last executing test programs: 3.733665651s ago: executing program 0 (id=1659): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r3, 0x400455c8, 0x0) 3.054101458s ago: executing program 2 (id=1673): io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x1f, 0x3, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfdfffffc, 0x0, 0x0, 0x0, 0x6}}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x19}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148) pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xfecc) fallocate(r1, 0x0, 0xbf2, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, r1, 0x0, 0x0, 0x0, 0xfffffffffdffffff}) 2.965512237s ago: executing program 2 (id=1679): socket$inet_udp(0x2, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) gettid() r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x10c000) 2.911308682s ago: executing program 2 (id=1683): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x5) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x3) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x3) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000400)=0x7) ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000001c0)=0x6) 1.670877615s ago: executing program 0 (id=1700): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000007c0)={0xa, 0x2, 0x0, @empty, 0x80000001}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, 0x0, 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000008c0)="d800000018007b29e00212ba0d8105040a601800fe0f040b067c55a1bc000900b80006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ccd40dd601edef3d93452a92307ff0ff0e97031e9f05e9f16e9cb500"/216, 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0) 1.649543047s ago: executing program 0 (id=1702): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x28502, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x20048880) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000740)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0xfff2}, {0xffff, 0xffff}, {0xa, 0xe}}}, 0x24}}, 0x0) 1.591904173s ago: executing program 0 (id=1704): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000070000008500000004000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB=' \x00\x00', @ANYRES16], 0x20}}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000) 1.544745207s ago: executing program 0 (id=1705): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@block_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@norecovery}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000380), &(0x7f0000000280)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_open_dev$sg(0x0, 0x0, 0x800) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil) brk(0x200000ffc001) 1.500394272s ago: executing program 0 (id=1707): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x5) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x2) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x3) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000400)=0x7) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0xa) 1.20970722s ago: executing program 3 (id=1715): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x28502, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x20048880) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000740)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0xfff2}, {0xffff, 0xffff}, {0xa, 0xe}}}, 0x24}}, 0x0) 1.20940681s ago: executing program 1 (id=1716): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x8b) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xa}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8858}, 0x20004804) 1.187254603s ago: executing program 3 (id=1717): bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, 0x0) r1 = dup(0xffffffffffffffff) bind$unix(r1, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 1.102607261s ago: executing program 1 (id=1718): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0xffffffff) open(&(0x7f00000003c0)='./file0\x00', 0x8060, 0x2c) r0 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) r1 = syz_io_uring_setup(0xbda, &(0x7f0000000100)={0x0, 0xec25, 0x8, 0x10000001, 0x40000333}, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) vmsplice(r0, &(0x7f0000000380)=[{&(0x7f0000000080)="9b", 0x1}], 0x1, 0x6) 1.021302799s ago: executing program 4 (id=1720): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x401}, 0x11) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20) r2 = socket$phonet(0x23, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4) bind$xdp(r1, &(0x7f00000002c0)={0x2c, 0x4, r3, 0x30, r1}, 0x10) 1.0109541s ago: executing program 4 (id=1721): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x4000) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r2}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 990.074613ms ago: executing program 4 (id=1722): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kfree\x00', r0, 0x0, 0xa}, 0x18) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7fff}}]}, 0x38}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x1, 0x3}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) 916.28761ms ago: executing program 1 (id=1723): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="12000000020000000400000002"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000001180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1804000000000000000000000000040018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x3d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x194c}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48) 911.74762ms ago: executing program 4 (id=1724): r0 = socket(0x10, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r3}, 0x10) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28) close_range(r0, r1, 0x0) 847.962676ms ago: executing program 3 (id=1725): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001c000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x200}, 0x18) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r3, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 847.729936ms ago: executing program 4 (id=1726): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0xa00, 0x81, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x2) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) 847.407256ms ago: executing program 3 (id=1727): r0 = memfd_secret(0x80000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r0, 0x0) ftruncate(r0, 0x3) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) recvfrom(r1, &(0x7f0000001300)=""/4096, 0x1000, 0x2, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r1) setsockopt$sock_int(r1, 0x1, 0x12, &(0x7f00000000c0)=0x8, 0x4) 802.84382ms ago: executing program 1 (id=1728): epoll_create1(0x80000) pipe(&(0x7f0000000140)) socket(0x2, 0x2, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cgroup.max.descendants\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB='-', @ANYRESDEC=r0], 0x27) 802.43518ms ago: executing program 4 (id=1729): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@block_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@norecovery}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000380), &(0x7f0000000280)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_open_dev$sg(0x0, 0x0, 0x800) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil) brk(0x200000ffc001) 802.132811ms ago: executing program 1 (id=1730): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000440)={[{@inlinecrypt}, {@barrier}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@block_validity}, {@data_err_ignore}, {@nomblk_io_submit}, {@lazytime}, {@grpquota}, {@noload}, {@nouid32}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = creat(&(0x7f0000000080)='./file1\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f0000000180)='n', 0x1, 0x8000c61) r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x80044940, &(0x7f0000001b00)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0}) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000680)=ANY=[@ANYRES16=r5, @ANYRES64=r6, @ANYBLOB="12a4095a2aac12f0bfcb206d982e44066381388d27f14002d8d7431d3947f6399c7ff9f5193fc0398653e5a67bbb319f02bf4ac6f6ccd5acbfe1350cc3a6d2d48cf6c089ddf67171ffb3b15988e7b394c5daf3e12ca05e4dbdad7edd45f10cbc296a53a530d4c2d203ee650d5fff3a9b5aae78794fe84327e508172cdd72eeff5af4d6db9379bef20dde8e64b91d31a84ce8a7598bb78cc85108874811fc650f0520a5", @ANYRESOCT=r6, @ANYRESDEC=r3, @ANYRES16=r4, @ANYRESDEC=0x0, @ANYBLOB="9a7f40ad4c7145903a868b9020e1e8899ed5747db23004fc9d248900abcaa6b065cf0800930a71dcd8b8955d93c78b9d4e5e06d8d5c9ac9b75d177754d6eba23e6d2be546c0dfecdf61baf732950a5729c01fbdc11e36cb411be200a9135657acd97d21ee46aac313ebdddd9265af16558dd3e5ba4836659a6abfe08aad84276acf949bdaa34bdf7f7b2dfb2fe8b9d6d225dcecebeb6e15f649994728842bd99fc94897d24315ac2d17bf6c2acfbfa8464d80f36304f88b906b78ab359be3479db5b0e7555f04416807c2202d6551f2425440be741dbe053e0bfeb845623e722a9293843f1cf0a71119dcadf7e353af4da52aed3086d6e5a095774248be9a1b1418dec1c03a2cb0ece0840ebeaaf7b67867da45943b700e2d6dad775ae6f33e55aa86ca84c336c91e3b7d7224f7a9a10d5b45a6ce0769d875415bea136b5508e5e0a88290792da3b11b2284a3d757c301cec78b55d3fcfa073615ccb089f66c5b9a5c84f6c1bb78c3370c4687eab260711fa05525687c7709e15cddea061f70798cbf940ad929eb80f33ad8bb4fcd322dd0558f111d7d01351147976b425a27e573402490055054cf3d80bebde6a89f3086170633740f08780aac3a73f17eaeda8deb642c2887962596b4d78c0ffffb28d0e64073b0641f89cf83a69afaaea03ba6070838fdbdaccb81630a6fdaa77fc10146013b9fd79e965a320daf81c1a51f032a3f462f2740e579eb116cad80b4e233326bf94fea52184517accf608b1fbfb395942869841b9ca0f314beff6b2dc0a74d7599012274b24775f0382e72907c1f0c571b994f048c0266feb775d893fec84e5733cd66a96cd45b60f63743b17b05d99c427a2d00a27fef17cadf128059a2e227b80701755b0bc706f32255c8cd619fa995cc7649f28337361a62cff46669fa4cf095a2d148987a9fafa6e1fb9f59b5ac5ff10a4c62e0187a3c75a983f7f5211142c6c09170a13e29c2044e5568bda8055cee4722e445e83ea01307c42cbe63a5bc529e1200e5874f7500275abacd6cc0e3bf8fd38ab7bab39f54d180d60892e2e3a713a3e654c89b8e9ba4474909991844514c04b655c66ccd6f2a17e29ff69d343ebac7ac5e1510ad4ff52e6a932a97bb0d814259da6545022152dd63f06219a1d66ec2278b694876ed6195b0543b8c9289b8438e8ee57dd38bcdb045a6fc4cede28effaa0354afbd4190fcbccd9a0e91508e4399e0e30a0bfdedcc19454b6dd7c2785a6e4fe74a0ece1d683ad07d76eafec02fb0d88debfeacd3531413185da0ffa4fb9b5e6d5a916f7bb5d51efc8ab61e4953fc6b2d1e670769f3ca56d51b804ceb118278acc90422e1f51e448a27d2fe4f93c88cf7c6148474bf650902dd6dd96541044113d244cf938150ec426e7ed63e1f153bbe328f4232552b104c8dee60b0c4e4c25f2605e97cc6f4263d32e8340be2d167137682373ae4cd501fdc9c5359b40f52803a5e4c0e04a5de0412c5cbd4d05e6135a1209d4b2dff50d39e481f1d1b01ed71004fb0c18e736af8ab176f833a439a85c9132e6d2296f665771c6a284eadc08c94ffa520dcc37fd6426c152364699514b15d4df6732fff39834e8ba29688b19db27a970d9d7fbee973c76bee04fb6164963969ebde0f785606781d63726736d8b60a713d5f72207a23f6f00420fdf24d14c069f36a7e236620481cc7a63857cc1355bac8d4f9a3f32785ad4d9d81719077a816b33b98006c322ee473aa9f8f83fae86a4d421104b298a9e42357c44b773e3504b3f9eb5b29330411b776b78fdb6dd9713dd1aee0cc9c7ee8bd23a50d4c8babaf6d74bc25377009a8c57c941f80e58ac08c93a275656cbad3864df9e791305d66103ab30983b07553ede5b5d5b0aab157f805eb6c11c75dd7f297c2cc9110551131a797164dec422b13799f1c261464c765a62c201eb9c8686eee94642d59f429cd137cba0d1a8126dcdfc28ea5c201526c61164a86f480dfde0c60fdf6afd3cd64719de1d89b5a362e058054a9db73aaffac324b04e8903060e1f14ca4ac31c82183066e6d581685efbe3452a20a665166b03808220770d66051971b61d8114376e22a4511cae9fdf7bbed68bb9f45b57eee1c15775730ef1434731d7b82a7cbcd6155396263984edfcea62196189da0ba9908d7d5ef514d75a3e1d4ae42654365083873fc4ce969fa4fac51d640be8d948bb9464d1a7e494c8df98bd5a569ff7fe1aca542c34610148a8f1dc9d60ff0f761270577f286a362f32164184ffce3ad132637e9f0381e9ce76a11f296f9d1e835cdc44926104e1df4d0a282a84b9fbc23064bfcab0d221c6e3124ae8ba6022e62f170dcc2d655f73b40f83fd65f5c705bc1f9e8df13adeadff9e1fe4660a55be7dc969cfffaed607190162dcd09d0cd86a297b22142b88f0eb28dd1a45152a4f4f2dca0d96d39fa594349040f486cd486af619b7083236cf90324cddc6f1ed0f6a103c8d936d7f2f31d420ef50931838e66721bff7494617b6b4bc385f3e51b3f81cf5d6953ac7fddc0f3466682911b38bc7f082e0c18e3ae0badf7f3fd3e186ebc2bab71fa26f77bb14cd97e6761c93c8c25887c0ef1f3dc1d8d86ce0fb73190f66f4deca77977e8d6064bfeeac3fad2bc50488c144e2a1a82fcc1e1c12ac54bf3e2d468e8f53241e4a6ad9e466746a45b053452ded5caa20461881d78d8235e986ba8b77e83601655d2650bf1b64ce17c75314216b43bbd1101a2e12e57525bb7d3b136a70635bdac8af24367a24ce2fe2a72ef2b0e56ff8dc62a82946f86f9b6b1418a89b1971372dfe7d5ce2e6611befff721f04a19bce7f90b1551a4cdead136662c50513fdde6f9d4a199c3907ed8799f231f54dd8347c71d829ff8ddc5d96b5aac2fe58652c81ff7f54e2568119dff2763ef435aa420630dacc7e9414340ee8688f46c7a8ab96d860937641042b3cdf6857ff1d2d4e47cec1f23e65fe541f38cb96b132666f999002e89cd1896ca58c2e63b87382e1a6c1ee9afa56cf3ba923fa9c989e20bff313f37252632fdcff03fbdd2d334ee93baf75c1bdae30feaa81fb2ac1b63c42dda06f20ce8c9d003eb3efed7931def342fb874fce92763f6f477c7f589b75d2129419fc4cb7a8893a1d3f94533ed9fdf9f21fc254fd80aa74750833d390327a2107e761240928d35a36c5eaca61fd848116b8dd7ec8157928bc2dd87f7756aa517cf6a61d2009fd4ba0579ca3b3129cfd5403546f5ab6d0575799a008fc67da9658427636d8f806d9b8cad64aee438d0a9b45957f31a5afe3ed894add9acadfd347246099c6ff0b4ec6f19ac61557daf8739e528185ab1468ca72d6d72e4f026e371e540b774b6576df3014dcc9e91b2cd1f0403a4fcaa6627b22682bb54f92150c2917acaee1972b2b03bc2bd37fdb9e7352c654d94ef196b7229e4da5ee62b7d395ecdd5177f2563242ea49ff78151a4a816a94e89b03f41c7e6684f8be3e5802e9338e7cbd3b43f708c062f944a59f31b02ca9a177e6b681accee8785d2467d2d78636be4330febaa3f6907db07992a2de74e459f3ae8ee6adae20cbc75aabd2d5d3424de0ddcc3ddd981c3a4966c57f8fdb1c42db87395f0bc800ff8ddb4c228a7d793d8a997885494a8578f5433d3f82886ea573641bf16065efbc25718c88f7277ce04c94af560d8deb7968496f849d3fad78741272b08bf7aec3f3c777428d3b8b897333ae5afb6823af63cb7347601ee2e8d4e21b21a12e6d42f66a1aac26d296bc68a998d8ba179ed5f756c2efd8a7acc0e3f08093bb4a83d37f15b4fe07c90858058ad1ff0e21bb7bf4363079c5d452dba5972b21c8f41daf6f11a51d321d3c1d544190238036d907d965ff469ce4895eb7675f3e94a15f83b837b892a40390d87d76e9b15eda02366299d3dd93943466bceeb2f9e465adccc08e1a02c3ac01815931627ed327e0ffbe09563221a365b88c4f2449bd3634920d5bfbde7cdc92c4cb16a579f35f07dafc87ce6ce4de7bf9e8ff0e80b81cdab8f2164a25a0a6929679ce9ae0dc2ac7ed41a787446676f091597551dc2e8c054224bac6652bba5fb675c0b2c94d2faac160f11b7b96fc96415aca8a47fa03658b8afa24b6bd97f7dbeead9ae5f7ec1cb0d000055f41a5043c6c4c97212398b168b5cb9ee650726eabcc31b6712e815fdaae77885350884fb36d6d5444d5e5500a7d636d4eced14b9d411c765b36a4be06ca9be2965d6d6c06c3b6bcb38babeb2999ee71295d48926bf6e39363fabf74de5e57aa0b59f9dddeca142d0c50ab7ff198196c69c971e6ab591220f4e42d6525e2dbd99b6c57949c854e4ee0e4581f9e3e160b3f66b01f23f4d0472c0a1f307837ac8dac0a257d09ab82975148dcd764fe6359a5f21b9cbe2ae7b9b277489a8b3285b8289a84ff854508b4488ffcf68f47ec7a5c18a8c3d06e26b32f754ac74ea8e93a554147fd3b3daf1fbe924e2e389cac13a5f80f3a21dbd250d3917f7b5acfc739a63f2b3d6b3f099efb4be7a842215c89fc87bd8550d11ba2a4af0f111ab124503b26feeae3be3ee24168dd4553a226b9168edb11c3e61bc850adf995b4d6f1aace6db0b91f805c3d1789a3e6b470e5470968f429d5b05c8f76ca2981e37f5bde4ad00a09755c76774ead7d93f3f41255b1d56152e3699b133b2e0b277427c992323d1b4d8c438434e9e901ddd43788f80cb9a975e9dd1671ce16be5ff8033d5da824f00fd78b540edbcd69a2e9aff03e31af9afefb809434f52b4a1239fdd241ed3a268258addde19d1724155a1a4c877bd59b0659b7a786886f6ffcb5999d1f9c007d615020926f7165a9ddd4aaa3c7b631d30cc951e328131d99282ac06a18f88373092320ea5308f06c376e711aecda4cd1c2b639d9ea7a2613d4e9eaa9a0ef72774fdec622f7d131b45135d577897bf686b460a371083070139ea544bda15012251d6c8e7163c25412841faefba76765648ca7cd1b423403a654b6b5754588ae6c309621477db20f7c9236af1e422ebd3fb6d6a712e7a6d00d58416b7d65a53a2514bf51bedfe9207f16a4d79418600389b98ea8b9e06b8da708a86f191e567925af39a09ac9fd7902e8f8e77567baf1b75c05ba1eb7089b424801405afc982a8d79c80fada184a1ab3bab526a3b0a5e20d2dc6bcdd2c5cb7c49f735f3e8f4d36a388ca805876ae08f0e3acca5dd864c1fa1552068bf799095221480374fd2dcaeddb74be93470eff4fe278e190f0a131f32340ada9cca518af769f42943875f4c5707beee2179771da21cd66405b9973648bd047a516d1cf902fa1f0fcdcbc3f4c1f20fc22f9a7e9f4c3a52576399604c46f83ede44f542d06d54e6e8a1e693a2cfcbb16c178d1bace976133e72cc4533bd02b1c4ec2cc22097435aff5a682ca7227414895450831560fa682493f4814ce8fbdb190f8ce2b533ed9582638511bda93aeae5d0690f745b788db622864ba3fb60952f119427fbe66754c5c038c5fb2cb87c326d65862e353c14950bd1fa7c70e36323e9cf90c81f6275e59c7926acac1560a0b6bbc7a850817f2effa19d485315a219d49e293f871278294d02765cf72caa2f438de3337ed205bf68ff6ddaaa5e4b80de5fba022dfcf9cf074a319678df11eb77b3ef66e512b67ba5182265a60eaf457691e973d23cbaf6000537f886695074ebb616f9cdad9de7c6fe9ecfbd13d537d64c34a7c90ca56b50e60d6a7067e391e63561793edf6ed3c2eeb8555909a59ce73da1f096d41fb42de44494128324a9", @ANYRES8, @ANYRES16], 