last executing test programs: 2.806383537s ago: executing program 2 (id=668): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000011c0)="93bffce623851797a8dc79018d7716840ffc6941c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c35225ff95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b67bcb1b997ce8b6325d151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb6fc40b5d175e86ac0b7a9fd7f1748af98902340eb", 0xa4}, {&(0x7f0000000e40)="029993440c7a0c95d3bb8cf353fd63ca88ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c364fb7ac429e434ccb0320483c0604aaf296d8218e240055cb92f17b1b47fd7b1b178ca001c470155ed985a179f87c9bc40206c86df9abc5be93ce0d96", 0x71}, {&(0x7f0000000f80)="ec75d081fcb7e79634ec1a1abfdebb6a38b0c57cc77b83d2eea81aad8f73b36abc2019cb08fcaaec9647a07d0a0965f0f1e39afd84e7e2523aaded5e1e36fcc90c269ad6d38d57619127cee4253655c33b71054226c3b00b9ee6ae29f0b07bc6fe7981126ca804c1f64e6c19ba36b2778c5f4a1c58625fe19516af43c9870c5b8191e23778abe7df2280d459b1651686a53ca52dce95704431153f9c2903ae4c868074e89477bf6ed2ab648b0498ac8c0f90844ed9a26675199d5ff9b391c1dec077b5099cf9aecd1a9d94e235a71b80fa7ef3bcd2179fee3518f3d2c6b4e7ee889c5827c7ad7e53ace3a253a5ddb477f09a58550a49a339e1acefcc69a3dab0b39c4087f78983e938babb909e104858a3914762f2471b43abf5928140d095689f5db1d348d151e12ebedeb2ae484da324e7d7881c34e717c17fda7c8f0f6f67415bd28b4e8bca86b336d8918eef0ea867a21455c1a6f187f86ffab6e306d536561acf0da3af725b56eef508902e3f05", 0x170}], 0x3}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000700)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6bb3", 0x2b}, {&(0x7f0000000740)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc487553859348d48e6fc49d81c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b95e269169f5f7b51dd5319b8016623d1863d70581691a79a6678db1e5e7fa1c98c5b9e4a87272e9c4a1bde5fbc390c7ccb9d3c1020e80bd0659e82d861dc6fe4c62639134c54e708601eae992000000", 0xd2}, {&(0x7f0000000a00)="5be3b011e12323e4ab88c0472f0700000000000000e71ba62334303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000000000d6e36e737691a1c6bd2a64b2a85cbaaf648c9100000000000000", 0x7a}, {&(0x7f0000000ac0)="bd2f6aa36cea0e62ac00a4539dd80281164750339fcc3cd1f7bb1b74e98dbbe81e997d4847ee5d06a72e6f1c6b8a873c7ea7760f102483b578526af9775e51b84818d0", 0x43}, {&(0x7f0000000840)="d31547c4f8a72a1d1f163c917e6e9ec6044b034b0fb9ad2702a1952a1914f33cdc35f1bc4139b5b35c886ad316729ceb015bdfaaae494bd9b206f9b201fe6e3f06f72abee112774d0fc530e9b05abf1a8df5a4a0cf9931e439d263fd5308507f32e9fc5a26752d6d5b984699efb70fb7f6f59c93dff1549946427fc420bd55256245dfe8090300000000000000823af43dbb8a8ab1e1b20809cca5d52803afb14c76b97dc2ca4f7bf783579e6fcfe7f7e9105b3bc57414bd4da31fd1f155dd075ebda47cb00d0c", 0xc7}, {&(0x7f0000000bc0)="91f863dc974c0b31640ea56f5f2219e02b867338a4451b988393b9364939b45ee08a130e785e56198dbd0b4eed", 0x2d}], 0x6}}, {{0x0, 0x0, &(0x7f0000000580)}}], 0x3, 0xc0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 1.986374442s ago: executing program 1 (id=676): syz_emit_ethernet(0x86, &(0x7f0000000500)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "9d42a08597d3b2f44ac89b1b52cc6728d6697d4cebc8f2f062c6f91f224aaacc", "99bd3410936eefeb3ea898dafab974aa", {"96deedc95f5d10a12027128db2e9bdf6", "f838a300b01b0e19ecdf00b20600"}}}}}}}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000300)={@random="e90c630faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xe0e0, 0xff, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x8}}}}}, 0x0) 1.970211774s ago: executing program 2 (id=679): r0 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000600)='$h', 0x0) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f00000005c0)='dE\x00', 0x0, r0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000280)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf10xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0x4c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0) 1.550590091s ago: executing program 4 (id=687): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="1e0334003c5c980128876360864668f82f0008fa000000000000ffd2acb165fe580cd568cd1f31b87b548cb74136f366da0a0101"], 0x3e) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="1e0308"], 0xffdd) 1.521496065s ago: executing program 3 (id=689): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0xb2, 0x4) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000280)=0x181, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f00000002c0)=0x6, 0x4) recvmmsg(r0, &(0x7f0000000300)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001fc0)=""/136, 0x88}}], 0x1, 0x2000, 0x0) 1.505280357s ago: executing program 3 (id=690): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x1004404, &(0x7f0000000240)={[{@noinit_itable}, {@dioread_lock}, {@noauto_da_alloc}, {@lazytime}, {@nombcache}, {@max_batch_time={'max_batch_time', 0x3d, 0xa}}]}, 0x23, 0x44d, &(0x7f0000000980)="$eJzs28tvG0UYAPBv7SR9k1CVRx9AoCDKK2nSUnpAQiCQOICEBIdyDElalboNaoJEq4oWhMoRVeLEBXFE4i/gBBcEnJC4wh1VqlAvLZyM1t5NbMd2HnXsUP9+0jozu2PPfN6d9exONoC+NZq+JBE7I+KPiBiuZusLjFb/3L55afqfm5emkyiX3/47qZS7dfPSdF40f9+OPDMQUfgsif1N6p2/cPHMVKk0ez7Ljy+c/WB8/sLF506fnTo1e2r23OTx40ePTLxwbPL5jsSZxnVr38dzB/a+/u61N6dPXHvvl++SPP6GODpktN3GJ8rlDlfXW7tq0slADxvCmhSr3TQGK/1/OIqxtPOG47VPe9o4YEOVy+Xy/a03XykDd7Gkcg4ovxS9bgjQZfkPfXr9my9dGnpsCjderl4ApXHfzpbqloEoZGUGG65vO2k0Ik5c+ffrdImNuQ8BAFDnh3T882yz8V8hau8L3ZPNoYxExL0RsTsijkXEnoi4L6JS9oGIeHCN9TdOkiwf/xSuryuwVUrHfy9mc1v147989BcjxSy3qxL/YHLydGn2cPadHIrBLWl+ok0dP776+xetttWO/9IlrT8fC2btuD6wpf49M1MLU3cSc60bn0TsG2gWf7I4E5BExN6I2LfOOk4//e2BVttWjr+NDswzlb+JeLK6/69EQ/y5pP385PjWKM0eHs+PiuV+/e3qW63qv6P4OyDd/9ubHv+L8Y8ktfO182v59K+eSl+v/vl5y2ua9R7/Q8k7des+mlpYOD8RMZS8UW107frJhnKTS+XT+A8dbN7/d8fSN7E/ItKD+KGIeDgiHsna/mhEPBYRB9t8Cz+/8vj7649/Y6Xxz6xp/y8lhqJxTfNE8cxP39dVOrL04avb/0crqUPZmtWc/1bTrrUezQAAAPB/VYiInZEUxhbThcLYWPV/+PfE9kJpbn7hmZNzH56bqT4jMBKDhfxO13DN/dCJ7J5Lnp9syB/J7ht/WdxWyY9Nz5Vmeh089LkdLfp/6q9ir1sHbDjPa0H/0v+hf+n/0L/0f+hfTfr/tl60A+i+Zr//l1d+29aNaAvQXQ3937Qf9BHX/9C/1tP/nTPg7tC2Lw91rx1AV81vi5UfkpeQWJaIwqZoxiZKXN4czehQotdnJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//8cB+YG") perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x35, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) lseek(r0, 0x7fff, 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r0, 0x1f) write$P9_RLERROR(r0, 0x0, 0xa) write$cgroup_type(r1, &(0x7f0000000200), 0x175d9003) 1.47863175s ago: executing program 4 (id=691): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x1, 0x106) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001200)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec472db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc626b424da1e8c825357861aa50054686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf4d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b0100000000000000b0255f347160ac83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff7020000eea2ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072913152c845cf572cf39310d522a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8abafe4f0f6ea508000000a0c548552b571bed5647323c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e5251aae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b6588f6008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bde0c195bc9f022ca8ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda34536020000fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bf8d9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5631820420b75b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff201000000000000002e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa66237e0dacc107f532348cc2116473381e961f3d9c8c21578fe3245097c280abe51427b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d174b0000000000000000000000fa08ad0731ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282b6caa2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177c16810fae053349609000000000000009a7438978c5465113f668eb4484350048289d07dbef325d3221a7cb35f8100257941a9781e3214c2a3dcf89d99844b762a9cf17548c54fccad2c7ae8072b82e0880815daf966bd5343c1635e123f868a7167cfcff33384253af570f4ef9c0254afdd89c73943562b530dd88da8a94013bbaf204bebc38055adc39f07f7c22711f4d1f6dcc928d1578a093c072e0b92babc76f47ee367e745a024a2278319d9a4d1378482b70304669c447c71ca4d54c82395a3958d576c42c08a4d5adfb58306164cc7d870b881f8084a3d185a63c6b05292186095c1f407ce74297d16470988f1647f7b6f6cdc6ab8be3cacc325df963c2cb80cfe07ded6d55f556be0a3dfa85f0a0ace879b0a0a95cd07b66fbbc73d0945beebe87a21dd46fd5804cd63c01199c78b1d774b17686fe3aeadebc4f3d2e6af1110466fecf41384f1b5c96531700db5aefa1a5c17a9ebcaf334110ed582999208cc7ef977ceb2f8a5aa7d00000000000000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x48, &(0x7f0000000100)=r0, 0x4) 1.406092528s ago: executing program 4 (id=692): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000100000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000013000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a80180004"], 0x3c}}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=""/156, 0x9c}], 0x1}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.375599812s ago: executing program 3 (id=693): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x800700, &(0x7f0000000380)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@usrjquota}, {@user_xattr}, {@usrjquota}, {@resgid}, {@norecovery}, {@usrjquota}, {@init_itable}]}, 0x3, 0x467, &(0x7f0000002280)="$eJzs3M9rHFUcAPDvzCb93SbWKrRWjRYx+CNp0qo9eFEUPFQU9FCPcZOW0m0jTQRbio0i9SJIQc/iUfAv8OZF1JPgVe9SKBqEVk+R2Z1JN9vdZNNsdmv384Fp39t5M/O+O+/tvJm3mwD61kj2TxKxKyJ+i4ihWnZlgZHafzcXL5X/WbxUTmJp6a0/k2q5G4uXykXRYrudeWY0jUg/SfKDxNb63c5duHhmqlKZOZ/nx+fPvjc+d+His6fPTp2aOTVzbvLYsaNHJl54fvK5tuJI1lifxXXjwIezB/e/9s7V18snrr7707fZNrvy9fVxdMpIFvhfS1WN657o9MF6bHddOhnoYUVYl1JEZKdrsNr/h6IUt07eULz6cU8rB2yq7Nq0tfXqhSXgHpbE2mX+7kZFgC4rLvTZ/W+xdGnocVe4/lLtBiiL+2a+1NYMRJqXGWy4v+2kkYg4sfDvV9kSm/QcAgCg3mflL4/HM83Gf2k8WFduTz6HMhwR90XE3oi4PyL2RcQDEVnZxiFlW0Ya8rePf9JrdxhaW7Lx34v53NbK8V8x+ovhUp7bXY1/MDl5ujJzOH9PRmNwa5afWOUY37/y6+et1tWP/7IlO34xFszrcW2g4QHd9NT8VHVQ2gHXP4o4MNAs/mR5JiCJiP0RcWB9u95TJE4/9c3B7QebF1o7/lV0YJ5p6euIJ2vnfyEa4i8kq89Pjm+Lyszh8aJV3O7nX6682er4LeLfsvHI2pOd/x0r239jkeGkfr52bv3HuPL7py3vae60/W9J3q6el+KN+mBqfv78RMSW5Hg1v+L1yVvbFvmifBb/6KHm/X9vvk12nIciImvCD0fEIxHxaF73xyLi8Yg4tEr8P76cJ5q01w21/w7I4p9u+vm33P4bzv/6E6UzP3xX7GzbuuPPzv/Ramo0f6X6+beGdiu40fcPAAAA/g/S6nfgk3RsOZ2mY2O17/Dvix1pZXZu/umTs++fm659V344BtPiSddQ3fPQiWQh32MtP5k/Ky7WH8mfG39R2l7Nj5VnK9M9jh363c4W/T/zR6nXtQM2XbN5tMmuTUEBvdTY/9OV2ctvdLMyQFf5vTb0rzX6f9qtegDd5/oP/atZ/7/ckDcXAPcm13/oX/o/9C/9H/qX/g99aSO/65fo50Sklcr0tojVCxd/EOjuqLNE+4lefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xn8BAAD///xQ9VA=") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff15, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) chdir(&(0x7f0000000140)='./file0\x00') r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) 1.269981764s ago: executing program 0 (id=694): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x6}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) sendto$inet6(r2, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$binfmt_elf64(r2, &(0x7f00000009c0)=ANY=[], 0xffe0) 1.269692454s ago: executing program 3 (id=695): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000003c0), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000200)='mm_page_free\x00', r1, 0x0, 0x2}, 0x18) socketpair(0x1, 0x1, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000500)='./file1\x00', 0x21000e, &(0x7f0000000380), 0xfe, 0x518, &(0x7f00000008c0)="$eJzs3U1vI2cdAPD/TOIl201JChxKpb6IFu1WsPamoW3EoS0CcasEKvclSrxRtE4cxU67iSqUFR8ACSGoxIkTFyQ+ABLqR0BIlegdAQIh2MKBAzBoxuM0a8abrNYvafL7SY/9zGPP/P+Psx4/87IzAVxYz0XEGxExExEvRsRC2Z6WJQ57JX/fR/feXctL3vzW35JIyraIonrkSjnbXO+pUmf/4PZqq9XcLacb3a2dRmf/4Prm1upGc6O5vby89MrKqysvr9wYST/zfr32jT/9+Ac//+Zrv/7yO7+/+Zdr38uT/nr5er9fo1N8evFh8VjLP4sjsxGxO9pgUzNT9qc27UQAADiVfJT6mYj4QjH+X4iZYjRXGBzSzU0+OwAAAGAUstfn499JRAYAAACcW69HxHwkab08F2A+0rRe753D+7l4LG21O90v3Wrvba/nr0UsRi29tdlq3ijPqV2MWpJPLxX1j6dfGphejognIuJHC5eL6fpau7U+7Z0fAAAAcEFcGdj+/+dCb/sfAAAAOGcWp50AAAAAMHbDtv+TCecBAAAAjI/j/wAAAHCufevNN/OS9e9/vf72/t7t9tvX15ud2/WtvbX6Wnt3p77Rbm8U1+zbOml5rXZ75ysRe3ca3Wan2+jsH9zcau9td29uun8gAAAATMsTz77/YRIRh1+9XJTcpfxhZsgMzhWAcyN9mDf/cXx5AJM37Gf+FC6NMg9g8mannQAwPYfTTgCYtvsu9VExKDh+8s59+wx+M76cAACA0br6+erj//kmQG3ayQFj9VDH/4Fz5RGO/wOfcI7/w8VVe6gRwN0xZgJMy0m3+hh68Y6q4/+VZwZn2YnLAgAAxmq+KM+m9fJY4Hykab0e8XjxX/1rya3NVvNGRHw6In63UPtUPr1UzJm4PSAAAAAAAAAAAAAAAAAAAAAAAAAAnFKWJZEBAAAA51pE+uekvP/X1YUX5gf3D1xK/rUQ5S293vnpWz+5s9rt7i7l7X8/au++V7a/NI09GAAAAHARzT7w1f52en87HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABG6aN77671yyTj/vVrEbFYFX825ornuahFxGP/SGL22HxJRMyMIP7h3Yh4sip+kqcVi2UWg/HTiLg8mfhPZ1lWGf/KCOLDRfZ+vv55o+r7l8ZzxXP193+2LI9q+PovPVr/zQxZ/z1+yhhPffDLxtD4dyOemq1e//TjJ0PiP1+1wIoP5bvfOTj4v8bewiP7WcTVyt+f5L5Yje7WTqOzf3B9c2t1o7nR3F5eXnpl5dWVl1duNG5ttprlY2Uff/j0r/470PSfrKfofwyJv3hC/1/IK7VjjdlgmDLYB3fufbZXrQ0sooh/7fnqv/+TD4if/5v4Yvk7kL9+tV8/7NWPe+YXv32mMrEy/vqQ/p/09782bKEDXvz29/9wyrcCABPQ2T+4vdpqNXfHXnkvy7JJxTp9JdIzkcYZqPRHd2MLMXdWeqpyUmUUe7YAAICz5uNB/7QzAQAAAAAAAAAAAAAAAAAAgIursx/puC8nNhjzcDpdBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4oP8FAAD//67x3Ks=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x0) sendfile(r2, r2, 0x0, 0x80000000) 1.269450004s ago: executing program 4 (id=696): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x101900, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000000340)={'syzkaller0\x00'}) 1.208221531s ago: executing program 0 (id=697): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000380)='./file2\x00', 0x1404, &(0x7f0000000740)={[{@block_validity}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@minixdf}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) open(0x0, 0x200001, 0x140) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/20], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x0, 0x18c, 0x203, 0x4d000000, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@private, 'veth1_macvtap\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) 1.058137428s ago: executing program 0 (id=698): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x1000, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_RATE={0x6}]}, 0x38}}, 0x0) 1.056639129s ago: executing program 2 (id=699): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0b0000009d000000010001000900000001"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001400)={{r0}, &(0x7f0000001380), &(0x7f00000013c0)='%-010d \x00'}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000280), 0x84, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r0, &(0x7f0000000080), 0x0}, 0x20) 1.056302679s ago: executing program 3 (id=700): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x18000000000002a0, 0x2, 0x0, &(0x7f0000000280)="b9b3", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000300)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000040)=@v2, 0x14, 0x1) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) 845.088973ms ago: executing program 4 (id=701): perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x35, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x3, 0x4, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) recvmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000ec0)={0x0, 0x0, 0x0}, 0x40000000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) connect$netlink(0xffffffffffffffff, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) 632.344478ms ago: executing program 0 (id=702): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x2}}) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000400)='./bus\x00', 0x800, &(0x7f0000000840)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRES64], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=") r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) fallocate(r1, 0x0, 0x0, 0x1000f4) io_setup(0x7, &(0x7f00000000c0)=0x0) io_submit(r3, 0x2, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000000)="96", 0xfe00}, &(0x7f0000000040)={0x0, 0x0, 0x41, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) 425.295802ms ago: executing program 2 (id=703): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000b8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x5}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x48) rseq(0x0, 0x0, 0x0, 0x0) accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000380), &(0x7f00000003c0)=0x10, 0x80800) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) r1 = fsopen(&(0x7f0000000040)='sockfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) 217.109025ms ago: executing program 1 (id=704): mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x444, &(0x7f0000000ac0)=ANY=[@ANYBLOB="75746638006d61703d6f983c756661703d6e6f726d616c2c6909000000f2ff00003dda5de4d586f0df206d65656b416d6f64653d3078303030303010303071303030303030302c73657373696f6e3d307830faffffff30303030303030f4e4b4f82c6d61736b3d4d4159574b50be30c8486470722677b93165cfe6f62127553b2017754598752d977369672c7063723d303030303030303030303030303030303030332c64566e745f6d6561737572652c00000000000000006bbf4d6406b59dbc529c00000000000000fada265ab14119997600a2299d2c35a2efc1bf037787a0d801f26d335ef2ba9ac2423a358ccbb776b21e1d3b", @ANYRESDEC=0x0, @ANYRESHEX], 0xfe, 0x667, &(0x7f00000002c0)="$eJzs3U1v28gdx/EfZfmxQFC0xSIIsvFs0gUcNFUkeeOFkR7KUpTNrSQKJF3Yp0W6sRdB5GybpEDjy9aXPgDtG+htL3voiyjQc899Az0WWLS3Ar2oIClKskRZip+Sdr8fI9GI/JPzJ4fRhBY5FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkOXUyuWKpYbX2tk1kzm1wG+eMj9d27zupoW7U+uVrPiPlpZ0PZ10/TuD2e/Ef93WzfTdTS3FL0s6+sY733z47WIhW/6UhM5Cr7vCF6+Onj7qdPafn622rnWW5S7FWCYqzLDUltvyQt9r2luu8ULfbG5slO9v10NT9xpuuBdGbtM4gVuI/MCsOXdNZXNz3bilPX+ntVWzG2428cPvV8vlDfPRYq/5739UCp1tr9HwWltJTDw7jlnsHyGu3TTm4Elnf31aknFQZZag6rSgarlarVSq1crGg80HH5bLxbEJ5REaixgctG9P4+MqXdAnN3B+hbj//7slNbSklna0K5P746imQL6aE+b3ZP3/+/fdU+sd7v+zXv76YPYNJf3/rfTdrUn9/4RcjEyyQN4ca8L0s/280Csd6akeqaOO9vX8Yta7enEZXu7PllSUPIXy5akpW1tyZXpTjDa1oQ2V9bG2VVcoo7o8NeQq1J5CRXLVTNokkCtbkXwFMlqTo7syqmhTm1qXkauS9uRrRy1tqSZb/+52uwd6kuz39VNyVBZUmSWo2D8Gx4Mm9f8//Txd4vX6f/z/6R87M8QAb1y3d/4/2VzexNXLywgAAAAAAFw0K/ntu5V8d/+upK7qXsMtv+m0AAAAAADABUq++b8Zv8zHpXdlTTj/7159bgAAAAAA4GJYyT12lqSV5KJ+a3An1CwXAeTeHAAAAAAAAN4uyff/txakbjK02qqs1zr/BwAAAAAA/wN+OzTGfjEbY7ebfa1fkBS2F60//3NRwbx13N79rnVox3Psw17M2BUAUf2GVVQ6UG8yXu+CpOSd4960euMD9wbBtNKBfaWvDqaN9W8FIwkszGW/vshJ4NrRUAIbxd47/V7vpTHv9ep9fFRQMietZaXuNdyS4zceVmTb1wqRuxv94tmTX0pBfzsPnnT2S5981nmc5HIcTzo+jPP4/EQ6hWm5vEzGW0juucjb4mXVsyp/12quWEm95Wz752QfFoYrmm37f63bacztlfR15ShrAVm/6hUqpaTJBlufjA5hDbKojG55XkNMyGIpyeJOGnNn7U76kuWXtsLS9+akamm8DYLhLKrDWUzfF9a/xvbFlCziY2E9zuIv8YomZLH+elmMtQgAvCkHg14oGcR8fIz90X73LJ9y03v3H56s5eUfu+kNh3NSsffdRHoT4qR+RfEn+loatpCO4l68kfOJXu71K0ua8IlePkfvFtf1p8EzkHpp9+YU+1n8p9vtPqwk9f5hpFf9Il7gi4n1ho3qXLwL7788/FkyAH7s0/1P959Vq+sb5Q/K5QdVzSeb0Xuh7wEA5Jj+jJ2TEUuD/qzfd3/QP6t+/I/309KJfvdb/UsKSvpEn6mjx7qXPUJgNb/elaHLEO6Nn7XGscvSaGxF9yae1SV96VBstR87r2yRk/9fGMSuX3YzAABwpW5P6YdH+/+8c/d72Xn32o3c8+6TffnoE4InxVaueE8AAPD14QZfWSvRb6wg8NofVzY3K3a07ZrAd35sAq+25RqvFbmBs223tlzTDvzId/yGaQda9GpuaMKddtsPIlP3A9P2Q283efK76T36PXSbdivynLDdcO3QNY7fimwnMjUvdEx750cNL9x2g2ThsO06Xt1z7MjzWyb0l+W4JWNC1x0K9GpuK/LqXlxsmXbgNe1gz/zEb+w0XVNzQyfw2pGfrjCry2vV/aCZrLak7mkPOgQA4Gvjxaujp486nf3npxSOlRay69FOCV7IW+Eb3kQAADCCXhoAAAAAAAAAAAAAAAAAAAAAgLffLPf/nVrIbgrMpswrJ1jqT/n5tZnWbGkw5cu/nSvDMxQKo1N6I+12py/+17RQzItZjgsLkjrZ7h+OOb7QrVidKVhpoXjx+3BZyjsSLq3wg4OTx+FYTDwzd9Zivy2K5//nkFd49uWEWdOPqMWT+3DhtA08WShKer5wjia4+s8iAFfrvwEAAP//pJI9bA==") 215.610305ms ago: executing program 0 (id=705): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000900), 0x103, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10}}]}}, @TCA_RATE={0x6}]}, 0x4c}}, 0x0) 215.001296ms ago: executing program 2 (id=706): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000007000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 214.229036ms ago: executing program 3 (id=707): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000980)='br_fdb_add\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='br_fdb_add\x00', r0}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r5, @ANYBLOB="4000aa000a0002"], 0x28}}, 0x0) 827.36µs ago: executing program 0 (id=708): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x30, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000200)="af", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000f40)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b5318f0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c030a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214217b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d37827bab1a32c9d788e9f74ee57012ca5bfd0dc090b59077b7ef4a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76789ae79ccec252203bda7798de237bbe019d70a7a2d81766", 0x3aa}], 0x1}}], 0x2, 0x0) 0s ago: executing program 1 (id=709): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000080000000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xe) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xd5) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r3}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) kernel console output (not intermixed with test programs): lem connecting socket to 127.0.0.1 [ 33.139443][ T3675] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.173463][ T3675] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.204207][ T3712] Zero length message leads to an empty skb [ 33.237174][ T3717] EXT4-fs warning (device sda1): verify_group_input:167: Cannot read last block (262911) [ 33.447305][ T3728] loop0: detected capacity change from 0 to 128 [ 33.470263][ T3736] Cannot find add_set index 0 as target [ 33.494302][ T3730] loop2: detected capacity change from 0 to 1024 [ 33.528457][ T3730] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.528947][ T3728] syz.0.135: attempt to access beyond end of device [ 33.528947][ T3728] loop0: rw=0, sector=121, nr_sectors = 120 limit=128 [ 33.561947][ T3730] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.571692][ T3738] tipc: Started in network mode [ 33.577363][ T3738] tipc: Node identity 7f000001, cluster identity 4711 [ 33.584660][ T3738] tipc: Enabled bearer , priority 10 [ 33.590600][ T1657] kworker/u8:6: attempt to access beyond end of device [ 33.590600][ T1657] loop0: rw=1, sector=241, nr_sectors = 800 limit=128 [ 33.678968][ T3750] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.701139][ T3275] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.736797][ T3750] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.802833][ T3750] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.828923][ T3769] loop2: detected capacity change from 0 to 512 [ 33.839131][ T3769] EXT4-fs: Ignoring removed oldalloc option [ 33.846034][ T3769] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 33.871660][ T3750] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.886917][ T3769] EXT4-fs (loop2): 1 truncate cleaned up [ 33.904729][ T3769] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.922315][ T3776] loop4: detected capacity change from 0 to 1024 [ 33.932192][ T29] kauditd_printk_skb: 152 callbacks suppressed [ 33.932248][ T29] audit: type=1400 audit(1729549442.805:292): avc: denied { write } for pid=3768 comm="+}[@" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 33.937957][ T3750] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.943367][ T3776] EXT4-fs: Ignoring removed nomblk_io_submit option [ 33.961984][ T3750] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.982785][ T3750] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.994338][ T3750] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.015622][ T3776] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.029475][ T3275] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.055900][ T29] audit: type=1400 audit(1729549442.925:293): avc: denied { execute } for pid=3775 comm="syz.4.156" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 34.081345][ T3776] process 'syz.4.156' launched './file0/file0' with NULL argv: empty string added [ 34.106230][ T29] audit: type=1400 audit(1729549442.965:294): avc: denied { execute_no_trans } for pid=3775 comm="syz.4.156" path="/32/file1/file0/file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 34.130573][ T3793] xt_hashlimit: size too large, truncated to 1048576 [ 34.262142][ T3794] loop2: detected capacity change from 0 to 512 [ 34.275567][ T3794] EXT4-fs: Ignoring removed mblk_io_submit option [ 34.306049][ T3273] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.357589][ T3794] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 34.359223][ T29] audit: type=1400 audit(1729549443.225:295): avc: denied { connect } for pid=3797 comm="syz.3.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 34.387587][ C0] net_ratelimit: 32 callbacks suppressed [ 34.387601][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 34.405549][ T3794] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.162: corrupted in-inode xattr: e_value out of bounds [ 34.423199][ T29] audit: type=1400 audit(1729549443.295:296): avc: denied { read } for pid=3804 comm="syz.3.166" dev="nsfs" ino=4026532578 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 34.438425][ T3794] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.162: couldn't read orphan inode 15 (err -117) [ 34.468247][ T3794] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.468577][ T29] audit: type=1400 audit(1729549443.335:297): avc: denied { watch } for pid=3799 comm="syz.4.164" path="/33" dev="tmpfs" ino=184 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 34.492275][ T3808] syz.0.167[3808] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.502373][ T29] audit: type=1400 audit(1729549443.335:298): avc: denied { open } for pid=3804 comm="syz.3.166" path="net:[4026532578]" dev="nsfs" ino=4026532578 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 34.536705][ T29] audit: type=1400 audit(1729549443.335:299): avc: denied { create } for pid=3804 comm="syz.3.166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 34.556857][ T3808] syz.0.167[3808] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.556928][ T3808] syz.0.167[3808] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.577685][ T35] tipc: Node number set to 2130706433 [ 34.626693][ T3275] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.675491][ T3817] loop3: detected capacity change from 0 to 2048 [ 34.698228][ T3824] loop2: detected capacity change from 0 to 128 [ 34.713607][ T3824] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 34.717715][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 34.726050][ T3824] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.741301][ T3817] Alternate GPT is invalid, using primary GPT. [ 34.750556][ T3817] loop3: p2 p3 p7 [ 34.786750][ T3829] loop1: detected capacity change from 0 to 512 [ 34.801817][ T35] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 34.810495][ T3817] netlink: 8 bytes leftover after parsing attributes in process `syz.3.172'. [ 34.826347][ T3829] EXT4-fs: Ignoring removed i_version option [ 34.865618][ T3275] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 34.881503][ T3829] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a016c018, mo2=0002] [ 34.906788][ T3835] atomic_op ffff888111baed28 conn xmit_atomic 0000000000000000 [ 34.914512][ T3829] System zones: 1-12 [ 34.926243][ T29] audit: type=1400 audit(1729549443.765:300): avc: denied { create } for pid=3834 comm="syz.3.178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 34.945610][ T3829] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.176: bg 0: block 131: padding at end of block bitmap is not set [ 34.945629][ T29] audit: type=1400 audit(1729549443.775:301): avc: denied { bind } for pid=3834 comm="syz.3.178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 34.980151][ T3829] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 34.997626][ T3840] loop2: detected capacity change from 0 to 512 [ 35.005001][ T3840] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 35.014514][ T3842] loop7: detected capacity change from 0 to 16384 [ 35.015213][ T3829] EXT4-fs (loop1): 1 truncate cleaned up [ 35.031216][ T3829] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.058404][ T3840] EXT4-fs (loop2): 1 truncate cleaned up [ 35.058943][ T3829] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 35.065898][ T3840] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.103233][ T3269] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.119447][ T3847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.183'. [ 35.147007][ T3275] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.163116][ T3846] Invalid logical block size (1) [ 35.194063][ T3852] erspan0: entered promiscuous mode [ 35.202346][ T3852] erspan0: left promiscuous mode [ 35.267648][ T2935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 35.300385][ T3862] loop0: detected capacity change from 0 to 1024 [ 35.309799][ T3862] EXT4-fs: Ignoring removed oldalloc option [ 35.317173][ T3862] EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 35.328118][ T3864] Illegal XDP return value 4294967274 on prog (id 145) dev N/A, expect packet loss! [ 35.349545][ T3862] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.400392][ T3870] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 35.408734][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 35.427631][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 35.451733][ T3280] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.532422][ T3880] loop1: detected capacity change from 0 to 512 [ 35.545403][ T3880] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 35.567281][ T3880] EXT4-fs (loop1): 1 truncate cleaned up [ 35.576106][ T3880] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.739060][ T3269] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.777161][ T3902] netlink: 24 bytes leftover after parsing attributes in process `syz.1.204'. [ 35.827670][ T3333] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 35.858685][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 35.871005][ T3911] netlink: 28 bytes leftover after parsing attributes in process `syz.2.212'. [ 35.909052][ T3919] loop1: detected capacity change from 0 to 128 [ 35.942449][ T3923] netlink: 24 bytes leftover after parsing attributes in process `syz.1.218'. [ 35.964071][ T3924] netlink: 4 bytes leftover after parsing attributes in process `syz.2.217'. [ 35.972929][ T3924] netlink: 8 bytes leftover after parsing attributes in process `syz.2.217'. [ 36.467601][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 36.678691][ T3938] capability: warning: `syz.3.225' uses 32-bit capabilities (legacy support in use) [ 36.731439][ T3945] team_slave_0: entered promiscuous mode [ 36.737252][ T3945] team_slave_1: entered promiscuous mode [ 36.744251][ T3945] netlink: 'syz.0.228': attribute type 10 has an invalid length. [ 36.764090][ T3945] team_slave_0: left promiscuous mode [ 36.769590][ T3945] team_slave_1: