last executing test programs: 42.822861175s ago: executing program 4 (id=2138): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) r0 = fsopen(&(0x7f0000000080)='bpf\x00', 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000400000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r2, &(0x7f0000000140)='./file0\x00') readlinkat(r2, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc) 42.747189386s ago: executing program 4 (id=2140): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b40)=@newtfilter={0x24, 0x29, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {}, {0x2, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x48c0) 42.643796058s ago: executing program 4 (id=2142): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1a"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10000, {0x0, 0x0, 0x0, r4, {0xc, 0xffff}, {0x0, 0x4}, {0xfff3, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x0) 42.462633342s ago: executing program 4 (id=2146): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f00000006c0)='./file0/file0\x00', 0x0) 42.396476743s ago: executing program 4 (id=2147): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4) bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0x4, r2, 0x2000}, 0x10) 42.183970437s ago: executing program 4 (id=2161): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xfecc) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) fallocate(r0, 0x0, 0xbf5, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x0, 0x0, 0x0, 0xfffffffffdffffff}) 42.183826187s ago: executing program 32 (id=2161): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f00000001c0), 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xfecc) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) fallocate(r0, 0x0, 0xbf5, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x0, 0x0, 0x0, 0xfffffffffdffffff}) 25.287916285s ago: executing program 0 (id=2568): bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fffd}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x2006, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) 25.135690948s ago: executing program 0 (id=2574): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x1, 0xd}, {0x81ff}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) 24.990113981s ago: executing program 0 (id=2576): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x1f000801}, 0x240000c0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r3}, 0x20) rmdir(0x0) 24.943783622s ago: executing program 0 (id=2578): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x221) 24.903334653s ago: executing program 0 (id=2580): syz_io_uring_submit(0x0, 0x0, 0x0) r0 = socket(0x8000000010, 0x2, 0x0) write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4, 0x0, 0x2}, 0x18) sendto$inet(r2, &(0x7f0000000040)='\f\x00', 0xffeb, 0x0, &(0x7f0000000340), 0x10) ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) 24.803946354s ago: executing program 0 (id=2583): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000008000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r1) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, 0x0, r2, 0x0, 0x46) close(r2) 24.803814854s ago: executing program 33 (id=2583): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000008000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r1) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, 0x0, r2, 0x0, 0x46) close(r2) 10.614552608s ago: executing program 5 (id=2926): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) readv(r0, &(0x7f0000000040)=[{&(0x7f0000001a80)=""/4112, 0x1010}], 0x1) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x0) 10.241538096s ago: executing program 5 (id=2933): r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xce) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x0, 0x4, 0xfd, 0x0, 0x0, 0x1ff, 0xe3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000240), 0x6}, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffd, 0x0, 0xfffffffd, 0x0, 0x8}, 0x0, 0xafffffffffffffff, r0, 0xa) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[], 0x15) r3 = dup(r2) write$P9_RLERRORu(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r3, &(0x7f0000000340)=ANY=[], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) 10.100578789s ago: executing program 5 (id=2936): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x2, 0x7ff, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001440)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r2, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @local}, 0x1c) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x800, 0x0) 10.069961149s ago: executing program 5 (id=2938): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000041000007b8af0ff00000000bfa100000000000007010000f8a3ffffbfa400000000000007140000f0ffffffb70200001800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70400000800000085000000950000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1, 0x0, 0x5}, 0x18) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r2, 0x2007ffc) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 9.975711691s ago: executing program 5 (id=2940): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)="1b", 0x1}], 0x1}}], 0x1, 0x4000890) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) recvfrom$unix(r2, &(0x7f0000001680)=""/256, 0x100, 0x1120, 0x0, 0x0) 9.439974032s ago: executing program 5 (id=2949): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x400) fcntl$lock(r0, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x200, 0x2}) fcntl$lock(r0, 0x26, &(0x7f00000031c0)={0x1, 0x0, 0x0, 0x5}) fcntl$lock(r0, 0x26, &(0x7f0000000080)) fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3}) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040), 0x0) 9.439836752s ago: executing program 34 (id=2949): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x400) fcntl$lock(r0, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x200, 0x2}) fcntl$lock(r0, 0x26, &(0x7f00000031c0)={0x1, 0x0, 0x0, 0x5}) fcntl$lock(r0, 0x26, &(0x7f0000000080)) fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3}) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040), 0x0) 2.284252094s ago: executing program 1 (id=3121): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[@ANYBLOB="640000001000010025bd7000fbdbdf2500000000", @ANYRES32=r3, @ANYBLOB="90080400870a040008002800e59000003c001680380001800c000700010000d9"], 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYRESHEX=r3], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r3, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 2.186142156s ago: executing program 1 (id=3125): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000001c0)='kfree\x00', r1}, 0x18) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0x10}, {}, {0x8, 0x6}}, [@filter_kind_options=@f_flow={{0x9}, {0x58, 0x2, [@TCA_FLOW_ACT={0x54, 0x9, 0x0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x4000000, 0x20000001, 0x4, 0x2}, 0x1, r4}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x88}}, 0x0) 2.081693628s ago: executing program 1 (id=3126): socket$packet(0x11, 0x2, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x10000006}, 0x100, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) unlink(0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) writev(r1, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 1.959712001s ago: executing program 1 (id=3130): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='sched_switch\x00', r0, 0x0, 0x100a}, 0x18) writev(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8000}, 0x8) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r1, &(0x7f0000003300), 0x0, 0x2022004) shutdown(r1, 0x1) getsockopt$bt_hci(r1, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000001180)=0xfd9) r2 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r2]) 1.921876391s ago: executing program 1 (id=3131): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000010c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x4}, 0x10) bind$tipc(r3, 0x0, 0x0) 1.862932143s ago: executing program 1 (id=3134): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000406c256e0000000000000109022400010000000009042000010300220009"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f00000005c0), 0x10) recvmmsg(r1, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}, {{0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000006040)=""/4086, 0x1000}], 0x1}, 0x8000}], 0x3fffffffffffdfc, 0x10002, 0x0) sendmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000f0a9c8085000000040000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r2}, 0xc) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x3, {0x3, 0x0, 'Z'}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.194997326s ago: executing program 6 (id=3145): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) mkdirat(r1, &(0x7f0000000100)='./file0\x00', 0x2) openat$cgroup_ro(r1, &(0x7f0000000140)='cgroup.kill\x00', 0x275a, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000001f80)=""/4102, 0x1006) 1.088755648s ago: executing program 6 (id=3146): r0 = socket(0x2, 0x80805, 0x0) close(0x3) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000500)={0x0, 0x7}, 0xc) 1.052255809s ago: executing program 6 (id=3147): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x45bd}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000000040000cd00000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x626f}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r1}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r2, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0) 930.302341ms ago: executing program 6 (id=3149): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r2}, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 929.995441ms ago: executing program 2 (id=3150): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18) r2 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x1000) fallocate(r2, 0x0, 0x0, 0x8800000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006280)={0x0, 0x0, 0x0}, 0x0) writev(r3, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1) 780.728435ms ago: executing program 7 (id=3151): socket(0xa, 0x3, 0x3a) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) r0 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x5, 0x0, 0x0, 0x2000000, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x3) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x7, 0x4, 0x400008, 0x8000, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0x0, r0, 0x3) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x62, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0x8, 0x6}, 0x2424, 0x0, 0x800000, 0x0, 0x2, 0x200, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0x1, 0xffffffffffffffff, 0x1) r1 = socket$rxrpc(0x21, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) poll(&(0x7f0000000180)=[{r1, 0x2002}], 0x1, 0x7f) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000240), 0x4) 707.709956ms ago: executing program 6 (id=3152): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000006c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kfree\x00', r3}, 0x18) r4 = openat$cgroup_procs(r1, &(0x7f0000000280)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r4, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) fcntl$lock(r0, 0x5, 0x0) 697.596826ms ago: executing program 6 (id=3153): r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x3) pause() fcntl$setsig(r1, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r2}], 0x2c, 0xffffffffffbffff8) pause() dup2(r1, r2) fcntl$setown(r1, 0x8, r0) tkill(r0, 0x13) 641.655967ms ago: executing program 3 (id=3154): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800) recvmmsg(r3, &(0x7f0000007700), 0x318, 0xfc0, 0x0) 557.951329ms ago: executing program 3 (id=3155): bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x18) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, &(0x7f0000002b80), 0x41000004, &(0x7f0000000040)) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000002500)='\f', 0x1}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) r0 = gettid() rt_sigaction(0x16, &(0x7f0000000080)={0x0, 0x90000003, 0x0}, 0x0, 0x8, &(0x7f0000000200)) tkill(r0, 0x16) 522.54885ms ago: executing program 7 (id=3156): socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xfff2}, {0xd, 0xffe0}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x3}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x18, 0xf, &(0x7f0000000580)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x3, 0x2, &(0x7f00000001c0)=@raw=[@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x40}, @jmp={0x5, 0x0, 0x9}], &(0x7f0000000280)='GPL\x00'}, 0x94) 502.59714ms ago: executing program 2 (id=3157): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x8) r3 = accept4(r2, 0x0, 0x0, 0x0) write(r3, &(0x7f0000000000)="ea", 0x1) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x2}, 0x8) close(r3) 438.609141ms ago: executing program 2 (id=3158): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000000000)=0xfffffffe, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bc00551a000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000480)=0x17fe, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x40, 0x7, 0x0, 0x0, 0x0, 0x20, 0x8, [0x0, 0x0, 0x0, 0xc, 0x5, 0x0, 0x0, 0x2]}}) 420.237011ms ago: executing program 2 (id=3159): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000003c0)) r2 = openat$cgroup_int(r0, &(0x7f00000000c0)='cgroup.max.depth\x00', 0x2, 0x0) sendfile(r2, r2, 0x0, 0x9) r3 = socket(0x10, 0x80003, 0x0) write(r3, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85) close_range(r3, 0xffffffffffffffff, 0x1000000000000000) 363.042183ms ago: executing program 3 (id=3160): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x81) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4005}, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) 362.606943ms ago: executing program 3 (id=3161): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r3}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 359.871202ms ago: executing program 2 (id=3162): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59) connect$inet6(r2, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x304}, "0000004a650600", "af193cff4810ba5ac120d096eb00000052095b4285514ca312c52e3a08756735", "38000001", "bc3a244ffc0fd11e"}, 0x38) close(r2) 343.796973ms ago: executing program 2 (id=3163): r0 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x20000000000001d2, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000001000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0) preadv2(r4, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1) 334.890503ms ago: executing program 3 (id=3164): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0xa000, {0x0, 0x0, 0x0, r6, {0xe, 0x7}, {0x0, 0xfff1}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_KEY_ID={0x8, 0x1a, 0xfffffffb}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) 322.105984ms ago: executing program 7 (id=3165): sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x20000010) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x40c0080) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_getevents(0x0, 0xdc8, 0x0, 0x0, 0x0) syz_mount_image$iso9660(&(0x7f0000000300), &(0x7f0000000080)='./file1\x00', 0x1808004, &(0x7f0000000180)=ANY=[@ANYRES16=0x0, @ANYRES32], 0x7, 