0x0, 0x0, &(0x7f0000000000)) fallocate(r1, 0x0, 0x0, 0x8000c62) io_setup(0x15, &(0x7f0000000240)=0x0) io_submit(r7, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0xa00}]) 793.069782ms ago: executing program 2 (id=1731): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59) connect$inet6(r0, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x1e) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r1}, 0x10) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "2d432d74c04f228a", "d71d9a1e03558545115509e1c34caab9", "59f7766d", "5e33931677e0f2d7"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000080)=@gcm_128={{0x303}, "ba28597967d1b54c", "9712b0d86846b5ecc522bc6f13a6e30c", "ea0292da", "9e87dc79f4c04982"}, 0x28) sendto$inet6(r0, &(0x7f0000000280)='S', 0x1, 0x8000, 0x0, 0x0) close(r0) 697.763291ms ago: executing program 3 (id=1732): io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x1f, 0x3, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfdfffffc, 0x0, 0x0, 0x0, 0x6}}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x19}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148) pwrite64(r2, &(0x7f0000000140)='2', 0xfdef, 0xfecc) fallocate(r1, 0x0, 0xbf2, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, r1, 0x0, 0x0, 0x0, 0xfffffffffdffffff}) 696.923691ms ago: executing program 2 (id=1742): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = socket(0x10, 0x803, 0x0) socket$unix(0x1, 0x2, 0x0) sendmsg$nl_route_sched(r4, 0x0, 0x24044084) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x98, r1, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r2}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x34fb}}, {0x8, 0x6, r2}}}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x4000401}, 0x2404c090) 594.853061ms ago: executing program 2 (id=1733): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_open_dev$loop(&(0x7f0000000140), 0x5, 0x40001) bpf$TOKEN_CREATE(0x24, &(0x7f0000000300), 0x8) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f0000004200)='t', 0x1) sendfile(r2, r1, 0x0, 0x3ffff) sendfile(r2, r1, 0x0, 0x7ffff000) 14.415688ms ago: executing program 3 (id=1734): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000010c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={0xffffffffffffffff}, 0x106, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f00000000c0), r4, 0x0, 0x2, 0x4}}, 0x20) 0s ago: executing program 1 (id=1735): mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, 0x0, 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x101000) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 'queue0\x00', 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000000)={0x0, 0x0, {0xffffffffffffffff, 0x1, 0x8, 0x0, 0xa}}) kernel console output (not intermixed with test programs): dv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.480189][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.489752][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.497020][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.523429][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.560594][ T3322] team0: Port device team_slave_0 added [ 35.585434][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.592723][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.600083][ T3317] bridge_slave_0: entered allmulticast mode [ 35.606660][ T3317] bridge_slave_0: entered promiscuous mode [ 35.613808][ T3322] team0: Port device team_slave_1 added [ 35.619888][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.627135][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.634543][ T3317] bridge_slave_1: entered allmulticast mode [ 35.641183][ T3317] bridge_slave_1: entered promiscuous mode [ 35.648725][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.680289][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.733622][ T3312] hsr_slave_0: entered promiscuous mode [ 35.739689][ T3312] hsr_slave_1: entered promiscuous mode [ 35.745813][ T3312] debugfs: 'hsr0' already exists in 'hsr' [ 35.751671][ T3312] Cannot create hsr debugfs directory [ 35.757532][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.764512][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.790803][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.803610][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.818516][ T3313] team0: Port device team_slave_0 added [ 35.827970][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.834951][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.861479][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.873566][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.894250][ T3313] team0: Port device team_slave_1 added [ 35.935731][ T3317] team0: Port device team_slave_0 added [ 35.954003][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.961062][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 35.987551][ T3313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.999341][ T3317] team0: Port device team_slave_1 added [ 36.005394][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.012419][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.038964][ T3313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.054913][ T3322] hsr_slave_0: entered promiscuous mode [ 36.061258][ T3322] hsr_slave_1: entered promiscuous mode [ 36.067124][ T3322] debugfs: 'hsr0' already exists in 'hsr' [ 36.073048][ T3322] Cannot create hsr debugfs directory [ 36.122104][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.129278][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.155462][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.167039][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.174566][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.201336][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.214682][ T3313] hsr_slave_0: entered promiscuous mode [ 36.220935][ T3313] hsr_slave_1: entered promiscuous mode [ 36.226896][ T3313] debugfs: 'hsr0' already exists in 'hsr' [ 36.232966][ T3313] Cannot create hsr debugfs directory [ 36.288877][ T3317] hsr_slave_0: entered promiscuous mode [ 36.295304][ T3317] hsr_slave_1: entered promiscuous mode [ 36.301690][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 36.307982][ T3317] Cannot create hsr debugfs directory [ 36.377793][ T3311] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 36.398696][ T3311] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 36.416712][ T3311] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 36.425891][ T3311] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 36.480043][ T3312] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 36.494459][ T3312] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 36.506186][ T3312] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 36.518406][ T3312] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 36.544618][ T3322] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 36.555892][ T3322] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 36.565626][ T3322] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 36.590865][ T3313] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 36.601487][ T3322] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 36.617645][ T3313] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 36.626340][ T3313] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 36.637153][ T3311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.645800][ T3313] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 36.675196][ T3311] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.689908][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 36.702397][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 36.715546][ T122] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.722703][ T122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.736778][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 36.750405][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 36.768603][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.775710][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.828181][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.875502][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.884960][ T3312] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.901939][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.913192][ T3322] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.926931][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.934191][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.943733][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.951003][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.961399][ T122] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.969088][ T122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.980280][ T3313] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.991172][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.001300][ T3311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.015938][ T122] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.023210][ T122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.032920][ T122] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.040354][ T122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.064066][ T122] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.071349][ T122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.085233][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.108569][ T340] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.115859][ T340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.125373][ T340] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.132577][ T340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.155458][ T3317] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 37.166269][ T3317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.192917][ T3313] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.249058][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.335550][ T3311] veth0_vlan: entered promiscuous mode [ 37.343647][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.358003][ T3311] veth1_vlan: entered promiscuous mode [ 37.381444][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.424745][ T3322] veth0_vlan: entered promiscuous mode [ 37.442497][ T3311] veth0_macvtap: entered promiscuous mode [ 37.451055][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.460337][ T3322] veth1_vlan: entered promiscuous mode [ 37.469645][ T3311] veth1_macvtap: entered promiscuous mode [ 37.485964][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.503615][ T3322] veth0_macvtap: entered promiscuous mode [ 37.513104][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.523025][ T3322] veth1_macvtap: entered promiscuous mode [ 37.537451][ T31] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.555782][ T31] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.578560][ T3317] veth0_vlan: entered promiscuous mode [ 37.595188][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.607423][ T31] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.620231][ T3317] veth1_vlan: entered promiscuous mode [ 37.629850][ T31] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.640420][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.664195][ T3312] veth0_vlan: entered promiscuous mode [ 37.676561][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.695451][ T3312] veth1_vlan: entered promiscuous mode [ 37.705362][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.722641][ T3317] veth0_macvtap: entered promiscuous mode [ 37.735971][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.756757][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.766651][ T3311] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 37.787054][ T3317] veth1_macvtap: entered promiscuous mode [ 37.799555][ T3312] veth0_macvtap: entered promiscuous mode [ 37.809163][ T3312] veth1_macvtap: entered promiscuous mode [ 37.830244][ T3313] veth0_vlan: entered promiscuous mode [ 37.838775][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.856453][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.864809][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.880513][ T122] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.891118][ T3313] veth1_vlan: entered promiscuous mode [ 37.916525][ T3313] veth0_macvtap: entered promiscuous mode [ 37.928138][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.943177][ T122] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.953183][ T3313] veth1_macvtap: entered promiscuous mode [ 37.974026][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.002578][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.021824][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.044495][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.054812][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.073067][ T3492] netlink: 2148 bytes leftover after parsing attributes in process `syz.2.6'. [ 38.085065][ T340] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.111579][ T340] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.126663][ T340] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.149371][ T340] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.192971][ T340] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.203573][ T340] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.218202][ T29] kauditd_printk_skb: 21 callbacks suppressed [ 38.218219][ T29] audit: type=1400 audit(1760790033.008:93): avc: denied { prog_load } for pid=3501 comm="syz.2.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 38.239441][ T340] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.244535][ T29] audit: type=1400 audit(1760790033.008:94): avc: denied { bpf } for pid=3501 comm="syz.2.8" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 38.466713][ T3517] syzkaller0: entered promiscuous mode [ 38.472380][ T3517] syzkaller0: entered allmulticast mode [ 38.472969][ T29] audit: type=1400 audit(1760790033.258:95): avc: denied { perfmon } for pid=3518 comm="syz.2.15" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 38.473010][ T29] audit: type=1400 audit(1760790033.258:96): avc: denied { prog_run } for pid=3518 comm="syz.2.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 38.562440][ T29] audit: type=1400 audit(1760790033.338:97): avc: denied { name_bind } for pid=3522 comm="syz.4.16" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 38.562478][ T29] audit: type=1400 audit(1760790033.338:98): avc: denied { node_bind } for pid=3522 comm="syz.4.16" saddr=::1 src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 38.626681][ T29] audit: type=1400 audit(1760790033.428:99): avc: denied { map_create } for pid=3525 comm="syz.4.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 38.627814][ T29] audit: type=1400 audit(1760790033.428:100): avc: denied { map_read map_write } for pid=3525 comm="syz.4.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 38.786871][ T29] audit: type=1400 audit(1760790033.578:101): avc: denied { open } for pid=3535 comm="syz.2.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 38.806487][ T29] audit: type=1400 audit(1760790033.578:102): avc: denied { kernel } for pid=3535 comm="syz.2.