587] total_cache 62861312 [ 230.974221][T17587] total_rss 442368 [ 230.977938][T17587] total_shmem 62832640 [ 230.982001][T17587] total_mapped_file 28672 [ 230.986369][T17587] total_dirty 0 [ 230.989835][T17587] total_writeback 0 [ 230.993719][T17587] total_workingset_refault_anon 2079 [ 230.999136][T17587] total_workingset_refault_file 474 [ 231.004348][T17587] total_swap 6467584 [ 231.008297][T17587] total_swapcached 0 [ 231.012186][T17587] total_pgpgin 280828 [ 231.016209][T17587] total_pgpgout 265372 [ 231.020312][T17587] total_pgfault 294958 [ 231.024416][T17587] total_pgmajfault 316 [ 231.028483][T17587] total_inactive_anon 61358080 [ 231.033271][T17587] total_active_anon 1916928 [ 231.037778][T17587] total_inactive_file 32768 [ 231.042367][T17587] total_active_file 0 [ 231.046384][T17587] total_unevictable 0 [ 231.050369][T17587] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.5634,pid=17585,uid=0 [ 231.065116][T17587] Memory cgroup out of memory: Killed process 17585 (syz.2.5634) total-vm:96136kB, anon-rss:1268kB, file-rss:22320kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 231.101964][T17659] netdevsim netdevsim7: Direct firmware load for ÿÿÿÿ failed with error -2 [ 231.144586][ T29] audit: type=1326 audit(744.128:7863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17663 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 231.184214][ T29] audit: type=1326 audit(744.148:7864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17663 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 231.207296][ T29] audit: type=1326 audit(744.148:7865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17663 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 231.230341][ T29] audit: type=1326 audit(744.148:7866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17663 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 231.253305][ T29] audit: type=1326 audit(744.148:7867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17663 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 231.276240][ T29] audit: type=1326 audit(744.148:7868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17663 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 231.299351][ T29] audit: type=1326 audit(744.148:7869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17663 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 231.322277][ T29] audit: type=1326 audit(744.148:7870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17663 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 231.345331][ T29] audit: type=1326 audit(744.148:7871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17663 comm="syz.1.5661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39497df6c9 code=0x7ffc0000 [ 231.377923][T17671] loop1: detected capacity change from 0 to 128 [ 231.408702][T17671] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 231.466191][ T3316] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 231.766886][T17705] loop7: detected capacity change from 0 to 512 [ 231.793821][T17705] EXT4-fs error (device loop7): ext4_init_orphan_info:581: comm syz.7.5679: inode #0: comm syz.7.5679: iget: illegal inode # [ 231.820302][T17705] EXT4-fs (loop7): get orphan inode failed [ 231.833035][T17705] EXT4-fs (loop7): mount failed [ 231.996174][T17712] __nla_validate_parse: 1 callbacks suppressed [ 231.996191][T17712] netlink: 16402 bytes leftover after parsing attributes in process `+}[@'. [ 232.017438][T17709] netdevsim netdevsim0: Direct firmware load for ÿÿÿÿ failed with error -2 [ 232.062394][T17719] loop2: detected capacity change from 0 to 128 [ 232.105664][T17719] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 232.207225][ T3328] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 232.334119][T17702] syz.7.5679 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 232.348315][T17702] CPU: 0 UID: 0 PID: 17702 Comm: syz.7.5679 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 232.348345][T17702] Tainted: [W]=WARN [ 232.348350][T17702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 232.348434][T17702] Call Trace: [ 232.348440][T17702] [ 232.348447][T17702] __dump_stack+0x1d/0x30 [ 232.348468][T17702] dump_stack_lvl+0xe8/0x140 [ 232.348486][T17702] dump_stack+0x15/0x1b [ 232.348558][T17702] dump_header+0x81/0x220 [ 232.348575][T17702] oom_kill_process+0x342/0x400 [ 232.348610][T17702] out_of_memory+0x979/0xb80 [ 232.348716][T17702] try_charge_memcg+0x610/0xa10 [ 232.348751][T17702] obj_cgroup_charge_pages+0xa6/0x150 [ 232.348906][T17702] __memcg_kmem_charge_page+0x9f/0x170 [ 232.348932][T17702] __alloc_frozen_pages_noprof+0x188/0x360 [ 232.348961][T17702] alloc_pages_mpol+0xb3/0x260 [ 232.348985][T17702] ? alloc_pages_noprof+0x61/0x130 [ 232.349005][T17702] alloc_pages_noprof+0x90/0x130 [ 232.349073][T17702] __vmalloc_node_range_noprof+0x7a5/0xed0 [ 232.349128][T17702] __kvmalloc_node_noprof+0x483/0x670 [ 232.349176][T17702] ? ip_set_alloc+0x24/0x30 [ 232.349263][T17702] ? ip_set_alloc+0x24/0x30 [ 232.349291][T17702] ? __kmalloc_cache_noprof+0x249/0x4a0 [ 232.349327][T17702] ip_set_alloc+0x24/0x30 [ 232.349413][T17702] hash_netiface_create+0x282/0x740 [ 232.349460][T17702] ? __pfx_hash_netiface_create+0x10/0x10 [ 232.349497][T17702] ip_set_create+0x3cc/0x970 [ 232.349533][T17702] ? __nla_parse+0x40/0x60 [ 232.349558][T17702] nfnetlink_rcv_msg+0x4c6/0x590 [ 232.349623][T17702] netlink_rcv_skb+0x123/0x220 [ 232.349656][T17702] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 232.349686][T17702] nfnetlink_rcv+0x167/0x16c0 [ 232.349710][T17702] ? do_user_addr_fault+0xd9e/0x1080 [ 232.349732][T17702] ? cmp_ex_search+0x25/0x40 [ 232.349760][T17702] ? bsearch+0x95/0xc0 [ 232.349806][T17702] ? __pfx_cmp_ex_search+0x10/0x10 [ 232.349959][T17702] ? strncpy_from_user+0x17d/0x230 [ 232.349985][T17702] ? search_extable+0x53/0x80 [ 232.350007][T17702] ? strncpy_from_user+0x17d/0x230 [ 232.350059][T17702] ? strncpy_from_user+0x17d/0x230 [ 232.350114][T17702] ? fixup_exception+0x741/0xd50 [ 232.350136][T17702] ? search_extable+0x53/0x80 [ 232.350231][T17702] ? do_user_addr_fault+0xd9e/0x1080 [ 232.350254][T17702] ? do_user_addr_fault+0xd9e/0x1080 [ 232.350280][T17702] ? kernelmode_fixup_or_oops+0x59/0xb0 [ 232.350309][T17702] ? exc_page_fault+0x62/0xa0 [ 232.350362][T17702] ? kernelmode_fixup_or_oops+0x59/0xb0 [ 232.350382][T17702] ? should_fail_ex+0x30/0x280 [ 232.350412][T17702] ? selinux_nlmsg_lookup+0x99/0x890 [ 232.350434][T17702] ? __rcu_read_unlock+0x34/0x70 [ 232.350514][T17702] ? __netlink_lookup+0x266/0x2a0 [ 232.350533][T17702] netlink_unicast+0x5c0/0x690 [ 232.350562][T17702] netlink_sendmsg+0x58b/0x6b0 [ 232.350586][T17702] ? __pfx_netlink_sendmsg+0x10/0x10 [ 232.350670][T17702] __sock_sendmsg+0x145/0x180 [ 232.350693][T17702] ____sys_sendmsg+0x31e/0x4e0 [ 232.350730][T17702] ___sys_sendmsg+0x17b/0x1d0 [ 232.350759][T17702] __x64_sys_sendmsg+0xd4/0x160 [ 232.350851][T17702] x64_sys_call+0x191e/0x3000 [ 232.350923][T17702] do_syscall_64+0xd2/0x200 [ 232.350941][T17702] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 232.350965][T17702] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 232.351147][T17702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.351170][T17702] RIP: 0033:0x7f666798f6c9 [ 232.351192][T17702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.351207][T17702] RSP: 002b:00007f66663ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 