left promiscuous mode [ 36.793638][ T3945] team_slave_0: entered promiscuous mode [ 36.799379][ T3945] team_slave_1: entered promiscuous mode [ 36.809850][ T3945] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.818563][ T3945] bond0: (slave team0): Enslaving as an active interface with an up link [ 36.827368][ T3949] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-alb(6) [ 36.842129][ T3951] smc: net device bond0 applied user defined pnetid SYZ0 [ 36.852019][ T3951] smc: net device bond0 erased user defined pnetid SYZ0 [ 36.859440][ T3944] team_slave_0: left promiscuous mode [ 36.864928][ T3944] team_slave_1: left promiscuous mode [ 36.924495][ T3961] loop2: detected capacity change from 0 to 512 [ 36.932620][ T3961] EXT4-fs: Ignoring removed nomblk_io_submit option [ 36.942917][ T3963] netlink: 12 bytes leftover after parsing attributes in process `syz.3.233'. [ 36.956649][ T3961] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 36.964685][ T3961] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=1842c01c, mo2=0002] [ 36.974195][ T3961] EXT4-fs (loop2): couldn't mount RDWR because of unsupported optional features (80) [ 36.983740][ T3961] EXT4-fs (loop2): Skipping orphan cleanup due to unknown ROCOMPAT features [ 36.994804][ T3967] loop0: detected capacity change from 0 to 1024 [ 36.997917][ T3961] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 37.001808][ T3967] EXT4-fs: Ignoring removed nobh option [ 37.022779][ T3961] netlink: 12 bytes leftover after parsing attributes in process `syz.2.236'. [ 37.040014][ T3275] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.044142][ T3967] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.080128][ T3972] netlink: 16 bytes leftover after parsing attributes in process `syz.2.239'. [ 37.113087][ T3280] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.135605][ T3975] bridge0: port 3(vlan2) entered blocking state [ 37.142106][ T3975] bridge0: port 3(vlan2) entered disabled state [ 37.145633][ T3977] serio: Serial port ptm0 [ 37.149307][ T3975] vlan2: entered allmulticast mode [ 37.158313][ T3975] vlan2: left allmulticast mode [ 37.235102][ T3980] syz.0.243[3980] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.235191][ T3980] syz.0.243[3980] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.246835][ T3980] syz.0.243[3980] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.585516][ T4020] loop0: detected capacity change from 0 to 256 [ 37.632416][ T4020] FAT-fs (loop0): Directory bread(block 64) failed [ 37.639334][ T4020] FAT-fs (loop0): Directory bread(block 65) failed [ 37.648027][ T4020] FAT-fs (loop0): Directory bread(block 66) failed [ 37.654761][ T4020] FAT-fs (loop0): Directory bread(block 67) failed [ 37.665063][ T4022] loop4: detected capacity change from 0 to 2048 [ 37.667667][ T4020] FAT-fs (loop0): Directory bread(block 68) failed [ 37.679882][ T4020] FAT-fs (loop0): Directory bread(block 69) failed [ 37.686593][ T4020] FAT-fs (loop0): Directory bread(block 70) failed [ 37.693471][ T4020] FAT-fs (loop0): Directory bread(block 71) failed [ 37.701672][ T4020] FAT-fs (loop0): Directory bread(block 72) failed [ 37.708768][ T4020] FAT-fs (loop0): Directory bread(block 73) failed [ 37.714624][ T4026] loop2: detected capacity change from 0 to 1024 [ 37.719402][ T4022] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.782867][ T4022] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 37.797978][ T4022] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 15 with max blocks 237 with error 28 [ 37.810452][ T4022] EXT4-fs (loop4): This should not happen!! Data will be lost [ 37.810452][ T4022] [ 37.820201][ T4022] EXT4-fs (loop4): Total free blocks count 0 [ 37.826193][ T4022] EXT4-fs (loop4): Free/Dirty block details [ 37.832132][ T4022] EXT4-fs (loop4): free_blocks=2415919104 [ 37.837897][ T4022] EXT4-fs (loop4): dirty_blocks=256 [ 37.843108][ T4022] EXT4-fs (loop4): Block reservation details [ 37.849120][ T4022] EXT4-fs (loop4): i_reserved_data_blocks=16 [ 37.859837][ T4026] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.900208][ T4022] syz.4.261 (4022) used greatest stack depth: 9944 bytes left [ 37.930593][ T55] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 37.971510][ T4034] loop3: detected capacity change from 0 to 1024 [ 37.976324][ T4026] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 38.000440][ T4034] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.013997][ T4026] EXT4-fs (loop2): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 1 with error 28 [ 38.016159][ T4036] loop0: detected capacity change from 0 to 164 [ 38.026322][ T4026] EXT4-fs (loop2): This should not happen!! Data will be lost [ 38.026322][ T4026] [ 38.042231][ T4026] EXT4-fs (loop2): Total free blocks count 0 [ 38.048237][ T4026] EXT4-fs (loop2): Free/Dirty block details [ 38.048254][ T4026] EXT4-fs (loop2): free_blocks=68451041280 [ 38.048270][ T4026] EXT4-fs (loop2): dirty_blocks=16 [ 38.048285][ T4026] EXT4-fs (loop2): Block reservation details [ 38.072238][ T4026] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 38.085906][ T4034] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 38.093870][ T4034] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 38.101773][ T4026] syz.2.262 (4026) used greatest stack depth: 9272 bytes left [ 38.159511][ T3275] EXT4-fs error (device loop2): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /58/file2/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 38.193188][ T3275] EXT4-fs error (device loop2): ext4_empty_dir:3096: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 38.212921][ T3275] EXT4-fs warning (device loop2): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 38.224531][ T3275] EXT4-fs error (device loop2): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /58/file2/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 38.253237][ T3275] EXT4-fs error (device loop2): ext4_empty_dir:3096: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 38.277877][ T3275] EXT4-fs warning (device loop2): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 38.289493][ T3275] EXT4-fs error (device loop2): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /58/file2/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 38.311763][ T3271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.321110][ T3275] EXT4-fs error (device loop2): ext4_empty_dir:3096: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 38.341871][ T3275] EXT4-fs warning (device loop2): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 38.353483][ T3275] EXT4-fs error (device loop2): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /58/file2/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 38.377179][ T3275] EXT4-fs error (device loop2): ext4_empty_dir:3096: inode #11: block 32: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 38.400600][ T3275] EXT4-fs warning (device loop2): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 38.414979][ T3275] EXT4-fs error (device loop2): ext4_readdir:261: inode #11: block 32: comm syz-executor: path /58/file2/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1 [ 38.463240][ T3275] EXT4-fs warning (device loop2): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 38.475771][ T3275] EXT4-fs warning (device loop2): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 38.505962][ T4063] loop0: detected capacity change from 0 to 512 [ 38.508090][ T3275] EXT4-fs warning (device loop2): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 38.515540][ T4063] EXT4-fs error (device loop0): ext4_orphan_get:1388: inode #15: comm syz.0.278: casefold flag without casefold feature [ 38.524579][ T3275] EXT4-fs warning (device loop2): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 38.549244][ T3275] EXT4-fs warning (device loop2): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 38.560796][ T4063] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.278: couldn't read orphan inode 15 (err -117) [ 38.573929][ T3275] EXT4-fs warning (device loop2): ext4_empty_dir:3098: inode #11: comm syz-executor: directory missing '.' [ 38.573956][ T4063] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.629910][ T3280] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.655481][ T4070] loop4: detected capacity change from 0 to 128 [ 38.712499][ T4070] syz.4.281: attempt to access beyond end of device [ 38.712499][ T4070] loop4: rw=34817, sector=97, nr_sectors = 32 limit=128 [ 38.726872][ T4070] syz.4.281: attempt to access beyond end of device [ 38.726872][ T4070] loop4: rw=34817, sector=97, nr_sectors = 32 limit=128 [ 38.728375][ T4078] loop0: detected capacity change from 0 to 512 [ 38.758190][ T4078] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.284: bg 0: block 393: padding at end of block bitmap is not set [ 38.772878][ T4078] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 38.782280][ T4078] EXT4-fs (loop0): 2 truncates cleaned up [ 38.791453][ T4078] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.816718][ T3275] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.827866][ T3280] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.829366][ T55] kworker/u8:4: attempt to access beyond end of device [ 38.829366][ T55] loop4: rw=1, sector=129, nr_sectors = 912 limit=128 [ 38.876170][ T28] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 38.924178][ T4089] loop0: detected capacity change from 0 to 512 [ 38.924641][ T28] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 38.944325][ T29] kauditd_printk_skb: 100 callbacks suppressed [ 38.944341][ T29] audit: type=1400 audit(1729549447.815:402): avc: denied { mounton } for pid=4090 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 38.974301][ T4089] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 38.986138][ T4089] EXT4-fs (loop0): 1 truncate cleaned up [ 38.994377][ T4089] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.009391][ T28] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.026088][ T29] audit: type=1400 audit(1729549447.895:403): avc: denied { create } for pid=4088 comm="syz.0.289" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 39.067568][ T29] audit: type=1400 audit(1729549447.895:404): avc: denied { rename } for pid=4088 comm="syz.0.289" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 39.089705][ T29] audit: type=1400 audit(1729549447.895:405): avc: denied { rename } for pid=4088 comm="syz.0.289" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 39.132642][ T29] audit: type=1400 audit(1729549447.895:406): avc: denied { rmdir } for pid=4088 comm="syz.0.289" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 39.175687][ T29] audit: type=1400 audit(1729549447.895:407): avc: denied { rename } for pid=4088 comm="syz.0.289" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 39.218727][ T29] audit: type=1400 audit(1729549447.895:408): avc: denied { unlink } for pid=4088 comm="syz.0.289" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 39.263061][ T3280] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.304380][ T29] audit: type=1400 audit(1729549448.175:409): avc: denied { shutdown } for pid=4107 comm="syz.1.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 39.339524][ T28] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.354335][ T29] audit: type=1400 audit(1729549448.225:410): avc: denied { read } for pid=4111 comm="syz.4.296" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 39.377473][ T4113] syz.0.291[4113] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 39.377613][ T4113] syz.0.291[4113] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 39.387080][ T29] audit: type=1400 audit(1729549448.225:411): avc: denied { open } for pid=4111 comm="syz.4.296" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 39.400169][ T4113] syz.0.291[4113] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 39.436302][ T4116] macvtap0: entered promiscuous mode [ 39.444615][ T4113] loop0: detected capacity change from 0 to 2048 [ 39.448300][ T4116] macvtap0: left promiscuous mode [ 39.512081][ T4113] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.536169][ T4113] mmap: syz.0.291 (4113) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 39.587601][ C0] net_ratelimit: 750 callbacks suppressed [ 39.587617][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 39.627902][ T28] bridge_slave_1: left allmulticast mode [ 39.633589][ T28] bridge_slave_1: left promiscuous mode [ 39.639326][ T28] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.663698][ T3280] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.685692][ T28] bridge_slave_0: left allmulticast mode [ 39.691442][ T28] bridge_slave_0: left promiscuous mode [ 39.697272][ T28] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.890570][ T28] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 39.900881][ T28] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 39.912341][ T28] bond0 (unregistering): Released all slaves [ 39.922128][ T28] bond1 (unregistering): Released all slaves [ 39.937104][ T4161] @: renamed from bond0 (while UP) [ 39.945317][ T4132] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 40.004532][ T28] tipc: Disabling bearer [ 40.009658][ T28] tipc: Left network mode [ 40.019665][ T4090] chnl_net:caif_netlink_parms(): no params data found [ 40.037651][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 40.063640][ T4183] loop0: detected capacity change from 0 to 1024 [ 40.067152][ T4180] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 40.109743][ T28] hsr_slave_0: left promiscuous mode [ 40.115445][ T28] hsr_slave_1: left promiscuous mode [ 40.147603][ T28] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 40.155094][ T28] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 40.160503][ T4183] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.175204][ T4183] ext4 filesystem being mounted at /80/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.186204][ T28] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 40.193839][ T28] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 40.226525][ T28] veth1_macvtap: left promiscuous mode [ 40.232141][ T28] veth0_macvtap: left promiscuous mode [ 40.237807][ T28] veth1_vlan: left promiscuous mode [ 40.243067][ T28] veth0_vlan: left promiscuous mode [ 40.252602][ T3280] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.369555][ T28] team0 (unregistering): Port device team_slave_1 removed [ 40.381056][ T28] team0 (unregistering): Port device team_slave_0 removed [ 40.490183][ T4090] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.497309][ T4090] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.507418][ T4090] bridge_slave_0: entered allmulticast mode [ 40.514013][ T4090] bridge_slave_0: entered promiscuous mode [ 40.530111][ T4090] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.537224][ T4090] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.545669][ T4090] bridge_slave_1: entered allmulticast mode [ 40.554023][ T4090] bridge_slave_1: entered promiscuous mode [ 40.584896][ T4231] smc: net device bond0 applied user defined pnetid SYZ0 [ 40.595194][ T4090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.607086][ T4090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.611434][ T4231] smc: net device bond0 erased user defined pnetid SYZ0 [ 40.654459][ T4090] team0: Port device team_slave_0 added [ 40.671480][ T4090] team0: Port device team_slave_1 added [ 40.734529][ T4090] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.741650][ T4090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.767713][ T4090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.784576][ T4090] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.791629][ T4090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.817637][ T4090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.836253][ T4256] syz.4.336 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 40.891927][ T4090] hsr_slave_0: entered promiscuous mode [ 40.903160][ T4090] hsr_slave_1: entered promiscuous mode [ 40.909629][ T4090] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 40.917275][ T4090] Cannot create hsr debugfs directory [ 40.977852][ T4269] loop4: detected capacity change from 0 to 512 [ 40.984660][ T4269] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 41.014627][ T4269] EXT4-fs (loop4): 1 orphan inode deleted [ 41.020533][ T4269] EXT4-fs (loop4): 1 truncate cleaned up [ 41.033285][ T4269] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.107778][ T4269] loop4: detected capacity change from 512 to 11 [ 41.151578][ T3273] EXT4-fs warning (device loop4): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz-executor: error -12 reading directory block [ 41.168716][ T3273] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5780: Out of memory [ 41.179046][ T3273] EXT4-fs error (device loop4): ext4_dirty_inode:5984: inode #2: comm syz-executor: mark_inode_dirty error [ 41.199902][ T4296] IPVS: Error joining to the multicast group [ 41.207986][ T3273] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.316129][ T4090] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 41.325254][ T4090] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 41.334267][ T4090] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 41.343494][ T4090] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 41.362181][ T55] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.414470][ T4316] loop3: detected capacity change from 0 to 512 [ 41.432112][ T55] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.477571][ T4316] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.350: bg 0: block 393: padding at end of block bitmap is not set [ 41.496505][ T4090] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.509106][ T4316] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 41.526024][ T55] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.540845][ T4316] EXT4-fs (loop3): 2 truncates cleaned up [ 41.547032][ T4316] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.569570][ T4090] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.579416][ T2061] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.586510][ T2061] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.606284][ T2061] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.613393][ T2061] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.629362][ T3271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.671305][ T4339] __nla_validate_parse: 3 callbacks suppressed [ 41.671323][ T4339] netlink: 2036 bytes leftover after parsing attributes in process `syz.1.351'. [ 41.686655][ T4339] netlink: 24 bytes leftover after parsing attributes in process `syz.1.351'. [ 41.699008][ T55] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.723886][ T4357] netlink: 4 bytes leftover after parsing attributes in process `syz.3.352'. [ 41.732736][ T4357] netlink: 'syz.3.352': attribute type 6 has an invalid length. [ 41.740481][ T4357] netlink: 'syz.3.352': attribute type 5 has an invalid length. [ 41.869807][ T55] bridge_slave_1: left allmulticast mode [ 41.875510][ T55] bridge_slave_1: left promiscuous mode [ 41.881295][ T55] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.897753][ T55] bridge_slave_0: left allmulticast mode [ 41.903474][ T55] bridge_slave_0: left promiscuous mode [ 41.910500][ T55] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.010389][ T55] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 42.020978][ T55] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 42.032691][ T55] bond0 (unregistering): Released all slaves [ 42.046339][ T3280] @: (slave syz_tun): Releasing backup interface [ 42.062897][ T4322] chnl_net:caif_netlink_parms(): no params data found [ 42.076732][ T4090] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.088770][ T55] tipc: Disabling bearer [ 42.093790][ T55] tipc: Left network mode [ 42.134927][ T55] hsr_slave_0: left promiscuous mode [ 42.149090][ T55] hsr_slave_1: left promiscuous mode [ 42.164781][ T55] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 42.172358][ T55] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 42.180787][ T55] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 42.188246][ T55] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 42.199961][ T55] veth1_macvtap: left promiscuous mode [ 42.205637][ T55] veth0_macvtap: left promiscuous mode [ 42.211249][ T55] veth1_vlan: left promiscuous mode [ 42.216490][ T55] veth0_vlan: left promiscuous mode [ 42.300676][ T55] team0 (unregistering): Port device team_slave_1 removed [ 42.311690][ T55] team0 (unregistering): Port device team_slave_0 removed [ 42.370463][ T4322] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.377868][ T4322] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.386345][ T4322] bridge_slave_0: entered allmulticast mode [ 42.394535][ T4322] bridge_slave_0: entered promiscuous mode [ 42.405038][ T4322] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.412172][ T4322] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.430517][ T4322] bridge_slave_1: entered allmulticast mode [ 42.446207][ T4322] bridge_slave_1: entered promiscuous mode [ 42.472028][ T4090] veth0_vlan: entered promiscuous mode [ 42.506761][ T4090] veth1_vlan: entered promiscuous mode [ 42.528868][ T4322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 42.554538][ T4322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 42.592850][ T4437] loop3: detected capacity change from 0 to 512 [ 42.611563][ T4322] team0: Port device team_slave_0 added [ 42.619593][ T4090] veth0_macvtap: entered promiscuous mode [ 42.629460][ T4437] EXT4-fs (loop3): invalid inodes per group: 0 [ 42.629460][ T4437] [ 42.645879][ T4322] team0: Port device team_slave_1 added [ 42.676921][ T4090] veth1_macvtap: entered promiscuous mode [ 42.728213][ T4322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.735219][ T4322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.761394][ T4322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.772814][ T4322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.779854][ T4322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.805870][ T4322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 42.825083][ T4090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.835619][ T4090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.845467][ T4090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.855956][ T4090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.865799][ T4090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.876316][ T4090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.888412][ T4090] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.907935][ T4090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.918498][ T4090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.928372][ T4090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.938969][ T4090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.948820][ T4090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.959294][ T4090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.970068][ T4090] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 43.004695][ T4453] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 43.013881][ T4322] hsr_slave_0: entered promiscuous mode [ 43.020069][ T4322] hsr_slave_1: entered promiscuous mode [ 43.025990][ T4322] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.034322][ T4322] Cannot create hsr debugfs directory [ 43.040692][ T4090] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.049527][ T4090] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.058313][ T4090] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.067083][ T4090] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.108679][ T4407] chnl_net:caif_netlink_parms(): no params data found [ 43.139720][ T55] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.228824][ T55] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.241276][ T4469] netlink: 'syz.1.366': attribute type 5 has an invalid length. [ 43.292699][ T55] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.335036][ T4407] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.342307][ T4407] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.351774][ T4407] bridge_slave_0: entered allmulticast mode [ 43.358451][ T4407] bridge_slave_0: entered promiscuous mode [ 43.377776][ T55] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.425971][ T4407] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.433147][ T4407] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.451381][ T4407] bridge_slave_1: entered allmulticast mode [ 43.473077][ T4407] bridge_slave_1: entered promiscuous mode [ 43.584614][ T4407] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.643344][ T4512] loop1: detected capacity change from 0 to 512 [ 43.650943][ T55] bridge_slave_1: left allmulticast mode [ 43.656621][ T55] bridge_slave_1: left promiscuous mode [ 43.662360][ T55] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.670410][ T4512] EXT4-fs: Ignoring removed bh option [ 43.675847][ T4512] EXT4-fs: Ignoring removed mblk_io_submit option [ 43.684138][ T55] bridge_slave_0: left allmulticast mode [ 43.689988][ T55] bridge_slave_0: left promiscuous mode [ 43.695678][ T55] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.703434][ T4512] EXT4-fs error (device loop1): __ext4_iget:4952: inode #15: block 1803188595: comm syz.1.378: invalid block [ 43.716582][ T4512] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.378: couldn't read orphan inode 15 (err -117) [ 43.729059][ T4512] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.756512][ T3269] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.823672][ T55] @ (unregistering): (slave bond_slave_0): Releasing backup interface [ 43.834025][ T55] @ (unregistering): (slave bond_slave_1): Releasing backup interface [ 43.844620][ T55] @ (unregistering): (slave team0): Releasing backup interface [ 43.855582][ T55] @ (unregistering): Released all slaves [ 43.864837][ T4507] netlink: 'syz.3.377': attribute type 10 has an invalid length. [ 43.872845][ T4507] bridge0: port 3(team0) entered blocking state [ 43.879236][ T4507] bridge0: port 3(team0) entered disabled state [ 43.885812][ T4507] team0: entered allmulticast mode [ 43.891027][ T4507] team_slave_0: entered allmulticast mode [ 43.896793][ T4507] team_slave_1: entered allmulticast mode [ 43.905248][ T4507] team0: entered promiscuous mode [ 43.910407][ T4507] team_slave_0: entered promiscuous mode [ 43.916238][ T4507] team_slave_1: entered promiscuous mode [ 43.924505][ T4507] bridge0: port 3(team0) entered blocking state [ 43.930838][ T4507] bridge0: port 3(team0) entered forwarding state [ 43.943024][ T4407] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.983183][ T29] kauditd_printk_skb: 53 callbacks suppressed [ 43.983199][ T29] audit: type=1400 audit(1729549452.855:465): avc: denied { listen } for pid=4531 comm="syz.3.382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 44.019218][ T55] hsr_slave_0: left promiscuous mode [ 44.025566][ T55] hsr_slave_1: left promiscuous mode [ 44.033234][ T55] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 44.040712][ T55] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 44.052693][ T55] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 44.060196][ T55] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 44.072510][ T55] veth1_macvtap: left promiscuous mode [ 44.078185][ T55] veth0_macvtap: left promiscuous mode [ 44.083847][ T55] veth1_vlan: left promiscuous mode [ 44.089162][ T55] veth0_vlan: left promiscuous mode [ 44.136728][ T29] audit: type=1400 audit(1729549453.005:466): avc: denied { tracepoint } for pid=4544 comm="syz.1.387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 44.184726][ T4543] loop3: detected capacity change from 0 to 256 [ 44.193499][ T4543] FAT-fs (loop3): bogus number of FAT sectors [ 44.199728][ T4543] FAT-fs (loop3): Can't find a valid FAT filesystem [ 44.306056][ T55] team0 (unregistering): Port device team_slave_1 removed [ 44.322239][ T29] audit: type=1326 audit(1729549453.195:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4555 comm="syz.3.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 44.345621][ T29] audit: type=1326 audit(1729549453.195:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4555 comm="syz.3.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 44.374246][ T29] audit: type=1326 audit(1729549453.195:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4555 comm="syz.3.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 44.391605][ T55] team0 (unregistering): Port device team_slave_0 removed [ 44.397557][ T29] audit: type=1326 audit(1729549453.195:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4555 comm="syz.3.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 44.427916][ T29] audit: type=1326 audit(1729549453.195:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4555 comm="syz.3.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 44.451206][ T29] audit: type=1326 audit(1729549453.195:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4555 comm="syz.3.