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 38.917266][ T3544] pim6reg1: entered promiscuous mode [ 38.922920][ T3544] pim6reg1: entered allmulticast mode [ 38.966893][ T3548] netlink: 28 bytes leftover after parsing attributes in process `syz.1.28'. [ 38.976001][ T3548] netlink: 4 bytes leftover after parsing attributes in process `syz.1.28'. [ 38.985594][ T3548] netlink: 156 bytes leftover after parsing attributes in process `syz.1.28'. [ 39.472545][ T3582] netlink: 28 bytes leftover after parsing attributes in process `syz.4.43'. [ 39.472580][ T3582] netlink: 4 bytes leftover after parsing attributes in process `syz.4.43'. [ 39.472593][ T3582] netlink: 156 bytes leftover after parsing attributes in process `syz.4.43'. [ 39.919466][ T3619] sctp: [Deprecated]: syz.2.61 (pid 3619) Use of struct sctp_assoc_value in delayed_ack socket option. [ 39.919466][ T3619] Use struct sctp_sack_info instead [ 39.952187][ T3616] netlink: 28 bytes leftover after parsing attributes in process `syz.3.60'. [ 39.952223][ T3616] netlink: 4 bytes leftover after parsing attributes in process `syz.3.60'. [ 39.952237][ T3616] netlink: 156 bytes leftover after parsing attributes in process `syz.3.60'. [ 40.027867][ T3622] pim6reg1: entered promiscuous mode [ 40.033430][ T3622] pim6reg1: entered allmulticast mode [ 40.402571][ T3659] Zero length message leads to an empty skb [ 40.448285][ T3655] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 40.691092][ T3668] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 40.698770][ T3668] IPv6: NLM_F_CREATE should be set when creating new route [ 40.811776][ T3675] loop0: detected capacity change from 0 to 512 [ 40.818867][ T3675] EXT4-fs: Ignoring removed oldalloc option [ 40.832674][ T3675] EXT4-fs error (device loop0): ext4_xattr_inode_iget:437: comm syz.0.84: Parent and EA inode have the same ino 15 [ 40.833942][ T3675] EXT4-fs (loop0): Remounting filesystem read-only [ 40.856621][ T3677] pim6reg1: entered promiscuous mode [ 40.856645][ T3677] pim6reg1: entered allmulticast mode [ 40.865735][ T3675] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -30) [ 40.865786][ T3675] EXT4-fs (loop0): 1 orphan inode deleted [ 40.866208][ T3675] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.915428][ T3683] loop2: detected capacity change from 0 to 1024 [ 40.939079][ T3683] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.971952][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.985746][ T3683] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 41.065477][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.120474][ T3688] SELinux: ebitmap: truncated map [ 41.121737][ T3688] SELinux: failed to load policy [ 41.222442][ T3704] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 41.222507][ T3704] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 41.461046][ T3744] loop3: detected capacity change from 0 to 2048 [ 41.512368][ T3744] Alternate GPT is invalid, using primary GPT. [ 41.512513][ T3744] loop3: p1 p2 p3 [ 41.640991][ T3776] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 41.648289][ T3776] IPv6: NLM_F_CREATE should be set when creating new route [ 41.658887][ T3775] loop0: detected capacity change from 0 to 1024 [ 41.690370][ T3775] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.701419][ T3781] netem: change failed [ 41.732702][ T3775] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 41.794948][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.821277][ T3786] loop4: detected capacity change from 0 to 512 [ 41.848105][ T3786] EXT4-fs: Ignoring removed oldalloc option [ 41.886564][ T3786] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: comm syz.4.104: Parent and EA inode have the same ino 15 [ 41.900747][ T3786] EXT4-fs (loop4): Remounting filesystem read-only [ 41.908966][ T3786] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -30) [ 41.919213][ T3786] EXT4-fs (loop4): 1 orphan inode deleted [ 41.925972][ T3786] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.974123][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.158462][ T3808] vlan2: entered allmulticast mode [ 42.163694][ T3808] veth0_to_hsr: entered allmulticast mode [ 42.196526][ T3813] loop4: detected capacity change from 0 to 1024 [ 42.206644][ T3813] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (46251!=20869) [ 42.227707][ T3813] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002] [ 42.245829][ T3813] EXT4-fs (loop4): failed to initialize system zone (-117) [ 42.267134][ T3815] loop2: detected capacity change from 0 to 1024 [ 42.277287][ T3813] EXT4-fs (loop4): mount failed [ 42.287620][ T3815] ======================================================= [ 42.287620][ T3815] WARNING: The mand mount option has been deprecated and [ 42.287620][ T3815] and is ignored by this kernel. Remove the mand [ 42.287620][ T3815] option from the mount to silence this warning. [ 42.287620][ T3815] ======================================================= [ 42.326092][ T3815] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 42.356495][ T3815] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #3: block 1: comm syz.2.117: lblock 1 mapped to illegal pblock 1 (length 1) [ 42.377979][ T3815] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.117: Failed to acquire dquot type 0 [ 42.420198][ T3815] EXT4-fs error (device loop2): ext4_free_blocks:6706: comm syz.2.117: Freeing blocks not in datazone - block = 0, count = 4096 [ 42.422765][ T3825] loop0: detected capacity change from 0 to 1024 [ 42.440307][ T3815] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.117: Invalid inode bitmap blk 0 in block_group 0 [ 42.459682][ T3758] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:57: lblock 1 mapped to illegal pblock 1 (length 1) [ 42.474650][ T3815] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem [ 42.485526][ T3823] SELinux: ebitmap: truncated map [ 42.490832][ T3815] EXT4-fs (loop2): 1 orphan inode deleted [ 42.491607][ T3825] EXT4-fs: Ignoring removed bh option [ 42.503631][ T3815] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.516328][ T3758] EXT4-fs error (device loop2): ext4_release_dquot:6981: comm kworker/u8:57: Failed to release dquot type 0 [ 42.530615][ T3823] SELinux: failed to load policy [ 42.537646][ T3815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.550763][ T3825] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.589327][ T3815] process 'syz.2.117' launched './file0' with NULL argv: empty string added [ 42.620671][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.861950][ T3856] loop4: detected capacity change from 0 to 256 [ 42.871144][ T3856] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.919847][ T3860] loop2: detected capacity change from 0 to 512 [ 42.930627][ T3860] EXT4-fs: Ignoring removed oldalloc option [ 42.964021][ T3860] EXT4-fs error (device loop2): ext4_xattr_inode_iget:437: comm syz.2.133: Parent and EA inode have the same ino 15 [ 42.985490][ T3860] EXT4-fs (loop2): Remounting filesystem read-only [ 42.996906][ T3860] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -30) [ 43.008541][ T3860] EXT4-fs (loop2): 1 orphan inode deleted [ 43.014992][ T3860] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.069307][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.086250][ T3872] xt_hashlimit: max too large, truncated to 1048576 [ 43.208507][ T3882] syz.2.146 uses obsolete (PF_INET,SOCK_PACKET) [ 43.278288][ T29] kauditd_printk_skb: 197 callbacks suppressed [ 43.278310][ T29] audit: type=1400 audit(1760790038.018:297): avc: denied { ioctl } for pid=3880 comm="syz.2.146" path="socket:[6419]" dev="sockfs" ino=6419 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 43.433281][ T29] audit: type=1400 audit(1760790038.228:298): avc: denied { create } for pid=3896 comm="syz.1.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 43.453814][ T29] audit: type=1400 audit(1760790038.238:299): avc: denied { connect } for pid=3896 comm="syz.1.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 43.504991][ T29] audit: type=1326 audit(1760790038.298:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3899 comm="syz.2.152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906cd0efc9 code=0x7ffc0000 [ 43.529971][ T29] audit: type=1326 audit(1760790038.308:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3899 comm="syz.2.152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f906cd0efc9 code=0x7ffc0000 [ 43.553607][ T29] audit: type=1326 audit(1760790038.308:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3899 comm="syz.2.152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906cd0efc9 code=0x7ffc0000 [ 43.577253][ T29] audit: type=1326 audit(1760790038.308:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3899 comm="syz.2.152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f906cd0efc9 code=0x7ffc0000 [ 43.601204][ T29] audit: type=1326 audit(1760790038.308:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3899 comm="syz.2.152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906cd0efc9 code=0x7ffc0000 [ 43.624745][ T29] audit: type=1326 audit(1760790038.308:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3899 comm="syz.2.152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f906cd0efc9 code=0x7ffc0000 [ 43.648588][ T29] audit: type=1326 audit(1760790038.308:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3899 comm="syz.2.152" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f906cd0efc9 code=0x7ffc0000 [ 43.679717][ T3904] loop1: detected capacity change from 0 to 512 [ 43.686856][ T3904] EXT4-fs: Ignoring removed oldalloc option [ 43.696472][ T3904] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: comm syz.1.153: Parent and EA inode have the same ino 15 [ 43.709482][ T3904] EXT4-fs (loop1): Remounting filesystem read-only [ 43.716710][ T3904] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -30) [ 43.727329][ T3904] EXT4-fs (loop1): 1 orphan inode deleted [ 43.733764][ T3904] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.763582][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.158090][ T3919] loop1: detected capacity change from 0 to 1024 [ 44.174511][ T3919] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.193334][ T3919] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 44.218827][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.220609][ T3924] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 44.235320][ T3924] vhci_hcd: invalid port number 96 [ 44.240688][ T3924] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 44.539366][ T3929] loop1: detected capacity change from 0 to 1024 [ 44.546478][ T3929] EXT4-fs: Ignoring removed bh option [ 44.562065][ T3929] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.582275][ T3931] loop0: detected capacity change from 0 to 2048 [ 44.607199][ T3311] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.639327][ T3304] Alternate GPT is invalid, using primary GPT. [ 44.645996][ T3304] loop0: p1 p2 p3 [ 44.687472][ T3931] Alternate GPT is invalid, using primary GPT. [ 44.694519][ T3931] loop0: p1 p2 p3 [ 44.712019][ T3002] Alternate GPT is invalid, using primary GPT. [ 44.718745][ T3002] loop0: p1 p2 p3 [ 45.161862][ T3980] Driver unsupported XDP return value 0 on prog (id 84) dev N/A, expect packet loss! [ 45.181160][ T3975] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 45.189447][ T3975] vhci_hcd: invalid port number 96 [ 45.194740][ T3975] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 45.417518][ T3993] SELinux: failed to load policy [ 45.438045][ T3895] Bluetooth: hci0: command 0x1003 tx timeout [ 45.444575][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 45.975199][ T4006] loop3: detected capacity change from 0 to 128 [ 45.992103][ T4006] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 46.005423][ T4006] ext4 filesystem being mounted at /28/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 46.076425][ T3312] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 46.142512][ T4028] @0Ù: renamed from bond_slave_1 (while UP) [ 46.258009][ T4035] loop4: detected capacity change from 0 to 512 [ 46.309133][ T4039] loop3: detected capacity change from 0 to 164 [ 46.331035][ T4039] syz.3.210: attempt to access beyond end of device [ 46.331035][ T4039] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 46.397441][ T4039] syz.3.210: attempt to access beyond end of device [ 46.397441][ T4039] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 46.494988][ T4052] loop2: detected capacity change from 0 to 128 [ 46.505095][ T4046] SELinux: failed to load policy [ 46.516243][ T4052] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 46.543779][ T4052] ext4 filesystem being mounted at /46/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 46.618941][ T4065] batadv0: entered promiscuous mode [ 46.624599][ T4065] macsec1: entered allmulticast mode [ 46.628635][ T4066] netlink: 'syz.3.220': attribute type 1 has an invalid length. [ 46.630157][ T4065] batadv0: entered allmulticast mode [ 46.659340][ T4065] batadv0: left allmulticast mode [ 46.665000][ T4065] batadv0: left promiscuous mode [ 46.678794][ T3322] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 46.694905][ T4070] __nla_validate_parse: 5 callbacks suppressed [ 46.694920][ T4070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.233'. [ 46.710276][ T4070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.233'. [ 46.719469][ T4070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.233'. [ 46.732355][ T4074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 46.741845][ T4074] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 46.768177][ T4074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 46.784357][ T4070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.233'. [ 46.793679][ T4070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.233'. [ 46.803151][ T4074] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 46.812187][ T4070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.233'. [ 46.855535][ T4070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.233'. [ 46.864886][ T4070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.233'. [ 46.874180][ T4070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.233'. [ 46.938563][ T3416] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 46.946225][ T3416] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 46.953812][ T3416] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 46.961380][ T3416] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 46.968907][ T3416] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 46.976325][ T3416] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 46.984229][ T3416] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 46.992054][ T3416] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 47.000016][ T3416] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 47.007701][ T3416] hid-generic 0003:0003:0000.0001: unknown main item tag 0x0 [ 47.020222][ T4088] SELinux: failed to load policy [ 47.025335][ T3416] hid-generic 0003:0003:0000.0001: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 47.115616][ T4104] batadv0: entered promiscuous mode [ 47.121775][ T4104] macsec1: entered allmulticast mode [ 47.127444][ T4104] batadv0: entered allmulticast mode [ 47.134455][ T4104] batadv0: left allmulticast mode [ 47.139685][ T4104] batadv0: left promiscuous mode [ 47.247176][ T4122] Cannot find del_set index 2 as target [ 47.348513][ C0] hrtimer: interrupt took 51989 ns [ 47.383330][ T4135] loop4: detected capacity change from 0 to 4096 [ 47.402976][ T4135] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.422592][ T4135] EXT4-fs (loop4): shut down requested (1) [ 47.432072][ T4144] batadv0: entered promiscuous mode [ 47.437719][ T4144] macsec1: entered allmulticast mode [ 47.443272][ T4144] batadv0: entered allmulticast mode [ 47.450963][ T4144] batadv0: left allmulticast mode [ 47.456045][ T4144] batadv0: left promiscuous mode [ 47.463244][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.923251][ T4182] loop0: detected capacity change from 0 to 1024 [ 47.932186][ T4148] loop4: detected capacity change from 0 to 32768 [ 47.959916][ T4188] batadv0: entered promiscuous mode [ 47.965848][ T4182] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.978716][ T4188] macsec1: entered allmulticast mode [ 47.981761][ T4193] loop2: detected capacity change from 0 to 2048 [ 47.984244][ T4188] batadv0: entered allmulticast mode [ 47.998894][ T4148] loop4: p1 p3 < p5 p6 > [ 48.012612][ T4182] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 48.028310][ T4188] batadv0: left allmulticast mode [ 48.033564][ T4188] batadv0: left promiscuous mode [ 48.038712][ T4182] EXT4-fs (loop0): Remounting filesystem read-only [ 48.048409][ T4193] Alternate GPT is invalid, using primary GPT. [ 48.054823][ T4193] loop2: p1 p2 p3 [ 48.060321][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.206932][ T4220] mmap: syz.3.284 (4220) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 48.290666][ T29] kauditd_printk_skb: 258 callbacks suppressed [ 48.290683][ T29] audit: type=1400 audit(1760790043.088:565): avc: denied { write } for pid=4232 comm="syz.0.291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 48.330041][ T4238] syz.0.293 (4238) used greatest stack depth: 10248 bytes left [ 48.335950][ T29] audit: type=1326 audit(1760790043.118:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4239 comm="syz.3.