232.351241][T17702] RAX: ffffffffffffffda RBX: 00007f6667be5fa0 RCX: 00007f666798f6c9 [ 232.351255][T17702] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000004 [ 232.351269][T17702] RBP: 00007f6667a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 232.351283][T17702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 232.351304][T17702] R13: 00007f6667be6038 R14: 00007f6667be5fa0 R15: 00007ffd391ceb88 [ 232.351327][T17702] [ 232.351334][T17702] memory: usage 307200kB, limit 307200kB, failcnt 138 [ 232.755949][T17702] memory+swap: usage 334656kB, limit 9007199254740988kB, failcnt 0 [ 232.763894][T17702] kmem: usage 266324kB, limit 9007199254740988kB, failcnt 0 [ 232.771279][T17702] Memory cgroup stats for /syz7: [ 232.778360][T17702] cache 41463808 [ 232.787132][T17702] rss 319488 [ 232.790355][T17702] shmem 41463808 [ 232.793954][T17702] mapped_file 0 [ 232.797424][T17702] dirty 0 [ 232.800364][T17702] writeback 0 [ 232.803687][T17702] workingset_refault_anon 2320 [ 232.808486][T17702] workingset_refault_file 0 [ 232.813026][T17702] swap 28114944 [ 232.816533][T17702] swapcached 24576 [ 232.820259][T17702] pgpgin 281869 [ 232.823744][T17702] pgpgout 271662 [ 232.827290][T17702] pgfault 298787 [ 232.830843][T17702] pgmajfault 677 [ 232.834449][T17702] inactive_anon 41607168 [ 232.838696][T17702] active_anon 200704 [ 232.842658][T17702] inactive_file 0 [ 232.846347][T17702] active_file 0 [ 232.849811][T17702] unevictable 0 [ 232.853307][T17702] hierarchical_memory_limit 314572800 [ 232.858693][T17702] hierarchical_memsw_limit 9223372036854771712 [ 232.864903][T17702] total_cache 41463808 [ 232.868974][T17702] total_rss 319488 [ 232.872707][T17702] total_shmem 41463808 [ 232.876823][T17702] total_mapped_file 0 [ 232.880808][T17702] total_dirty 0 [ 232.884302][T17702] total_writeback 0 [ 232.888112][T17702] total_workingset_refault_anon 2320 [ 232.893500][T17702] total_workingset_refault_file 0 [ 232.898539][T17702] total_swap 28114944 [ 232.902532][T17702] total_swapcached 24576 [ 232.906825][T17702] total_pgpgin 281869 [ 232.910814][T17702] total_pgpgout 271662 [ 232.914917][T17702] total_pgfault 298787 [ 232.918989][T17702] total_pgmajfault 677 [ 232.923119][T17702] total_inactive_anon 41607168 [ 232.927911][T17702] total_active_anon 200704 [ 232.932352][T17702] total_inactive_file 0 [ 232.936600][T17702] total_active_file 0 [ 232.940625][T17702] total_unevictable 0 [ 232.944674][T17702] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz7,task_memcg=/syz7,task=syz.7.5679,pid=17701,uid=0 [ 232.959478][T17702] Memory cgroup out of memory: Killed process 17702 (syz.7.5679) total-vm:96136kB, anon-rss:1268kB, file-rss:22444kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 232.983916][T17751] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5694'. [ 233.016409][T17751] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5694'. [ 233.134311][T17768] loop1: detected capacity change from 0 to 512 [ 233.153048][T17768] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 233.255571][T17768] EXT4-fs (loop1): 1 truncate cleaned up [ 233.264930][T17768] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 233.279991][T17768] ÿÿÿÿÿÿ: renamed from vlan1 [ 233.301074][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.284296][T17804] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5726'. [ 234.284827][T17801] netdevsim netdevsim1: Direct firmware load for ÿÿÿÿ failed with error -2 [ 234.293644][T17804] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5726'. [ 234.486867][T17823] ÿÿÿÿÿÿ: renamed from vlan1 [ 234.568620][T17830] netlink: 16402 bytes leftover after parsing attributes in process `+}[@'. [ 