0x7e2, &(0x7f0000001740)="$eJzs3U1sHOXdAPD/ODEJRsqLeF/lfRWFMAm8UpDArNdg6nKAZT22B9a71u66SlRVNAIHWXGAQlFLLhBVgrZqVfXUI+XKrTeqSq3UQ9tTpXLopTckThWV+iWqCsnVzK4Tf+zaSXDM1+9n2c/szH/meZ7Z8fxn1t5nAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIpD5TqUwk0ci/sXQmHa4+024t7LB8fXu/2lRs8timeiOS4jsOH44P/96b9z9XFx8tfpyK471Hx+NwURyOS7cdvf2R/z44sr7+Dg26USevMS6JeK1o1IVzq6vLL96Ehuyj7//iulf511rxcy5r5p1WvlCby9K800qnp6YqD8zPdtLZvJF1zna62UJab2e1bqudnq7fm05MT0+m2fjZ1lJzbqbWyNZnPnx/tVKZSp8YX8xq7U6r+cAT0anP541G3pwrY6qVb0UR83BxID6Zd9NuVltI0/Mrq8uTG1qVDGpqETQxaMGB3vFz/J7b33/5vb+tLBcH5LD+Jv0DszoxUa1OTD00/dDDlcrBaqW6eUZli7gSESMRRcRNOWj5DNnbEzh8DCP9/B+NyKMZS3Em0i1foxExGvWYiXa0YqGY98fRbVF96/n//x/4y+93qndj/u9n+cMbFh+LMv+f6D06MSz/b2vFjl+j1xV9TV8vxStxKS7EuViN1ViOF/d2+4f2vMUjH3cLyaZHc5FFM/LoRCvyWIhaOSftz0ljOqZiKirxVMzHbHQijdnIIyKLTpyNTnQjK4+oerQji1p0oxXtSON01OPeSGMipmM6JiONLMbjbLRiKZoxF/dHLRqRxflYKff75JZWHr01fv7sH95/s5i+EjSxU7eKi7ki6K87BG1L9zvm/7W14npha4T8/0W39ydxuEFr6/kfAAAA+NxKylffk/Il/jvLqdm8kX31GtbsHtyH5gEAAAB7oPzL//GiGC2m7oykuP+vDIh8d9/bBgAAAOyNpHyPXRIRY3FXb+p8rMRrsRyDXgQAAAAAPoPKv/+fKIqxiFfLGevDpbj/BwAAgM+J7w4bY/+99TF2O4uHkl+WYwAnlxfP3JNcrBVxtYsHeuv1i69c2WJ39lhypL+Rspg6eOm2JCIO1rPjyfrolx8d6pUflD+PXR1LYNhY/0m7vWMDYucGlI/iB3GyF3PymV75TH9J0qtlbDZvZOP1VuORckjE4rv78nMr344oav9ec+FIEudXVpfHn35+9ZmyLZeLrVy+2B9AcdM4imv/tWNb1vp7IO4c3OPR8o0Y/XrHevVWNvZ/pFz732vlOLND+59srPP1ONWLOTXWK8fWl/TqPFzUOTH+yETUakdGutmZ7strG3rfb8XEbj3f5Vl4Pe7uxdx9+u5eMaAV1U2teG57K6obW9HbFzEScWQvWvHmyVfP/PM3rSSb3K0Vk4NbMXBfrB2I2NoKgE/K+XLUn6tZ6NYyCxVJpVDk/y1599b1NYed5Taca/9xtZbeVcZH/c1GxIZcdzC2Zver27627L4WvTP66V7M6d71xMFjA/JKZcAZ/YWVF37bP6M/+PZPfvq1E7/7WVnvDWW3t+PeXky/iDt+PSTHFn3+4Zas+laxxlsD6y2uwTqNahKXIw588+ILcfSlVy7dv3Lx3LPLzy4/V61OTlUerFQeqsZoeanQL3ZoKQBfXLt/xs7QiFv6m0geHHZX3c94d1z5l4LxeDqej9UorgDu6sXetb3ed4o78Q3/hnDfLnetYxs+4eW+Xe4tr8ZWt8cmMSR2csMe+98fl8WHN+XpAIB9cWqHPLxL/r/yyvx9u9x3b87lW+6OY3guH+RLN3VvAMAXQ9b+IBnrvpG02/niUxPT0xO17nyWtlv1J9N2PjOXpXmzm7Xr87XmXJYutlvdVn39heOZrJN2lhYXW+1uOttqpzHSyc+Un/ye9j/6vZMt1JrdvN5ZbGS1TpbWW81urd5NZ/JOPV1ceryRd+azdrlyZzGr57N5vdbNW82001pq17PxNO1k2YbAfCZrdvPZvJhspovtfKHWvhwRjaWFLJ3JOvV2vtht9Ta4XlfenG21F8rNjm/v/p/3e38DwKfBS69cunBudXX5xRub+NO1BH/SfQQANpOlAQAAAAAAAAAAAADg02/72/WKuR/jHYHXN3EobnoVn82J4lm47rW+3B+SsTenmPq0dGf/J0Z7ff/6o49eGBbz+Kv/N39tGxz8mzLora5vHIm45Z0f9eY8Njz4O/3fv73p8rs3crRcurCW7BCz6TRxy/6elQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgsP8EAAD//2ruZ0o=") r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') memfd_create(0x0, 0x0) 231.869945ms ago: executing program 7 (id=3166): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r3, 0x0, 0xb, &(0x7f00000000c0)=0x3, 0x4) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x4000, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 231.565975ms ago: executing program 3 (id=3167): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000a40)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000009c0)=';', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) mknod$loop(0x0, 0x4, 0x0) sendfile(r1, r0, 0x0, 0x7fffeffd) 112.266778ms ago: executing program 7 (id=3168): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000030000000800000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000500), &(0x7f0000000580)}, 0x20) r2 = socket$inet6(0xa, 0x3, 0x3c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 0s ago: executing program 7 (id=3169): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000006c0)='kmem_cache_free\x00', r1, 0x0, 0x2000}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0xdc}}, 0x0) sendmsg$NFT_MSG_GETRULE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="44000000190a0102"], 0x44}}, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r3, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): =0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7695 comm="syz.4.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 82.266054][ T29] audit: type=1326 audit(82.172:4694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7695 comm="syz.4.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 82.294914][ T7700] serio: Serial port ptm0 [ 82.395376][ T7704] loop0: detected capacity change from 0 to 8192 [ 82.421300][ T7718] SELinux: ebitmap: truncated map [ 82.432193][ T7718] SELinux: failed to load policy [ 82.454442][ T7722] openvswitch: netlink: Message has 6 unknown bytes. [ 82.474514][ T7726] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1674'. [ 82.514563][ T7726] 8021q: adding VLAN 0 to HW filter on device bond3 [ 82.525130][ T7735] netlink: 14593 bytes leftover after parsing attributes in process `syz.1.1678'. [ 82.537377][ T7726] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1674'. [ 82.549552][ T7726] bond3 (unregistering): Released all slaves [ 82.935500][ T7803] lo speed is unknown, defaulting to 1000 [ 83.086559][ T7819] loop2: detected capacity change from 0 to 1024 [ 83.102392][ T7819] EXT4-fs: Ignoring removed orlov option [ 83.139927][ T7819] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.174553][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.233723][ T7830] syzkaller0: entered allmulticast mode [ 83.239978][ T7830] syzkaller0: entered promiscuous mode [ 83.246776][ T7830] syzkaller0 (unregistering): left allmulticast mode [ 83.253558][ T7830] syzkaller0 (unregistering): left promiscuous mode [ 83.416604][ T7840] loop0: detected capacity change from 0 to 512 [ 83.430119][ T7840] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.453542][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.612790][ T7848] loop0: detected capacity change from 0 to 1024 [ 83.631522][ T7848] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.660858][ T7848] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.1726: Allocating blocks 449-513 which overlap fs metadata [ 83.721570][ T7848] SELinux: Context @ is not valid (left unmapped). [ 83.746236][ T7848] EXT4-fs (loop0): pa ffff8881072b60e0: logic 48, phys. 177, len 21 [ 83.754397][ T7848] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 83.827230][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.028838][ T7871] team0: entered promiscuous mode [ 84.034023][ T7871] team0: entered allmulticast mode [ 84.109581][ T7878] syzkaller0: entered allmulticast mode [ 84.116415][ T7878] syzkaller0: entered promiscuous mode [ 84.124610][ T7878] syzkaller0 (unregistering): left allmulticast mode [ 84.131372][ T7878] syzkaller0 (unregistering): left promiscuous mode [ 84.135979][ T7888] netlink: 'syz.1.1743': attribute type 1 has an invalid length. [ 84.193845][ T7888] 8021q: adding VLAN 0 to HW filter on device bond3 [ 84.204716][ T7892] vlan3: entered allmulticast mode [ 84.209931][ T7892] bond3: entered allmulticast mode [ 84.577976][ T7933] loop3: detected capacity change from 0 to 128 [ 84.584613][ T7933] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 84.596804][ T7933] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 84.623274][ T4675] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 84.671514][ T7939] loop3: detected capacity change from 0 to 1024 [ 84.691788][ T7939] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.719157][ T7939] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.1765: Allocating blocks 449-513 which overlap fs metadata [ 84.743192][ T7939] EXT4-fs (loop3): pa ffff8881071bc690: logic 48, phys. 177, len 21 [ 84.751276][ T7939] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 84.774265][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.327060][ T8032] netlink: 'syz.1.1782': attribute type 7 has an invalid length. [ 85.391430][ T8047] ref_ctr increment failed for inode: 0x63a offset: 0xf ref_ctr_offset: 0x82 of mm: 0xffff88810c4261c0 [ 85.398264][ T8048] bond0: left promiscuous mode [ 85.407402][ T8048] bond_slave_0: left promiscuous mode [ 85.412914][ T8048] bond_slave_1: left promiscuous mode [ 85.417960][ T8045] uprobe: syz.2.1784:8045 failed to unregister, leaking uprobe [ 85.418914][ T8048] dummy0: left promiscuous mode [ 85.430864][ T8048] bond0: left allmulticast mode [ 85.435720][ T8048] bond_slave_0: left allmulticast mode [ 85.441304][ T8048] bond_slave_1: left allmulticast mode [ 85.447194][ T8048] dummy0: left allmulticast mode [ 85.532999][ T8072] __nla_validate_parse: 6 callbacks suppressed [ 85.533015][ T8072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1788'. [ 85.704129][ T8108] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1794'. [ 85.745787][ T8108] 8021q: adding VLAN 0 to HW filter on device bond3 [ 85.766363][ T8108] macvlan2: entered promiscuous mode [ 85.771767][ T8108] macvlan2: entered allmulticast mode [ 85.790830][ T8108] bond3: entered promiscuous mode [ 85.796110][ T8108] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 85.813291][ T8108] bond3: left promiscuous mode [ 85.931036][ T8141] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1802'. [ 85.955307][ T8141] ip6gre2: entered allmulticast mode [ 86.011165][ T8161] loop3: detected capacity change from 0 to 256 [ 86.038738][ T8161] FAT-fs (loop3): Directory bread(block 64) failed [ 86.049475][ T8161] FAT-fs (loop3): Directory bread(block 65) failed [ 86.082550][ T8161] FAT-fs (loop3): Directory bread(block 66) failed [ 86.085028][ T8170] loop2: detected capacity change from 0 to 1024 [ 86.089657][ T8161] FAT-fs (loop3): Directory bread(block 67) failed [ 86.103336][ T8161] FAT-fs (loop3): Directory bread(block 68) failed [ 86.126749][ T8176] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8176 comm=syz.4.1813 [ 86.127928][ T8161] FAT-fs (loop3): Directory bread(block 69) failed [ 86.173945][ T8161] FAT-fs (loop3): Directory bread(block 70) failed [ 86.181911][ T8170] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.187985][ T8161] FAT-fs (loop3): Directory bread(block 71) failed [ 86.247986][ T8161] FAT-fs (loop3): Directory bread(block 72) failed [ 86.254553][ T8161] FAT-fs (loop3): Directory bread(block 73) failed [ 86.283648][ T8161] syz.3.1807: attempt to access beyond end of device [ 86.283648][ T8161] loop3: rw=524288, sector=1768, nr_sectors = 4 limit=256 [ 86.297466][ T8161] syz.3.1807: attempt to access beyond end of device [ 86.297466][ T8161] loop3: rw=0, sector=1768, nr_sectors = 4 limit=256 [ 86.300538][ T8170] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.1810: Allocating blocks 449-513 which overlap fs metadata [ 86.399534][ T8170] EXT4-fs (loop2): pa ffff8881072b61c0: logic 48, phys. 177, len 21 [ 86.407611][ T8170] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 86.456572][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.622261][ T29] kauditd_printk_skb: 843 callbacks suppressed [ 86.622351][ T29] audit: type=1326 audit(86.602:5538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8205 comm="syz.2.1826" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x0 [ 86.786146][ T8218] geneve2: entered promiscuous mode [ 86.791597][ T8218] geneve2: entered allmulticast mode [ 86.853392][ T29] audit: type=1326 audit(86.832:5539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.4.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 86.889635][ T29] audit: type=1326 audit(86.852:5540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.4.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 86.912303][ T29] audit: type=1326 audit(86.852:5541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.4.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 86.935054][ T29] audit: type=1326 audit(86.852:5542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.4.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 86.957662][ T29] audit: type=1326 audit(86.852:5543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.4.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 86.980347][ T29] audit: type=1326 audit(86.852:5544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.4.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 87.003115][ T29] audit: type=1326 audit(86.852:5545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.4.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 87.025855][ T29] audit: type=1326 audit(86.852:5546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.4.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 87.048592][ T29] audit: type=1326 audit(86.852:5547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8219 comm="syz.4.1832" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 87.116515][ T8232] ref_ctr_offset mismatch. inode: 0x75e offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 87.309468][ T8247] pim6reg: entered allmulticast mode [ 87.318778][ T8247] pim6reg: left allmulticast mode [ 87.414788][ T8253] loop0: detected capacity change from 0 to 256 [ 87.649527][ T8259] syzkaller0: entered promiscuous mode [ 87.655356][ T8259] syzkaller0: entered allmulticast mode [ 87.728350][ T8276] loop0: detected capacity change from 0 to 1024 [ 87.735242][ T8276] EXT4-fs: Ignoring removed bh option [ 87.768428][ T8276] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.803740][ T8276] ip6gre1: left allmulticast mode [ 87.827797][ T8276] ip6gre2: left allmulticast mode [ 87.876606][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.245485][ T8324] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1876'. [ 88.310259][ T8332] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1879'. [ 88.417846][ T8345] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 88.615748][ T8364] netlink: 'syz.4.1892': attribute type 1 has an invalid length. [ 88.662533][ T8364] bond2: entered promiscuous mode [ 88.693128][ T8367] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1892'. [ 88.720366][ T8364] 8021q: adding VLAN 0 to HW filter on device bond2 [ 88.736830][ T8367] batadv1: entered promiscuous mode [ 88.742088][ T8367] batadv1: entered allmulticast mode [ 88.812055][ T8367] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 88.820271][ T8367] bond2: (slave batadv1): making interface the new active one [ 88.828454][ T8367] bond2: (slave batadv1): Enslaving as an active interface with an up link [ 88.867594][ T8371] loop0: detected capacity change from 0 to 764 [ 88.887131][ T8371] Symlink component flag not implemented [ 88.892916][ T8371] Symlink component flag not implemented [ 88.909096][ T8371] Symlink component flag not implemented (128) [ 88.915278][ T8371] Symlink component flag not implemented (122) [ 88.937156][ T8375] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1896'. [ 88.995383][ T8385] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1901'. [ 89.105620][ T8396] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1905'. [ 89.119005][ T8400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1907'. [ 89.275981][ T8423] 8021q: adding VLAN 0 to HW filter on device bond3 [ 89.302984][ T8423] macvlan2: entered promiscuous mode [ 89.308416][ T8423] macvlan2: entered allmulticast mode [ 89.318537][ T8423] bond3: (slave macvlan2): Opening slave failed [ 89.340697][ T8437] lo speed is unknown, defaulting to 1000 [ 89.347596][ T8431] loop3: detected capacity change from 0 to 512 [ 89.362174][ T8431] EXT4-fs: old and new quota format mixing [ 90.405624][ T8493] pim6reg1: entered promiscuous mode [ 90.410986][ T8493] pim6reg1: entered allmulticast mode [ 90.491896][ T8503] netlink: 'syz.2.1949': attribute type 6 has an invalid length. [ 90.683383][ T8534] __nla_validate_parse: 5 callbacks suppressed [ 90.683398][ T8534] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1961'. [ 90.738079][ T8534] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1961'. [ 90.746955][ T8534] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1961'. [ 90.981284][ T8539] syzkaller0: entered promiscuous mode [ 90.986987][ T8539] syzkaller0: entered allmulticast mode [ 91.017676][ T8549] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1965'. [ 91.213768][ T8574] loop0: detected capacity change from 0 to 512 [ 91.223273][ T8574] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 91.244169][ T8574] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 91.252694][ T8574] System zones: 0-2, 18-18, 34-34 [ 91.259490][ T8582] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.268540][ T8582] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.273394][ T8574] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.318803][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.378729][ T8604] loop0: detected capacity change from 0 to 512 [ 91.386113][ T8604] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 91.399622][ T8604] EXT4-fs (loop0): 1 truncate cleaned up [ 91.405855][ T8604] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.436218][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.671505][ T8642] syzkaller0: entered promiscuous mode [ 91.677255][ T8642] syzkaller0: entered allmulticast mode [ 91.774429][ T29] kauditd_printk_skb: 154 callbacks suppressed [ 91.774443][ T29] audit: type=1326 audit(91.752:5702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8675 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 91.833986][ T29] audit: type=1326 audit(91.782:5703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8675 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 91.856792][ T29] audit: type=1326 audit(91.782:5704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8675 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 91.879508][ T29] audit: type=1326 audit(91.782:5705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8675 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 91.902186][ T29] audit: type=1326 audit(91.782:5706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8675 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 91.924885][ T29] audit: type=1326 audit(91.782:5707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8675 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 91.947684][ T29] audit: type=1326 audit(91.782:5708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8675 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 91.970383][ T29] audit: type=1326 audit(91.782:5709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8675 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 92.074247][ T29] audit: type=1326 audit(92.052:5710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8675 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 92.097049][ T29] audit: type=1326 audit(92.052:5711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8675 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 92.205791][ T8735] pim6reg1: entered promiscuous mode [ 92.211246][ T8735] pim6reg1: entered allmulticast mode [ 92.265726][ T8742] netlink: 'syz.1.1994': attribute type 4 has an invalid length. [ 92.327431][ T8750] loop4: detected capacity change from 0 to 512 [ 92.340135][ T8750] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.354108][ T8750] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1998: corrupted xattr block 33: overlapping e_value [ 92.368114][ T8750] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 92.377188][ T8750] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1998: corrupted xattr block 33: overlapping e_value [ 92.391055][ T8750] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 92.400816][ T8750] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1998: corrupted xattr block 33: overlapping e_value [ 92.414790][ T8750] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 92.423849][ T8757] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1998: corrupted xattr block 33: overlapping e_value [ 92.438040][ T8757] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 92.447056][ T8757] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1998: corrupted xattr block 33: overlapping e_value [ 92.461120][ T8757] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 92.470135][ T8757] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1998: corrupted xattr block 33: overlapping e_value [ 92.484055][ T8757] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #15: comm syz.4.1998: corrupted xattr block 33: overlapping e_value [ 92.498489][ T8757] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 92.516679][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.664128][ T8772] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2006'. [ 92.675120][ T8772] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2006'. [ 92.732970][ T8776] loop4: detected capacity change from 0 to 512 [ 92.741003][ T8776] EXT4-fs: Ignoring removed nomblk_io_submit option [ 92.753754][ T8776] EXT4-fs: Ignoring removed i_version option [ 92.765404][ T8776] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 92.776136][ T8776] EXT4-fs (loop4): orphan cleanup on readonly fs [ 92.786040][ T8776] EXT4-fs (loop4): 1 orphan inode deleted [ 92.786369][ T8781] pim6reg1: entered promiscuous mode [ 92.794691][ T8776] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 92.797238][ T8781] pim6reg1: entered allmulticast mode [ 92.826415][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.995135][ T8797] syzkaller1: entered promiscuous mode [ 93.000757][ T8797] syzkaller1: entered allmulticast mode [ 93.065884][ T8807] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8807 comm=syz.4.2019 [ 93.123816][ T3377] hid_parser_main: 18 callbacks suppressed [ 93.123832][ T3377] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 93.137105][ T3377] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 93.144569][ T3377] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 93.165259][ T3377] hid-generic 0000:0004:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz0 [ 93.211427][ T8823] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2029'. [ 93.291343][ T8833] netlink: zone id is out of range [ 93.300192][ T8833] netlink: zone id is out of range [ 93.305326][ T8833] netlink: zone id is out of range [ 93.310558][ T8833] netlink: zone id is out of range [ 93.328755][ T8833] netlink: zone id is out of range [ 93.341306][ T8833] netlink: zone id is out of range [ 93.350449][ T8833] netlink: zone id is out of range [ 93.360931][ T8841] loop4: detected capacity change from 0 to 512 [ 93.363969][ T8833] netlink: zone id is out of range [ 93.372558][ T8833] netlink: zone id is out of range [ 93.398732][ T8841] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 93.426306][ T8841] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.2037: Failed to acquire dquot type 1 [ 93.439405][ T8841] EXT4-fs (loop4): 1 truncate cleaned up [ 93.445984][ T8841] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.478651][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.511495][ T8862] lo speed is unknown, defaulting to 1000 [ 93.556041][ T8866] macsec1: entered promiscuous mode [ 93.576230][ T8866] dummy0: entered promiscuous mode [ 93.583337][ T8866] dummy0: left promiscuous mode [ 93.642702][ T8871] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2047'. [ 93.680546][ T8871] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2047'. [ 93.748815][ T8873] cgroup: cgroup_addrm_files: failed to add weight, err=-12 [ 93.774014][ T8879] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2050'. [ 93.869090][ T8892] loop2: detected capacity change from 0 to 512 [ 93.889809][ T8890] loop4: detected capacity change from 0 to 128 [ 93.898903][ T8892] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 93.911283][ T8890] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 93.934022][ T8892] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.2056: Failed to acquire dquot type 1 [ 93.968666][ T8892] EXT4-fs (loop2): 1 truncate cleaned up [ 93.974890][ T8892] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.996191][ T3303] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 94.008873][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.874320][ T8925] cgroup: cgroup_addrm_files: failed to add weight, err=-12 [ 95.258936][ T8987] net_ratelimit: 2 callbacks suppressed [ 95.258951][ T8987] netlink: zone id is out of range [ 95.269637][ T8987] netlink: set zone limit has 4 unknown bytes [ 95.319356][ T8994] syz_tun: entered allmulticast mode [ 95.332374][ T8994] syz_tun: left allmulticast mode [ 95.692878][ T9014] __nla_validate_parse: 1 callbacks suppressed [ 95.692893][ T9014] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2098'. [ 95.709018][ T9014] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2098'. [ 96.066929][ T9067] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2119'. [ 96.094105][ T36] IPVS: starting estimator thread 0... [ 96.135997][ T9084] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2126'. [ 96.166058][ T9086] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2122'. [ 96.188955][ T9076] IPVS: using max 2784 ests per chain, 139200 per kthread [ 96.549237][ T9084] Set syz1 is full, maxelem 65536 reached [ 96.589491][ T9104] netlink: 'syz.4.2135': attribute type 1 has an invalid length. [ 96.615868][ T9104] 8021q: adding VLAN 0 to HW filter on device bond4 [ 96.639134][ T9104] macvlan2: entered promiscuous mode [ 96.644456][ T9104] macvlan2: entered allmulticast mode [ 96.650854][ T9104] bond4: entered promiscuous mode [ 96.656241][ T9104] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 96.664569][ T9104] bond4: left promiscuous mode [ 96.783634][ T29] kauditd_printk_skb: 879 callbacks suppressed [ 96.783647][ T29] audit: type=1326 audit(96.762:6587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9109 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 96.840952][ T29] audit: type=1326 audit(96.762:6588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9109 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 96.843353][ T9115] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2140'. [ 96.863771][ T29] audit: type=1326 audit(96.762:6589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9109 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 96.895335][ T29] audit: type=1326 audit(96.762:6590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9109 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 96.918077][ T29] audit: type=1326 audit(96.762:6591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9109 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 96.931650][ T9121] netlink: 'syz.4.2142': attribute type 1 has an invalid length. [ 96.941045][ T29] audit: type=1326 audit(96.762:6592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9109 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 96.955510][ T9121] 8021q: adding VLAN 0 to HW filter on device bond5 [ 96.971656][ T29] audit: type=1326 audit(96.762:6593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9109 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 97.000233][ T9121] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2142'. [ 97.000969][ T29] audit: type=1326 audit(96.762:6594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9109 comm="syz.4.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e97cebe9 code=0x7ffc0000 [ 97.047639][ T9121] bond5 (unregistering): Released all slaves [ 97.076146][ T9124] macsec1: entered promiscuous mode [ 97.081449][ T9124] bridge0: entered promiscuous mode [ 97.087049][ T9124] bridge0: port 1(macsec1) entered blocking state [ 97.093701][ T9124] bridge0: port 1(macsec1) entered disabled state [ 97.101349][ T9124] macsec1: entered allmulticast mode [ 97.106645][ T9124] bridge0: entered allmulticast mode [ 97.112749][ T9124] macsec1: left allmulticast mode [ 97.117773][ T9124] bridge0: left allmulticast mode [ 97.123508][ T9124] bridge0: left promiscuous mode [ 97.133025][ T29] audit: type=1326 audit(97.112:6595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9129 comm="syz.2.2145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 97.155849][ T29] audit: type=1326 audit(97.112:6596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9129 comm="syz.2.2145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 97.298151][ T9154] loop0: detected capacity change from 0 to 128 [ 97.305524][ T9154] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 97.319330][ T9154] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 97.346340][ T4711] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 97.366693][ T4666] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.391993][ T9161] lo speed is unknown, defaulting to 1000 [ 97.424227][ T4666] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.466634][ T4711] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.485243][ T4711] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.499013][ T9173] loop0: detected capacity change from 0 to 1024 [ 97.499040][ T4666] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.543279][ T9173] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.571582][ T4711] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.607047][ T4666] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.619169][ T9180] netlink: 'syz.1.2167': attribute type 10 has an invalid length. [ 97.631362][ T4711] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.652730][ T9180] bond0: (slave dummy0): Releasing backup interface [ 97.670214][ T9186] netlink: 'syz.1.2167': attribute type 10 has an invalid length. [ 97.681436][ T9180] team0: Device dummy0 is already a lower device of the team interface [ 97.692278][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.714256][ T9186] team0: Failed to send port change of device vlan2 via netlink (err -105) [ 97.737082][ T9186] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 97.980416][ T4666] bond0 (unregistering): Released all slaves [ 98.001596][ T4666] bond1 (unregistering): Released all slaves [ 98.021530][ T4666] bond2 (unregistering): (slave batadv1): Releasing active interface [ 98.042276][ T4666] bond2 (unregistering): Released all slaves [ 98.063633][ T4666] bond3 (unregistering): Released all slaves [ 98.081327][ T4666] bond4 (unregistering): Released all slaves [ 98.104564][ T9195] team_slave_0: entered promiscuous mode [ 98.118361][ T9195] ipvlan0: entered promiscuous mode [ 98.135505][ T9195] ipvlan0: left promiscuous mode [ 98.149263][ T9195] team_slave_0: left promiscuous mode [ 98.174382][ T9179] lo speed is unknown, defaulting to 1000 [ 98.233942][ T4666] veth1_macvtap: left promiscuous mode [ 98.249704][ T4666] veth0_macvtap: left promiscuous mode [ 98.262383][ T4666] veth1_vlan: left promiscuous mode [ 98.279714][ T4666] veth0_vlan: left promiscuous mode [ 98.403578][ T9209] netlink: 'syz.2.2171': attribute type 13 has an invalid length. [ 98.435583][ T9209] gretap0: refused to change device tx_queue_len [ 98.448087][ T9209] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 98.585524][ T9179] chnl_net:caif_netlink_parms(): no params data found [ 98.707107][ T9179] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.714203][ T9179] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.759597][ T9179] bridge_slave_0: entered allmulticast mode [ 98.785789][ T9179] bridge_slave_0: entered promiscuous mode [ 98.818584][ T4666] IPVS: stop unused estimator thread 0... [ 98.826630][ T9179] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.833855][ T9179] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.878077][ T9179] bridge_slave_1: entered allmulticast mode [ 98.889639][ T9179] bridge_slave_1: entered promiscuous mode [ 98.915207][ T9179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.940163][ T9179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.952400][ T9245] bond0: (slave dummy0): Releasing backup interface [ 98.988932][ T9245] bridge_slave_0: left promiscuous mode [ 98.994675][ T9245] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.006890][ T9250] netlink: 'syz.1.2186': attribute type 10 has an invalid length. [ 99.014846][ T9250] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2186'. [ 99.026279][ T9249] loop0: detected capacity change from 0 to 512 [ 99.033951][ T9245] bridge_slave_1: left allmulticast mode [ 99.039737][ T9245] bridge_slave_1: left promiscuous mode [ 99.045432][ T9245] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.054040][ T9249] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 99.064542][ T9249] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e12c, mo2=0002] [ 