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 48.362846][ T29] audit: type=1326 audit(1760790043.118:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4239 comm="syz.3.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 48.391395][ T29] audit: type=1326 audit(1760790043.118:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4239 comm="syz.3.294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 48.417129][ T29] audit: type=1400 audit(1760790043.208:569): avc: denied { bind } for pid=4243 comm="syz.0.296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 48.439857][ T29] audit: type=1400 audit(1760790043.238:570): avc: denied { write } for pid=4243 comm="syz.0.296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 48.459744][ T29] audit: type=1400 audit(1760790043.238:571): avc: denied { read } for pid=4243 comm="syz.0.296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 48.588326][ T4251] netlink: 'syz.3.299': attribute type 3 has an invalid length. [ 48.614212][ T29] audit: type=1400 audit(1760790043.408:572): avc: denied { write } for pid=4252 comm="syz.3.300" path="socket:[6934]" dev="sockfs" ino=6934 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 48.661623][ T29] audit: type=1400 audit(1760790043.458:573): avc: denied { read } for pid=4254 comm="syz.3.301" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 48.705562][ T29] audit: type=1326 audit(1760790043.498:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4256 comm="syz.1.302" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f01ddd5efc9 code=0x0 [ 48.758104][ T4258] netlink: 16 bytes leftover after parsing attributes in process `syz.1.302'. [ 49.218438][ T4262] netlink: 'syz.0.304': attribute type 30 has an invalid length. [ 49.230149][ T3746] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.239728][ T3746] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.249602][ T3746] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.258846][ T3746] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 49.413308][ T4272] l2tp_ppp: sess 2/0: no socket in recv [ 49.692868][ T4294] loop3: detected capacity change from 0 to 4096 [ 49.702115][ T4294] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.736041][ T4294] EXT4-fs (loop3): shut down requested (1) [ 49.747559][ T4298] loop0: detected capacity change from 0 to 512 [ 49.760814][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.105353][ T4318] loop3: detected capacity change from 0 to 32768 [ 50.123968][ T3400] hid-generic 0003:0003:0000.0002: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 50.158317][ T4318] loop3: p1 p3 < p5 p6 > [ 50.396848][ T4361] syz.4.346 (4361) used greatest stack depth: 9816 bytes left [ 51.196995][ T4405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 51.206188][ T4405] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 51.215717][ T4405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 51.225103][ T4405] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 51.679121][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 51.680459][ T3895] Bluetooth: hci0: command 0x1003 tx timeout [ 51.754890][ T4416] __nla_validate_parse: 2 callbacks suppressed [ 51.754909][ T4416] netlink: 24 bytes leftover after parsing attributes in process `syz.3.373'. [ 52.282027][ T4446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 52.290864][ T4446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 52.300281][ T4446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 52.309091][ T4446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 52.379351][ T4457] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 52.386860][ T4457] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 52.394939][ T4457] vhci_hcd: default hub control req: 230f v0004 i0000 l3 [ 52.460104][ T4469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.399'. [ 52.469615][ T4469] netlink: 12 bytes leftover after parsing attributes in process `syz.3.399'. [ 52.483599][ T4471] pim6reg1: entered promiscuous mode [ 52.489007][ T4471] pim6reg1: entered allmulticast mode [ 52.569651][ T4478] netlink: 'syz.3.404': attribute type 29 has an invalid length. [ 52.580632][ T4478] netlink: 'syz.3.404': attribute type 29 has an invalid length. [ 52.590022][ T4478] netlink: 500 bytes leftover after parsing attributes in process `syz.3.404'. [ 52.599328][ T4478] unsupported nla_type 58 [ 52.644814][ T4488] netlink: 12 bytes leftover after parsing attributes in process `syz.2.409'. [ 53.256690][ T4531] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.288815][ T4533] netlink: 24 bytes leftover after parsing attributes in process `syz.4.427'. [ 53.327381][ T29] kauditd_printk_skb: 202 callbacks suppressed [ 53.327396][ T29] audit: type=1326 audit(1760790048.118:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4534 comm="syz.4.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f444374efc9 code=0x7ffc0000 [ 53.360239][ T29] audit: type=1326 audit(1760790048.158:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4534 comm="syz.4.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f444374efc9 code=0x7ffc0000 [ 53.383706][ T29] audit: type=1326 audit(1760790048.158:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4534 comm="syz.4.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f444374efc9 code=0x7ffc0000 [ 53.407561][ T29] audit: type=1326 audit(1760790048.158:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4534 comm="syz.4.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f444374efc9 code=0x7ffc0000 [ 53.431013][ T29] audit: type=1326 audit(1760790048.158:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4534 comm="syz.4.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f444374efc9 code=0x7ffc0000 [ 53.454954][ T29] audit: type=1326 audit(1760790048.158:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4534 comm="syz.4.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f444374efc9 code=0x7ffc0000 [ 53.642009][ T10] hid_parser_main: 26 callbacks suppressed [ 53.642033][ T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 53.655768][ T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 53.663317][ T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 53.673268][ T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 53.680936][ T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 53.688651][ T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 53.696072][ T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 53.703668][ T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 53.711367][ T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 53.718911][ T10] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 53.730010][ T10] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz1 [ 53.789002][ T29] audit: type=1400 audit(1760790048.588:783): avc: denied { write } for pid=4559 comm="syz.2.439" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 53.889263][ T29] audit: type=1326 audit(1760790048.688:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4573 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 53.912954][ T29] audit: type=1326 audit(1760790048.688:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4573 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 53.948411][ T29] audit: type=1326 audit(1760790048.738:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4573 comm="syz.1.443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 54.091590][ T4588] loop5: detected capacity change from 0 to 7 [ 54.142749][ T24] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 54.152447][ T24] Buffer I/O error on dev loop5, logical block 0, async page read [ 54.161490][ T4588] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 54.170874][ T4588] Buffer I/O error on dev loop5, logical block 0, async page read [ 54.178965][ T4588] loop5: unable to read partition table [ 54.185270][ T4588] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 54.528988][ T4618] loop3: detected capacity change from 0 to 2048 [ 54.557238][ T4618] Alternate GPT is invalid, using primary GPT. [ 54.563619][ T4618] loop3: p1 p2 p3 [ 54.614936][ T4625] loop4: detected capacity change from 0 to 512 [ 54.638063][ T4625] EXT4-fs: Ignoring removed orlov option [ 54.650699][ T4625] EXT4-fs error (device loop4): ext4_iget_extra_inode:5075: inode #15: comm syz.4.465: corrupted in-inode xattr: bad e_name length [ 54.678030][ T4625] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.465: couldn't read orphan inode 15 (err -117) [ 54.695733][ T4625] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.733020][ T3313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.793214][ T4636] loop4: detected capacity change from 0 to 128 [ 54.806623][ T10] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz1 [ 55.065068][ T4655] loop4: detected capacity change from 0 to 1024 [ 55.080356][ T4655] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 55.091588][ T4655] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 55.104068][ T4655] JBD2: no valid journal superblock found [ 55.110017][ T4655] EXT4-fs (loop4): Could not load journal inode [ 55.480201][ T4686] pim6reg1: entered promiscuous mode [ 55.485797][ T4686] pim6reg1: entered allmulticast mode [ 55.668277][ T4701] netlink: 4 bytes leftover after parsing attributes in process `syz.1.496'. [ 55.859574][ T4719] tipc: Started in network mode [ 55.864655][ T4719] tipc: Node identity ac14140f, cluster identity 4711 [ 55.871918][ T4719] tipc: New replicast peer: 255.255.255.255 [ 55.878365][ T4719] tipc: Enabled bearer , priority 10 [ 55.939643][ T4725] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 56.174035][ T4745] ip6gre1: entered allmulticast mode [ 56.408261][ T4758] bridge: RTM_NEWNEIGH with invalid state 0x10 [ 56.672170][ T4779] netlink: 28 bytes leftover after parsing attributes in process `syz.1.526'. [ 56.681514][ T4779] netlink: 28 bytes leftover after parsing attributes in process `syz.1.526'. [ 56.777193][ T4793] netlink: 4 bytes leftover after parsing attributes in process `syz.2.533'. [ 57.017453][ T36] tipc: Node number set to 2886997007 [ 57.051843][ T4816] netlink: 'syz.2.545': attribute type 5 has an invalid length. [ 57.121052][ T4825] netlink: 4 bytes leftover after parsing attributes in process `syz.0.547'. [ 57.171038][ T4825] netlink: 4 bytes leftover after parsing attributes in process `syz.0.547'. [ 57.678646][ T4863] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 57.953655][ T36] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz1 [ 57.983492][ T4885] netlink: 4 bytes leftover after parsing attributes in process `syz.1.572'. [ 58.128301][ T4912] loop5: detected capacity change from 0 to 7 [ 58.181592][ T24] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 58.191180][ T24] Buffer I/O error on dev loop5, logical block 0, async page read [ 58.199885][ T4912] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 58.209434][ T4912] Buffer I/O error on dev loop5, logical block 0, async page read [ 58.217484][ T4912] loop5: unable to read partition table [ 58.223302][ T4912] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 58.280968][ T4923] bridge: RTM_NEWNEIGH with invalid state 0x10 [ 58.320799][ T4926] macvtap1: entered promiscuous mode [ 58.326535][ T4926] macvtap1: entered allmulticast mode [ 58.332391][ T4926] batadv0: entered promiscuous mode [ 58.337668][ T4926] batadv0: entered allmulticast mode [ 58.344163][ T4926] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 58.351716][ T4926] team0: Device macvtap1 failed to register rx_handler [ 58.359221][ T4926] batadv0: left allmulticast mode [ 58.364406][ T4926] batadv0: left promiscuous mode [ 58.468486][ T4938] netlink: 24 bytes leftover after parsing attributes in process `syz.1.594'. [ 58.588975][ T4949] netlink: 4 bytes leftover after parsing attributes in process `syz.1.600'. [ 58.620194][ T4951] bridge: RTM_NEWNEIGH with invalid state 0x10 [ 58.752216][ T4959] netlink: 'syz.1.604': attribute type 3 has an invalid length. [ 58.782988][ T29] kauditd_printk_skb: 239 callbacks suppressed [ 58.783006][ T29] audit: type=1400 audit(1760790053.578:1026): avc: denied { mount } for pid=4960 comm="syz.4.605" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 58.907251][ T4967] sd 0:0:1:0: device reset [ 58.907854][ T29] audit: type=1326 audit(1760790053.618:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.1.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 58.935420][ T29] audit: type=1326 audit(1760790053.618:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.1.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 58.959307][ T29] audit: type=1326 audit(1760790053.618:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.1.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 58.983009][ T29] audit: type=1326 audit(1760790053.618:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.1.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 59.006664][ T29] audit: type=1326 audit(1760790053.618:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.1.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 59.030593][ T29] audit: type=1326 audit(1760790053.618:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.1.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 59.054612][ T29] audit: type=1326 audit(1760790053.618:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.1.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 59.078374][ T29] audit: type=1326 audit(1760790053.618:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.1.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 59.102458][ T29] audit: type=1326 audit(1760790053.618:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4962 comm="syz.1.