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 44.474739][ T29] audit: type=1326 audit(1729549453.195:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4555 comm="syz.3.392" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 44.499644][ T4407] team0: Port device team_slave_0 added [ 44.506483][ T4407] team0: Port device team_slave_1 added [ 44.547933][ T4407] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 44.554996][ T4407] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.581062][ T4407] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.595654][ T4407] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.602726][ T4407] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.628719][ T4407] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.695087][ T4407] hsr_slave_0: entered promiscuous mode [ 44.706866][ T4407] hsr_slave_1: entered promiscuous mode [ 44.714866][ T4407] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 44.724190][ T4407] Cannot create hsr debugfs directory [ 44.732617][ T4567] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 44.750272][ T4322] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 44.767689][ T4322] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 44.776697][ T4322] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 44.801606][ T4322] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 44.859906][ T4589] loop1: detected capacity change from 0 to 1024 [ 44.871215][ T4589] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.892276][ T4593] loop3: detected capacity change from 0 to 512 [ 44.914456][ T4593] EXT4-fs: Ignoring removed i_version option [ 44.925293][ T29] audit: type=1400 audit(1729549453.785:474): avc: denied { mounton } for pid=4588 comm="syz.1.400" path="/86/file0/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.940250][ T4593] EXT4-fs (loop3): 1 truncate cleaned up [ 44.954791][ T4593] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.986340][ T3271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.013847][ T4322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.046248][ T4322] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.056389][ T1657] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.063604][ T1657] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.077971][ T2061] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.085128][ T2061] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.149425][ T3269] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.176401][ T55] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.203780][ T4322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.241757][ T55] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.267200][ T4407] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 45.284837][ T4407] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 45.318108][ T4407] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 45.337087][ T55] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.357266][ T4407] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 45.390399][ T55] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.501544][ T55] bridge_slave_1: left allmulticast mode [ 45.507234][ T55] bridge_slave_1: left promiscuous mode [ 45.512967][ T55] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.531757][ T55] bridge_slave_0: left allmulticast mode [ 45.537705][ T55] bridge_slave_0: left promiscuous mode [ 45.543493][ T55] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.672378][ T55] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 45.683315][ T55] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 45.693790][ T55] bond0 (unregistering): Released all slaves [ 45.712225][ T4407] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.724925][ T4407] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.755915][ T55] hsr_slave_0: left promiscuous mode [ 45.762326][ T55] hsr_slave_1: left promiscuous mode [ 45.769187][ T55] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 45.776608][ T55] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 45.784793][ T55] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 45.792504][ T55] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 45.802526][ T55] veth1_macvtap: left promiscuous mode [ 45.808065][ T55] veth0_macvtap: left promiscuous mode [ 45.813584][ T55] veth1_vlan: left promiscuous mode [ 45.818977][ T55] veth0_vlan: left promiscuous mode [ 45.906088][ T55] team0 (unregistering): Port device team_slave_1 removed [ 45.917178][ T55] team0 (unregistering): Port device team_slave_0 removed [ 45.973261][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.980373][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.005989][ T4322] veth0_vlan: entered promiscuous mode [ 46.039820][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.046997][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.072615][ T4322] veth1_vlan: entered promiscuous mode [ 46.120713][ T4623] chnl_net:caif_netlink_parms(): no params data found [ 46.148405][ T4322] veth0_macvtap: entered promiscuous mode [ 46.162161][ T4322] veth1_macvtap: entered promiscuous mode [ 46.218838][ T4623] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.226070][ T4623] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.244707][ T4623] bridge_slave_0: entered allmulticast mode [ 46.257587][ T4623] bridge_slave_0: entered promiscuous mode [ 46.271321][ T4623] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.278487][ T4623] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.285589][ T4623] bridge_slave_1: entered allmulticast mode [ 46.292117][ T4623] bridge_slave_1: entered promiscuous mode [ 46.322097][ T4407] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.344406][ T4322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.355038][ T4322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.364970][ T4322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 46.375497][ T4322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.386731][ T4322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.405349][ T4623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.444998][ T4623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.454465][ T4322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.465035][ T4322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.474892][ T4322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 46.485468][ T4322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 46.487049][ T4714] loop3: detected capacity change from 0 to 164 [ 46.498535][ T4322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.521399][ T4623] team0: Port device team_slave_0 added [ 46.530341][ T4623] team0: Port device team_slave_1 added [ 46.544685][ T4714] netlink: 72 bytes leftover after parsing attributes in process `syz.3.424'. [ 46.560532][ T4322] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.569340][ T4322] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.578132][ T4322] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.586924][ T4322] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.645722][ T4623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.652814][ T4623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.678920][ T4623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.693288][ T4736] syz.2.428[4736] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.693431][ T4736] syz.2.428[4736] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.705365][ T4736] syz.2.428[4736] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.721486][ T4623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.739790][ T4623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.762734][ T4741] loop2: detected capacity change from 0 to 256 [ 46.765723][ T4623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.799525][ T4741] Invalid ELF header magic: != ELF [ 46.816495][ T4407] veth0_vlan: entered promiscuous mode [ 46.830336][ T4623] hsr_slave_0: entered promiscuous mode [ 46.832547][ T4744] syz.2.430[4744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.836174][ T4744] syz.2.430[4744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.847872][ T4623] hsr_slave_1: entered promiscuous mode [ 46.847935][ T4744] syz.2.430[4744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.888567][ T4407] veth1_vlan: entered promiscuous mode [ 46.958655][ T4751] syz.2.432[4751] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.958767][ T4751] syz.2.432[4751] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.970352][ T4751] syz.2.432[4751] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 47.004933][ T4407] veth0_macvtap: entered promiscuous mode [ 47.034737][ T4407] veth1_macvtap: entered promiscuous mode [ 47.055244][ T4407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.065946][ T4407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.075887][ T4407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.086458][ T4407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.096454][ T4407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.107136][ T4407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.121273][ T4407] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.132276][ T4762] netem: change failed [ 47.139382][ T4407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.149881][ T4407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.159891][ T4407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.170679][ T4407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.170747][ T4767] syz.4.437[4767] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 47.180645][ T4407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.202543][ T4407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.214758][ T4407] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.227236][ T4407] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.236095][ T4407] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.245038][ T4407] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.253954][ T4407] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.286078][ T4777] loop4: detected capacity change from 0 to 256 [ 47.318152][ T4777] Invalid ELF header magic: != ELF [ 47.394809][ T4623] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.417144][ T4623] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.442078][ T4623] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.475751][ T4623] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.540390][ T4803] Invalid logical block size (1) [ 47.592387][ T4810] ip6tnl1: entered promiscuous mode [ 47.597702][ T4810] ip6tnl1: entered allmulticast mode [ 47.638616][ T4623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.662327][ T4623] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.683440][ T4623] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.693963][ T4623] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 47.709236][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.716385][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.725476][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.732572][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.763587][ T4818] netem: change failed [ 47.802011][ T4623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.023194][ T1054] IPVS: starting estimator thread 0... [ 48.047295][ T4623] veth0_vlan: entered promiscuous mode [ 48.080573][ T4623] veth1_vlan: entered promiscuous mode [ 48.118171][ T4857] IPVS: using max 2016 ests per chain, 100800 per kthread [ 48.141553][ T4623] veth0_macvtap: entered promiscuous mode [ 48.170040][ T4623] veth1_macvtap: entered promiscuous mode [ 48.237051][ T4623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.247643][ T4623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.257476][ T4623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.268036][ T4623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.277876][ T4623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.288415][ T4623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.298242][ T4623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 48.308765][ T4623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.381027][ T4623] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.391745][ T4623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.402380][ T4623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.412318][ T4623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.423277][ T4623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.433133][ T4623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.443695][ T4623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.453639][ T4623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 48.464092][ T4623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 48.477759][ T4623] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.488419][ T4888] netlink: 20 bytes leftover after parsing attributes in process `syz.3.455'. [ 48.515008][ T4623] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.523785][ T4623] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.532517][ T4623] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.541337][ T4623] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.625223][ T4898] loop0: detected capacity change from 0 to 512 [ 48.641421][ T4902] pim6reg1: entered promiscuous mode [ 48.646761][ T4902] pim6reg1: entered allmulticast mode [ 48.687711][ T4898] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 48.719162][ T4898] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.752158][ T9] IPVS: starting estimator thread 0... [ 48.756626][ T4898] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.828568][ T4407] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.847782][ T4922] IPVS: using max 2448 ests per chain, 122400 per kthread [ 48.977735][ T4944] Invalid logical block size (1) [ 49.225115][ T4972] netlink: 1328 bytes leftover after parsing attributes in process `syz.1.475'. [ 49.506886][ T4978] loop4: detected capacity change from 0 to 512 [ 49.524120][ T4978] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 49.571645][ T4978] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.625530][ T4978] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.710520][ T4990] smc: net device bond0 applied user defined pnetid SYZ0 [ 49.746160][ T4322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.795453][ T29] kauditd_printk_skb: 59 callbacks suppressed [ 49.795469][ T29] audit: type=1400 audit(1729549458.665:534): avc: denied { bind } for pid=4995 comm="syz.0.497" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 49.824795][ T29] audit: type=1400 audit(1729549458.665:535): avc: denied { name_bind } for pid=4995 comm="syz.0.497" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 49.845575][ T29] audit: type=1400 audit(1729549458.665:536): avc: denied { node_bind } for pid=4995 comm="syz.0.497" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 49.866211][ T29] audit: type=1400 audit(1729549458.665:537): avc: denied { listen } for pid=4995 comm="syz.0.497" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 49.888868][ T29] audit: type=1400 audit(1729549458.725:538): avc: denied { write } for pid=4995 comm="syz.0.497" laddr=172.20.20.10 lport=46328 faddr=172.20.20.0 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 49.991948][ T5016] 9pnet_fd: p9_fd_create_tcp (5016): problem connecting socket to 127.0.0.1 [ 50.056214][ T5026] netlink: 324 bytes leftover after parsing attributes in process `syz.4.499'. [ 50.066679][ T29] audit: type=1400 audit(1729549458.935:539): avc: denied { cmd } for pid=5023 comm="syz.2.498" path="socket:[10030]" dev="sockfs" ino=10030 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 50.152915][ T29] audit: type=1326 audit(1729549459.025:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5029 comm="syz.4.502" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd22a43dff9 code=0x0 [ 50.190776][ T29] audit: type=1400 audit(1729549459.065:541): avc: denied { name_bind } for pid=5033 comm="syz.2.503" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 50.220866][ T5041] netlink: 8 bytes leftover after parsing attributes in process `syz.1.506'. [ 50.287178][ T5046] syzkaller0: entered promiscuous mode [ 50.292828][ T5046] syzkaller0: entered allmulticast mode [ 50.882638][ T5060] loop5: detected capacity change from 0 to 7 [ 50.888998][ T5060] Buffer I/O error on dev loop5, logical block 0, async page read [ 50.896933][ T5060] Buffer I/O error on dev loop5, logical block 0, async page read [ 50.904808][ T5060] loop5: unable to read partition table [ 50.910612][ T5060] loop_reread_partitions: partition scan of loop5 (被xڬdƤݡ [ 50.910612][ T5060] ) failed (rc=-5) [ 50.975888][ T5062] loop4: detected capacity change from 0 to 512 [ 51.039692][ T5066] loop1: detected capacity change from 0 to 2048 [ 51.050347][ T5062] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.087940][ T5066] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.112060][ T5062] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.172985][ T5062] Process accounting resumed [ 51.198686][ T29] audit: type=1400 audit(1729549460.045:542): avc: denied { append } for pid=5061 comm="syz.4.514" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 51.254839][ T5062] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 51.299624][ T4623] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.308480][ T29] audit: type=1400 audit(1729549460.105:543): avc: denied { create } for pid=5065 comm="syz.1.516" name=1801 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 51.394161][ T4322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.457322][ T5085] loop4: detected capacity change from 0 to 512 [ 51.475208][ T5085] EXT4-fs: Ignoring removed oldalloc option [ 51.501879][ T5085] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 51.526509][ T5085] EXT4-fs (loop4): 1 truncate cleaned up [ 51.545918][ T5085] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.549620][ T5096] loop1: detected capacity change from 0 to 512 [ 51.585869][ T4322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.725219][ T5096] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.743155][ T5096] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.772135][ T4623] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.795425][ T5110] loop1: detected capacity change from 0 to 128 [ 51.840699][ T5112] loop4: detected capacity change from 0 to 512 [ 51.879615][ T5112] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 51.935127][ T5112] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.022664][ T5122] syz.1.536: attempt to access beyond end of device [ 52.022664][ T5122] loop1: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 52.048691][ T5124] netlink: 16 bytes leftover after parsing attributes in process `syz.0.537'. [ 52.060569][ T4322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 52.161446][ T5129] bridge0: port 3(vlan2) entered blocking state [ 52.167999][ T5129] bridge0: port 3(vlan2) entered disabled state [ 52.189882][ T5129] vlan2: entered allmulticast mode [ 52.195850][ T5129] vlan2: left allmulticast mode [ 52.245177][ T5139] tipc: Started in network mode [ 52.250162][ T5139] tipc: Node identity aa959cedfb59, cluster identity 4711 [ 52.257448][ T5139] tipc: Enabled bearer , priority 0 [ 52.295321][ T5143] : renamed from syzkaller0 [ 52.308405][ T5143] tipc: Disabling bearer [ 52.408180][ T5158] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 52.454186][ T5154] loop1: detected capacity change from 0 to 1024 [ 52.468295][ T5156] loop3: detected capacity change from 0 to 2048 [ 52.477002][ T5154] EXT4-fs: Ignoring removed orlov option [ 52.492638][ T5164] pim6reg1: entered promiscuous mode [ 52.498076][ T5164] pim6reg1: entered allmulticast mode [ 52.501711][ T5154] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.515370][ T5156] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.533008][ T5156] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 52.548865][ T5156] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 28 [ 52.555461][ T5171] loop0: detected capacity change from 0 to 512 [ 52.561350][ T5156] EXT4-fs (loop3): This should not happen!! Data will be lost [ 52.561350][ T5156] [ 52.561369][ T5156] EXT4-fs (loop3): Total free blocks count 0 [ 52.561384][ T5156] EXT4-fs (loop3): Free/Dirty block details [ 52.585194][ T5171] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.589234][ T5156] EXT4-fs (loop3): free_blocks=2415919104 [ 52.589253][ T5156] EXT4-fs (loop3): dirty_blocks=16 [ 52.589266][ T5156] EXT4-fs (loop3): Block reservation details [ 52.589279][ T5156] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 52.638466][ T4623] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.657011][ T3271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.703201][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.710921][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.718453][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.718525][ T5178] loop1: detected capacity change from 0 to 1024 [ 52.725846][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.725869][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.725890][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.725909][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.725928][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.758919][ T5178] EXT4-fs (loop1): can't mount with journal_async_commit, fs mounted w/o journal [ 52.761956][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.785854][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.793556][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.801161][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.808725][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.816098][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.823557][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.831028][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.838473][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.845857][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.853350][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.860783][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.868487][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.875906][ T8] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.891982][ T8] hid-generic 0000:0000:0000.0001: hidraw0: HID vffffff.fe Device [syz0] on syz1 [ 52.898917][ T4407] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.917900][ T5185] capability: warning: `syz.3.564' uses deprecated v2 capabilities in a way that may be insecure [ 53.002907][ T5196] loop3: detected capacity change from 0 to 512 [ 53.010892][ C0] ------------[ cut here ]------------ [ 53.016376][ C0] refcount_t: underflow; use-after-free. [ 53.022300][ C0] WARNING: CPU: 0 PID: 5187 at lib/refcount.c:28 refcount_warn_saturate+0x1c6/0x230 [ 53.031746][ C0] Modules linked in: [ 53.035667][ C0] CPU: 0 UID: 0 PID: 5187 Comm: syz.2.565 Not tainted 6.12.0-rc4-syzkaller-00045-gd12937763990 #0 [ 53.046292][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 53.056408][ C0] RIP: 0010:refcount_warn_saturate+0x1c6/0x230 [ 53.062640][ C0] Code: 72 ff ff ff e8 9b 83 71 ff 48 c7 c7 fe d6 b2 86 e8 3f 6a 8a ff c6 05 d6 2c f4 04 01 90 48 c7 c7 3f a4 1b 86 e8 ab 49 53 ff 90 <0f> 0b 90 90 e9 43 ff ff ff e8 6c 83 71 ff 48 c7 c7 fb d6 b2 86 e8 [ 53.082309][ C0] RSP: 0018:ffffc90000003af8 EFLAGS: 00010246 [ 53.088464][ C0] RAX: 562c5e2e1775f600 RBX: ffff8881048dd8e4 RCX: ffff8881020f0000 [ 53.088781][ T5202] loop1: detected capacity change from 0 to 2048 [ 53.096439][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 53.096460][ C0] RBP: 0000000000000003 R08: ffffffff8111f547 R09: 0000000000000000 [ 53.096472][ C0] R10: 0001ffffffffffff R11: ffff8881020f0000 R12: ffff888119a4d868 [ 53.096488][ C0] R13: ffff888119a4d800 R14: ffff8881048dd8e4 R15: 0000000000000000 [ 53.109583][ T5202] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.110809][ C0] FS: 00007f34421b76c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 [ 53.155780][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.162415][ C0] CR2: 000000110c2b461a CR3: 0000000110db6000 CR4: 00000000003506f0 [ 53.170431][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.178436][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.186451][ C0] Call Trace: [ 53.189764][ C0] [ 53.189902][ T5196] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.192639][ C0] ? __warn+0x141/0x350 [ 53.209275][ C0] ? report_bug+0x315/0x420 [ 53.213830][ C0] ? refcount_warn_saturate+0x1c6/0x230 [ 53.216763][ T5196] ext4 filesystem being mounted at /118/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.219412][ C0] ? handle_bug+0x60/0x90 [ 53.234212][ C0] ? exc_invalid_op+0x1a/0x50 [ 53.238952][ C0] ? asm_exc_invalid_op+0x1a/0x20 [ 53.242802][ T5196] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.244006][ C0] ? __warn_printk+0x167/0x1b0 [ 53.257780][ C0] ? refcount_warn_saturate+0x1c6/0x230 [ 53.263348][ C0] ? refcount_warn_saturate+0x1c5/0x230 [ 53.268956][ C0] sk_skb_reason_drop+0xe9/0x290 [ 53.273967][ C0] j1939_session_put+0x157/0x2a0 [ 53.278998][ C0] j1939_xtp_rx_dat_one+0x664/0x9b0 [ 53.284244][ C0] j1939_tp_recv+0x26b/0xa80 [ 53.288893][ C0] j1939_can_recv+0x45f/0x550 [ 53.293597][ C0] ? __dev_queue_xmit+0x161/0x2040 [ 53.298784][ C0] ? __pfx_j1939_can_recv+0x10/0x10 [ 53.304563][ C0] can_rcv_filter+0x225/0x4c0 [ 53.309319][ C0] can_receive+0x182/0x1f0 [ 53.313765][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 53.318338][ C0] can_rcv+0xe7/0x180 [ 53.322354][ C0] ? __pfx_can_rcv+0x10/0x10 [ 53.326961][ C0] __netif_receive_skb+0x123/0x280 [ 53.332123][ C0] process_backlog+0x22e/0x440 [ 53.336903][ C0] __napi_poll+0x63/0x3c0 [ 53.341264][ C0] ? net_rx_action+0x376/0x7f0 [ 53.346043][ C0] net_rx_action+0x3a1/0x7f0 [ 53.350686][ C0] handle_softirqs+0xbf/0x280 [ 53.355388][ C0] irq_exit_rcu+0x3e/0x90 [ 53.359748][ C0] sysvec_apic_timer_interrupt+0x73/0x80 [ 53.365456][ C0] [ 53.368422][ C0] [ 53.371361][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 53.377348][ C0] RIP: 0010:_raw_spin_unlock_irq+0x2f/0x50 [ 53.383197][ C0] Code: 48 89 fb 48 c7 c7 08 49 64 86 e8 dc ae 17 fc 48 83 3d fc d6 32 01 00 74 24 48 89 df e8 9a 06 00 00 90 fb 65 ff 0d 29 71 d1 7a <74> 06 5b c3 cc cc cc cc 0f 1f 44 00 00 5b c3 cc cc cc cc 90 0f 0b [ 53.402852][ C0] RSP: 0018:ffffc9000c04b478 EFLAGS: 00000286 [ 53.408952][ C0] RAX: 0000000000000001 RBX: ffff888102ece608 RCX: ffffffff85317204 [ 53.416972][ C0] RDX: 00000000000006e4 RSI: 0000000000000000 RDI: ffff888102ece608 [ 53.424966][ C0] RBP: 0000000000000000 R08: 0001ffff8664490f R09: 0000000000000000 [ 53.432970][ C0] R10: 0001ffffffffffff R11: 0001ea00048217b8 R12: ffff888102ece608 [ 53.440976][ C0] R13: ffffea0004821780 R14: ffff888102ece600 R15: 0000000000000001 [ 53.448979][ C0] ? _raw_spin_unlock_irq+0x14/0x50 [ 53.454188][ C0] ? _raw_spin_unlock_irq+0x26/0x50 [ 53.459418][ C0] __remove_mapping+0x416/0x470 [ 53.464308][ C0] shrink_folio_list+0x17b2/0x2710 [ 53.469485][ C0] reclaim_folio_list+0x81/0x1e0 [ 53.474482][ C0] reclaim_pages+0x215/0x270 [ 53.479126][ C0] madvise_cold_or_pageout_pte_range+0xeb7/0xf30 [ 53.485487][ C0] ? widen_string+0x3a/0x260 [ 53.490158][ C0] walk_pgd_range+0x7ed/0xec0 [ 53.494860][ C0] __walk_page_range+0xc5/0x330 [ 53.499748][ C0] walk_page_range+0x395/0x4e0 [ 53.504551][ C0] do_madvise+0x1a7a/0x2660 [ 53.509137][ C0] __x64_sys_madvise+0x61/0x70 [ 53.513943][ C0] x64_sys_call+0x2320/0x2d60 [ 53.518659][ C0] do_syscall_64+0xc9/0x1c0 [ 53.523181][ C0] ? clear_bhb_loop+0x55/0xb0 [ 53.527916][ C0] ? clear_bhb_loop+0x55/0xb0 [ 53.532614][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.538547][ C0] RIP: 0033:0x7f344353dff9 [ 53.542992][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.562652][ C0] RSP: 002b:00007f34421b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 53.571093][ C0] RAX: ffffffffffffffda RBX: 00007f34436f5f80 RCX: 00007f344353dff9 [ 53.579087][ C0] RDX: 0000000000000015 RSI: 0000000000600000 RDI: 0000000020000000 [ 53.587082][ C0] RBP: 00007f34435b0296 R08: 0000000000000000 R09: 0000000000000000 [ 53.595106][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.603115][ C0] R13: 0000000000000000 R14: 00007f34436f5f80 R15: 00007fffc9b5d028 [ 53.611166][ C0] [ 53.614189][ C0] ---[ end trace 0000000000000000 ]--- [ 53.681152][ T5211] bpf_get_probe_write_proto: 14 callbacks suppressed [ 53.681173][ T5211] syz.3.574[5211] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.689935][ T5211] syz.3.574[5211] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.701844][ T5211] syz.3.574[5211] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.714944][ T5187] netlink: 16 bytes leftover after parsing attributes in process `syz.2.565'. [ 53.825750][ T5224] syzkaller0: entered promiscuous mode [ 53.831316][ T5224] syzkaller0: entered allmulticast mode [ 53.839835][ T4623] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.884210][ T2061] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.942668][ T2061] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.960772][ T5239] loop3: detected capacity change from 0 to 512 [ 53.993985][ T2061] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.022969][ T5243] loop3: detected capacity change from 0 to 512 [ 54.040306][ T5243] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.053117][ T5243] ext4 filesystem being mounted at /124/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.065208][ T5243] EXT4-fs error (device loop3): ext4_do_update_inode:5121: inode #2: comm syz.3.586: corrupted inode contents [ 54.085060][ T5243] EXT4-fs error (device loop3): ext4_dirty_inode:5984: inode #2: comm syz.3.586: mark_inode_dirty error [ 54.097752][ T2061] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.109096][ T5243] EXT4-fs error (device loop3): ext4_do_update_inode:5121: inode #2: comm syz.3.586: corrupted inode contents [ 54.129114][ T5243] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #2: comm syz.3.586: mark_inode_dirty error [ 54.157477][ T3271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.234976][ T5232] chnl_net:caif_netlink_parms(): no params data found [ 54.248524][ T2061] bridge_slave_1: left allmulticast mode [ 54.254211][ T2061] bridge_slave_1: left promiscuous mode [ 54.259982][ T2061] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.271842][ T2061] bridge_slave_0: left allmulticast mode [ 54.277579][ T2061] bridge_slave_0: left promiscuous mode [ 54.283262][ T2061] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.410584][ T2061] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 54.421331][ T2061] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 54.434116][ T5287] loop4: detected capacity change from 0 to 512 [ 54.435454][ T2061] bond0 (unregistering): Released all slaves [ 54.460443][ T5287] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.481052][ T5287] ext4 filesystem being mounted at /34/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 54.506384][ T5287] EXT4-fs (loop4): shut down requested (2) [ 54.515173][ T2061] hsr_slave_0: left promiscuous mode [ 54.522640][ T2061] hsr_slave_1: left promiscuous mode [ 54.523734][ T4322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.537239][ T2061] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 54.544731][ T2061] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 54.567206][ T5296] syz.4.598[5296] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 54.567279][ T5296] syz.4.598[5296] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 54.573609][ T2061] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 54.579056][ T5296] syz.4.598[5296] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 54.589954][ T2061] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 54.624060][ T2061] veth1_macvtap: left promiscuous mode [ 54.629801][ T2061] veth0_macvtap: left promiscuous mode [ 54.635459][ T2061] veth1_vlan: left promiscuous mode [ 54.640783][ T2061] veth0_vlan: left promiscuous mode [ 54.680349][ T5304] loop4: detected capacity change from 0 to 512 [ 54.704323][ T5304] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.602: corrupted in-inode xattr: invalid ea_ino [ 54.720894][ T5304] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.602: couldn't read orphan inode 15 (err -117) [ 54.733963][ T5304] EXT4-fs (loop4): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.760287][ T5304] syz.4.602[5304] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 54.760417][ T5304] syz.4.602[5304] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 54.772107][ T5304] syz.4.602[5304] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 54.783763][ T2061] team0 (unregistering): Port device team_slave_1 removed [ 54.806349][ T2061] team0 (unregistering): Port device team_slave_0 removed [ 54.829299][ T4322] EXT4-fs (loop4): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 54.871608][ T5232] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.878822][ T5232] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.887299][ T5232] bridge_slave_0: entered allmulticast mode [ 54.893966][ T5232] bridge_slave_0: entered promiscuous mode [ 54.909270][ T5315] tipc: Started in network mode [ 54.914188][ T5315] tipc: Node identity 9ecea986c71d, cluster identity 4711 [ 54.921427][ T5315] tipc: Enabled bearer , priority 0 [ 54.929816][ T5232] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.936908][ T5232] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.944491][ T5232] bridge_slave_1: entered allmulticast mode [ 54.952552][ T5232] bridge_slave_1: entered promiscuous mode [ 54.959238][ T5308] : renamed from syzkaller0 [ 54.965701][ T5308] tipc: Disabling bearer [ 54.992764][ T5232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.004770][ T5232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.024013][ T5232] team0: Port device team_slave_0 added [ 55.030916][ T5232] team0: Port device team_slave_1 added [ 55.048254][ T5232] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.055233][ T5232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.081198][ T5232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.115609][ T5232] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.122667][ T5232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.148619][ T5232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.284140][ T5232] hsr_slave_0: entered promiscuous mode [ 55.290326][ T5232] hsr_slave_1: entered promiscuous mode [ 55.308362][ T29] kauditd_printk_skb: 131 callbacks suppressed [ 55.308380][ T29] audit: type=1400 audit(1729549464.185:675): avc: denied { unmount } for pid=4322 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 55.343338][ T2061] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.358604][ T5357] pim6reg1: entered promiscuous mode [ 55.363976][ T5357] pim6reg1: entered allmulticast mode [ 55.395789][ T5364] vlan2: entered allmulticast mode [ 55.415823][ T2061] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.494815][ T2061] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.559488][ T2061] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.573707][ T5386] loop4: detected capacity change from 0 to 764 [ 55.586406][ T5380] tipc: Started in network mode [ 55.591407][ T5380] tipc: Node identity 9a60fbf0bdc7, cluster identity 4711 [ 55.598605][ T5380] tipc: Enabled bearer , priority 0 [ 55.660854][ T5396] : renamed from syzkaller0 [ 55.670096][ T5396] tipc: Disabling bearer [ 55.715493][ T5348] chnl_net:caif_netlink_parms(): no params data found [ 55.766489][ T2061] bridge_slave_1: left allmulticast mode [ 55.772202][ T2061] bridge_slave_1: left promiscuous mode [ 55.777959][ T2061] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.805280][ T2061] bridge_slave_0: left allmulticast mode [ 55.806013][ T5409] loop4: detected capacity change from 0 to 512 [ 55.811047][ T2061] bridge_slave_0: left promiscuous mode [ 55.823026][ T2061] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.856476][ T5409] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.996150][ T5423] loop2: detected capacity change from 0 to 512 [ 56.013510][ T2061] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 56.024450][ T4322] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.035639][ T2061] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 56.047274][ T2061] bond0 (unregistering): Released all slaves [ 56.190056][ T2061] hsr_slave_0: left promiscuous mode [ 56.198147][ T2061] hsr_slave_1: left promiscuous mode [ 56.203992][ T2061] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 56.211554][ T2061] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 56.211802][ T29] audit: type=1326 audit(1729549465.075:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5435 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 56.241963][ T29] audit: type=1326 audit(1729549465.075:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5435 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 56.265190][ T29] audit: type=1326 audit(1729549465.075:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5435 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 56.288549][ T29] audit: type=1326 audit(1729549465.075:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5435 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 56.311837][ T29] audit: type=1326 audit(1729549465.075:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5435 comm="syz.3.625" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134589dff9 code=0x7ffc0000 [ 56.335588][ T2061] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 56.343065][ T2061] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 56.352443][ T2061] veth1_macvtap: left promiscuous mode [ 56.357956][ T2061] veth0_macvtap: left promiscuous mode [ 56.363479][ T2061] veth1_vlan: left promiscuous mode [ 56.368794][ T2061] veth0_vlan: left promiscuous mode [ 56.453927][ T2061] team0 (unregistering): Port device team_slave_1 removed [ 56.464908][ T2061] team0 (unregistering): Port device team_slave_0 removed [ 56.512536][ T5348] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.519715][ T5348] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.526881][ T5348] bridge_slave_0: entered allmulticast mode [ 56.533543][ T5348] bridge_slave_0: entered promiscuous mode [ 56.540353][ T5348] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.547496][ T5348] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.555003][ T5348] bridge_slave_1: entered allmulticast mode [ 56.569482][ T5348] bridge_slave_1: entered promiscuous mode [ 56.607457][ T5348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.632405][ T5348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.645356][ T5232] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 56.679877][ T5452] loop3: detected capacity change from 0 to 512 [ 56.686545][ T5452] EXT4-fs: Ignoring removed oldalloc option [ 56.693347][ T5452] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 56.697263][ T5232] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 56.712275][ T5452] EXT4-fs (loop3): 1 truncate cleaned up [ 56.717151][ T5348] team0: Port device team_slave_0 added [ 56.722977][ T5452] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.724251][ T5232] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 56.745628][ T5348] team0: Port device team_slave_1 added [ 56.764575][ T5232] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 56.783909][ T3271] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.805031][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.812081][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.838086][ T5348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.867084][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.874126][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.900159][ T5348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.930539][ T2061] IPVS: stop unused estimator thread 0... [ 56.965040][ T5464] syz.3.633[5464] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 56.979545][ T5348] hsr_slave_0: entered promiscuous mode [ 57.003137][ T5348] hsr_slave_1: entered promiscuous mode [ 57.013546][ T5348] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 57.033200][ T5348] Cannot create hsr debugfs directory [ 57.112251][ T5491] loop2: detected capacity change from 0 to 512 [ 57.144991][ T5491] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.199969][ T5491] Process accounting resumed [ 57.214380][ T5491] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 57.274425][ T5232] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.316265][ T5505] loop2: detected capacity change from 0 to 128 [ 57.340281][ T5443] chnl_net:caif_netlink_parms(): no params data found [ 57.362554][ T5232] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.386404][ T5509] loop3: detected capacity change from 0 to 512 [ 57.440610][ T5509] ext4 filesystem being mounted at /139/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.461039][ T1684] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.468148][ T1684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.497493][ T1684] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.504653][ T1684] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.515337][ T5509] Process accounting resumed [ 57.558814][ T5509] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 57.559795][ T5516] loop2: detected capacity change from 0 to 512 [ 57.583380][ T5516] EXT4-fs: Ignoring removed oldalloc option [ 57.591674][ T5516] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 57.628948][ T5516] EXT4-fs (loop2): 1 truncate cleaned up [ 57.675451][ T5443] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.682661][ T5443] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.682977][ T5524] loop2: detected capacity change from 0 to 512 [ 57.690142][ T5443] bridge_slave_0: entered allmulticast mode [ 57.704481][ T5443] bridge_slave_0: entered promiscuous mode [ 57.711775][ T5443] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.718894][ T5443] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.729264][ T5524] ext4 filesystem being mounted at /64/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 57.737918][ T5443] bridge_slave_1: entered allmulticast mode [ 57.754238][ T5443] bridge_slave_1: entered promiscuous mode [ 57.762267][ T5522] pim6reg1: entered promiscuous mode [ 57.767666][ T5522] pim6reg1: entered allmulticast mode [ 57.773430][ T5524] EXT4-fs (loop2): shut down requested (2) [ 57.834509][ T5443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.864228][ T5443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.890087][ T5443] team0: Port device team_slave_0 added [ 57.897149][ T5443] team0: Port device team_slave_1 added [ 57.915860][ T5443] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.922855][ T5443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.948876][ T5443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.962390][ T5443] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.969412][ T5443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.995384][ T5443] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.016823][ T5232] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.050572][ T5443] hsr_slave_0: entered promiscuous mode [ 58.063299][ T5443] hsr_slave_1: entered promiscuous mode [ 58.072706][ T5443] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.082536][ T5443] Cannot create hsr debugfs directory [ 58.108278][ T5348] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 58.123654][ T5348] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 58.142621][ T5348] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 58.167318][ T5348] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 58.187191][ T5232] veth0_vlan: entered promiscuous mode [ 58.199009][ T5232] veth1_vlan: entered promiscuous mode [ 58.240209][ T5232] veth0_macvtap: entered promiscuous mode [ 58.269851][ T5443] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.281462][ T5232] veth1_macvtap: entered promiscuous mode [ 58.306546][ T5232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.317100][ T5232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.326967][ T5232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.337433][ T5232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.347324][ T5232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.357892][ T5232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.368610][ T5232] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.377069][ T5232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.387570][ T5232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.397436][ T5232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.407884][ T5232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.417732][ T5232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.428175][ T5232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.439002][ T5232] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.454537][ T5232] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.463417][ T5232] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.472312][ T5232] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.475251][ T29] audit: type=1400 audit(1729549467.345:681): avc: denied { unlink } for pid=2954 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 58.481112][ T5232] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.519111][ T5443] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.534108][ T5348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.548210][ T5348] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.601889][ T5443] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.637261][ T29] audit: type=1400 audit(1729549467.505:682): avc: denied { append } for pid=5601 comm="syz.1.582" name="sg0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 58.674013][ T1684] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.681121][ T1684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.716789][ T1684] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.723942][ T1684] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.753206][ T5443] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.796817][ T5621] loop1: detected capacity change from 0 to 4096 [ 58.797098][ T5348] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 58.813773][ T5348] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 58.828462][ T5623] pim6reg1: entered promiscuous mode [ 58.833815][ T5623] pim6reg1: entered allmulticast mode [ 58.905779][ T5443] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 58.943011][ T5443] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 58.964787][ T5348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.984594][ T5443] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 58.984960][ T5642] loop3: detected capacity change from 0 to 128 [ 59.006913][ T5443] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 59.084429][ T5654] bpf_get_probe_write_proto: 2 callbacks suppressed [ 59.084448][ T5654] syz.2.652[5654] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.102727][ T5654] syz.2.652[5654] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.127586][ T5654] syz.2.652[5654] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.129570][ T5443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.171726][ T5443] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.182069][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.189182][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.211183][ T5660] netlink: 'syz.3.653': attribute type 4 has an invalid