last executing test programs: 2.49973091s ago: executing program 4 (id=389): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x400, &(0x7f0000000680)={[{@rodir}, {@shortname_win95}, {@utf8}, {@fat=@dmask={'dmask', 0x3d, 0x1ec}}, {@numtail}, {@fat=@check_strict}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@shortname_mixed}, {@uni_xlateno}]}, 0x0, 0x27c, &(0x7f00000002c0)="$eJzs3EFrHGUYB/DHbG3SlHZzEEFBfNGLXpY2foJFWhAXlNgt6kGYmo0uGXfDzhJZEZuLePVzFI/eBPUL5CJevHsLguClB3GlO7t20241qUmzbX4/CO8zed8/8w6ZhGcCO3vvfv3J5kZR28j6sbCUYiFiJ25HrNypxp4ajwuj+mxM24lXz//xywvvvPf+m/VG48paSlfr115bTSldfPH7Tz//5qUf++evf3vxu8XYXflg7/fVX3ef3X1u769rH7eL1C5Sp9tPWbrR7fazG3krrbeLzVpKb+etrGildqdo9fbNb+Tdra1ByjrrF5a3eq2iSFlnkDZbg9Tvpn5vkLKPsnYn1Wq1dGE5TrczB1jTvLW2ltUfOD2sHOmOOHbnZn2z16tnlZmTzVuPYlMAwHz59/6/7PUf3P83rpej/v9xsbPv6D/6f54Id/r/5fHv7376fwAAAAAAAAAAAAAAeBzcHg6rw+GwOhknX4sRsRQRk+OT3ifHw8//dJv64N5SRP7VdnO7WY7lfH0j2pFHKy5FNf4c3Q9jZX31jcaVS2lkJX7Ib47zN7eblVic5CdWZucvl/m0P/90LE+ffzWq8czs/OrM/Nl45eWpfC2q8dOH0Y081kf39d38F5dTev2txj35c6N1AAAA8CSopX/c9/w+mh8tWIr758v8If4/cM/z9Zl4/iCvqAQAAAD+t2Lw2WaW562e4qiKSszFNhRlkR4m9VtEHCI1nIsrPdripP8yAQAAR+1u03+I0M9fHuOOAAAAAAAAAAAAAAAAAAAA4PQ56PvAJusf5nViU6ernMxVAgAAAAAAAAAAAAAAAAAAAAAAwHz4OwAA///1IirV") r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) accept4$unix(r0, 0x0, 0x0, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000002340)={0x28, 0x0, 0x0, @local}, 0x10) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="2800000014001901000000000000000228"], 0x28}}, 0x48c0) 2.39107015s ago: executing program 4 (id=392): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x17, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x0, 0xffffffff}) setrlimit(0x8, &(0x7f0000000080)) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r2, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) sendto$inet(r2, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 2.317747911s ago: executing program 4 (id=393): memfd_create(0x0, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) unshare(0x62040200) ioperm(0x0, 0xab49, 0x7) socket$unix(0x1, 0x5, 0x0) pipe2(&(0x7f0000000040), 0x0) syz_usbip_server_init(0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) 2.103381061s ago: executing program 0 (id=398): r0 = fsopen(&(0x7f0000000000)='pipefs\x00', 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x8400, 0x0) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r1, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) close_range(r0, 0xffffffffffffffff, 0x0) 1.870431543s ago: executing program 3 (id=404): unshare(0x22020600) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = socket$unix(0x1, 0x1, 0x0) connect$unix(r3, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 1.869231303s ago: executing program 0 (id=405): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r2}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r4}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x11, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.757626833s ago: executing program 0 (id=407): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x3, 0x80005, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa041, 0x0, 0x20000, 0xfffffffffffffffd, 0x7, 0x2, 0xd, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$xdp(0x2c, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) fsopen(&(0x7f0000000440)='cgroup2\x00', 0x0) pselect6(0x40, &(0x7f0000000280)={0x6, 0x7fffffffffffffff, 0x87, 0x8, 0x5, 0x0, 0x1000, 0xe1}, 0x0, &(0x7f00000004c0)={0x7ff, 0x4, 0x4, 0x0, 0x0, 0x3, 0x1, 0x4}, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 1.528967874s ago: executing program 4 (id=410): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffe, 0x2, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) r2 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 1.137901835s ago: executing program 1 (id=413): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000bf7c069300850000e27c00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b70400000000000085000000330000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) close(0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_subtree(r3, &(0x7f0000000080), 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[@ANYBLOB='+pids'], 0x6) 1.126457016s ago: executing program 1 (id=414): socketpair$nbd(0x1, 0x1, 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_mreqsrc(r0, 0x0, 0x53, 