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 59.221948][ T4979] netlink: 4 bytes leftover after parsing attributes in process `syz.0.614'. [ 59.559317][ T5021] netlink: 'syz.1.633': attribute type 4 has an invalid length. [ 59.573095][ T5021] netlink: 'syz.1.633': attribute type 4 has an invalid length. [ 59.690396][ T5036] netlink: 4 bytes leftover after parsing attributes in process `syz.2.639'. [ 59.910025][ T5038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 59.918551][ T5038] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 60.243040][ T5057] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 60.344437][ T5061] netlink: 96 bytes leftover after parsing attributes in process `syz.0.648'. [ 60.366420][ T5063] netlink: 160 bytes leftover after parsing attributes in process `syz.4.650'. [ 60.381873][ T5063] netlink: zone id is out of range [ 60.387135][ T5063] netlink: zone id is out of range [ 60.392408][ T5063] netlink: set zone limit has 8 unknown bytes [ 60.992575][ T5118] syz.3.674 (5118) used greatest stack depth: 9632 bytes left [ 61.022177][ T1037] hid_parser_main: 104 callbacks suppressed [ 61.022198][ T1037] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 61.035699][ T1037] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 61.043447][ T1037] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 61.077410][ T1037] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 61.085171][ T1037] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 61.092808][ T1037] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 61.100464][ T1037] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 61.108192][ T1037] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 61.115647][ T1037] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 61.123266][ T1037] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 61.156206][ T1037] hid-generic 0000:0000:0000.0006: hidraw0: HID v8.00 Device [syz0] on syz0 [ 61.303877][ T5143] syz_tun: entered allmulticast mode [ 61.319505][ T5143] macvlan0: entered allmulticast mode [ 61.325091][ T5143] veth1_vlan: entered allmulticast mode [ 61.337892][ T5142] syz_tun: left allmulticast mode [ 61.698847][ T5160] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 62.300527][ T5185] __nla_validate_parse: 2 callbacks suppressed [ 62.300563][ T5185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.703'. [ 62.785924][ T36] hid-generic 0000:0000:0000.0007: hidraw0: HID v8.00 Device [syz0] on syz0 [ 62.865737][ T5214] netlink: 16 bytes leftover after parsing attributes in process `syz.2.711'. [ 62.865946][ T5213] Falling back ldisc for ptm0. [ 62.982960][ T5218] netlink: 28 bytes leftover after parsing attributes in process `syz.0.715'. [ 62.997444][ T5218] netlink: 28 bytes leftover after parsing attributes in process `syz.0.715'. [ 63.106827][ T5228] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 63.168437][ T5238] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 63.231910][ T5246] netlink: 8 bytes leftover after parsing attributes in process `syz.1.729'. [ 63.362959][ T5269] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 63.374550][ T5266] Falling back ldisc for ptm0. [ 63.524222][ T5288] Falling back ldisc for ptm1. [ 63.562944][ T5295] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 63.637232][ T5301] netlink: 'syz.4.756': attribute type 4 has an invalid length. [ 63.840693][ T5322] syzkaller0: entered promiscuous mode [ 63.846831][ T5322] syzkaller0: entered allmulticast mode [ 63.874574][ T5322] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487 [ 63.878387][ T29] kauditd_printk_skb: 121 callbacks suppressed [ 63.878405][ T29] audit: type=1400 audit(1760790058.668:1157): avc: denied { bind } for pid=5331 comm="syz.2.770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 63.883475][ T5327] Falling back ldisc for ptm0. [ 63.889198][ T29] audit: type=1400 audit(1760790058.668:1158): avc: denied { name_bind } for pid=5331 comm="syz.2.770" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 63.935301][ T29] audit: type=1400 audit(1760790058.668:1159): avc: denied { node_bind } for pid=5331 comm="syz.2.770" saddr=::ffff:0.0.0.0 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 64.054377][ T5340] netlink: 'syz.1.776': attribute type 5 has an invalid length. [ 64.120162][ T5355] macvlan1: entered promiscuous mode [ 64.120178][ T29] audit: type=1400 audit(1760790058.918:1160): avc: denied { append } for pid=5356 comm="syz.1.782" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 64.155075][ T5355] ipvlan0: entered promiscuous mode [ 64.176276][ T5355] ipvlan0: left promiscuous mode [ 64.181939][ T5355] macvlan1: left promiscuous mode [ 64.187228][ T29] audit: type=1400 audit(1760790058.988:1161): avc: denied { read } for pid=5362 comm="syz.1.794" name="usbmon9" dev="devtmpfs" ino=169 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 64.392780][ T29] audit: type=1400 audit(1760790059.188:1162): avc: denied { getopt } for pid=5366 comm="syz.2.786" lport=13 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 64.473230][ T29] audit: type=1400 audit(1760790059.268:1163): avc: denied { listen } for pid=5378 comm="syz.3.791" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 64.587389][ T29] audit: type=1400 audit(1760790059.378:1164): avc: denied { validate_trans } for pid=5387 comm="syz.3.795" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 64.683403][ T29] audit: type=1400 audit(1760790059.478:1165): avc: denied { write } for pid=5395 comm="syz.0.799" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 64.996779][ T29] audit: type=1326 audit(1760790059.788:1166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5406 comm="syz.0.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febb385efc9 code=0x7ffc0000 [ 65.884671][ T5475] macvlan1: entered promiscuous mode [ 65.891572][ T5475] ipvlan0: entered promiscuous mode [ 65.897312][ T5475] ipvlan0: left promiscuous mode [ 65.902890][ T5475] macvlan1: left promiscuous mode [ 66.056916][ T5480] netlink: 4 bytes leftover after parsing attributes in process `syz.4.832'. [ 66.066494][ T5480] netlink: 12 bytes leftover after parsing attributes in process `syz.4.832'. [ 66.081256][ T5480] netlink: 12 bytes leftover after parsing attributes in process `syz.4.832'. [ 66.308127][ T5499] netlink: 'syz.1.841': attribute type 13 has an invalid length. [ 66.358187][ T5499] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.365819][ T5499] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.402271][ T5506] serio: Serial port ptm1 [ 66.432267][ T5499] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 66.442528][ T5499] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 66.495094][ T122] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.504689][ T122] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.516297][ T122] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.525663][ T122] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.797513][ T3895] Bluetooth: hci0: command 0x1003 tx timeout [ 66.803848][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 66.978485][ T5548] program syz.2.861 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.565309][ T5602] tipc: Started in network mode [ 67.570402][ T5602] tipc: Node identity 2e1a209f8422, cluster identity 4711 [ 67.578063][ T5602] tipc: Enabled bearer , priority 0 [ 67.610083][ T5602] tipc: Disabling bearer [ 67.721639][ T5605] serio: Serial port ptm0 [ 68.459844][ T5651] netlink: 'syz.2.905': attribute type 13 has an invalid length. [ 68.621573][ T5651] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.628906][ T5651] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.709580][ T5651] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 68.741343][ T5651] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.001101][ T5690] SELinux: failed to load policy [ 69.007673][ T29] kauditd_printk_skb: 81 callbacks suppressed [ 69.007687][ T29] audit: type=1400 audit(1760790063.798:1248): avc: denied { load_policy } for pid=5689 comm="syz.4.913" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 69.056844][ T5668] syzkaller0: entered promiscuous mode [ 69.062528][ T5668] syzkaller0: entered allmulticast mode [ 69.088893][ T3758] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.098759][ T3758] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.142281][ T3758] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.161387][ T3758] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.304378][ T5703] netlink: 96 bytes leftover after parsing attributes in process `syz.3.919'. [ 69.356262][ T5705] netlink: 4 bytes leftover after parsing attributes in process `syz.4.920'. [ 69.368888][ T5705] netlink: 32 bytes leftover after parsing attributes in process `syz.4.920'. [ 69.728128][ T5738] vhci_hcd: invalid port number 96 [ 69.733674][ T5738] vhci_hcd: default hub control req: 2000 vfffc i0060 l7 [ 69.752518][ T29] audit: type=1400 audit(1760790064.548:1249): avc: denied { prog_load } for pid=5740 comm="syz.3.935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 69.756913][ T5741] netlink: 40 bytes leftover after parsing attributes in process `syz.3.935'. [ 69.817404][ T29] audit: type=1400 audit(1760790064.548:1250): avc: denied { bpf } for pid=5740 comm="syz.3.935" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 69.857859][ T29] audit: type=1400 audit(1760790064.618:1251): avc: denied { map_create } for pid=5742 comm="syz.0.937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 69.877186][ T29] audit: type=1400 audit(1760790064.618:1252): avc: denied { map_read map_write } for pid=5742 comm="syz.0.937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 69.898016][ T29] audit: type=1400 audit(1760790064.618:1253): avc: denied { perfmon } for pid=5744 comm="syz.3.936" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 69.919324][ T29] audit: type=1400 audit(1760790064.618:1254): avc: denied { prog_run } for pid=5742 comm="syz.0.937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 69.939088][ T29] audit: type=1400 audit(1760790064.638:1255): avc: denied { open } for pid=5744 comm="syz.3.936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 69.959162][ T29] audit: type=1400 audit(1760790064.638:1256): avc: denied { kernel } for pid=5744 comm="syz.3.936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 69.979358][ T29] audit: type=1400 audit(1760790064.658:1257): avc: denied { create } for pid=5746 comm="syz.3.938" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 70.510682][ T23] hid_parser_main: 48 callbacks suppressed [ 70.510705][ T23] hid-generic 0003:0003:0000.0008: unknown main item tag 0x0 [ 70.524180][ T23] hid-generic 0003:0003:0000.0008: unknown main item tag 0x0 [ 70.531882][ T23] hid-generic 0003:0003:0000.0008: unknown main item tag 0x0 [ 70.539342][ T23] hid-generic 0003:0003:0000.0008: unknown main item tag 0x0 [ 70.546846][ T23] hid-generic 0003:0003:0000.0008: unknown main item tag 0x0 [ 70.554458][ T23] hid-generic 0003:0003:0000.0008: unknown main item tag 0x0 [ 70.561927][ T23] hid-generic 0003:0003:0000.0008: unknown main item tag 0x0 [ 70.569451][ T23] hid-generic 0003:0003:0000.0008: unknown main item tag 0x0 [ 70.576849][ T23] hid-generic 0003:0003:0000.0008: unknown main item tag 0x0 [ 70.584427][ T23] hid-generic 0003:0003:0000.0008: unknown main item tag 0x0 [ 70.672520][ T23] hid-generic 0003:0003:0000.0008: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 70.900798][ T3758] Bluetooth: hci0: Frame reassembly failed (-84) [ 70.993586][ T5814] netlink: 'syz.2.961': attribute type 12 has an invalid length. [ 71.038327][ T5812] syzkaller0: entered promiscuous mode [ 71.043980][ T5812] syzkaller0: entered allmulticast mode [ 71.172597][ T5825] xt_CT: You must specify a L4 protocol and not use inversions on it [ 71.242721][ T5830] SELinux: failed to load policy [ 71.901390][ T5844] netlink: 12 bytes leftover after parsing attributes in process `syz.3.973'. [ 71.910582][ T5844] netlink: 12 bytes leftover after parsing attributes in process `syz.3.973'. [ 72.026213][ T5850] netlink: 20 bytes leftover after parsing attributes in process `syz.3.976'. [ 72.043368][ T5852] syzkaller0: entered promiscuous mode [ 72.049141][ T5852] syzkaller0: entered allmulticast mode [ 72.102770][ T5858] netlink: 3672 bytes leftover after parsing attributes in process `syz.2.980'. [ 72.106531][ T9] kernel read not supported for file /518/net/netlink (pid: 9 comm: kworker/0:0) [ 72.225725][ T5879] netlink: 12 bytes leftover after parsing attributes in process `syz.4.989'. [ 72.314995][ T5891] netlink: 'syz.3.994': attribute type 10 has an invalid length. [ 72.338079][ T5891] team0: Port device dummy0 added [ 72.345070][ T5891] netlink: 'syz.3.994': attribute type 10 has an invalid length. [ 72.365795][ T5891] team0: Port device dummy0 removed [ 72.384286][ T5891] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 72.620728][ T5900] syzkaller0: entered promiscuous mode [ 72.626355][ T5900] syzkaller0: entered allmulticast mode [ 72.766965][ T5910] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1002'. [ 72.957406][ T3895] Bluetooth: hci0: command 0x1003 tx timeout [ 72.957401][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 73.157021][ T5934] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 73.516796][ T5937] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1013' sets config #-1 [ 73.548566][ T5939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 73.558410][ T5939] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 73.891788][ T5968] SELinux: failed to load policy [ 73.893274][ T5970] netlink: 'syz.4.1029': attribute type 10 has an invalid length. [ 73.920712][ T5970] team0: Port device dummy0 added [ 73.941369][ T5970] netlink: 'syz.4.1029': attribute type 10 has an invalid length. [ 73.964995][ T5970] team0: Port device dummy0 removed [ 73.967902][ T5972] SELinux: failed to load policy [ 73.977907][ T5970] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 74.092342][ T5976] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 74.107247][ T5978] pim6reg1: entered promiscuous mode [ 74.206287][ T5978] pim6reg1: entered allmulticast mode [ 74.314039][ T29] kauditd_printk_skb: 91 callbacks suppressed [ 74.314055][ T29] audit: type=1400 audit(1760790069.108:1349): avc: denied { write } for pid=5989 comm="syz.1.1038" path="socket:[12100]" dev="sockfs" ino=12100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 74.381648][ T9] kernel read not supported for file /549/net/netlink (pid: 9 comm: kworker/0:0) [ 74.396900][ T29] audit: type=1400 audit(1760790069.188:1350): avc: denied { create } for pid=5995 comm="syz.3.1042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 74.416842][ T29] audit: type=1400 audit(1760790069.188:1351): avc: denied { ioctl } for pid=5995 comm="syz.3.1042" path="socket:[12879]" dev="sockfs" ino=12879 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 74.441648][ T29] audit: type=1400 audit(1760790069.188:1352): avc: denied { read } for pid=5995 comm="syz.3.1042" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 74.463546][ T29] audit: type=1400 audit(1760790069.258:1353): avc: denied { write } for pid=5995 comm="syz.3.1042" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 74.503613][ T6000] serio: Serial port ptm0 [ 74.575196][ T29] audit: type=1326 audit(1760790069.368:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6007 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 74.599472][ T29] audit: type=1326 audit(1760790069.368:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6007 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 74.731121][ T29] audit: type=1326 audit(1760790069.368:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6007 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 74.755229][ T29] audit: type=1326 audit(1760790069.368:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6007 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1393c5f003 code=0x7ffc0000 [ 74.779079][ T29] audit: type=1326 audit(1760790069.378:1358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6007 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1393c5da7f code=0x7ffc0000 [ 74.878724][ T6023] pim6reg1: entered promiscuous mode [ 74.884141][ T6023] pim6reg1: entered allmulticast mode [ 75.054843][ T6036] capability: warning: `syz.3.1058' uses deprecated v2 capabilities in a way that may be insecure [ 75.636071][ T6074] __nla_validate_parse: 1 callbacks suppressed [ 75.636095][ T6074] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1077'. [ 75.651622][ T6074] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1077'. [ 75.732433][ T6080] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 75.739191][ T6080] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 75.746884][ T6080] vhci_hcd vhci_hcd.0: Device attached [ 75.768701][ T6081] vhci_hcd: connection closed [ 75.769003][ T3705] vhci_hcd: stop threads [ 75.778076][ T3705] vhci_hcd: release socket [ 75.782795][ T3705] vhci_hcd: disconnect device [ 75.834467][ T6088] ALSA: seq fatal error: cannot create timer (-16) [ 75.878992][ T6093] pim6reg1: entered promiscuous mode [ 75.884366][ T6093] pim6reg1: entered allmulticast mode [ 75.898339][ T6095] tipc: Started in network mode [ 75.903409][ T6095] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 75.912627][ T6095] tipc: Enabled bearer , priority 10 [ 75.952854][ T6098] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1086'. [ 75.987452][ T6104] serio: Serial port ptm0 [ 76.268893][ T6120] pim6reg1: entered promiscuous mode [ 76.274427][ T6120] pim6reg1: entered allmulticast mode [ 76.299746][ T6124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 76.317263][ T6124] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 76.972633][ T6172] netlink: 'syz.4.1118': attribute type 1 has an invalid length. [ 76.980519][ T6172] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1118'. [ 77.037507][ T3399] tipc: Node number set to 4269801488 [ 77.439411][ T6198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.448219][ T6198] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.628303][ T6201] pim6reg1: entered promiscuous mode [ 77.633679][ T6201] pim6reg1: entered allmulticast mode [ 77.798095][ T3705] Bluetooth: hci0: Frame reassembly failed (-84) [ 77.998344][ T6213] loop8: detected capacity change from 0 to 7 [ 78.159757][ T6232] bridge: RTM_NEWNEIGH with invalid ether address [ 78.671559][ T6273] syzkaller0: entered promiscuous mode [ 78.767062][ T6271] netlink: 'syz.3.1161': attribute type 1 has an invalid length. [ 78.774901][ T6271] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1161'. [ 78.864776][ T6281] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125 [ 79.316775][ T6312] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1180'. [ 79.465878][ T29] kauditd_printk_skb: 248 callbacks suppressed [ 79.465897][ T29] audit: type=1326 audit(1760790074.258:1607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6318 comm="syz.3.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 79.498097][ T29] audit: type=1326 audit(1760790074.258:1608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6318 comm="syz.3.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=461 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 79.521950][ T29] audit: type=1326 audit(1760790074.258:1609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6318 comm="syz.3.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 79.545922][ T29] audit: type=1326 audit(1760790074.278:1610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6318 comm="syz.3.1182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 79.633295][ T29] audit: type=1400 audit(1760790074.428:1611): avc: denied { create } for pid=6323 comm="syz.3.1185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 79.672757][ T6324] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1185'. [ 79.682254][ T29] audit: type=1400 audit(1760790074.428:1612): avc: denied { ioctl } for pid=6323 comm="syz.3.1185" path="socket:[14486]" dev="sockfs" ino=14486 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 79.722289][ T29] audit: type=1400 audit(1760790074.478:1613): avc: denied { firmware_load } for pid=6323 comm="syz.3.1185" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 79.776923][ T6332] block device autoloading is deprecated and will be removed. [ 79.799117][ T29] audit: type=1400 audit(1760790074.518:1614): avc: denied { write } for pid=6323 comm="syz.3.1185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 79.818861][ T29] audit: type=1400 audit(1760790074.558:1615): avc: denied { mount } for pid=6326 comm="syz.0.1184" name="/" dev="configfs" ino=1088 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 79.842671][ T29] audit: type=1400 audit(1760790074.558:1616): avc: denied { search } for pid=6326 comm="syz.0.1184" name="/" dev="configfs" ino=1088 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 79.857732][ T3895] Bluetooth: hci0: command 0x1003 tx timeout [ 79.871756][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 80.060302][ T6348] SELinux: failed to load policy [ 80.483170][ T6382] syzkaller0: entered promiscuous mode [ 80.599058][ T6388] pim6reg1: entered promiscuous mode [ 80.604411][ T6388] pim6reg1: entered allmulticast mode [ 80.831093][ T6398] netlink: 'syz.1.1218': attribute type 12 has an invalid length. [ 80.969992][ T6404] netlink: 'syz.4.1222': attribute type 10 has an invalid length. [ 80.992895][ T6404] bond0: (slave dummy0): Releasing backup interface [ 81.002273][ T6404] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 81.019163][ T6404] team0: Failed to send options change via netlink (err -105) [ 81.026787][ T6404] team0: Port device dummy0 added [ 81.041645][ T6407] netlink: 'syz.4.1222': attribute type 10 has an invalid length. [ 81.053906][ T6407] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 81.085674][ T6407] team0: Failed to send options change via netlink (err -105) [ 81.088691][ T6412] loop2: detected capacity change from 0 to 7 [ 81.098051][ T6407] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 81.101191][ T6412] loop2: [ 81.110015][ T6407] team0: Port device dummy0 removed [ 81.119716][ T6407] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 81.750336][ T23] hid_parser_main: 8 callbacks suppressed [ 81.750365][ T23] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 81.765177][ T23] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 81.806658][ T6440] pim6reg1: entered promiscuous mode [ 81.812184][ T6440] pim6reg1: entered allmulticast mode [ 81.831536][ T6442] block device autoloading is deprecated and will be removed. [ 81.972960][ T6449] syzkaller0: entered promiscuous mode [ 82.108257][ T6456] vhci_hcd: invalid port number 96 [ 82.113508][ T6456] vhci_hcd: default hub control req: 2000 vfffc i0060 l7 [ 82.243076][ T6460] loop0: detected capacity change from 0 to 8192 [ 82.259508][ T6462] syzkaller0: entered promiscuous mode [ 82.331567][ T6470] FAT-fs (loop0): error, corrupted directory (invalid entries) [ 82.339361][ T6470] FAT-fs (loop0): Filesystem has been set read-only [ 82.355560][ T6460] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 2075) [ 82.365160][ T6460] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 2075) [ 82.374827][ T6470] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 2075) [ 82.384077][ T6470] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 2075) [ 82.426441][ T5681] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 82.434573][ T5681] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 82.445106][ T3317] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 2075) [ 82.498245][ T6485] tipc: Started in network mode [ 82.503219][ T6485] tipc: Node identity decddc5570ea, cluster identity 4711 [ 82.510571][ T6485] tipc: Enabled bearer , priority 0 [ 82.524060][ T6485] syzkaller0: MTU too low for tipc bearer [ 82.529975][ T6485] tipc: Disabling bearer [ 82.615290][ T6491] loop0: detected capacity change from 0 to 1024 [ 82.622230][ T6491] EXT4-fs: inline encryption not supported [ 82.628223][ T6491] EXT4-fs: Ignoring removed i_version option [ 82.663982][ T6491] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.700539][ T6491] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 82.730684][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.953093][ T6512] loop2: detected capacity change from 0 to 512 [ 82.960204][ T6512] EXT4-fs: Ignoring removed mblk_io_submit option [ 82.966339][ T6510] syzkaller0: entered promiscuous mode [ 82.968336][ T6512] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 82.981050][ T6512] EXT4-fs error (device loop2): ext4_clear_blocks:876: inode #13: comm syz.2.1264: attempt to clear invalid blocks 2 len 1 [ 82.994760][ T6512] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 83.009551][ T6512] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.1264: invalid indirect mapped block 1819239214 (level 0) [ 83.024655][ T6512] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.1264: invalid indirect mapped block 1819239214 (level 1) [ 83.040218][ T6512] EXT4-fs (loop2): 1 truncate cleaned up [ 83.046488][ T6512] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.060546][ T6512] EXT4-fs error (device loop2): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.2.1264: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 83.081833][ T6512] EXT4-fs error (device loop2): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.2.1264: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 83.119773][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.258464][ T6530] netlink: 'syz.3.1273': attribute type 10 has an invalid length. [ 83.277290][ T6530] bond0: (slave dummy0): Releasing backup interface [ 83.298080][ T6533] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 83.310208][ T6536] netlink: 'syz.3.1273': attribute type 10 has an invalid length. [ 83.311505][ T6530] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 83.328255][ T6530] team0: Failed to send options change via netlink (err -105) [ 83.335772][ T6530] team0: Port device dummy0 added [ 83.354600][ T6536] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 83.396485][ T6536] team0: Failed to send options change via netlink (err -105) [ 83.404592][ T6536] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 83.415888][ T6536] team0: Port device dummy0 removed [ 83.435439][ T6536] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 83.466368][ T6541] pim6reg1: entered promiscuous mode [ 83.471798][ T6541] pim6reg1: entered allmulticast mode [ 83.529368][ T6544] syzkaller0: entered promiscuous mode [ 83.602379][ T6549] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1280'. [ 83.890048][ T6566] syzkaller0: entered promiscuous mode [ 83.895755][ T6566] syzkaller0: entered allmulticast mode [ 84.037072][ T6579] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1293'. [ 84.159238][ T6595] netlink: 'syz.0.1301': attribute type 10 has an invalid length. [ 84.180907][ T6595] team0: Port device dummy0 added [ 84.208989][ T6595] netlink: 'syz.0.1301': attribute type 10 has an invalid length. [ 84.217415][ T6595] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 84.246759][ T6595] team0: Failed to send options change via netlink (err -105) [ 84.254713][ T6595] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 84.265177][ T6595] team0: Port device dummy0 removed [ 84.273509][ T6595] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 84.788574][ T6606] pim6reg1: entered promiscuous mode [ 84.794057][ T6606] pim6reg1: entered allmulticast mode [ 84.916919][ T29] kauditd_printk_skb: 211 callbacks suppressed [ 84.916938][ T29] audit: type=1400 audit(1760790079.708:1828): avc: denied { write } for pid=6607 comm="syz.2.1307" path="socket:[14935]" dev="sockfs" ino=14935 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 84.963533][ T29] audit: type=1400 audit(1760790079.758:1829): avc: denied { ioctl } for pid=6609 comm="syz.1.1308" path="socket:[14272]" dev="sockfs" ino=14272 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 85.005136][ T29] audit: type=1400 audit(1760790079.798:1830): avc: denied { bind } for pid=6613 comm="syz.1.1309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 85.045088][ T29] audit: type=1400 audit(1760790079.838:1831): avc: denied { bind } for pid=6615 comm="syz.2.1310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 85.065291][ T29] audit: type=1400 audit(1760790079.858:1832): avc: denied { write } for pid=6615 comm="syz.2.1310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 85.102756][ T29] audit: type=1400 audit(1760790079.898:1833): avc: denied { listen } for pid=6617 comm="syz.2.1311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 85.210314][ T6624] netlink: 'syz.1.1313': attribute type 10 has an invalid length. [ 85.219576][ T6624] team0: Port device dummy0 added [ 85.228757][ T6624] netlink: 'syz.1.1313': attribute type 10 has an invalid length. [ 85.237225][ T6624] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 85.247841][ T6624] team0: Failed to send options change via netlink (err -105) [ 85.255507][ T6624] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 85.265990][ T6624] team0: Port device dummy0 removed [ 85.274502][ T6624] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 85.378865][ T6635] loop0: detected capacity change from 0 to 512 [ 85.385636][ T6635] EXT4-fs: Ignoring removed mblk_io_submit option [ 85.393845][ T6635] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 85.402837][ T6635] EXT4-fs error (device loop0): ext4_clear_blocks:876: inode #13: comm syz.0.1317: attempt to clear invalid blocks 2 len 1 [ 85.416820][ T6635] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 85.431926][ T6635] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.1317: invalid indirect mapped block 1819239214 (level 0) [ 85.446686][ T6635] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.1317: invalid indirect mapped block 1819239214 (level 1) [ 85.462913][ T6635] EXT4-fs (loop0): 1 truncate cleaned up [ 85.469516][ T6635] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.490141][ T6635] EXT4-fs error (device loop0): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.0.1317: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 85.514154][ T6635] EXT4-fs error (device loop0): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.0.1317: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 85.522381][ T6639] pim6reg1: entered promiscuous mode [ 85.539847][ T6639] pim6reg1: entered allmulticast mode [ 85.577008][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.688698][ T29] audit: type=1400 audit(1760790080.488:1834): avc: denied { map } for pid=6644 comm="syz.3.1320" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 85.762866][ T6649] tipc: Enabled bearer , priority 0 [ 85.776231][ T6649] syzkaller0: MTU too low for tipc bearer [ 85.782064][ T6649] tipc: Disabling bearer [ 86.491172][ T29] audit: type=1326 audit(1760790081.288:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6675 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 86.514767][ T29] audit: type=1326 audit(1760790081.288:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6675 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 86.538412][ T29] audit: type=1326 audit(1760790081.288:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6675 comm="syz.1.1333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 86.813693][ T6694] tipc: Enabled bearer , priority 0 [ 86.822423][ T6694] syzkaller0: MTU too low for tipc bearer [ 86.828400][ T6694] tipc: Disabling bearer [ 87.075188][ T6703] syzkaller0: entered promiscuous mode [ 87.080811][ T6703] syzkaller0: entered allmulticast mode [ 87.292676][ T6716] SELinux: ebitmap: truncated map [ 87.299478][ T6716] SELinux: failed to load policy [ 87.321182][ T6719] loop2: detected capacity change from 0 to 512 [ 87.359857][ T6719] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 87.373865][ T6719] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 87.459098][ T6719] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 87.527449][ T6719] EXT4-fs (loop2): 1 truncate