99.072616][ T9249] System zones: 1-12 [ 99.076645][ T9249] EXT4-fs (loop0): orphan cleanup on readonly fs [ 99.083872][ T9245] bond0: (slave bond_slave_0): Releasing backup interface [ 99.091888][ T9249] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2188: bg 0: block 361: padding at end of block bitmap is not set [ 99.116649][ T9245] bond0: (slave bond_slave_1): Releasing backup interface [ 99.126349][ T9249] EXT4-fs (loop0): Remounting filesystem read-only [ 99.139229][ T9249] EXT4-fs (loop0): 1 truncate cleaned up [ 99.145414][ T9245] team0: Port device team_slave_1 removed [ 99.157597][ T9245] team0: Port device vlan2 removed [ 99.163160][ T9249] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 99.201363][ T9247] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.242731][ T9250] veth1_vlan: left promiscuous mode [ 99.252005][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 99.269372][ T9250] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 99.297830][ T9247] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.320700][ T9179] team0: Port device team_slave_0 added [ 99.327477][ T9179] team0: Port device team_slave_1 added [ 99.397465][ T9247] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.425293][ T9179] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.432340][ T9179] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.458393][ T9179] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.480951][ T9179] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.487971][ T9179] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.513884][ T9179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.557399][ T9266] loop0: detected capacity change from 0 to 512 [ 99.575837][ T9266] EXT4-fs: Ignoring removed oldalloc option [ 99.583913][ T9247] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.593945][ T9268] loop2: detected capacity change from 0 to 512 [ 99.602587][ T9179] hsr_slave_0: entered promiscuous mode [ 99.609262][ T9266] EXT4-fs (loop0): 1 truncate cleaned up [ 99.609472][ T9179] hsr_slave_1: entered promiscuous mode [ 99.620104][ T9266] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.648067][ T4711] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.656969][ T9268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.670138][ T4711] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.686091][ T4711] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.735757][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.749983][ T4711] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.765617][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.831152][ T9277] loop0: detected capacity change from 0 to 4096 [ 99.890701][ T9277] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.904288][ T9179] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 99.917411][ T9179] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 99.923330][ T9284] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9284 comm=syz.1.2201 [ 99.957027][ T9179] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 99.959054][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.974694][ T9179] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 100.014737][ T9287] netlink: 'syz.1.2203': attribute type 12 has an invalid length. [ 100.067865][ T9179] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.089635][ T9179] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.099799][ T4720] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.106848][ T4720] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.126406][ T4711] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.133495][ T4711] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.162412][ T9179] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 100.248666][ T9312] wireguard0: entered promiscuous mode [ 100.254163][ T9312] wireguard0: entered allmulticast mode [ 100.270795][ T9179] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.420580][ T9339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2217'. [ 100.467389][ T9179] veth0_vlan: entered promiscuous mode [ 100.476158][ T9179] veth1_vlan: entered promiscuous mode [ 100.492621][ T9179] veth0_macvtap: entered promiscuous mode [ 100.501148][ T9179] veth1_macvtap: entered promiscuous mode [ 100.523416][ T9179] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.538643][ T9179] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.547348][ T9354] loop2: detected capacity change from 0 to 512 [ 100.554098][ T9354] EXT4-fs: Ignoring removed mblk_io_submit option [ 100.561331][ T9354] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 100.564231][ T4711] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.584569][ T9354] EXT4-fs (loop2): 1 truncate cleaned up [ 100.592326][ T9354] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.595693][ T4711] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.614699][ T4666] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.640160][ T4666] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.684936][ T9364] loop5: detected capacity change from 0 to 512 [ 100.710245][ T9364] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 100.720132][ T9364] EXT4-fs (loop5): inodes count not valid: 24 vs 32 [ 100.893656][ T9387] netlink: 'syz.5.2235': attribute type 10 has an invalid length. [ 100.912826][ T9387] team0: Port device dummy0 added [ 100.923164][ T9387] netlink: 'syz.5.2235': attribute type 10 has an invalid length. [ 100.933318][ T9387] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 100.944836][ T9387] team0: Failed to send options change via netlink (err -105) [ 100.962980][ T9387] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 100.981453][ T9387] team0: Port device dummy0 removed [ 100.989490][ T9387] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 101.144824][ T9401] netlink: 55631 bytes leftover after parsing attributes in process `syz.5.2242'. [ 101.235677][ T9407] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2244'. [ 101.260829][ T9407] 8021q: adding VLAN 0 to HW filter on device bond4 [ 101.282042][ T9407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2244'. [ 101.297854][ T9407] bond4 (unregistering): Released all slaves [ 101.440527][ T9414] cgroup: cgroup_addrm_files: failed to add weight, err=-12 [ 101.586572][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.600250][ T9420] wireguard0: entered promiscuous mode [ 101.605795][ T9420] wireguard0: entered allmulticast mode [ 101.686493][ T9430] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2254'. [ 101.800808][ T9449] smc: net device bond0 applied user defined pnetid SYZ0 [ 101.810691][ T9449] smc: net device bond0 erased user defined pnetid SYZ0 [ 101.883015][ T9457] loop5: detected capacity change from 0 to 8192 [ 102.238691][ T9455] syz.1.2265 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=0 [ 102.252648][ T9455] CPU: 0 UID: 0 PID: 9455 Comm: syz.1.2265 Not tainted syzkaller #0 PREEMPT(voluntary) [ 102.252730][ T9455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.252738][ T9455] Call Trace: [ 102.252742][ T9455] [ 102.252747][ T9455] __dump_stack+0x1d/0x30 [ 102.252760][ T9455] dump_stack_lvl+0xe8/0x140 [ 102.252825][ T9455] dump_stack+0x15/0x1b [ 102.252834][ T9455] dump_header+0x81/0x220 [ 102.252851][ T9455] oom_kill_process+0x342/0x400 [ 102.252882][ T9455] out_of_memory+0x979/0xb80 [ 102.252899][ T9455] try_charge_memcg+0x5e6/0x9e0 [ 102.252920][ T9455] obj_cgroup_charge_pages+0xa6/0x150 [ 102.252957][ T9455] __memcg_kmem_charge_page+0x9f/0x170 [ 102.252974][ T9455] __alloc_frozen_pages_noprof+0x188/0x360 [ 102.253019][ T9455] alloc_pages_mpol+0xb3/0x250 [ 102.253067][ T9455] alloc_pages_noprof+0x90/0x130 [ 102.253084][ T9455] __vmalloc_node_range_noprof+0x6f2/0xe00 [ 102.253176][ T9455] __kvmalloc_node_noprof+0x30f/0x4e0 [ 102.253191][ T9455] ? ip_set_alloc+0x1f/0x30 [ 102.253202][ T9455] ? ip_set_alloc+0x1f/0x30 [ 102.253256][ T9455] ? __kmalloc_cache_noprof+0x189/0x320 [ 102.253272][ T9455] ip_set_alloc+0x1f/0x30 [ 102.253283][ T9455] hash_netiface_create+0x282/0x740 [ 102.253295][ T9455] ? __pfx_hash_netiface_create+0x10/0x10 [ 102.253314][ T9455] ip_set_create+0x3c9/0x960 [ 102.253331][ T9455] ? __nla_parse+0x40/0x60 [ 102.253345][ T9455] nfnetlink_rcv_msg+0x4c3/0x590 [ 102.253365][ T9455] netlink_rcv_skb+0x123/0x220 [ 102.253423][ T9455] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 102.253435][ T9455] nfnetlink_rcv+0x16b/0x1690 [ 102.253462][ T9455] ? mod_memcg_lruvec_state+0x1fc/0x2c0 [ 102.253489][ T9455] ? obj_cgroup_charge_account+0x122/0x1a0 [ 102.253575][ T9455] ? __rcu_read_unlock+0x4f/0x70 [ 102.253587][ T9455] ? __memcg_slab_post_alloc_hook+0x44c/0x580 [ 102.253679][ T9455] ? kmem_cache_alloc_lru_noprof+0x229/0x310 [ 102.253693][ T9455] ? __d_alloc+0x3d/0x340 [ 102.253708][ T9455] ? rcu_segcblist_enqueue+0x4c/0xb0 [ 102.253724][ T9455] ? trie_lookup_elem+0x3c8/0x430 [ 102.253801][ T9455] ? rcu_segcblist_enqueue+0x92/0xb0 [ 102.253815][ T9455] ? trie_lookup_elem+0x3c8/0x430 [ 102.253957][ T9455] ? __account_obj_stock+0x211/0x350 [ 102.253969][ T9455] ? should_fail_ex+0x30/0x280 [ 102.253981][ T9455] ? selinux_nlmsg_lookup+0x99/0x890 [ 102.254047][ T9455] ? __rcu_read_unlock+0x34/0x70 [ 102.254058][ T9455] ? __netlink_lookup+0x266/0x2a0 [ 102.254073][ T9455] netlink_unicast+0x5bd/0x690 [ 102.254237][ T9455] netlink_sendmsg+0x58b/0x6b0 [ 102.254251][ T9455] ? __pfx_netlink_sendmsg+0x10/0x10 [ 102.254265][ T9455] __sock_sendmsg+0x142/0x180 [ 102.254333][ T9455] ____sys_sendmsg+0x31e/0x4e0 [ 102.254348][ T9455] ___sys_sendmsg+0x17b/0x1d0 [ 102.254377][ T9455] __x64_sys_sendmsg+0xd4/0x160 [ 102.254392][ T9455] x64_sys_call+0x191e/0x2ff0 [ 102.254403][ T9455] do_syscall_64+0xd2/0x200 [ 102.254420][ T9455] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 102.254512][ T9455] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 102.254537][ T9455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.254570][ T9455] RIP: 0033:0x7f9e689aebe9 [ 102.254584][ T9455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.254594][ T9455] RSP: 002b:00007f9e6740f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 102.254605][ T9455] RAX: ffffffffffffffda RBX: 00007f9e68be5fa0 RCX: 00007f9e689aebe9 [ 102.254678][ T9455] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003 [ 102.254685][ T9455] RBP: 00007f9e68a31e19 R08: 0000000000000000 R09: 0000000000000000 [ 102.254692][ T9455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 102.254699][ T9455] R13: 00007f9e68be6038 R14: 00007f9e68be5fa0 R15: 00007fff7c707918 [ 102.254709][ T9455] [ 102.254712][ T9455] memory: usage 307200kB, limit 307200kB, failcnt 112 [ 102.630568][ T9455] memory+swap: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 102.638460][ T9455] kmem: usage 241488kB, limit 9007199254740988kB, failcnt 0 [ 102.645796][ T9455] Memory cgroup stats for /syz1: [ 102.647013][ T9455] cache 67096576 [ 102.655552][ T9455] rss 184320 [ 102.658753][ T9455] shmem 0 [ 102.661706][ T9455] mapped_file 98304 [ 102.665497][ T9455] dirty 0 [ 102.668493][ T9455] writeback 0 [ 102.671764][ T9455] workingset_refault_anon 3678 [ 102.676580][ T9455] workingset_refault_file 0 [ 102.681095][ T9455] swap 0 [ 102.683932][ T9455] swapcached 12288 [ 102.687647][ T9455] pgpgin 160337 [ 102.691114][ T9455] pgpgout 143909 [ 102.694647][ T9455] pgfault 152798 [ 102.698220][ T9455] pgmajfault 712 [ 102.701753][ T9455] inactive_anon 12288 [ 102.705721][ T9455] active_anon 0 [ 102.709248][ T9455] inactive_file 81920 [ 102.713219][ T9455] active_file 0 [ 102.716712][ T9455] unevictable 67194880 [ 102.720790][ T9455] hierarchical_memory_limit 314572800 [ 102.726149][ T9455] hierarchical_memsw_limit 9223372036854771712 [ 102.732409][ T9455] total_cache 67096576 [ 102.736449][ T9455] total_rss 184320 [ 102.740151][ T9455] total_shmem 0 [ 102.743710][ T9455] total_mapped_file 98304 [ 102.748050][ T9455] total_dirty 0 [ 102.751485][ T9455] total_writeback 0 [ 102.755292][ T9455] total_workingset_refault_anon 3678 [ 102.760563][ T9455] total_workingset_refault_file 0 [ 102.765591][ T9455] total_swap 0 [ 102.768956][ T9455] total_swapcached 12288 [ 102.773214][ T9455] total_pgpgin 160337 [ 102.777168][ T9455] total_pgpgout 143909 [ 102.781217][ T9455] total_pgfault 152798 [ 102.785256][ T9455] total_pgmajfault 712 [ 102.789362][ T9455] total_inactive_anon 12288 [ 102.793837][ T9455] total_active_anon 0 [ 102.797791][ T9455] total_inactive_file 81920 [ 102.802281][ T9455] total_active_file 0 [ 102.806301][ T9455] total_unevictable 67194880 [ 102.810890][ T9455] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.2265,pid=9453,uid=0 [ 102.825410][ T9455] Memory cgroup out of memory: Killed process 9455 (syz.1.2265) total-vm:95744kB, anon-rss:1136kB, file-rss:22260kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:0 [ 102.842574][ T9464] wireguard0: entered promiscuous mode [ 102.848125][ T9464] wireguard0: entered allmulticast mode [ 102.867393][ T9469] loop3: detected capacity change from 0 to 1024 [ 102.885337][ T9471] loop5: detected capacity change from 0 to 512 [ 102.892435][ T9469] EXT4-fs: Ignoring removed nomblk_io_submit option [ 102.920919][ T9473] loop0: detected capacity change from 0 to 512 [ 102.927581][ T9469] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.940303][ T9473] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 102.941117][ T9471] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.963378][ T9473] EXT4-fs (loop0): orphan cleanup on readonly fs [ 102.975412][ T9473] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:517: comm syz.0.2271: Block bitmap for bg 0 marked uninitialized [ 102.989355][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.012899][ T9473] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 103.028726][ T9473] EXT4-fs (loop0): 1 orphan inode deleted [ 103.038414][ T9473] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 103.052598][ T9179] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.073820][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.221043][ T9503] loop2: detected capacity change from 0 to 2048 [ 103.278561][ T9503] loop2: p1 < > p4 [ 103.283439][ T9503] loop2: p4 size 8388608 extends beyond EOD, truncated [ 103.323796][ T29] kauditd_printk_skb: 282 callbacks suppressed [ 103.323825][ T29] audit: type=1326 audit(103.302:6879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9512 comm="syz.2.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 103.354942][ T29] audit: type=1326 audit(103.342:6880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9512 comm="syz.2.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 103.377930][ T29] audit: type=1326 audit(103.342:6881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9512 comm="syz.2.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 103.400918][ T29] audit: type=1326 audit(103.342:6882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9512 comm="syz.2.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 103.425113][ T29] audit: type=1326 audit(103.412:6883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9512 comm="syz.2.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 103.447955][ T29] audit: type=1326 audit(103.412:6884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9512 comm="syz.2.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 103.470803][ T29] audit: type=1326 audit(103.412:6885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9512 comm="syz.2.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 103.495187][ T29] audit: type=1326 audit(103.482:6886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9512 comm="syz.2.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 103.518119][ T29] audit: type=1326 audit(103.482:6887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9512 comm="syz.2.