0x0, &(0x7f0000000040)) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000040)={{0x5, 0x4}, {0x5, 0xb7b}, 0x7}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) eventfd(0x82b) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local}) 1.065904406s ago: executing program 1 (id=416): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_DELETE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1c, r4, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}}, 0x40) 1.027906226s ago: executing program 1 (id=417): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4}, {0xe, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_BYTEMODE={0x8}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x3}]}}]}, 0x44}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3000010, &(0x7f0000000000), 0x3e, 0x523, &(0x7f0000000680)="$eJzs3d9rZFcdAPDvvclks7upSVWkFqzFKrtFd2bT2DaIaH3Rp4K6vseYTELITCZkJnUTik3xPxBBwSeffBH8A0Tpg3+AFBb0RXwQFUXsVh8EtVfunTs0P2aSSJOZbebzgZM55/76nnOHOXPvnZN7AxhbT0fESxExERHPRsRsOT0t01JeOOgu9/bDV1fylESW3ft7Ekk5rbetvDwZETe7q8R0RHz9KxHfSk7Gbe/tby43GvWdslzrNLdr7b39OxvN5fX6en1rYWH+hcUXF59fvJuV3lM753qZn3z5C7/8zLf/sPTX29/Jq/X5j0QljrXjInWbXin2RU++j3YuI9gITJTtqYy6IgAAnEt+jP/BiPhEcfw/GxPF0dwxE6OoGQAAAHBRsi/OxH+SiAwAAAC4stKImIkkrZZjAWYiTafKawMfjhtpo9XufHqttbu1ms+LmItKurbRqN8txwrPRSXJy/PlGNte+blj5YWIeDwivj97vShXV1qN1RFf+wAAAIBxcfPY+f8/Z9Mif7Y+/ycAAAAAPLrmBhYAAACAq+Icp/xTw6gHAAAAcHmOn/+73z8AAABcKV99+eU8Zb3nX6++sre72Xrlzmq9vVlt7q5UV1o729X1Vmu9uGdf86ztNVqt7c/G1u79Wqfe7tTae/tLzdbuVmdp48gjsAEAAIAhevzjb/w2iYiDz10vUpT3AQQ44k+jrgBwkQz1g/HlLt4wviqjrgAwcskZ8w3eAQCA979bHz35+3/vXn+uDcDVZqwPAIwfv//D+KoYAQhja7K8BvCBbvHaoOUG/v7/66PFX9wbtGCWRbw5e3iK64sAADBcM0VK0mp5HjATaVqtRjwWkc5FJVnbaNTvlucHv5mtXMvL88WayZljhgEAAAAAAAAAAAAAAAAAAAAAAACArixLIgMAAACutIj0L0nEwKcATiX/mo0/l4Uf3fvB/eVOZ2c+n/5W8SyvqYjo/LCc/tzAx4cBAAAAFy05GDire55evs4PtVYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjIG3H7660kvDjPu3L0XEXL/4kzFdvE5HJSJu/COJyUPrJRExcQHxD16PiCf6xU/inSx7Lcpa9It//ZLjzxW7pn/8NCJuXkB8GGdv5P3PS/0+f2k8Xbz2//xNlum9Gtz/pWXkJ4p+rl//89iJrTX7xnjywc9q3VzlZPzXI56c7N//9PrfZED8Z05s7d9Zlp2M/81v7O8Pan/244hbfb9/kiOxap3mdq29t39no7m8Xl+vby0szL+w+OLi84t3a2sbjXr5t2+M733s5+8Mip+3/0af+L//Xbf/Pa39nxy00WP+++D+ww91syfegDz+7Wf6fv9Ox4D4afnd96kyn8+/1csfdPOHPfXTN586rf2rA/b/We//7XO2/9mvffeP51wUABiC9t7+5nKjUd85JTN9jmXej5lfTT8S1fg/M9lr3Xdu4DJvPcgKo6/qqZn8aPXdKb1WPQIVO5QZzj68VhzPn3etqSG1faTdEgAAcAnePegfdU0AAAAAAAAAAAAAAAAAAABgfA3jVmrHYx6MpqkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKf6XwAAAP//lLLhYQ==") madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r0}}, './file1\x00'}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), r3) 957.008776ms ago: executing program 3 (id=418): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket(0x1e, 0x4, 0x0) r3 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r4 = dup3(r3, r2, 0x0) recvmmsg(r4, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_READ_FIXED={0x4, 0x8, 0x2007, @fd_index=0x2, 0xff, 0x2, 0x4, 0x2, 0x1, {0x3}}) 837.652187ms ago: executing program 0 (id=419): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xff, 0x7ffc1ffd}]}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000800)='./file0\x00', 0x10) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0xffffffff, 0x2}, {0x8009, 0x56}], 0xee01}, 0x18, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) 832.725187ms ago: executing program 2 (id=420): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x9, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket(0x40000000015, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = syz_io_uring_setup(0x1458, &(0x7f00000003c0)={0x0, 0x4, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100)=0x0, &(0x7f0000000340)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x37aea8e708e70634) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x20, 0x0, r3, 0x0, 0x0, 0x0, 0x12100, 0x1}) io_uring_enter(r0, 0x2d3e, 0xfffffffd, 0x0, 0x0, 0x0) 805.750587ms ago: executing program 3 (id=421): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000005}, 0x20000004) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f00000003c0)=[@in6={0xa, 0x4e23, 0x9, @empty}], 0x1c) sendto$inet6(r2, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000540)=ANY=[], 0xed) 765.166237ms ago: executing program 0 (id=422): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000000280), 0xfd, r0}, 0x38) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={0xffffffffffffffff, 