cleaned up [ 87.533533][ T6719] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.570521][ T6724] SELinux: ebitmap start bit (7340096) is beyond the end of the bitmap (1472) [ 87.580450][ T6724] SELinux: failed to load policy [ 87.580915][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.710396][ T6740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1360'. [ 87.964437][ T6762] loop0: detected capacity change from 0 to 2048 [ 88.019530][ T6762] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 88.091562][ T6762] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 88.168944][ T6762] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1778 with error 28 [ 88.181560][ T6762] EXT4-fs (loop0): This should not happen!! Data will be lost [ 88.181560][ T6762] [ 88.191487][ T6762] EXT4-fs (loop0): Total free blocks count 0 [ 88.197585][ T6762] EXT4-fs (loop0): Free/Dirty block details [ 88.203582][ T6762] EXT4-fs (loop0): free_blocks=2415919104 [ 88.209520][ T6762] EXT4-fs (loop0): dirty_blocks=1792 [ 88.214951][ T6762] EXT4-fs (loop0): Block reservation details [ 88.221123][ T6762] EXT4-fs (loop0): i_reserved_data_blocks=112 [ 88.275968][ T6782] sch_tbf: burst 274 is lower than device lo mtu (65550) ! [ 88.354930][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 88.357106][ T6786] C: renamed from vlan0 (while UP) [ 88.376485][ T3312] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 88.387882][ T3312] CPU: 1 UID: 0 PID: 3312 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) [ 88.387971][ T3312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 88.387988][ T3312] Call Trace: [ 88.387996][ T3312] [ 88.388005][ T3312] __dump_stack+0x1d/0x30 [ 88.388032][ T3312] dump_stack_lvl+0xe8/0x140 [ 88.388057][ T3312] dump_stack+0x15/0x1b [ 88.388099][ T3312] dump_header+0x81/0x220 [ 88.388141][ T3312] oom_kill_process+0x342/0x400 [ 88.388180][ T3312] out_of_memory+0x979/0xb80 [ 88.388296][ T3312] try_charge_memcg+0x610/0xa10 [ 88.388336][ T3312] charge_memcg+0x51/0xc0 [ 88.388412][ T3312] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 88.388444][ T3312] __read_swap_cache_async+0x17b/0x2d0 [ 88.388499][ T3312] swap_cluster_readahead+0x262/0x3c0 [ 88.388530][ T3312] swapin_readahead+0xde/0x6f0 [ 88.388551][ T3312] ? css_rstat_updated+0xb7/0x240 [ 88.388648][ T3312] ? mod_memcg_lruvec_state+0x1fc/0x2c0 [ 88.388683][ T3312] ? __rcu_read_unlock+0x4f/0x70 [ 88.388809][ T3312] ? __rcu_read_unlock+0x4f/0x70 [ 88.388836][ T3312] ? swap_cache_get_folio+0x277/0x280 [ 88.388875][ T3312] do_swap_page+0x2ae/0x2370 [ 88.388952][ T3312] ? _raw_spin_unlock+0x26/0x50 [ 88.389038][ T3312] ? finish_task_switch+0xad/0x2b0 [ 88.389128][ T3312] ? __pfx_default_wake_function+0x10/0x10 [ 88.389176][ T3312] handle_mm_fault+0x9a5/0x2be0 [ 88.389203][ T3312] ? vma_start_read+0x141/0x1f0 [ 88.389241][ T3312] do_user_addr_fault+0x630/0x1080 [ 88.389264][ T3312] ? fpregs_restore_userregs+0xe2/0x1d0 [ 88.389299][ T3312] ? switch_fpu_return+0xe/0x20 [ 88.389404][ T3312] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 88.389438][ T3312] exc_page_fault+0x62/0xa0 [ 88.389463][ T3312] asm_exc_page_fault+0x26/0x30 [ 88.389532][ T3312] RIP: 0033:0x7f1393c91845 [ 88.389551][ T3312] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 1e 6d 1f 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74 [ 88.389715][ T3312] RSP: 002b:00007ffcd11e9168 EFLAGS: 00010246 [ 88.389736][ T3312] RAX: 0000000000000000 RBX: 000000000000025e RCX: 00007f1393c91843 [ 88.389752][ T3312] RDX: 00007ffcd11e9180 RSI: 0000000000000000 RDI: 0000000000000000 [ 88.389847][ T3312] RBP: 00007ffcd11e91ec R08: 000000000fe427dc R09: 0000000000000000 [ 88.389864][ T3312] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388 [ 88.389879][ T3312] R13: 00000000000927c0 R14: 0000000000015725 R15: 00007ffcd11e9240 [ 88.389903][ T3312] [ 88.389912][ T3312] memory: usage 307200kB, limit 307200kB, failcnt 451 [ 88.647246][ T3312] memory+swap: usage 1504kB, limit 9007199254740988kB, failcnt 0 [ 88.655118][ T3312] kmem: usage 616kB, limit 9007199254740988kB, failcnt 0 [ 88.662433][ T3312] Memory cgroup stats for /syz3: [ 88.663408][ T3312] cache 1048576 [ 88.672001][ T3312] rss 114688 [ 88.675216][ T3312] shmem 0 [ 88.678284][ T3312] mapped_file 12288 [ 88.682256][ T3312] dirty 12288 [ 88.685559][ T3312] writeback 0 [ 88.689065][ T3312] workingset_refault_anon 36 [ 88.693775][ T3312] workingset_refault_file 244 [ 88.698517][ T3312] swap 65536 [ 88.701863][ T3312] swapcached 131072 [ 88.705867][ T3312] pgpgin 71250 [ 88.709386][ T3312] pgpgout 70959 [ 88.712954][ T3312] pgfault 75163 [ 88.716616][ T3312] pgmajfault 14 [ 88.720136][ T3312] inactive_anon 16384 [ 88.724142][ T3312] active_anon 118784 [ 88.728157][ T3312] inactive_file 0 [ 88.731818][ T3312] active_file 1015808 [ 88.735801][ T3312] unevictable 0 [ 88.739363][ T3312] hierarchical_memory_limit 314572800 [ 88.744751][ T3312] hierarchical_memsw_limit 9223372036854771712 [ 88.750996][ T3312] total_cache 1048576 [ 88.754992][ T3312] total_rss 114688 [ 88.758886][ T3312] total_shmem 0 [ 88.762372][ T3312] total_mapped_file 12288 [ 88.766704][ T3312] total_dirty 12288 [ 88.770641][ T3312] total_writeback 0 [ 88.774549][ T3312] total_workingset_refault_anon 36 [ 88.779777][ T3312] total_workingset_refault_file 244 [ 88.785059][ T3312] total_swap 65536 [ 88.788904][ T3312] total_swapcached 131072 [ 88.793270][ T3312] total_pgpgin 71250 [ 88.797171][ T3312] total_pgpgout 70959 [ 88.801327][ T3312] total_pgfault 75163 [ 88.805641][ T3312] total_pgmajfault 14 [ 88.809874][ T3312] total_inactive_anon 16384 [ 88.814388][ T3312] total_active_anon 118784 [ 88.819018][ T3312] total_inactive_file 0 [ 88.823189][ T3312] total_active_file 1015808 [ 88.827836][ T3312] total_unevictable 0 [ 88.831838][ T3312] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1360,pid=6739,uid=0 [ 88.846735][ T3312] Memory cgroup out of memory: Killed process 6739 (syz.3.1360) total-vm:96004kB, anon-rss:1136kB, file-rss:22448kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 88.885552][ T6794] loop2: detected capacity change from 0 to 512 [ 88.916435][ T6796] sd 0:0:1:0: device reset [ 88.921970][ T6794] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 88.941220][ T6794] EXT4-fs (loop2): orphan cleanup on readonly fs [ 88.952043][ T6794] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #16: comm syz.2.1378: corrupted inode contents [ 88.964539][ T6794] EXT4-fs (loop2): Remounting filesystem read-only [ 88.971294][ T6794] EXT4-fs (loop2): 1 truncate cleaned up [ 88.977235][ T3758] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 88.988115][ T3758] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 89.002282][ T3758] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 89.013308][ T6794] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 89.029062][ T6805] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1382'. [ 89.038236][ T6805] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1382'. [ 89.048493][ T6805] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1382'. [ 89.058194][ T6805] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1382'. [ 89.067479][ T6805] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1382'. [ 89.130742][ T6813] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1386'. [ 89.151575][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.200258][ T6815] loop0: detected capacity change from 0 to 512 [ 89.229620][ T6815] EXT4-fs warning (device loop0): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 89.246813][ T6815] EXT4-fs (loop0): mount failed [ 89.605907][ T6871] netlink: 87 bytes leftover after parsing attributes in process `syz.0.1401'. [ 89.691125][ T6887] sch_tbf: burst 274 is lower than device lo mtu (65550) ! [ 90.652199][ T6915] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 90.652199][ T6915] program syz.4.1420 not setting count and/or reply_len properly [ 90.652524][ T29] kauditd_printk_skb: 188 callbacks suppressed [ 90.652543][ T29] audit: type=1400 audit(1760790085.448:2019): avc: denied { write } for pid=6914 comm="syz.4.1420" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 90.735129][ T29] audit: type=1326 audit(1760790085.528:2020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 90.759434][ T29] audit: type=1326 audit(1760790085.558:2021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 90.783172][ T29] audit: type=1326 audit(1760790085.558:2022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 90.812208][ T6919] netlink: 'syz.4.1422': attribute type 29 has an invalid length. [ 90.817377][ T29] audit: type=1326 audit(1760790085.558:2023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 90.831772][ T6923] sd 0:0:1:0: device reset [ 90.843901][ T29] audit: type=1326 audit(1760790085.558:2024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 90.872372][ T29] audit: type=1326 audit(1760790085.558:2025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 90.895908][ T29] audit: type=1326 audit(1760790085.558:2026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 90.919733][ T29] audit: type=1326 audit(1760790085.558:2027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 90.943595][ T29] audit: type=1326 audit(1760790085.558:2028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6916 comm="syz.1.1421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 90.969510][ T6924] netlink: 500 bytes leftover after parsing attributes in process `syz.4.1422'. [ 90.981509][ T6919] netlink: 'syz.4.1422': attribute type 29 has an invalid length. [ 91.154031][ T6945] loop0: detected capacity change from 0 to 512 [ 91.169443][ T6945] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.182420][ T6945] ext4 filesystem being mounted at /251/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.201225][ T6945] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 91.201225][ T6945] program syz.0.1433 not setting count and/or reply_len properly [ 91.230126][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.793558][ T6981] loop0: detected capacity change from 0 to 512 [ 91.800677][ T6981] EXT4-fs: Ignoring removed mblk_io_submit option [ 91.807432][ T6981] EXT4-fs: Ignoring removed nomblk_io_submit option [ 91.815256][ T6981] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 91.824272][ T6981] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 91.839251][ T6981] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4193: comm syz.0.1447: Allocating blocks 41-42 which overlap fs metadata [ 91.853473][ T6981] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4193: comm syz.0.1447: Allocating blocks 41-42 which overlap fs metadata [ 91.868417][ T6981] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.1447: Failed to acquire dquot type 1 [ 91.880479][ T6981] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 91.901785][ T6981] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #12: comm syz.0.1447: corrupted inode contents [ 91.923888][ T6981] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #12: comm syz.0.1447: mark_inode_dirty error [ 91.936908][ T6981] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #12: comm syz.0.1447: corrupted inode contents [ 91.949972][ T6981] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #12: comm syz.0.1447: mark_inode_dirty error [ 91.961834][ T6981] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #12: comm syz.0.1447: corrupted inode contents [ 91.974290][ T6981] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem [ 91.983513][ T6981] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #12: comm syz.0.1447: corrupted inode contents [ 91.996526][ T6981] EXT4-fs error (device loop0): ext4_truncate:4637: inode #12: comm syz.0.1447: mark_inode_dirty error [ 92.008698][ T6981] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem [ 92.020236][ T6981] EXT4-fs (loop0): 1 truncate cleaned up [ 92.026610][ T6981] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.074408][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.110298][ T7019] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 92.117868][ T7019] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 92.125657][ T7019] vhci_hcd: default hub control req: 230f v0004 i0000 l3 [ 92.163083][ T7025] netlink: 'syz.1.1465': attribute type 29 has an invalid length. [ 92.173121][ T7025] netlink: 'syz.1.1465': attribute type 29 has an invalid length. [ 92.182629][ T7025] netlink: 500 bytes leftover after parsing attributes in process `syz.1.1465'. [ 92.261290][ T7032] loop0: detected capacity change from 0 to 512 [ 92.278813][ T7032] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 92.287495][ T7032] EXT4-fs (loop0): orphan cleanup on readonly fs [ 92.296463][ T7032] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #16: comm syz.0.1468: corrupted inode contents [ 92.316244][ T7032] EXT4-fs (loop0): Remounting filesystem read-only [ 92.323467][ T7032] EXT4-fs (loop0): 1 truncate cleaned up [ 92.329468][ T3758] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 92.340226][ T3758] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 92.357468][ T3758] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 92.393794][ T7032] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 92.554009][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.558153][ T7058] batadv_slave_1: entered promiscuous mode [ 92.572864][ T7058] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1480'. [ 92.584328][ T7058] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 92.613026][ T7058] batadv_slave_1 (unregistering): left promiscuous mode [ 92.620276][ T7058] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 92.666737][ T7060] veth1_macvtap: left promiscuous mode [ 92.672503][ T7060] macsec0: entered promiscuous mode [ 92.677968][ T7060] macsec0: entered allmulticast mode [ 92.684211][ T7066] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 92.691994][ T7066] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 92.699674][ T7066] vhci_hcd: default hub control req: 230f v0004 i0000 l3 [ 92.707092][ T7064] veth1_macvtap: entered promiscuous mode [ 92.712922][ T7064] veth1_macvtap: entered allmulticast mode [ 92.825489][ T7080] netlink: 'syz.2.1488': attribute type 29 has an invalid length. [ 92.860298][ T7078] sg_write: data in/out 268435420/8 bytes for SCSI command 0x63-- guessing data in; [ 92.860298][ T7078] program syz.4.1497 not setting count and/or reply_len properly [ 92.879222][ T7080] netlink: 'syz.2.1488': attribute type 29 has an invalid length. [ 93.026345][ T7102] batadv_slave_1: entered promiscuous mode [ 93.038680][ T7102] batadv_slave_1 (unregistering): left promiscuous mode [ 93.045905][ T7102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.086111][ T7107] wg2: entered promiscuous mode [ 93.091240][ T7107] wg2: entered allmulticast mode [ 93.338707][ T7138] bridge: RTM_NEWNEIGH with invalid ether address [ 93.503436][ T7147] macsec0: entered promiscuous mode [ 93.508835][ T7147] macsec0: entered allmulticast mode [ 93.526638][ T7147] veth1_macvtap: entered allmulticast mode [ 93.652078][ T7161] loop0: detected capacity change from 0 to 128 [ 93.663756][ T7164] ÿÿÿÿÿÿ: renamed from vlan1 [ 93.676444][ T7161] syz.0.1527: attempt to access beyond end of device [ 93.676444][ T7161] loop0: rw=2049, sector=154, nr_sectors = 6 limit=128 [ 93.693723][ T7161] syz.0.1527: attempt to access beyond end of device [ 93.693723][ T7161] loop0: rw=2049, sector=158, nr_sectors = 2 limit=128 [ 93.707485][ T7161] Buffer I/O error on dev loop0, logical block 79, lost async page write [ 93.716228][ T7161] syz.0.1527: attempt to access beyond end of device [ 93.716228][ T7161] loop0: rw=2049, sector=160, nr_sectors = 2 limit=128 [ 93.730081][ T7161] Buffer I/O error on dev loop0, logical block 80, lost async page write [ 93.740031][ T7161] syz.0.1527: attempt to access beyond end of device [ 