length. [ 59.228532][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.235603][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.297497][ T5443] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 59.307943][ T5443] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.322966][ T5348] veth0_vlan: entered promiscuous mode [ 59.396550][ T5676] syzkaller0: entered promiscuous mode [ 59.402205][ T5676] syzkaller0: entered allmulticast mode [ 59.422524][ T5348] veth1_vlan: entered promiscuous mode [ 59.472725][ T5443] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.483204][ T5348] veth0_macvtap: entered promiscuous mode [ 59.492329][ T5348] veth1_macvtap: entered promiscuous mode [ 59.502888][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.513489][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.523428][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.533964][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.543923][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.554436][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.564302][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.574785][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.585708][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.596364][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.606848][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.616831][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.627400][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.637321][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.647938][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.658054][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.668625][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.679355][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.687974][ T5348] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.689156][ T29] audit: type=1400 audit(1729549468.555:683): avc: denied { accept } for pid=5698 comm="iou-wrk-5699" lport=35721 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 59.696737][ T5348] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.726218][ T5348] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.735060][ T5348] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.880207][ T5443] veth0_vlan: entered promiscuous mode [ 59.891332][ T5443] veth1_vlan: entered promiscuous mode [ 59.904418][ T5722] TCP: out of memory -- consider tuning tcp_mem [ 59.911741][ T5722] ------------[ cut here ]------------ [ 59.916973][ T5443] veth0_macvtap: entered promiscuous mode [ 59.917203][ T5722] WARNING: CPU: 0 PID: 5722 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x444/0x450 [ 59.926844][ T5443] veth1_macvtap: entered promiscuous mode [ 59.932484][ T5722] Modules linked in: [ 59.942303][ T5722] CPU: 0 UID: 0 PID: 5722 Comm: syz.0.670 Tainted: G W 6.12.0-rc4-syzkaller-00045-gd12937763990 #0 [ 59.947365][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.954411][ T5722] Tainted: [W]=WARN [ 59.964900][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.968638][ T5722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 59.968654][ T5722] RIP: 0010:inet_sock_destruct+0x444/0x450 [ 59.978493][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.988554][ T5722] Code: 0f 0b 90 e9 ab fe ff ff e8 49 3a c3 fc 90 0f 0b 90 e9 c5 fe ff ff e8 3b 3a c3 fc 90 0f 0b 90 e9 df fe ff ff e8 2d 3a c3 fc 90 <0f> 0b 90 e9 35 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 [ 59.994387][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.994405][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.004834][ T5722] RSP: 0018:ffffc90000e83ce0 EFLAGS: 00010287 [ 60.024405][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.024424][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.034227][ T5722] [ 60.034235][ T5722] RAX: ffffffff846cf383 RBX: 0000000080002000 RCX: 0000000000040000 [ 60.044642][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.044672][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.050722][ T5722] RDX: ffffc90001bf9000 RSI: 0000000000000fa8 RDI: 0000000000000fa9 [ 60.050737][ T5722] RBP: ffff888107b54280 R08: ffffffff846cf2b4 R09: 0000000000000000 [ 60.050753][ T5722] R10: 0001ffffffffffff R11: 0001888107b543e0 R12: ffff888107b54200 [ 60.050766][ T5722] R13: ffff888107b54568 R14: ffff888107b542a8 R15: ffff888107b54292 [ 60.060572][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.062780][ T5443] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.071058][ T5722] FS: 00007fbba2ed76c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 [ 60.074342][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.081352][ T5722] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.091230][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.091245][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.091307][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.091318][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.101725][ T5722] CR2: 0000000020001300 CR3: 00000001102d6000 CR4: 00000000003506f0 [ 60.109711][ C1] TCP: out of memory -- consider tuning tcp_mem [ 60.117683][ T5722] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.125766][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.133647][ T5722] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.133714][ T5722] Call Trace: [ 60.133720][ T5722] [ 60.133728][ T5722] ? __warn+0x141/0x350 [ 60.143547][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.150833][ T5722] ? report_bug+0x315/0x420 [ 60.150866][ T5722] ? inet_sock_destruct+0x444/0x450 [ 60.150897][ T5722] ? handle_bug+0x60/0x90 [ 60.150924][ T5722] ? exc_invalid_op+0x1a/0x50 [ 60.150983][ T5722] ? asm_exc_invalid_op+0x1a/0x20 [ 60.151065][ T5722] ? inet_sock_destruct+0x374/0x450 [ 60.151093][ T5722] ? inet_sock_destruct+0x443/0x450 [ 60.151122][ T5722] ? inet_sock_destruct+0x444/0x450 [ 60.151150][ T5722] ? __pfx_inet_sock_destruct+0x10/0x10 [ 60.151178][ T5722] __sk_destruct+0x3d/0x440 [ 60.151248][ T5722] __sk_free+0x284/0x2d0 [ 60.151283][ T5722] sk_free+0x39/0x80 [ 60.151387][ T5722] tcp_close+0x8b/0xd0 [ 60.151413][ T5722] inet_release+0xce/0xf0 [ 60.151438][ T5722] sock_close+0x68/0x150 [ 60.151463][ T5722] ? __pfx_sock_close+0x10/0x10 [ 60.151513][ T5722] __fput+0x17a/0x6d0 [ 60.151549][ T5722] ? _raw_spin_unlock+0x26/0x50 [ 60.151578][ T5722] ____fput+0x1c/0x30 [ 60.151644][ T5722] task_work_run+0x13a/0x1a0 [ 60.151680][ T5722] syscall_exit_to_user_mode+0xbe/0x130 [ 60.151723][ T5722] do_syscall_64+0xd6/0x1c0 [ 60.151749][ T5722] ? clear_bhb_loop+0x55/0xb0 [ 60.151799][ T5722] ? clear_bhb_loop+0x55/0xb0 [ 60.151890][ T5722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.151986][ T5722] RIP: 0033:0x7fbba425dff9 [ 60.152005][ T5722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.152029][ T5722] RSP: 002b:00007fbba2ed7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 60.152059][ T5722] RAX: 0000000000000000 RBX: 00007fbba4415f80 RCX: 00007fbba425dff9 [ 60.152075][ T5722] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000003 [ 60.152091][ T5722] RBP: 00007fbba42d0296 R08: 0000000000000000 R09: 0000000000000000 [ 60.152107][ T5722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.152148][ T5722] R13: 0000000000000000 R14: 00007fbba4415f80 R15: 00007ffcabb97198 [ 60.152169][ T5722] [ 60.152177][ T5722] ---[ end trace 0000000000000000 ]--- [ 60.227588][ C0] TCP: out of memory -- consider tuning tcp_mem [ 60.233606][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.496652][ T5443] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.507109][ T5443] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.509364][ T5729] loop3: detected capacity change from 0 to 764 [ 60.519909][ T5443] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.548908][ T5443] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.557688][ T5443] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.559267][ T5731] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 60.566416][ T5443] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.585300][ T5443] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.686265][ T5740] syz_tun: entered promiscuous mode [ 60.703176][ T5740] batadv_slave_0: entered promiscuous mode [ 60.721870][ T5740] syz_tun: left promiscuous mode [ 60.728560][ T29] audit: type=1326 audit(1729549469.605:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5743 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5532dff9 code=0x7ffc0000 [ 60.751853][ T29] audit: type=1326 audit(1729549469.605:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5743 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5532dff9 code=0x7ffc0000 [ 60.753025][ T5748] loop3: detected capacity change from 0 to 256 [ 60.777971][ T29] audit: type=1326 audit(1729549469.605:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5743 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc5532dff9 code=0x7ffc0000 [ 60.804881][ T29] audit: type=1326 audit(1729549469.605:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5743 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5532dff9 code=0x7ffc0000 [ 60.828157][ T29] audit: type=1326 audit(1729549469.605:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5743 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5532dff9 code=0x7ffc0000 [ 60.851404][ T29] audit: type=1326 audit(1729549469.605:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5743 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efc5532dff9 code=0x7ffc0000 [ 60.874702][ T29] audit: type=1326 audit(1729549469.605:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5743 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5532dff9 code=0x7ffc0000 [ 60.882414][ T5748] FAT-fs (loop3): Directory bread(block 1285) failed [ 60.897982][ T29] audit: type=1326 audit(1729549469.605:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5743 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5532dff9 code=0x7ffc0000 [ 60.928046][ T29] audit: type=1326 audit(1729549469.605:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5743 comm="syz.4.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7efc5532dff9 code=0x7ffc0000 [ 60.938745][ T5748] FAT-fs (loop3): Directory bread(block 1285) failed [ 60.956874][ T29] audit: type=1326 audit(1729549469.655:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5745 comm="syz.1.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5ce9dff9 code=0x7ffc0000 [ 60.962141][ T5748] FAT-fs (loop3): Directory bread(block 1285) failed [ 60.988143][ T5748] FAT-fs (loop3): Directory bread(block 1285) failed [ 60.989606][ T5740] batadv_slave_0: left promiscuous mode [ 60.995014][ T5748] FAT-fs (loop3): Directory bread(block 1285) failed [ 61.010300][ T5748] FAT-fs (loop3): Directory bread(block 1285) failed [ 61.017190][ T5748] FAT-fs (loop3): Directory bread(block 1285) failed [ 61.027874][ T5748] FAT-fs (loop3): Directory bread(block 1285) failed [ 61.041002][ T5748] FAT-fs (loop3): Directory bread(block 1285) failed [ 61.049088][ T5748] FAT-fs (loop3): FAT read failed (blocknr 1281) [ 61.127360][ T5763] loop0: detected capacity change from 0 to 512 [ 61.145379][ T5768] loop3: detected capacity change from 0 to 512 [ 61.152763][ T5763] EXT4-fs: Ignoring removed bh option [ 61.164208][ T5768] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 61.171842][ T5763] EXT4-fs: inline encryption not supported [ 61.185781][ T5768] EXT4-fs (loop3): 1 truncate cleaned up [ 61.186813][ T5763] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.688: corrupted in-inode xattr: invalid ea_ino [ 61.206079][ T5763] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.688: couldn't read orphan inode 15 (err -117) [ 61.281849][ T5777] loop3: detected capacity change from 0 to 512 [ 61.291926][ T5777] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.693: corrupted in-inode xattr: invalid ea_ino [ 61.305521][ T5777] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.693: couldn't read orphan inode 15 (err -117) [ 61.387980][ T5784] loop3: detected capacity change from 0 to 512 [ 61.396692][ T5784] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 61.405793][ T5784] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 61.422773][ T5784] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 61.432549][ T5784] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 61.440653][ T5784] System zones: 0-2, 18-18, 34-34 [ 61.446513][ T5784] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1138: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 61.462049][ T5784] EXT4-fs (loop3): 1 truncate cleaned up [ 61.466621][ T5787] loop0: detected capacity change from 0 to 512 [ 62.021883][ T5797] loop0: detected capacity change from 0 to 128 [ 62.046724][ T5797] syz.0.702: attempt to access beyond end of device [ 62.046724][ T5797] loop0: rw=0, sector=121, nr_sectors = 119 limit=128 [ 62.145705][ T2061] kworker/u8:9: attempt to access beyond end of device [ 62.145705][ T2061] loop0: rw=1, sector=241, nr_sectors = 800 limit=128 [ 62.439827][ T5805] loop1: detected capacity change from 0 to 164 [ 62.449505][ T5806] bridge: RTM_NEWNEIGH with invalid ether address [ 62.457979][ T5805] Unable to read rock-ridge attributes [ 63.677539][ C1] TCP: out of memory -- consider tuning tcp_mem [ 195.337585][ C0] ================================================================== [ 195.345731][ C0] BUG: KCSAN: data-race in __tmigr_cpu_activate / tmigr_handle_remote [ 195.353889][ C0] [ 195.356204][ C0] write to 0xffff888237d205dc of 1 bytes by task 0 on cpu 1: [ 195.363605][ C0] __tmigr_cpu_activate+0x55/0x200 [ 195.368736][ C0] tmigr_cpu_activate+0x8a/0xc0 [ 195.373587][ C0] timer_clear_idle+0x28/0x100 [ 195.378350][ C0] tick_nohz_restart_sched_tick+0x22/0x110 [ 195.384160][ C0] tick_nohz_idle_exit+0xfe/0x1d0 [ 195.389189][ C0] do_idle+0x1ee/0x230 [ 195.393262][ C0] cpu_startup_entry+0x25/0x30 [ 195.398038][ C0] start_secondary+0x96/0xa0 [ 195.402665][ C0] common_startup_64+0x12c/0x137 [ 195.407634][ C0] [ 195.409949][ C0] read to 0xffff888237d205dc of 1 bytes by interrupt on cpu 0: [ 195.417485][ C0] tmigr_handle_remote+0x26e/0x940 [ 195.422592][ C0] run_timer_softirq+0x5f/0x70 [ 195.427370][ C0] handle_softirqs+0xbf/0x280 [ 195.432062][ C0] irq_exit_rcu+0x3e/0x90 [ 195.436401][ C0] sysvec_apic_timer_interrupt+0x73/0x80 [ 195.442058][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 195.448042][ C0] acpi_safe_halt+0x21/0x30 [ 195.452539][ C0] acpi_idle_do_entry+0x1d/0x30 [ 195.457382][ C0] acpi_idle_enter+0x96/0xb0 [ 195.462018][ C0] cpuidle_enter_state+0xc5/0x260 [ 195.467046][ C0] cpuidle_enter+0x40/0x70 [ 195.471463][ C0] do_idle+0x195/0x230 [ 195.475535][ C0] cpu_startup_entry+0x25/0x30 [ 195.480305][ C0] rest_init+0xef/0xf0 [ 195.484367][ C0] start_kernel+0x586/0x5e0 [ 195.488867][ C0] x86_64_start_reservations+0x2a/0x30 [ 195.494327][ C0] x86_64_start_kernel+0x9a/0xa0 [ 195.499262][ C0] common_startup_64+0x12c/0x137 [ 195.504203][ C0] [ 195.506514][ C0] value changed: 0x00 -> 0x01 [ 195.511175][ C0] [ 195.513507][ C0] Reported by Kernel Concurrency Sanitizer on: [ 195.519645][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.12.0-rc4-syzkaller-00045-gd12937763990 #0 [ 195.531438][ C0] Tainted: [W]=WARN [ 195.535252][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 195.545301][ C0] ==================================================================