234.771351][T17841] loop1: detected capacity change from 0 to 512 [ 234.779210][T17841] EXT4-fs error (device loop1): ext4_init_orphan_info:581: comm syz.1.5728: inode #0: comm syz.1.5728: iget: illegal inode # [ 234.792382][T17841] EXT4-fs (loop1): get orphan inode failed [ 234.798373][T17841] EXT4-fs (loop1): mount failed [ 235.092375][T17835] syz.1.5728 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 235.106596][T17835] CPU: 0 UID: 0 PID: 17835 Comm: syz.1.5728 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 235.106666][T17835] Tainted: [W]=WARN [ 235.106672][T17835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 235.106683][T17835] Call Trace: [ 235.106689][T17835] [ 235.106697][T17835] __dump_stack+0x1d/0x30 [ 235.106719][T17835] dump_stack_lvl+0xe8/0x140 [ 235.106767][T17835] dump_stack+0x15/0x1b [ 235.106783][T17835] dump_header+0x81/0x220 [ 235.106800][T17835] oom_kill_process+0x342/0x400 [ 235.106832][T17835] out_of_memory+0x979/0xb80 [ 235.106933][T17835] try_charge_memcg+0x610/0xa10 [ 235.107014][T17835] obj_cgroup_charge_pages+0xa6/0x150 [ 235.107034][T17835] __memcg_kmem_charge_page+0x9f/0x170 [ 235.107054][T17835] __alloc_frozen_pages_noprof+0x188/0x360 [ 235.107076][T17835] alloc_pages_mpol+0xb3/0x260 [ 235.107101][T17835] alloc_pages_noprof+0x90/0x130 [ 235.107190][T17835] __vmalloc_node_range_noprof+0x7a5/0xed0 [ 235.107240][T17835] __kvmalloc_node_noprof+0x483/0x670 [ 235.107289][T17835] ? ip_set_alloc+0x24/0x30 [ 235.107323][T17835] ? ip_set_alloc+0x24/0x30 [ 235.107354][T17835] ? __kmalloc_cache_noprof+0x249/0x4a0 [ 235.107401][T17835] ip_set_alloc+0x24/0x30 [ 235.107435][T17835] hash_netiface_create+0x282/0x740 [ 235.107472][T17835] ? __pfx_hash_netiface_create+0x10/0x10 [ 235.107536][T17835] ip_set_create+0x3cc/0x970 [ 235.107564][T17835] ? __nla_parse+0x40/0x60 [ 235.107588][T17835] nfnetlink_rcv_msg+0x4c6/0x590 [ 235.107810][T17835] netlink_rcv_skb+0x123/0x220 [ 235.107845][T17835] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 235.107884][T17835] nfnetlink_rcv+0x167/0x16c0 [ 235.108002][T17835] ? __list_del_entry_valid_or_report+0x65/0x130 [ 235.108029][T17835] ? should_fail_ex+0x30/0x280 [ 235.108137][T17835] ? should_failslab+0x8c/0xb0 [ 235.108164][T17835] ? should_fail_ex+0x30/0x280 [ 235.108219][T17835] ? should_fail_ex+0x30/0x280 [ 235.108239][T17835] ? selinux_nlmsg_lookup+0x99/0x890 [ 235.108268][T17835] ? __rcu_read_unlock+0x34/0x70 [ 235.108302][T17835] ? __netlink_lookup+0x266/0x2a0 [ 235.108355][T17835] netlink_unicast+0x5c0/0x690 [ 235.108395][T17835] netlink_sendmsg+0x58b/0x6b0 [ 235.108434][T17835] ? __pfx_netlink_sendmsg+0x10/0x10 [ 235.108452][T17835] __sock_sendmsg+0x145/0x180 [ 235.108475][T17835] ____sys_sendmsg+0x31e/0x4e0 [ 235.108536][T17835] ___sys_sendmsg+0x17b/0x1d0 [ 235.108568][T17835] __x64_sys_sendmsg+0xd4/0x160 [ 235.108587][T17835] x64_sys_call+0x191e/0x3000 [ 235.108680][T17835] do_syscall_64+0xd2/0x200 [ 235.108746][T17835] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 235.108770][T17835] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 235.108800][T17835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.108825][T17835] RIP: 0033:0x7f39497df6c9 [ 235.108838][T17835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 235.108853][T17835] RSP: 002b:00007f394823f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 235.108869][T17835] RAX: ffffffffffffffda RBX: 00007f3949a35fa0 RCX: 00007f39497df6c9 [ 235.108880][T17835] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000004 [ 235.108891][T17835] RBP: 00007f3949861f91 R08: 0000000000000000 R09: 0000000000000000 [ 235.108963][T17835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 