0x53, 0xd, 0x9}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 756.067707ms ago: executing program 2 (id=423): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000200)=ANY=[@ANYRESHEX=0x0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000a40)='GPL\x00') syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) request_key(&(0x7f00000001c0)='asymmetric\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f0000000400)='^\'#/\x00', 0x0) 702.530487ms ago: executing program 3 (id=424): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = getpid() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r0) sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r3, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r1}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000400180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) 698.378237ms ago: executing program 2 (id=425): syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x208010, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000ac0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNOr+luF4fxy1J0TYYrT27jR5ND0+2Vdkd5df0sLXuRNbfuvDYbWgQq9cXEam7Bqrjfzj6YuPSteF45dOuNg5YV5VKpdLs9blwvgL8j2XR7RYA3VG+0Kf3v+Vxm6Yed4TLL9beAKW4rxVH7Ur/0trBQMP7204ajYgj5//9Mh3RiXUIAICb+D7Nf55tNv/L44G6cvcUeygjEXFvRGyLiPsiYntE3B9RLftgRDy0xvobd0hunP/kl24psFVK878Xir2t5fO/cvYXI31Fbms1/oHs6PG52X3Fc7I3BoZSfmKFOn54+ffPy/SGhmv18790pPrLuWDRjkv9DQt0M1OLU+3GXbr8ScTO/mbxZ1Fu42QRsSMidt5iHcef/npXq2s3j38FK+wzrVblq4inav1/PpbFf72rspb7kxPPH5o8OL4h5mb3jZd3xY1++e3CG63qbyv+Dkj9v6np/b+0CzySbYhYOHP2RHW/dmHtdVz487O6Mb1sdznFn38bseb7fzB7q5oeLM59OLW4eHoiYjB77cbzk9d/t8yX5VP8e/c0H//b6lr8cESkm3h3RDxSbOKmvnssIh6PiD0rxP/TS0+81+pa6/5fYVW+g1L8Mzfr/6jv/7Un+k78+N3a4y+l/j9QTe0tzqzm799qG9jOcwcAAAB3i7z6GfgsH1tK5/nYWO0z/NtjUz43v7D4zNH5D07N1D4rPxIDebnSNVy3HjpRrA2X+cmG/P5i3fiLvo3V/Nj0/NxMt4OHHre5xfhP/urrduuAddeBfTTgLmX8Q+8y/qF3Gf/Qu4x/6F3Nxv/HXWgHcPt5/YfeZfxD7zL+oXcZ/9CTWn43Pm/rK/9dTpT/O+FOaU+XEhvXs4rIux9gTyT61/s2Hmp6qct/mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrkvwAAAP//ZWPiyA==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f00000000c0), 0x12) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000140), 0xfcb8) mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x1304c24, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) 526.554238ms ago: executing program 0 (id=426): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f0000000280)=0x8000, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x2000000080002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x100000000000000, 0x80, &(0x7f00000001c0)=@broute={'broute\x00', 0x4000, 0x0, 0x90, [], 0x2, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000215d1f6bc0e8fbb3d000"/144]}, 0x108) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x8, &(0x7f0000000240)) io_uring_enter(0xffffffffffffffff, 0x47f9, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x37dc12502000000, &(0x7f00000000c0)={0x0, 0x989680}, 0x0) 522.302538ms ago: executing program 4 (id=427): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r2, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000280)}, 0x20) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r3, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f0000000380)}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000008000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}}, 0x0) 471.424268ms ago: executing program 4 (id=428): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f00000000c0)={[{@data_err_ignore}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f0000004200)='t', 0x1) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r1, 0x8983, &(0x7f0000000500)) getresgid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000100)) getgid() getgroups(0x2, &(0x7f0000000140)=[0xffffffffffffffff, 0xffffffffffffffff]) 442.827148ms ago: executing program 2 (id=429): sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a0101"], 0x57) setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f00000008c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88) 325.968689ms ago: executing program 1 (id=430): creat(&(0x7f0000000100)='./file0\x00', 0x3) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x4, 0x590, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xc}, 0x11442, 0x5, 0x0, 0x1, 0x9, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x204004, &(0x7f00000004c0)={[{@dioread_nolock}, {@i_version}, {@nolazytime}, {}]}, 