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 103.541057][ T29] audit: type=1326 audit(103.482:6888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9512 comm="syz.2.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 103.583699][ T9520] capability: warning: `syz.2.2291' uses 32-bit capabilities (legacy support in use) [ 103.688725][ T9534] loop0: detected capacity change from 0 to 128 [ 103.857278][ T9546] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2302'. [ 103.976281][ T9551] loop3: detected capacity change from 0 to 512 [ 104.002390][ T9551] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.071570][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.507806][ T9581] loop2: detected capacity change from 0 to 1024 [ 104.521535][ T9581] EXT4-fs: Ignoring removed orlov option [ 104.544215][ T9581] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.934743][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.139305][ T9604] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2326'. [ 105.444708][ T9620] siw: device registration error -23 [ 105.502616][ T9626] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2337'. [ 105.858894][ T9636] tipc: Enabled bearer , priority 0 [ 106.125273][ T9650] team0: Device ipvlan2 failed to register rx_handler [ 106.234466][ T9659] loop2: detected capacity change from 0 to 256 [ 106.259223][ T9659] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 106.370912][ T9671] loop0: detected capacity change from 0 to 1024 [ 106.377555][ T9671] EXT4-fs: Ignoring removed orlov option [ 106.388433][ T9671] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.425413][ T9676] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2358'. [ 106.726735][ T9699] loop5: detected capacity change from 0 to 512 [ 106.735413][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.760100][ T9699] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 106.805893][ T9699] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #18: comm syz.5.2368: corrupted inode contents [ 106.840570][ T9699] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #18: comm syz.5.2368: mark_inode_dirty error [ 106.883001][ T9699] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #18: comm syz.5.2368: corrupted inode contents [ 106.908708][ T9699] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2991: inode #18: comm syz.5.2368: mark_inode_dirty error [ 106.943783][ T9699] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2994: inode #18: comm syz.5.2368: mark inode dirty (error -117) [ 106.980627][ T9699] EXT4-fs warning (device loop5): ext4_evict_inode:274: xattr delete (err -117) [ 107.032980][ T9179] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 107.073499][ T9722] lo speed is unknown, defaulting to 1000 [ 107.145471][ T9727] loop0: detected capacity change from 0 to 512 [ 107.167096][ T9727] EXT4-fs (loop0): orphan cleanup on readonly fs [ 107.188063][ T9727] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.2378: bad orphan inode 13 [ 107.218855][ T9727] ext4_test_bit(bit=12, block=18) = 1 [ 107.224287][ T9727] is_bad_inode(inode)=0 [ 107.228479][ T9727] NEXT_ORPHAN(inode)=2130706432 [ 107.233347][ T9727] max_ino=32 [ 107.236530][ T9727] i_nlink=1 [ 107.275282][ T9727] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 107.343904][ T9727] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz.0.2378: deleted inode referenced: 12 [ 107.345826][ T9741] lo speed is unknown, defaulting to 1000 [ 107.362284][ T9727] binfmt_misc: register: failed to install interpreter file ./file0 [ 107.385794][ T9744] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2383'. [ 107.403701][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.470506][ T9751] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2387'. [ 107.482228][ T9751] ip6gre1: entered allmulticast mode [ 107.589277][ T9757] loop2: detected capacity change from 0 to 512 [ 107.597701][ T9772] netlink: 360 bytes leftover after parsing attributes in process `syz.0.2397'. [ 107.607306][ T9757] EXT4-fs: Ignoring removed oldalloc option [ 107.625486][ T9757] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.2390: Parent and EA inode have the same ino 15 [ 107.652446][ T9757] EXT4-fs (loop2): Remounting filesystem read-only [ 107.690188][ T9757] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -30) [ 107.699214][ T9757] EXT4-fs (loop2): 1 orphan inode deleted [ 107.707683][ T9757] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.748752][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.807543][ T9800] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2408'. [ 107.832092][ T9802] loop2: detected capacity change from 0 to 2048 [ 107.841919][ T9805] loop5: detected capacity change from 0 to 512 [ 107.860789][ T9805] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.877643][ T9809] rdma_op ffff88813d7ce180 conn xmit_rdma 0000000000000000 [ 107.887295][ T9802] loop2: p2 p3 p7 [ 107.940668][ T9815] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9815 comm=syz.0.2414 [ 107.957906][ T9179] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.460664][ T29] kauditd_printk_skb: 177 callbacks suppressed [ 108.460733][ T29] audit: type=1326 audit(108.442:7066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9837 comm="syz.2.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 108.489722][ T29] audit: type=1326 audit(108.442:7067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9837 comm="syz.2.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 108.529197][ T29] audit: type=1326 audit(108.492:7068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9837 comm="syz.2.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 108.552126][ T29] audit: type=1326 audit(108.492:7069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9837 comm="syz.2.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 108.574926][ T29] audit: type=1326 audit(108.492:7070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9837 comm="syz.2.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 108.597813][ T29] audit: type=1326 audit(108.492:7071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9837 comm="syz.2.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 108.620653][ T29] audit: type=1326 audit(108.492:7072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9837 comm="syz.2.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 108.643499][ T29] audit: type=1326 audit(108.492:7073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9837 comm="syz.2.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 108.666299][ T29] audit: type=1326 audit(108.492:7074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9837 comm="syz.2.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 108.689051][ T29] audit: type=1326 audit(108.492:7075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9837 comm="syz.2.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 108.751455][ T9848] netlink: 'syz.3.2426': attribute type 1 has an invalid length. [ 108.769893][ T9846] loop2: detected capacity change from 0 to 2048 [ 108.792535][ T9848] 8021q: adding VLAN 0 to HW filter on device bond3 [ 108.811686][ T9848] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2426'. [ 108.821137][ T9846] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 108.839468][ T9848] bond3 (unregistering): Released all slaves [ 108.865047][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 108.961773][ T9862] loop2: detected capacity change from 0 to 512 [ 108.980180][ T9862] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 109.012595][ T9862] EXT4-fs (loop2): mount failed [ 109.043237][ T9869] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2433'. [ 109.061730][ T9869] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2433'. [ 109.832866][ T9911] team0: Device ipvlan0 failed to register rx_handler [ 109.953003][ T9920] netlink: 'syz.3.2452': attribute type 1 has an invalid length. [ 109.965789][ T9920] 8021q: adding VLAN 0 to HW filter on device bond3 [ 109.978494][ T9920] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2452'. [ 109.989648][ T9920] bond3 (unregistering): Released all slaves [ 110.168278][ T3358] IPVS: starting estimator thread 0... [ 110.188944][ T9939] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2459'. [ 110.268131][ T9935] IPVS: using max 2688 ests per chain, 134400 per kthread [ 110.530216][ T9953] ip6gre1: entered allmulticast mode [ 110.538402][ T9954] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 110.780878][ T9981] loop0: detected capacity change from 0 to 764 [ 110.802899][ T9981] Symlink component flag not implemented [ 110.811069][ T9981] Symlink component flag not implemented (129) [ 110.831895][ T9981] rock: directory entry would overflow storage [ 110.838085][ T9981] rock: sig=0x4f50, size=4, remaining=3 [ 110.843652][ T9981] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 110.866083][ T9983] ip6gre1: entered allmulticast mode [ 110.954024][ T9995] loop2: detected capacity change from 0 to 1024 [ 110.970597][ T9995] EXT4-fs: Ignoring removed orlov option [ 111.012765][T10000] lo speed is unknown, defaulting to 1000 [ 111.020108][ T9995] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.130418][T10007] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10007 comm=syz.0.2490 [ 111.353807][T10019] loop0: detected capacity change from 0 to 512 [ 111.380485][T10019] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.410052][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.493191][T10032] loop0: detected capacity change from 0 to 512 [ 111.521414][T10032] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.559791][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.668690][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.873740][T10030] Set syz1 is full, maxelem 65536 reached [ 111.949715][T10064] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10064 comm=syz.0.2513 [ 111.962361][T10064] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=10064 comm=syz.0.2513 [ 112.005080][T10070] netlink: zone id is out of range [ 112.010516][T10070] netlink: zone id is out of range [ 112.374129][T10087] loop5: detected capacity change from 0 to 4096 [ 112.382895][T10087] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.420447][ T9179] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.479255][T10093] __nla_validate_parse: 6 callbacks suppressed [ 112.479271][T10093] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2527'. [ 112.501578][T10093] 8021q: adding VLAN 0 to HW filter on device bond1 [ 112.539823][T10096] bond0: (slave dummy0): Releasing backup interface [ 112.553389][T10096] bridge_slave_0: left allmulticast mode [ 112.559157][T10096] bridge_slave_0: left promiscuous mode [ 112.564810][T10096] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.575336][T10096] bridge_slave_1: left allmulticast mode [ 112.581130][T10096] bridge_slave_1: left promiscuous mode [ 112.586767][T10096] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.595874][T10097] netlink: 'syz.5.2528': attribute type 10 has an invalid length. [ 112.603814][T10097] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2528'. [ 112.627775][T10096] bond0: (slave bond_slave_0): Releasing backup interface [ 112.639306][T10096] bond0: (slave bond_slave_1): Releasing backup interface [ 112.652513][T10096] team0: Port device team_slave_0 removed [ 112.662299][T10096] team0: Port device team_slave_1 removed [ 112.669412][T10096] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 112.676842][T10096] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 112.697686][T10096] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 112.705136][T10096] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 112.980722][ T3377] IPVS: starting estimator thread 0... [ 113.078590][T10119] IPVS: using max 2928 ests per chain, 146400 per kthread [ 113.274928][T10141] loop0: detected capacity change from 0 to 512 [ 113.289856][T10141] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.322246][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.468102][ T29] kauditd_printk_skb: 205 callbacks suppressed [ 113.468116][ T29] audit: type=1326 audit(113.452:7280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efe07dc5ba7 code=0x7ffc0000 [ 113.498433][ T29] audit: type=1326 audit(113.472:7281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efe07d6adb9 code=0x7ffc0000 [ 113.521379][ T29] audit: type=1326 audit(113.472:7282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efe07dc5ba7 code=0x7ffc0000 [ 113.544206][ T29] audit: type=1326 audit(113.472:7283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efe07d6adb9 code=0x7ffc0000 [ 113.567583][ T29] audit: type=1326 audit(113.472:7284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7efe07dcebe9 code=0x7ffc0000 [ 113.590653][ T29] audit: type=1326 audit(113.482:7285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efe07dc5ba7 code=0x7ffc0000 [ 113.613473][ T29] audit: type=1326 audit(113.482:7286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efe07d6adb9 code=0x7ffc0000 [ 113.636321][ T29] audit: type=1326 audit(113.482:7287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7efe07dcebe9 code=0x7ffc0000 [ 113.659488][ T29] audit: type=1326 audit(113.552:7288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efe07dc5ba7 code=0x7ffc0000 [ 113.682454][ T29] audit: type=1326 audit(113.552:7289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.0.2547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efe07d6adb9 code=0x7ffc0000 [ 113.901313][T10165] loop5: detected capacity change from 0 to 512 [ 113.930331][T10165] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.977650][ T9179] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.155783][T10195] loop5: detected capacity change from 0 to 512 [ 114.169698][T10195] EXT4-fs: Ignoring removed nobh option [ 114.201275][T10195] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.278349][ T9179] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.365697][T10206] wg2: entered promiscuous mode [ 114.370749][T10206] wg2: entered allmulticast mode [ 114.483802][T10213] syzkaller0: entered promiscuous mode [ 114.489490][T10213] syzkaller0: entered allmulticast mode [ 114.602488][T10219] batman_adv: batadv0: Removing interface: veth1_vlan [ 115.140034][ T4703] bond0 (unregistering): Released all slaves [ 115.149867][ T4703] bond1 (unregistering): Released all slaves [ 115.158253][ T4703] bond2 (unregistering): Released all slaves [ 115.166564][ T4703] bond3 (unregistering): Released all slaves [ 115.175482][ T4703] bond4 (unregistering): Released all slaves [ 115.211990][ C0] vcan0: j1939_tp_rxtimer: 0xffff888132698800: rx timeout, send abort [ 115.222017][ T4703] tipc: Disabling bearer [ 115.231653][ T4703] tipc: Left network mode [ 115.238727][T10238] lo speed is unknown, defaulting to 1000 [ 115.339867][ T4703] hsr_slave_0: left promiscuous mode [ 115.346167][ T4703] hsr_slave_1: left promiscuous mode [ 115.353356][ T4703] pimreg (unregistering): left allmulticast mode [ 115.377638][T10273] loop2: detected capacity change from 0 to 1024 [ 115.401885][T10273] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.445414][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.504960][T10238] chnl_net:caif_netlink_parms(): no params data found [ 115.523237][T10284] tipc: Started in network mode [ 115.528147][T10284] tipc: Node identity 0e967095868e, cluster identity 4711 [ 115.535290][T10284] tipc: Enabled bearer , priority 0 [ 115.547225][T10283] tipc: Resetting bearer [ 115.562324][T10283] tipc: Disabling bearer [ 115.619129][T10238] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.626206][T10238] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.633483][T10238] bridge_slave_0: entered allmulticast mode [ 115.639883][T10238] bridge_slave_0: entered promiscuous mode [ 115.646609][T10238] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.653742][T10238] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.661059][T10238] bridge_slave_1: entered allmulticast mode [ 115.667767][T10238] bridge_slave_1: entered promiscuous mode [ 115.719326][T10238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.728445][ C0] vcan0: j1939_tp_rxtimer: 0xffff888132698800: abort rx timeout. Force session deactivation [ 115.735954][T10297] loop3: detected capacity change from 0 to 512 [ 115.743664][T10238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.755932][ T4703] IPVS: stop unused estimator thread 0... [ 115.770287][T10238] team0: Port device team_slave_0 added [ 115.778983][T10238] team0: Port device team_slave_1 added [ 115.786146][T10297] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2605: bg 0: block 248: padding at end of block bitmap is not set [ 115.801541][T10297] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.2605: Failed to acquire dquot type 1 [ 115.813247][T10297] EXT4-fs (loop3): 1 truncate cleaned up [ 115.820381][T10238] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.827321][T10238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.829796][T10297] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.853255][T10238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.907165][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.909395][T10238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.923103][T10238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.949043][T10238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.960690][ T4722] EXT4-fs error (device loop3): ext4_release_dquot:6973: comm kworker/u8:54: Failed to release dquot type 1 [ 116.011445][T10238] hsr_slave_0: entered promiscuous mode [ 116.017616][T10238] hsr_slave_1: entered promiscuous mode [ 116.024931][T10238] debugfs: 'hsr0' already exists in 'hsr' [ 116.030760][T10238] Cannot create hsr debugfs directory [ 116.050663][T10320] pim6reg1: entered promiscuous mode [ 116.056031][T10320] pim6reg1: entered allmulticast mode [ 116.121533][T10238] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 116.132805][T10238] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 116.142161][T10238] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 116.150935][T10238] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 116.175561][T10238] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.182642][T10238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.189895][T10238] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.196925][T10238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.206767][ T4722] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.214727][ T4722] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.257627][T10238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.266851][T10344] lo speed is unknown, defaulting to 1000 [ 116.270454][T10238] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.283302][ T4729] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.290473][ T4729] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.309822][T10238] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 116.320226][T10238] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 116.349659][ T4729] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.356756][ T4729] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.378580][T10355] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10355 comm=syz.5.2626 [ 116.443945][T10238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.476502][T10372] netlink: 7 bytes leftover after parsing attributes in process `syz.5.2631'. [ 116.490616][T10372] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2631'. [ 116.539771][T10384] loop2: detected capacity change from 0 to 512 [ 116.576571][T10384] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.617278][T10385] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2635'. [ 116.672382][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.684282][T10377] lo speed is unknown, defaulting to 1000 [ 116.742244][T10238] veth0_vlan: entered promiscuous mode [ 116.777056][T10238] veth1_vlan: entered promiscuous mode [ 116.808718][T10408] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2640'. [ 116.822484][T10238] veth0_macvtap: entered promiscuous mode [ 116.840754][T10238] veth1_macvtap: entered promiscuous mode [ 116.895189][T10238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.924358][T10238] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.954257][ T4703] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.979040][ T4703] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.006278][ T4703] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.021050][ T4703] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.091836][T10426] loop3: detected capacity change from 0 to 2048 [ 117.127797][T10434] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2649'. [ 117.139796][T10426] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.201694][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.233337][T10447] syzkaller0: entered allmulticast mode [ 117.254744][T10447] syzkaller0 (unregistering): left allmulticast mode [ 117.399826][T10471] tipc: Started in network mode [ 117.404729][T10471] tipc: Node identity 7e86965e5018, cluster identity 4711 [ 117.412315][T10471] tipc: Enabled bearer , priority 0 [ 117.420705][T10471] tipc: Disabling bearer [ 117.473159][T10482] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.579644][T10482] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.606828][T10500] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.631114][T10482] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.642078][T10502] tipc: Started in network mode [ 117.646946][T10502] tipc: Node identity baec75d6f94d, cluster identity 4711 [ 117.654139][T10502] tipc: Enabled bearer , priority 0 [ 117.662854][T10501] tipc: Resetting bearer [ 117.678409][T10501] tipc: Disabling bearer [ 117.689357][T10482] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.784168][ T4729] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.795612][ T4729] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.806888][ T4703] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.817740][ T4703] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.057067][T10510] vlan0: entered allmulticast mode [ 118.062419][T10510] dummy0: entered allmulticast mode [ 118.089967][T10514] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2683'. [ 118.200318][T10532] loop5: detected capacity change from 0 to 512 [ 118.209326][T10532] EXT4-fs: journaled quota format not specified [ 118.220971][T10535] netlink: 'syz.2.2693': attribute type 1 has an invalid length. [ 118.251853][T10535] bond3: entered promiscuous mode [ 118.256912][T10535] bond3: entered allmulticast mode [ 118.262644][T10535] 8021q: adding VLAN 0 to HW filter on device bond3 [ 118.279666][T10535] ip6gretap1: entered promiscuous mode [ 118.285208][T10535] ip6gretap1: entered allmulticast mode [ 118.293903][T10535] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 118.361057][ T4703] bond3: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 118.404280][T10551] lo speed is unknown, defaulting to 1000 [ 118.488680][ T4729] bond3: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 118.623288][T10560] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.721186][T10560] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.760558][T10500] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.816718][T10560] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.896656][T10560] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.005857][T10570] loop3: detected capacity change from 0 to 1024 [ 119.014321][ T41] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.017841][T10570] EXT4-fs: Ignoring removed orlov option [ 119.026449][ T29] kauditd_printk_skb: 520 callbacks suppressed [ 119.026462][ T29] audit: type=1400 audit(119.012:7807): avc: denied { bind } for pid=10571 comm="syz.2.2714" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 119.053464][T10571] delete_channel: no stack [ 119.068580][ T41] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.069879][T10570] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.113083][ T4729] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.145910][ T4729] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.361706][T10588] loop5: detected capacity change from 0 to 8192 [ 119.408591][T10588] loop5: p1 p2[DM] p4 [ 119.412786][T10588] loop5: p1 size 196608 extends beyond EOD, truncated [ 119.421027][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.430776][T10588] loop5: p2 start 4292936063 is beyond EOD, truncated [ 119.437541][T10588] loop5: p4 size 50331648 extends beyond EOD, truncated [ 119.484628][T10590] SELinux: ebitmap: truncated map [ 119.490530][T10590] SELinux: failed to load policy [ 119.519472][ T29] audit: type=1326 audit(119.502:7808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10592 comm="syz.3.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2294ebe9 code=0x7ffc0000 [ 119.543861][ T29] audit: type=1326 audit(119.502:7809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10592 comm="syz.3.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2294ebe9 code=0x7ffc0000 [ 119.566913][ T29] audit: type=1326 audit(119.522:7810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10592 comm="syz.3.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffb2294ebe9 code=0x7ffc0000 [ 119.589804][ T29] audit: type=1326 audit(119.522:7811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10592 comm="syz.3.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2294ebe9 code=0x7ffc0000 [ 119.612697][ T29] audit: type=1326 audit(119.522:7812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10592 comm="syz.3.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2294ebe9 code=0x7ffc0000 [ 119.635599][ T29] audit: type=1326 audit(119.522:7813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10592 comm="syz.3.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffb2294ebe9 code=0x7ffc0000 [ 119.658882][ T29] audit: type=1326 audit(119.522:7814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10592 comm="syz.3.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2294ebe9 code=0x7ffc0000 [ 119.681756][ T29] audit: type=1326 audit(119.522:7815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10592 comm="syz.3.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb2294ebe9 code=0x7ffc0000 [ 119.704624][ T29] audit: type=1326 audit(119.562:7816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10592 comm="syz.3.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffb2294ebe9 code=0x7ffc0000 [ 120.145926][T10609] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.2720' sets config #0 [ 120.228114][T10622] netlink: 830 bytes leftover after parsing attributes in process `syz.5.2726'. [ 120.311639][T10631] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 120.321244][T10627] loop5: detected capacity change from 0 to 8192 [ 120.330702][T10500] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.359242][T10627] loop5: p1 p2 p3 p4 [ 120.363281][T10627] loop5: p1 start 51379968 is beyond EOD, truncated [ 120.378414][T10627] loop5: p3 size 15991040 extends beyond EOD, truncated [ 120.399073][T10627] loop5: p4 start 16711680 is beyond EOD, truncated [ 120.422918][T10500] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.469443][T10627] loop5: detected capacity change from 0 to 2048 [ 120.477791][ T4727] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.496128][ T4727] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.508535][T10627] loop5: p1 < > p4 [ 120.514859][T10627] loop5: p4 size 8388608 extends beyond EOD, truncated [ 120.522067][ T4727] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.541033][ T4727] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.571525][ T3358] IPVS: starting estimator thread 0... [ 120.615538][T10647] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2737'. [ 120.653094][T10647] team1: entered promiscuous mode [ 120.658179][T10647] team1: entered allmulticast mode [ 120.664639][T10649] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.667949][T10645] IPVS: using max 2688 ests per chain, 134400 per kthread [ 120.710167][T10649] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.739897][T10649] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.789725][T10649] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.832707][T10659] lo speed is unknown, defaulting to 1000 [ 120.962719][T10664] loop3: detected capacity change from 0 to 512 [ 120.971246][T10664] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 120.983958][T10664] EXT4-fs (loop3): 1 truncate cleaned up [ 120.991838][T10664] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.019134][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.069916][T10673] loop6: detected capacity change from 0 to 1024 [ 121.085582][T10673] EXT4-fs: Ignoring removed orlov option [ 121.102269][T10673] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.509612][T10238] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.550506][T10696] netlink: 'syz.6.2756': attribute type 4 has an invalid length. [ 121.575346][T10696] netlink: 'syz.6.2756': attribute type 4 has an invalid length. [ 121.710079][T10708] loop2: detected capacity change from 0 to 2048 [ 121.737423][T10708] EXT4-fs (loop2): failed to initialize system zone (-117) [ 121.754850][T10708] EXT4-fs (loop2): mount failed [ 121.784702][T10708] geneve3: entered promiscuous mode [ 121.932422][T10722] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10722 comm=syz.2.2770 [ 121.978244][T10725] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2771'. [ 121.987223][T10725] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2771'. [ 121.996185][T10725] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2771'. [ 122.034154][T10725] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2771'. [ 122.043150][T10725] netlink: 'syz.6.2771': attribute type 6 has an invalid length. [ 122.119382][ T41] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.138160][ T41] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.160854][T10733] wg2: entered promiscuous mode [ 122.165770][T10733] wg2: entered allmulticast mode [ 122.173828][ T41] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.202122][ T41] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.240064][T10747] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000000008 [ 122.249407][T10749] loop5: detected capacity change from 0 to 1024 [ 122.279846][T10749] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.319319][T10760] sch_fq: defrate 0 ignored. [ 122.335485][T10749] EXT4-fs error (device loop5): mb_free_blocks:2017: group 0, inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt. [ 122.366860][ T9179] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.394809][T10766] loop5: detected capacity change from 0 to 512 [ 122.475884][T10778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.487416][T10778] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.592841][T10801] wg2: left promiscuous mode [ 122.597467][T10801] wg2: left allmulticast mode [ 122.607762][T10801] wg2: entered promiscuous mode [ 122.612708][T10801] wg2: entered allmulticast mode [ 122.620035][T10799] loop3: detected capacity change from 0 to 8192 [ 122.639678][T10803] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10803 comm=syz.5.2804 [ 122.658883][T10799] loop3: p1 p2 p3 p4 [ 122.662993][T10799] loop3: p1 start 51379968 is beyond