235.108974][T17835] R13: 00007f3949a36038 R14: 00007f3949a35fa0 R15: 00007fff5e112408 [ 235.108990][T17835] [ 235.108996][T17835] memory: usage 307200kB, limit 307200kB, failcnt 278 [ 235.212534][T17848] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5745'. [ 235.214777][T17835] memory+swap: usage 344348kB, limit 9007199254740988kB, failcnt 0 [ 235.214793][T17835] kmem: usage 275632kB, limit 9007199254740988kB, failcnt 0 [ 235.219833][T17849] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5744'. [ 235.224941][T17835] Memory cgroup stats for /syz1: [ 235.315997][T17835] cache 32022528 [ 235.319539][T17849] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5744'. [ 235.324856][T17835] rss 208896 [ 235.507178][T17835] shmem 32022528 [ 235.510725][T17835] mapped_file 0 [ 235.514199][T17835] dirty 0 [ 235.517131][T17835] writeback 0 [ 235.520399][T17835] workingset_refault_anon 1951 [ 235.525176][T17835] workingset_refault_file 3019 [ 235.529946][T17835] swap 38039552 [ 235.533425][T17835] swapcached 94208 [ 235.537142][T17835] pgpgin 331285 [ 235.540587][T17835] pgpgout 323393 [ 235.544149][T17835] pgfault 306721 [ 235.547782][T17835] pgmajfault 273 [ 235.551374][T17835] inactive_anon 159744 [ 235.555585][T17835] active_anon 32165888 [ 235.559644][T17835] inactive_file 0 [ 235.563349][T17835] active_file 0 [ 235.566812][T17835] unevictable 0 [ 235.570269][T17835] hierarchical_memory_limit 314572800 [ 235.575683][T17835] hierarchical_memsw_limit 9223372036854771712 [ 235.581830][T17835] total_cache 32022528 [ 235.585911][T17835] total_rss 208896 [ 235.589625][T17835] total_shmem 32022528 [ 235.593709][T17835] total_mapped_file 0 [ 235.597680][T17835] total_dirty 0 [ 235.601126][T17835] total_writeback 0 [ 235.604950][T17835] total_workingset_refault_anon 1951 [ 235.610229][T17835] total_workingset_refault_file 3019 [ 235.615527][T17835] total_swap 38039552 [ 235.619497][T17835] total_swapcached 94208 [ 235.623748][T17835] total_pgpgin 331285 [ 235.627756][T17835] total_pgpgout 323393 [ 235.631845][T17835] total_pgfault 306721 [ 235.635991][T17835] total_pgmajfault 273 [ 235.640127][T17835] total_inactive_anon 159744 [ 235.644729][T17835] total_active_anon 32165888 [ 235.649304][T17835] total_inactive_file 0 [ 235.653467][T17835] total_active_file 0 [ 235.657512][T17835] total_unevictable 0 [ 235.661493][T17835] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.5728,pid=17834,uid=0 [ 235.676202][T17835] Memory cgroup out of memory: Killed process 17834 (syz.1.5728) total-vm:96004kB, anon-rss:1260kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 235.831784][T17864] loop1: detected capacity change from 0 to 512 [ 235.847921][T17864] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.5733: error while reading EA inode 32 err=-116 [ 235.861039][T17864] EXT4-fs (loop1): Remounting filesystem read-only [ 235.867738][T17864] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 235.877948][T17864] EXT4-fs (loop1): 1 orphan inode deleted [ 235.884297][T17864] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 235.911228][ T3316] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.187739][ T29] kauditd_printk_skb: 116 callbacks suppressed [ 236.187755][ T29] audit: type=1326 audit(749.168:7988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17900 comm="syz.0.5749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 236.241975][ T29] audit: type=1326 audit(749.168:7989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17900 comm="syz.0.5749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 236.265470][ T29] audit: type=1326 audit(749.168:7990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17900 