93.740031][ T7161] loop0: rw=2049, sector=162, nr_sectors = 6 limit=128 [ 93.754769][ T7161] syz.0.1527: attempt to access beyond end of device [ 93.754769][ T7161] loop0: rw=2049, sector=166, nr_sectors = 2 limit=128 [ 93.768828][ T7161] Buffer I/O error on dev loop0, logical block 83, lost async page write [ 93.779656][ T7161] syz.0.1527: attempt to access beyond end of device [ 93.779656][ T7161] loop0: rw=2049, sector=168, nr_sectors = 2 limit=128 [ 93.793398][ T7161] Buffer I/O error on dev loop0, logical block 84, lost async page write [ 93.803238][ T7161] syz.0.1527: attempt to access beyond end of device [ 93.803238][ T7161] loop0: rw=2049, sector=186, nr_sectors = 6 limit=128 [ 93.818752][ T7161] syz.0.1527: attempt to access beyond end of device [ 93.818752][ T7161] loop0: rw=2049, sector=190, nr_sectors = 2 limit=128 [ 93.832711][ T7161] Buffer I/O error on dev loop0, logical block 95, lost async page write [ 93.844999][ T7161] syz.0.1527: attempt to access beyond end of device [ 93.844999][ T7161] loop0: rw=2049, sector=192, nr_sectors = 2 limit=128 [ 93.859279][ T7161] Buffer I/O error on dev loop0, logical block 96, lost async page write [ 93.870000][ T7161] syz.0.1527: attempt to access beyond end of device [ 93.870000][ T7161] loop0: rw=2049, sector=194, nr_sectors = 6 limit=128 [ 93.885959][ T7161] Buffer I/O error on dev loop0, logical block 99, lost async page write [ 93.896172][ T7161] Buffer I/O error on dev loop0, logical block 100, lost async page write [ 93.907250][ T7161] Buffer I/O error on dev loop0, logical block 111, lost async page write [ 93.916530][ T7161] Buffer I/O error on dev loop0, logical block 112, lost async page write [ 93.934306][ T7181] loop2: detected capacity change from 0 to 1024 [ 93.949230][ T7181] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 94.001754][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.042979][ T7193] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=7193 comm=syz.2.1542 [ 94.950213][ T7221] loop0: detected capacity change from 0 to 1024 [ 94.963980][ T7222] __nla_validate_parse: 4 callbacks suppressed [ 94.963995][ T7222] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1552'. [ 94.987450][ T7222] netlink: 416 bytes leftover after parsing attributes in process `syz.2.1552'. [ 95.002658][ T7221] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.055977][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.111893][ T7230] pim6reg1: entered promiscuous mode [ 95.118650][ T7230] pim6reg1: entered allmulticast mode [ 95.273959][ T7239] loop2: detected capacity change from 0 to 128 [ 95.293965][ T7239] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 95.330561][ T7239] ext4 filesystem being mounted at /270/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 95.413835][ T3322] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 95.520529][ T7257] SELinux: failed to load policy [ 95.821262][ T7289] loop2: detected capacity change from 0 to 512 [ 95.839826][ T7289] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.853476][ T7289] ext4 filesystem being mounted at /274/control supports timestamps until 2038-01-19 (0x7fffffff) [ 95.868236][ T29] kauditd_printk_skb: 216 callbacks suppressed [ 95.868255][ T29] audit: type=1400 audit(1760790090.668:2235): avc: denied { create } for pid=7288 comm="syz.2.1579" name="control" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 95.912671][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.977016][ T7305] vhci_hcd: invalid port number 67 [ 95.982250][ T7305] vhci_hcd: default hub control req: 2006 v0018 i0043 l0 [ 96.385039][ T29] audit: type=1400 audit(1760790091.178:2236): avc: denied { name_bind 0x1000000 } for pid=7326 comm="syz.4.1594" path="socket:[17409]" dev="sockfs" ino=17409 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 96.470728][ T29] audit: type=1326 audit(1760790091.268:2237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7332 comm="syz.3.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 96.497168][ T29] audit: type=1326 audit(1760790091.268:2238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7332 comm="syz.3.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 96.521855][ T29] audit: type=1326 audit(1760790091.268:2239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7332 comm="syz.3.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 96.546968][ T29] audit: type=1326 audit(1760790091.268:2240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7332 comm="syz.3.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 96.570936][ T29] audit: type=1326 audit(1760790091.268:2241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7332 comm="syz.3.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 96.595466][ T29] audit: type=1400 audit(1760790091.268:2242): avc: denied { create } for pid=7332 comm="syz.3.1605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 96.616250][ T29] audit: type=1326 audit(1760790091.268:2243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7332 comm="syz.3.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 96.641990][ T29] audit: type=1326 audit(1760790091.268:2244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7332 comm="syz.3.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1393c5efc9 code=0x7ffc0000 [ 96.828459][ T7351] loop0: detected capacity change from 0 to 256 [ 96.892184][ T7359] netlink: 'syz.2.1610': attribute type 1 has an invalid length. [ 96.904660][ T7359] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1610'. [ 96.971922][ T7367] loop0: detected capacity change from 0 to 512 [ 96.984821][ T7367] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 96.996484][ T7367] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #2: block 9: comm syz.0.1612: lblock 0 mapped to illegal pblock 9 (length 1) [ 97.015762][ T7367] EXT4-fs (loop0): mount failed [ 97.086564][ T3723] Bluetooth: hci0: Frame reassembly failed (-84) [ 97.311613][ T7397] loop0: detected capacity change from 0 to 512 [ 97.330619][ T7397] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.343739][ T7397] ext4 filesystem being mounted at /295/control supports timestamps until 2038-01-19 (0x7fffffff) [ 97.377636][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.404248][ T7403] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 97.452794][ T7407] loop0: detected capacity change from 0 to 1024 [ 97.459899][ T7407] EXT4-fs: Ignoring removed orlov option [ 97.465768][ T7407] EXT4-fs: Ignoring removed nomblk_io_submit option [ 97.480498][ T7407] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.529516][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.547821][ T7415] netlink: 'syz.1.1634': attribute type 1 has an invalid length. [ 97.562958][ T7415] 8021q: adding VLAN 0 to HW filter on device bond1 [ 97.572611][ T7415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1634'. [ 97.583819][ T7415] bond1 (unregistering): Released all slaves [ 97.601584][ T7420] loop0: detected capacity change from 0 to 512 [ 97.608877][ T7420] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 97.621199][ T7420] EXT4-fs (loop0): 1 truncate cleaned up [ 97.627567][ T7420] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.756921][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.776230][ T7428] loop0: detected capacity change from 0 to 128 [ 97.985651][ T7437] SELinux: ebitmap: truncated map [ 97.992342][ T7437] SELinux: failed to load policy [ 98.016691][ T7440] netlink: 'syz.0.1642': attribute type 1 has an invalid length. [ 98.047982][ T7440] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1642'. [ 98.084025][ T7444] wg2: entered promiscuous mode [ 98.089157][ T7444] wg2: entered allmulticast mode [ 98.207140][ T7453] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1647'. [ 98.264177][ T3705] Bluetooth: hci1: Frame reassembly failed (-84) [ 98.271671][ T7457] Bluetooth: hci1: Frame reassembly failed (-90) [ 98.315718][ T7462] loop2: detected capacity change from 0 to 2048 [ 98.508616][ T7471] netlink: 'syz.1.1654': attribute type 1 has an invalid length. [ 98.537472][ T7471] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1654'. [ 98.575281][ T3758] Bluetooth: hci2: Frame reassembly failed (-84) [ 98.847175][ T7498] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping [ 99.117449][ T3895] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 99.117562][ T7482] Bluetooth: hci0: command 0x1003 tx timeout [ 99.146008][ T7510] netlink: 'syz.3.1669': attribute type 1 has an invalid length. [ 99.196517][ T7510] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1669'. [ 99.246737][ T7521] loop2: detected capacity change from 0 to 512 [ 99.261818][ T7521] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.275431][ T7521] ext4 filesystem being mounted at /292/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.345492][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.357233][ T7531] sd 0:0:1:0: device reset [ 99.437930][ T3758] Bluetooth: hci0: Frame reassembly failed (-84) [ 99.501092][ T7544] SELinux: ebitmap: truncated map [ 99.508400][ T7544] SELinux: failed to load policy [ 99.997483][ T7559] pim6reg1: entered promiscuous mode [ 100.003135][ T7559] pim6reg1: entered allmulticast mode [ 100.148242][ T7565] sit0: entered allmulticast mode [ 100.158411][ T7565] sit0: entered promiscuous mode [ 100.317772][ T44] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 100.321994][ T3895] Bluetooth: hci1: command 0x1003 tx timeout [ 100.349207][ T7572] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping [ 100.380067][ T7574] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.432450][ T7574] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.474078][ T7574] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.554617][ T7574] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.585559][ T122] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.597694][ T122] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.609609][ T3758] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.620833][ T122] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.637400][ T7458] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 100.637545][ T44] Bluetooth: hci2: command 0x1003 tx timeout [ 100.673615][ T7579] IPv6: Can't replace route, no match found [ 100.774666][ T7592] loop0: detected capacity change from 0 to 1024 [ 100.781522][ T7592] EXT4-fs: Ignoring removed orlov option [ 100.799831][ T7592] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.815600][ T7596] futex_wake_op: syz.4.1706 tries to shift op by 144; fix this program [ 100.840362][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.860801][ T3723] Bluetooth: hci1: Frame reassembly failed (-84) [ 100.867797][ T7603] Bluetooth: hci1: Frame reassembly failed (-90) [ 100.944108][ T29] kauditd_printk_skb: 66 callbacks suppressed [ 100.944125][ T29] audit: type=1400 audit(1760790095.738:2311): avc: denied { watch watch_reads } for pid=7604 comm="syz.4.1709" path="/372/file1" dev="tmpfs" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 101.065418][ T7613] sd 0:0:1:0: device reset [ 101.205670][ T7615] futex_wake_op: syz.4.1714 tries to shift op by 144; fix this program [ 101.517562][ T44] Bluetooth: hci0: command 0x1003 tx timeout [ 101.523673][ T7482] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 101.565098][ T29] audit: type=1400 audit(1760790096.358:2312): avc: denied { remount } for pid=7649 comm="syz.1.1730" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 101.666239][ T29] audit: type=1400 audit(1760790096.458:2313): avc: denied { ioctl } for pid=7657 comm="syz.2.1742" path="socket:[18926]" dev="sockfs" ino=18926 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 101.767236][ T7661] loop2: detected capacity change from 0 to 1024 [ 101.774406][ T7661] EXT4-fs: Ignoring removed orlov option [ 101.787813][ T7661] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.394989][ T7664] ================================================================== [ 102.403368][ T7664] BUG: KCSAN: data-race in generic_buffers_fsync_noflush / inode_cgwb_move_to_attached [ 102.413240][ T7664] [ 102.415586][ T7664] write to 0xffff88811a867a18 of 4 bytes by task 7661 on cpu 1: [ 102.423246][ T7664] inode_cgwb_move_to_attached+0x9b/0x310 [ 102.429124][ T7664] writeback_single_inode+0x2b5/0x3f0 [ 102.434663][ T7664] sync_inode_metadata+0x5b/0x90 [ 102.439748][ T7664] generic_buffers_fsync_noflush+0xd9/0x120 [ 102.445676][ T7664] ext4_sync_file+0x1ab/0x690 [ 102.450382][ T7664] vfs_fsync_range+0x10d/0x130 [ 102.455371][ T7664] ext4_buffered_write_iter+0x34f/0x3c0 [ 102.461037][ T7664] ext4_file_write_iter+0x387/0xf60 [ 102.466371][ T7664] iter_file_splice_write+0x666/0xa60 [ 102.471817][ T7664] direct_splice_actor+0x156/0x2a0 [ 102.477080][ T7664] splice_direct_to_actor+0x312/0x680 [ 102.482585][ T7664] do_splice_direct+0xda/0x150 [ 102.487555][ T7664] do_sendfile+0x380/0x650 [ 102.492101][ T7664] __x64_sys_sendfile64+0x105/0x150 [ 102.497341][ T7664] x64_sys_call+0x2bb4/0x3000 [ 102.502259][ T7664] do_syscall_64+0xd2/0x200 [ 102.507066][ T7664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.513076][ T7664] [ 102.515417][ T7664] read to 0xffff88811a867a18 of 4 bytes by task 7664 on cpu 0: [ 102.523168][ T7664] generic_buffers_fsync_noflush+0x80/0x120 [ 102.529101][ T7664] ext4_sync_file+0x1ab/0x690 [ 102.533814][ T7664] vfs_fsync_range+0x10d/0x130 [ 102.538620][ T7664] ext4_buffered_write_iter+0x34f/0x3c0 [ 102.544241][ T7664] ext4_file_write_iter+0x387/0xf60 [ 102.549496][ T7664] iter_file_splice_write+0x666/0xa60 [ 102.554982][ T7664] direct_splice_actor+0x156/0x2a0 [ 102.560139][ T7664] splice_direct_to_actor+0x312/0x680 [ 102.565630][ T7664] do_splice_direct+0xda/0x150 [ 102.570419][ T7664] do_sendfile+0x380/0x650 [ 102.574957][ T7664] __x64_sys_sendfile64+0x105/0x150 [ 102.580289][ T7664] x64_sys_call+0x2bb4/0x3000 [ 102.584993][ T7664] do_syscall_64+0xd2/0x200 [ 102.589607][ T7664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.595707][ T7664] [ 102.598227][ T7664] value changed: 0x00000002 -> 0x00000040 [ 102.604043][ T7664] [ 102.606572][ T7664] Reported by Kernel Concurrency Sanitizer on: [ 102.612839][ T7664] CPU: 0 UID: 0 PID: 7664 Comm: syz.2.1733 Not tainted syzkaller #0 PREEMPT(voluntary) [ 102.622760][ T7664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 102.632844][ T7664] ================================================================== [ 102.724646][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.878258][ T7482] Bluetooth: hci1: command 0x1003 tx timeout [ 102.884304][ T7458] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 102.978149][ T29] audit: type=1326 audit(1760790097.778:2314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7667 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 103.013009][ T29] audit: type=1326 audit(1760790097.808:2315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7667 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 103.037103][ T29] audit: type=1326 audit(1760790097.808:2316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7667 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 103.060961][ T29] audit: type=1326 audit(1760790097.808:2317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7667 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 103.084723][ T29] audit: type=1326 audit(1760790097.808:2318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7667 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 103.108395][ T29] audit: type=1326 audit(1760790097.808:2319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7667 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000 [ 103.131944][ T29] audit: type=1326 audit(1760790097.808:2320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7667 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ddd5efc9 code=0x7ffc0000