EOD, truncated [ 122.670194][T10799] loop3: p3 size 15991040 extends beyond EOD, truncated [ 122.677846][T10799] loop3: p4 start 16711680 is beyond EOD, truncated [ 122.726371][T10799] loop3: detected capacity change from 0 to 2048 [ 122.768393][T10799] loop3: p1 < > p4 [ 122.772399][T10813] loop5: detected capacity change from 0 to 1024 [ 122.779051][T10799] loop3: p4 size 8388608 extends beyond EOD, truncated [ 122.779542][T10813] EXT4-fs: Ignoring removed nomblk_io_submit option [ 122.793816][T10813] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 122.802089][T10813] System zones: 0-1, 3-36 [ 122.845284][T10820] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 122.877095][T10820] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.884343][T10820] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.894885][T10820] tipc: Resetting bearer [ 122.920876][T10820] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 122.943294][T10824] syz_tun: entered allmulticast mode [ 122.959169][ T4727] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.969799][ T4727] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.978570][ T4727] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.987076][ T4727] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.034047][T10834] bridge_slave_0: left allmulticast mode [ 123.039822][T10834] bridge_slave_0: left promiscuous mode [ 123.045438][T10834] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.056847][T10836] raw_sendmsg: syz.2.2820 forgot to set AF_INET. Fix it! [ 123.078495][T10834] bridge_slave_1: left allmulticast mode [ 123.084198][T10834] bridge_slave_1: left promiscuous mode [ 123.089949][T10834] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.100023][T10834] bond0: (slave bond_slave_0): Releasing backup interface [ 123.108407][T10834] bond0: (slave bond_slave_1): Releasing backup interface [ 123.117388][T10834] team0: Port device team_slave_0 removed [ 123.124905][T10834] team0: Port device team_slave_1 removed [ 123.131264][T10834] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.140168][T10834] team0: Port device vlan2 removed [ 123.145875][T10834] bond2: (slave bridge1): Releasing active interface [ 123.221682][T10840] loop2: detected capacity change from 0 to 8192 [ 123.294686][T10853] loop5: detected capacity change from 0 to 512 [ 123.301564][T10840] loop2: p1 p2 p3 p4 [ 123.312067][T10853] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.2826: Failed to acquire dquot type 1 [ 123.327996][T10840] loop2: p1 start 51379968 is beyond EOD, truncated [ 123.337296][T10853] EXT4-fs (loop5): 1 truncate cleaned up [ 123.364922][T10840] loop2: p3 size 15991040 extends beyond EOD, truncated [ 123.378803][T10840] loop2: p4 start 16711680 is beyond EOD, truncated [ 123.459656][T10864] SELinux: Context system_u:object_r:usbmon_device_t:s0 is not valid (left unmapped). [ 123.488012][T10840] loop2: detected capacity change from 0 to 2048 [ 123.541155][T10840] loop2: p1 < > p4 [ 123.546015][T10840] loop2: p4 size 8388608 extends beyond EOD, truncated [ 123.662277][T10871] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2833'. [ 123.720963][T10877] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10877 comm=syz.5.2836 [ 123.982121][T10885] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.000086][T10889] netlink: 'syz.5.2842': attribute type 4 has an invalid length. [ 124.035837][ T29] kauditd_printk_skb: 2676 callbacks suppressed [ 124.035859][ T29] audit: type=1326 audit(124.012:10491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10872 comm="syz.1.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9e689a5ba7 code=0x7ffc0000 [ 124.038230][T10885] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.043484][ T29] audit: type=1326 audit(124.032:10492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10872 comm="syz.1.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9e6894adb9 code=0x7ffc0000 [ 124.098110][ T29] audit: type=1326 audit(124.032:10493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10872 comm="syz.1.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 124.122885][ T29] audit: type=1326 audit(124.082:10494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10872 comm="syz.1.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9e689a5ba7 code=0x7ffc0000 [ 124.145918][ T29] audit: type=1326 audit(124.082:10495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10872 comm="syz.1.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9e6894adb9 code=0x7ffc0000 [ 124.168929][ T29] audit: type=1326 audit(124.082:10496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10872 comm="syz.1.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 124.191852][ T29] audit: type=1326 audit(124.112:10497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10872 comm="syz.1.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9e689a5ba7 code=0x7ffc0000 [ 124.214877][ T29] audit: type=1326 audit(124.112:10498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10872 comm="syz.1.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9e6894adb9 code=0x7ffc0000 [ 124.237845][ T29] audit: type=1326 audit(124.112:10499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10872 comm="syz.1.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 124.261794][ T29] audit: type=1326 audit(124.112:10500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10872 comm="syz.1.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9e689a5ba7 code=0x7ffc0000 [ 124.296930][T10885] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.329823][T10896] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2845'. [ 124.385721][T10885] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.531861][T10912] loop2: detected capacity change from 0 to 512 [ 124.568815][T10912] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.2853: Failed to acquire dquot type 1 [ 124.581876][T10912] EXT4-fs (loop2): 1 truncate cleaned up [ 124.588049][T10893] loop3: detected capacity change from 0 to 1024 [ 124.648971][T10924] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2857'. [ 124.671604][T10926] ref_ctr increment failed for inode: 0xa45 offset: 0xb ref_ctr_offset: 0x82 of mm: 0xffff88810c423f40 [ 124.685720][T10926] ref_ctr increment failed for inode: 0xa45 offset: 0xf ref_ctr_offset: 0x82 of mm: 0xffff88810c423f40 [ 124.730166][T10925] uprobe: syz.2.2856:10925 failed to unregister, leaking uprobe [ 124.798181][T10925] uprobe: syz.2.2856:10925 failed to unregister, leaking uprobe [ 124.808923][ T4703] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.856634][ T4703] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.873909][ T4727] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.890790][ T4727] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.908126][T10930] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.969544][T10930] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.981404][T10932] loop2: detected capacity change from 0 to 8192 [ 125.028261][T10932] loop2: p1 p2[DM] p4 [ 125.032440][T10932] loop2: p1 size 196608 extends beyond EOD, truncated [ 125.033375][T10930] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.039944][T10932] loop2: p2 start 4292936063 is beyond EOD, truncated [ 125.055761][T10932] loop2: p4 size 50331648 extends beyond EOD, truncated [ 125.119580][T10930] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.481329][T11017] loop5: detected capacity change from 0 to 1024 [ 126.502643][T11021] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11021 comm=syz.1.2897 [ 126.583886][T11036] loop2: detected capacity change from 0 to 128 [ 126.591856][T11036] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 126.637394][T11036] syz.2.2904: attempt to access beyond end of device [ 126.637394][T11036] loop2: rw=0, sector=97, nr_sectors = 944 limit=128 [ 126.659784][T11040] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2905'. [ 126.673238][ T4703] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 126.693999][T11040] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2905'. [ 126.710427][T11044] pim6reg1: entered promiscuous mode [ 126.715757][T11044] pim6reg1: entered allmulticast mode [ 128.592929][ T4703] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.603238][ T4667] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.613992][ T4727] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.624644][ T4727] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.680586][T11060] loop3: detected capacity change from 0 to 512 [ 128.702303][T11060] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 128.717927][T11060] EXT4-fs (loop3): mount failed [ 128.745702][T11067] loop3: detected capacity change from 0 to 512 [ 128.764935][T11067] EXT4-fs: Ignoring removed bh option [ 128.778773][T11067] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 128.787854][T11067] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 128.816731][T11067] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 128.837960][T11067] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 128.846538][T11067] EXT4-fs mount: 12 callbacks suppressed [ 128.846553][T11067] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.890566][T11080] 9pnet: p9_errstr2errno: server reported unknown error [ 128.910948][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.939329][T11086] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2924'. [ 129.292273][T11094] Set syz1 is full, maxelem 65536 reached [ 129.541730][T11122] loop5: detected capacity change from 0 to 1024 [ 129.562049][T11122] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.615052][ T29] kauditd_printk_skb: 1210 callbacks suppressed [ 129.615068][ T29] audit: type=1400 audit(129.592:11708): avc: denied { read } for pid=11129 comm="syz.2.2941" name="loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 129.645140][ T29] audit: type=1400 audit(129.592:11709): avc: denied { open } for pid=11129 comm="syz.2.2941" path="/dev/loop-control" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 129.678872][T11128] syz_tun (unregistering): left allmulticast mode [ 129.680952][T11130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2941'. [ 129.813988][ T29] audit: type=1326 audit(129.792:11710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11142 comm="syz.1.2945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 129.837061][ T29] audit: type=1326 audit(129.792:11711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11142 comm="syz.1.2945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 129.902093][T11128] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.947621][ T29] audit: type=1326 audit(129.792:11712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11142 comm="syz.1.2945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 129.948193][ T4667] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.970771][ T29] audit: type=1326 audit(129.792:11713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11142 comm="syz.1.2945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 129.970806][ T29] audit: type=1326 audit(129.792:11714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11142 comm="syz.1.2945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 129.970824][ T29] audit: type=1326 audit(129.792:11715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11142 comm="syz.1.2945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 129.970844][ T29] audit: type=1326 audit(129.792:11716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11142 comm="syz.1.2945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 130.072360][ T29] audit: type=1326 audit(129.792:11717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11142 comm="syz.1.2945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 130.169231][ T4667] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.248676][ T4667] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.439207][ T4667] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.469293][T11154] lo speed is unknown, defaulting to 1000 [ 130.940104][ T4667] bond0 (unregistering): Released all slaves [ 130.948082][ T4667] bond1 (unregistering): Released all slaves [ 130.970244][T11154] chnl_net:caif_netlink_parms(): no params data found [ 130.989356][ T4667] tipc: Left network mode [ 131.037310][ T4667] hsr_slave_0: left promiscuous mode [ 131.043264][ T4667] hsr_slave_1: left promiscuous mode [ 131.050076][ T4667] veth1_macvtap: left promiscuous mode [ 131.055675][ T4667] veth0_macvtap: left promiscuous mode [ 131.145144][T11154] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.152463][T11154] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.160784][T11154] bridge_slave_0: entered allmulticast mode [ 131.167338][T11154] bridge_slave_0: entered promiscuous mode [ 131.174344][T11154] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.176975][T11214] loop2: detected capacity change from 0 to 512 [ 131.181696][T11154] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.190714][T11214] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 131.203995][T11154] bridge_slave_1: entered allmulticast mode [ 131.218479][T11154] bridge_slave_1: entered promiscuous mode [ 131.249177][T11154] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.262458][T11154] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.284196][T11154] team0: Port device team_slave_0 added [ 131.290032][T11218] loop6: detected capacity change from 0 to 8192 [ 131.290876][T11154] team0: Port device team_slave_1 added [ 131.315870][T11154] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 131.322888][T11154] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.349235][T11154] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 131.360888][T11154] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 131.367930][T11154] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.394251][T11154] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 131.419479][T11154] hsr_slave_0: entered promiscuous mode [ 131.425717][T11154] hsr_slave_1: entered promiscuous mode [ 131.486501][T11154] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 131.495384][T11154] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 131.504195][T11154] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 131.513176][T11154] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 131.545346][T11154] 8021q: adding VLAN 0 to HW filter on device bond0 [ 131.560097][T11154] 8021q: adding VLAN 0 to HW filter on device team0 [ 131.570435][ T4667] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.577759][ T4667] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.588754][ T4667] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.595910][ T4667] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.618491][T11154] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 131.662627][T11154] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 131.721583][T11241] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2972'. [ 131.750715][T11245] loop2: detected capacity change from 0 to 512 [ 131.774682][T11245] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.837159][T11154] veth0_vlan: entered promiscuous mode [ 131.847030][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.869367][T11154] veth1_vlan: entered promiscuous mode [ 131.898899][T11154] veth0_macvtap: entered promiscuous mode [ 131.911906][T11154] veth1_macvtap: entered promiscuous mode [ 131.940726][T11154] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 131.954380][T11154] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 131.968848][ T4722] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.011382][ T4722] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.024365][ T4722] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.053218][ T4722] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.649114][T11307] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2996'. [ 132.820722][T11315] hub 6-0:1.0: USB hub found [ 132.846813][T11315] hub 6-0:1.0: 8 ports detected [ 132.885900][T11322] netlink: 'syz.3.3005': attribute type 10 has an invalid length. [ 132.908149][T11322] team0: Port device dummy0 added [ 132.917831][T11322] netlink: 'syz.3.3005': attribute type 10 has an invalid length. [ 132.929882][T11322] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 132.957020][T11322] team0: Failed to send options change via netlink (err -105) [ 132.967918][T11322] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 132.987267][T11322] team0: Port device dummy0 removed [ 133.004323][T11322] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 133.022264][T11333] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3009'. [ 133.073411][T11337] 9pnet: p9_errstr2errno: server reported unknown error [ 133.114507][T11345] loop2: detected capacity change from 0 to 512 [ 133.128919][T11345] EXT4-fs: Ignoring removed mblk_io_submit option [ 133.143167][T11345] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 133.172564][T11345] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.223127][T11357] ipvlan0: entered promiscuous mode [ 133.228697][T11357] bridge0: port 1(ipvlan0) entered blocking state [ 133.235145][T11357] bridge0: port 1(ipvlan0) entered disabled state [ 133.242241][T11357] ipvlan0: entered allmulticast mode [ 133.247648][T11357] bridge0: entered allmulticast mode [ 133.254657][T11357] ipvlan0: left allmulticast mode [ 133.255846][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.259740][T11357] bridge0: left allmulticast mode [ 133.340953][T11363] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3020'. [ 133.394734][T11366] veth0: entered promiscuous mode [ 133.400432][T11366] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3022'. [ 133.433579][T11366] veth0 (unregistering): left promiscuous mode [ 134.009780][T11383] bridge0: entered promiscuous mode [ 134.025621][T11383] macvtap1: entered allmulticast mode [ 134.031221][T11383] bridge0: entered allmulticast mode [ 134.051386][T11383] bridge0: port 3(macvtap1) entered blocking state [ 134.058175][T11383] bridge0: port 3(macvtap1) entered disabled state [ 134.178781][T11381] loop2: detected capacity change from 0 to 1024 [ 134.196019][T11383] bridge0: left allmulticast mode [ 134.201139][T11383] bridge0: left promiscuous mode [ 134.221883][T11381] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.237261][T11392] loop7: detected capacity change from 0 to 512 [ 134.257824][T11394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3033'. [ 134.269248][T11392] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.269804][T11394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3033'. [ 134.318313][T11392] vhci_hcd: invalid port number 96 [ 134.323454][T11392] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 134.369983][T11154] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.390858][T11401] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3034'. [ 134.482827][T11411] syzkaller0: entered allmulticast mode [ 134.498212][T11411] syzkaller0: entered promiscuous mode [ 134.516811][T11411] syzkaller0 (unregistering): left allmulticast mode [ 134.523652][T11411] syzkaller0 (unregistering): left promiscuous mode [ 134.578405][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.603563][T11421] bridge_slave_0: left allmulticast mode [ 134.609293][T11421] bridge_slave_0: left promiscuous mode [ 134.615030][T11421] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.624462][T11421] bridge_slave_1: left allmulticast mode [ 134.630179][T11421] bridge_slave_1: left promiscuous mode [ 134.635910][T11421] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.647849][T11421] bond0: (slave bond_slave_0): Releasing backup interface [ 134.658746][T11421] bond0: (slave bond_slave_1): Releasing backup interface [ 134.673701][T11421] team0: Port device team_slave_0 removed [ 134.690868][T11421] team0: Port device team_slave_1 removed [ 134.697648][T11421] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 134.705093][T11421] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 134.715356][T11421] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 134.722812][T11421] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 134.846790][ T29] kauditd_printk_skb: 120 callbacks suppressed [ 134.846803][ T29] audit: type=1326 audit(134.822:11838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.1.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 134.849129][T11436] lo speed is unknown, defaulting to 1000 [ 134.853741][ T29] audit: type=1326 audit(134.832:11839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.1.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=461 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 134.916868][ T29] audit: type=1326 audit(134.882:11840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.1.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 134.939989][ T29] audit: type=1326 audit(134.882:11841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11444 comm="syz.1.3054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e689aebe9 code=0x7ffc0000 [ 135.009049][T11458] 9pnet: p9_errstr2errno: server reported unknown error [ 135.274607][ T29] audit: type=1326 audit(135.252:11842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.2.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 135.297839][ T29] audit: type=1326 audit(135.252:11843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.2.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 135.343007][ T29] audit: type=1326 audit(135.312:11844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.2.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 135.366095][ T29] audit: type=1326 audit(135.312:11845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.2.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 135.389081][ T29] audit: type=1326 audit(135.312:11846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.2.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 135.412121][ T29] audit: type=1326 audit(135.312:11847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11468 comm="syz.2.3061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe17a6bebe9 code=0x7ffc0000 [ 135.486300][T11476] loop6: detected capacity change from 0 to 512 [ 135.520530][T11476] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.3065: bg 0: block 248: padding at end of block bitmap is not set [ 135.535535][T11476] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.3065: Failed to acquire dquot type 1 [ 135.548723][T11476] EXT4-fs (loop6): 1 truncate cleaned up [ 135.554900][T11476] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.586186][T10238] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.608076][ T4727] EXT4-fs error (device loop6): ext4_release_dquot:6973: comm kworker/u8:59: Failed to release dquot type 1 [ 135.764734][ T3377] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 135.772787][ T3377] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 135.785231][T11499] netlink: 'syz.7.3074': attribute type 1 has an invalid length. [ 135.793929][T11499] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3074'. [ 136.051441][T11514] netlink: 'syz.3.3079': attribute type 3 has an invalid length. [ 136.275911][T11530] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3086'. [ 136.303259][ T1046] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=1046 comm=kworker/1:2 [ 136.316740][T11532] 9pnet: p9_errstr2errno: server reported unknown error 18446744073 [ 136.340528][T11534] netlink: 5 bytes leftover after parsing attributes in process `syz.1.3088'. [ 136.349664][T11534] 0ªî{X¹¦: renamed from gretap0 [ 136.355994][T11534] 0ªî{X¹¦: entered allmulticast mode [ 136.362162][T11534] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 136.593560][T11553] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11553 comm=syz.3.3096 [ 136.655345][T11559] lo speed is unknown, defaulting to 1000 [ 136.856862][T11573] ref_ctr increment failed for inode: 0x17b offset: 0xb ref_ctr_offset: 0x82 of mm: 0xffff88810005c500 [ 136.869223][T11573] ref_ctr increment failed for inode: 0x17b offset: 0xf ref_ctr_offset: 0x82 of mm: 0xffff88810005c500 [ 136.887871][T11572] uprobe: syz.6.3104:11572 failed to unregister, leaking uprobe [ 136.939495][T11577] netlink: 7 bytes leftover after parsing attributes in process `syz.2.3106'. [ 136.949114][T11572] uprobe: syz.6.3104:11572 failed to unregister, leaking uprobe [ 136.956972][T11577] netlink: 7 bytes leftover after parsing attributes in process `syz.2.3106'. [ 137.122757][T11596] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3115'. [ 137.164129][T11598] netlink: 'syz.2.3116': attribute type 10 has an invalid length. [ 137.172754][T11598] netlink: 'syz.2.3116': attribute type 10 has an invalid length. [ 137.182153][T11598] dummy0: entered promiscuous mode [ 137.188966][T11598] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 137.248451][T11604] netlink: 'syz.2.3119': attribute type 21 has an invalid length. [ 137.256369][T11604] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3119'. [ 137.301182][T11609] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 137.379925][T11617] lo speed is unknown, defaulting to 1000 [ 137.397252][T11618] lo speed is unknown, defaulting to 1000 [ 137.600346][T11634] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11634 comm=syz.3.3129 [ 137.678793][T11640] loop2: detected capacity change from 0 to 512 [ 137.725070][T11640] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.784640][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.841076][T11656] veth0_vlan: entered allmulticast mode [ 137.980749][T11656] veth0_vlan: left promiscuous mode [ 137.994589][T11656] veth0_vlan: entered promiscuous mode [ 138.036715][T11661] tipc: Enabled bearer , priority 0 [ 138.065471][T11661] tipc: Disabling bearer [ 138.206061][T11670] loop6: detected capacity change from 0 to 512 [ 138.235418][T11670] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349) [ 138.266624][T11670] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e01c, mo2=0002] [ 138.289202][T11670] System zones: 1-12 [ 138.301047][T11670] EXT4-fs (loop6): orphan cleanup on readonly fs [ 138.315294][T11670] EXT4-fs error (device loop6): ext4_read_inode_bitmap:167: comm syz.6.3143: Inode bitmap for bg 0 marked uninitialized [ 138.349868][T11670] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 138.386327][T10238] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.822882][T11685] loop2: detected capacity change from 0 to 1024 [ 138.860865][T11685] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.896963][T11685] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.3150: Allocating blocks 385-513 which overlap fs metadata [ 138.918602][T11685] EXT4-fs (loop2): pa ffff8881071bc9a0: logic 16, phys. 129, len 24 [ 138.926637][T11685] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 138.972654][T11685] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28 [ 138.985005][T11685] EXT4-fs (loop2): This should not happen!! Data will be lost [ 138.985005][T11685] [ 138.994666][T11685] EXT4-fs (loop2): Total free blocks count 0 [ 139.000673][T11685] EXT4-fs (loop2): Free/Dirty block details [ 139.006644][T11685] EXT4-fs (loop2): free_blocks=128 [ 139.011787][T11685] EXT4-fs (loop2): dirty_blocks=0 [ 139.016897][T11685] EXT4-fs (loop2): Block reservation details [ 139.023052][T11685] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 139.069076][T11703] netlink: 'syz.7.3156': attribute type 13 has an invalid length. [ 139.076912][T11703] netlink: 'syz.7.3156': attribute type 17 has an invalid length. [ 139.104097][T11703] gretap0: refused to change device tx_queue_len [ 139.110628][T11703] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 139.272972][T11723] loop7: detected capacity change from 0 to 764 [ 139.337629][T11728] loop3: detected capacity change from 0 to 512 [ 139.351966][T11728] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 139.378283][T11728] EXT4-fs (loop3): 1 truncate cleaned up [ 139.389774][T11728] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.599590][T11734] __nla_validate_parse: 9 callbacks suppressed [ 139.599604][T11734] netlink: 48 bytes leftover after parsing attributes in process `syz.7.3169'. [ 139.623117][T11731] ================================================================== [ 139.631286][T11731] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark [ 139.638418][T11731] [ 139.640737][T11731] write to 0xffff88811a02cf94 of 4 bytes by task 11728 on cpu 0: [ 139.648447][T11731] xas_set_mark+0x12b/0x140 [ 139.652974][T11731] __folio_start_writeback+0x1dd/0x440 [ 139.658438][T11731] ext4_bio_write_folio+0x5ad/0x9f0 [ 139.663637][T11731] mpage_process_page_bufs+0x4a1/0x620 [ 139.669106][T11731] mpage_prepare_extent_to_map+0x786/0xc00 [ 139.675251][T11731] ext4_do_writepages+0xa05/0x2750 [ 139.680408][T11731] ext4_writepages+0x176/0x300 [ 139.685179][T11731] do_writepages+0x1c6/0x310 [ 139.689789][T11731] filemap_write_and_wait_range+0x144/0x340 [ 139.695696][T11731] filemap_invalidate_pages+0xa4/0x1a0 [ 139.701146][T11731] kiocb_invalidate_pages+0x6e/0x80 [ 139.706337][T11731] __iomap_dio_rw+0x5d4/0x1250 [ 139.711098][T11731] iomap_dio_rw+0x40/0x90 [ 139.715476][T11731] ext4_file_write_iter+0xad9/0xf00 [ 139.720680][T11731] iter_file_splice_write+0x666/0xa60 [ 139.726057][T11731] direct_splice_actor+0x156/0x2a0 [ 139.731178][T11731] splice_direct_to_actor+0x312/0x680 [ 139.736550][T11731] do_splice_direct+0xda/0x150 [ 139.741312][T11731] do_sendfile+0x380/0x650 [ 139.745738][T11731] __x64_sys_sendfile64+0x105/0x150 [ 139.750937][T11731] x64_sys_call+0x2bb0/0x2ff0 [ 139.755605][T11731] do_syscall_64+0xd2/0x200 [ 139.760128][T11731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.766022][T11731] [ 139.768343][T11731] read to 0xffff88811a02cf94 of 4 bytes by task 11731 on cpu 1: [ 139.775964][T11731] xas_find_marked+0x5dc/0x620 [ 139.780737][T11731] find_get_entry+0x5d/0x380 [ 139.785326][T11731] filemap_get_folios_tag+0x92/0x210 [ 139.790619][T11731] mpage_prepare_extent_to_map+0x320/0xc00 [ 139.796437][T11731] ext4_do_writepages+0xa05/0x2750 [ 139.801568][T11731] ext4_writepages+0x176/0x300 [ 139.806342][T11731] do_writepages+0x1c6/0x310 [ 139.810942][T11731] file_write_and_wait_range+0x156/0x2c0 [ 139.816592][T11731] generic_buffers_fsync_noflush+0x45/0x120 [ 139.822496][T11731] ext4_sync_file+0x1ab/0x690 [ 139.827261][T11731] vfs_fsync_range+0x10a/0x130 [ 139.832032][T11731] ext4_buffered_write_iter+0x34f/0x3c0 [ 139.837590][T11731] ext4_file_write_iter+0xdbf/0xf00 [ 139.842823][T11731] iter_file_splice_write+0x666/0xa60 [ 139.848305][T11731] direct_splice_actor+0x156/0x2a0 [ 139.853472][T11731] splice_direct_to_actor+0x312/0x680 [ 139.858859][T11731] do_splice_direct+0xda/0x150 [ 139.863793][T11731] do_sendfile+0x380/0x650 [ 139.868401][T11731] __x64_sys_sendfile64+0x105/0x150 [ 139.873614][T11731] x64_sys_call+0x2bb0/0x2ff0 [ 139.878297][T11731] do_syscall_64+0xd2/0x200 [ 139.882818][T11731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.888750][T11731] [ 139.891072][T11731] value changed: 0x0a000021 -> 0x04000021 [ 139.896781][T11731] [ 139.899095][T11731] Reported by Kernel Concurrency Sanitizer on: [ 139.905343][T11731] CPU: 1 UID: 0 PID: 11731 Comm: syz.3.3167 Not tainted syzkaller #0 PREEMPT(voluntary) [ 139.915244][T11731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 139.925508][T11731] ================================================================== [ 140.245853][ T3309] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.