comm="syz.0.5749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 236.288744][ T29] audit: type=1326 audit(749.168:7991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17900 comm="syz.0.5749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 236.311653][ T29] audit: type=1326 audit(749.168:7992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17900 comm="syz.0.5749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 236.334620][ T29] audit: type=1326 audit(749.168:7993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17900 comm="syz.0.5749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 236.357473][ T29] audit: type=1326 audit(749.168:7994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17900 comm="syz.0.5749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 236.380391][ T29] audit: type=1326 audit(749.168:7995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17900 comm="syz.0.5749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 236.403559][ T29] audit: type=1326 audit(749.168:7996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17900 comm="syz.0.5749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 236.426583][ T29] audit: type=1326 audit(749.178:7997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17900 comm="syz.0.5749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9941f6c9 code=0x7ffc0000 [ 236.932698][T17944] loop7: detected capacity change from 0 to 2048 [ 236.945307][T17944] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 236.979760][T17944] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 236.996830][T17944] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 237.009104][T17944] EXT4-fs (loop7): This should not happen!! Data will be lost [ 237.009104][T17944] [ 237.019114][T17944] EXT4-fs (loop7): Total free blocks count 0 [ 237.025140][T17944] EXT4-fs (loop7): Free/Dirty block details [ 237.031061][T17944] EXT4-fs (loop7): free_blocks=66060288 [ 237.036738][T17944] EXT4-fs (loop7): dirty_blocks=64 [ 237.041861][T17944] EXT4-fs (loop7): Block reservation details [ 237.047981][T17944] EXT4-fs (loop7): i_reserved_data_blocks=4 [ 237.086501][ T3850] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 44 with error 28 [ 237.136240][T17963] netlink: 176 bytes leftover after parsing attributes in process `syz.7.5773'. [ 237.163738][T17968] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5775'. [ 238.002725][T18031] Set syz1 is full, maxelem 65536 reached [ 238.092195][T18078] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5787'. [ 238.170015][T18093] netlink: 176 bytes leftover after parsing attributes in process `syz.0.5789'. [ 239.055848][T18155] bridge: RTM_NEWNEIGH with invalid ether address [ 239.251494][T18167] loop2: detected capacity change from 0 to 1024 [ 239.291263][T18169] loop7: detected capacity change from 0 to 2048 [ 239.343719][T18167] EXT4-fs: Ignoring removed orlov option [ 239.352138][T18167] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.384343][T18169] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.424425][T18175] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5800'. [ 239.450312][T18169] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 239.479397][T18169] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 239.491651][T18169] EXT4-fs (loop7): This should not happen!! Data will be lost [ 239.491651][T18169] [ 239.501359][T18169] EXT4-fs (loop7): Total free blocks count 0 [ 239.507447][T18169] EXT4-fs (loop7): Free/Dirty block details [ 239.513440][T18169] EXT4-fs (loop7): free_blocks=66060288 [ 239.519080][T18169] EXT4-fs (loop7): dirty_blocks=64 [ 239.524239][T18169] EXT4-fs (loop7): Block reservation details [ 239.530249][T18169] EXT4-fs (loop7): i_reserved_data_blocks=4 [ 239.574443][ T3895] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 44 with error 28 [ 239.627064][T18189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5806'. [ 239.635995][T18189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5806'. [ 239.822364][T18203] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check. [ 239.991852][T18167] ================================================================== [ 239.999987][T18167] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark [ 240.007124][T18167] [ 240.009467][T18167] write to 0xffff88810752254c of 4 bytes by task 18176 on cpu 1: [ 240.017215][T18167] xas_set_mark+0x12b/0x140 [ 240.021763][T18167] __folio_start_writeback+0x155/0x390 [ 240.027254][T18167] ext4_bio_write_folio+0x5ad/0x9f0 [ 240.032485][T18167] mpage_process_page_bufs+0x4a1/0x620 [ 240.037974][T18167] mpage_prepare_extent_to_map+0x786/0xc00 [ 240.043801][T18167] ext4_do_writepages+0xa05/0x2750 [ 240.048945][T18167] ext4_writepages+0x176/0x300 [ 240.053730][T18167] do_writepages+0x1c6/0x310 [ 240.058335][T18167] file_write_and_wait_range+0x156/0x2c0 [ 240.063982][T18167] generic_buffers_fsync_noflush+0x45/0x120 [ 240.069885][T18167] ext4_sync_file+0x1ab/0x690 [ 240.074651][T18167] vfs_fsync_range+0x10d/0x130 [ 240.079429][T18167] ext4_buffered_write_iter+0x34f/0x3c0 [ 240.085013][T18167] ext4_file_write_iter+0x387/0xf60 [ 240.090215][T18167] iter_file_splice_write+0x666/0xa60 [ 240.095595][T18167] direct_splice_actor+0x156/0x2a0 [ 240.100712][T18167] splice_direct_to_actor+0x312/0x680 [ 240.106107][T18167] do_splice_direct+0xda/0x150 [ 240.110917][T18167] do_sendfile+0x380/0x650 [ 240.115349][T18167] __x64_sys_sendfile64+0x105/0x150 [ 240.120554][T18167] x64_sys_call+0x2bb4/0x3000 [ 240.125238][T18167] do_syscall_64+0xd2/0x200 [ 240.129745][T18167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.135747][T18167] [ 240.138073][T18167] read to 0xffff88810752254c of 4 bytes by task 18167 on cpu 0: [ 240.145710][T18167] xas_find_marked+0x5dc/0x620 [ 240.150480][T18167] find_get_entry+0x5d/0x380 [ 240.155089][T18167] filemap_get_folios_tag+0x92/0x210 [ 240.160396][T18167] filemap_fdatawait_range+0x88/0x1d0 [ 240.165771][T18167] __writeback_single_inode+0xdb/0x7c0 [ 240.171233][T18167] writeback_single_inode+0x16d/0x3f0 [ 240.176613][T18167] sync_inode_metadata+0x5b/0x90 [ 240.181573][T18167] generic_buffers_fsync_noflush+0xd9/0x120 [ 240.187470][T18167] ext4_sync_file+0x1ab/0x690 [ 240.192148][T18167] vfs_fsync_range+0x10d/0x130 [ 240.196925][T18167] ext4_buffered_write_iter+0x34f/0x3c0 [ 240.202476][T18167] ext4_file_write_iter+0x387/0xf60 [ 240.207772][T18167] iter_file_splice_write+0x666/0xa60 [ 240.213159][T18167] direct_splice_actor+0x156/0x2a0 [ 240.218284][T18167] splice_direct_to_actor+0x312/0x680 [ 240.223664][T18167] do_splice_direct+0xda/0x150 [ 240.228433][T18167] do_sendfile+0x380/0x650 [ 240.232875][T18167] __x64_sys_sendfile64+0x105/0x150 [ 240.238100][T18167] x64_sys_call+0x2bb4/0x3000 [ 240.242800][T18167] do_syscall_64+0xd2/0x200 [ 240.247331][T18167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.253234][T18167] [ 240.255559][T18167] value changed: 0x0a000021 -> 0x04000021 [ 240.261272][T18167] [ 240.263597][T18167] Reported by Kernel Concurrency Sanitizer on: [ 240.269753][T18167] CPU: 0 UID: 0 PID: 18167 Comm: syz.2.5797 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 240.281136][T18167] Tainted: [W]=WARN [ 240.284949][T18167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 240.295098][T18167] ================================================================== [ 240.547881][ T3328] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.