0x1, 0x783, &(0x7f0000002200)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR") r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x141842, 0x0) pwrite64(r1, &(0x7f00000007c0)='c', 0xfdef, 0xfecc) r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) sendfile(r2, r2, 0x0, 0x800000009) 179.268239ms ago: executing program 2 (id=431): bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="00000000010000007f4e980d0000000000000000", @ANYRESDEC, @ANYRES32], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) socket$key(0xf, 0x3, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4) syz_clone3(&(0x7f0000000680)={0x2080, &(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000400), {0x30}, &(0x7f0000000540)=""/132, 0x84, &(0x7f0000000600)=""/69, &(0x7f0000000440)=[0x0, 0x0], 0x2}, 0x58) r1 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') close(r1) 88.6431ms ago: executing program 3 (id=432): r0 = perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x7, 0x6056e, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x9}, 0x100, 0x1, 0x0, 0x1, 0xc, 0x2, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r0, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_io_uring_setup(0x2e3b, 0x0, 0x0, &(0x7f0000000300)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 59.81316ms ago: executing program 2 (id=433): syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x100c404, &(0x7f0000000600)={[{@dots}, {@fat=@gid={'gid', 0x3d, 0xee01}}, {@nodots}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@fat=@time_offset={'time_offset', 0x3d, 0x2d8}}, {@dots}, {@nodots}, {@nodots}, {@fat=@errors_remount}, {@dots}, {@dots}, {@dots}, {@fat=@quiet}, {@fat=@nfs_stale_rw}, {@dots}, {@fat=@check_strict}, {@nodots}, {@fat=@showexec}, {@nodots}, {@dots}, {@fat=@gid}, {@dots}]}, 0xfd, 0x1f0, &(0x7f0000000240)="$eJzs3cFqE1EUANCbmiYTcdGdIAgjLnRV1C+oSAUxIFSy0J2gK7NqN6mb9jP8Bf/LD5CuspEncSadGNMYBjKj9ZxN7uS+l/fuDJlkk5sUha+3P0eWdWLnIA5i2om92Im58wAArpNpSvEtFdreCwDQjA0+/783vCUAYMtev3n78ulweHiU51nExflkNBkVj0X++Yvh4aP8p71q1sVkMrpxmX+cL393mOV342aZf1LMzy/TvYgY9eLh/SI/yz17Ncx/nd+P91uuHQAAAAAAAAAAAAAAAAAAAAAA2nI38rmV/X3295fzgzJfHC30B1rq39ONO93ysGoPlM6aKAoAAAAAAAAAAAAAAAAAAAD+MSennz6+G48/HFdBPyIWn+muGHN10ClfeKPB7Qc7UW/6oCyzxqKd8hRtt8DB6ou7SRDdv+Xq1A3yBtYarD29Kc2C1e+CeVuMK6f3ImL96g+O6m5+mlIaf7l3fHIaae3g6h7Rb/SOBAAAAAAAAAAAAAAAAAAA/6+FX33/JmtjQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQgur//2sEZxFxK/44eL7WbmTtFgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC19SMAAP//j3Mj5w==") r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00', r0}, 0x18) syz_io_uring_setup(0x496, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x0, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40018}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x18) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0xfffffffffffffd91, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x8004) 47.29175ms ago: executing program 1 (id=434): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) open(0x0, 0x145142, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r0, 0x400, 0x1) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffed]}, 0x0, 0x8) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0xfffffffffffffff5]}, 0x8, 0x80000) ppoll(&(0x7f0000000080)=[{r1, 0x8080}], 0x1, 0x0, 0x0, 0x0) open(&(0x7f0000000080)='./file1\x00', 0x4040, 0xdc) flock(0xffffffffffffffff, 0x2) timer_delete(0x0) 0s ago: executing program 3 (id=435): r0 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x157]}, 0x8) r1 = syz_io_uring_setup(0x6937, &(0x7f0000000300)={0x0, 0x125a, 0x10100, 0xfffffffe, 0x100000, 0x0, r0}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r0, 0x0, 0x0, 0x0, 0x0, 0x0, {0xfffe}}) io_uring_enter(r1, 0x44fd, 0x3, 0x1, 0x0, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) io_uring_register$IORING_REGISTER_NAPI(r1, 0x1b, &(0x7f0000000080)={0x1, 0x9}, 0x1) r5 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r5, 0x0) accept4(r5, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.159' (ED25519) to the list of known hosts. [ 25.345975][ T29] audit: type=1400 audit(1749009865.840:62): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.346610][ T3305] cgroup: Unknown subsys name 'net' [ 25.368785][ T29] audit: type=1400 audit(1749009865.840:63): avc: denied { mount } for pid=3305 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.396170][ T29] audit: type=1400 audit(1749009865.870:64): avc: denied { unmount } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.594453][ T3305] cgroup: Unknown subsys name 'cpuset' [ 25.600557][ T3305] cgroup: Unknown subsys name 'rlimit' [ 25.748795][ T29] audit: type=1400 audit(1749009866.240:65): avc: denied { setattr } for pid=3305 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.774728][ T29] audit: type=1400 audit(1749009866.240:66): avc: denied { create } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.795356][ T29] audit: type=1400 audit(1749009866.240:67): avc: denied { write } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.815719][ T29] audit: type=1400 audit(1749009866.240:68): avc: denied { read } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.822714][ T3308] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 25.836153][ T29] audit: type=1400 audit(1749009866.250:69): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.869593][ T29] audit: type=1400 audit(1749009866.250:70): avc: denied { mount } for pid=3305 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 25.892940][ T29] audit: type=1400 audit(1749009866.340:71): avc: denied { relabelto } for pid=3308 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.929830][ T3305] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.048806][ T3318] chnl_net:caif_netlink_parms(): no params data found [ 27.095113][ T3315] chnl_net:caif_netlink_parms(): no params data found [ 27.119260][ T3316] chnl_net:caif_netlink_parms(): no params data found [ 27.143535][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 27.152102][ T3318] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.159245][ T3318] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.166757][ T3318] bridge_slave_0: entered allmulticast mode [ 27.173069][ T3318] bridge_slave_0: entered promiscuous mode [ 27.192393][ T3318] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.199553][ T3318] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.207195][ T3318] bridge_slave_1: entered allmulticast mode [ 27.213635][ T3318] bridge_slave_1: entered promiscuous mode [ 27.257526][ T3321] chnl_net:caif_netlink_parms(): no params data found [ 27.267926][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.275250][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.282567][ T3315] bridge_slave_0: entered allmulticast mode [ 27.288827][ T3315] bridge_slave_0: entered promiscuous mode [ 27.296261][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.305369][ T3315] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.312484][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.319739][ T3315] bridge_slave_1: entered allmulticast mode [ 27.326058][ T3315] bridge_slave_1: entered promiscuous mode [ 27.343189][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.369686][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.376796][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.384175][ T3317] bridge_slave_0: entered allmulticast mode [ 27.390711][ T3317] bridge_slave_0: entered promiscuous mode [ 27.417006][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.424181][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.431626][ T3317] bridge_slave_1: entered allmulticast mode [ 27.438122][ T3317] bridge_slave_1: entered promiscuous mode [ 27.444889][ T3318] team0: Port device team_slave_0 added [ 27.456282][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.467712][ T3316] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.474953][ T3316] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.482060][ T3316] bridge_slave_0: entered allmulticast mode [ 27.488631][ T3316] bridge_slave_0: entered promiscuous mode [ 27.495259][ T3316] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.502276][ T3316] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.509515][ T3316] bridge_slave_1: entered allmulticast mode [ 27.515972][ T3316] bridge_slave_1: entered promiscuous mode [ 27.522722][ T3318] team0: Port device team_slave_1 added [ 27.534069][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.558758][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.576286][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.590569][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.614073][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.623336][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.630402][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.656530][ T3318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.672358][ T3315] team0: Port device team_slave_0 added [ 27.678795][ T3315] team0: Port device team_slave_1 added [ 27.688657][ T3321] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.695787][ T3321] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.702979][ T3321] bridge_slave_0: entered allmulticast mode [ 27.709348][ T3321] bridge_slave_0: entered promiscuous mode [ 27.723315][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.730331][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.756549][ T3318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.767947][ T3317] team0: Port device team_slave_0 added [ 27.779879][ T3321] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.787082][ T3321] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.794253][ T3321] bridge_slave_1: entered allmulticast mode [ 27.800596][ T3321] bridge_slave_1: entered promiscuous mode [ 27.807303][ T3316] team0: Port device team_slave_0 added [ 27.819140][ T3317] team0: Port device team_slave_1 added [ 27.829811][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.836792][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.862708][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.874504][ T3316] team0: Port device team_slave_1 added [ 27.889466][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.896507][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.922424][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.938825][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.965243][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.975300][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.982242][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.008204][ T3316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.019236][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.026229][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.052351][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.081578][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.088583][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.114538][ T3316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.125446][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.132397][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.158370][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.170879][ T3318] hsr_slave_0: entered promiscuous mode [ 28.178322][ T3318] hsr_slave_1: entered promiscuous mode [ 28.199843][ T3321] team0: Port device team_slave_0 added [ 28.207387][ T3315] hsr_slave_0: entered promiscuous mode [ 28.213275][ T3315] hsr_slave_1: entered promiscuous mode [ 28.219066][ T3315] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 28.226723][ T3315] Cannot create hsr debugfs directory [ 28.245608][ T3321] team0: Port device team_slave_1 added [ 28.260454][ T3316] hsr_slave_0: entered promiscuous mode [ 28.266607][ T3316] hsr_slave_1: entered promiscuous mode [ 28.272438][ T3316] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 28.280292][ T3316] Cannot create hsr debugfs directory [ 28.309150][ T3317] hsr_slave_0: entered promiscuous mode [ 28.315942][ T3317] hsr_slave_1: entered promiscuous mode [ 28.321777][ T3317] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 28.329376][ T3317] Cannot create hsr debugfs directory [ 28.335291][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.342237][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.368148][ T3321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.381341][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.388354][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.414342][ T3321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.505200][ T3321] hsr_slave_0: entered promiscuous mode [ 28.511356][ T3321] hsr_slave_1: entered promiscuous mode [ 28.517137][ T3321] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 28.524874][ T3321] Cannot create hsr debugfs directory [ 28.618233][ T3318] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 28.626497][ T3318] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 28.647826][ T3318] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 28.664866][ T3318] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 28.684928][ T3316] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 28.694265][ T3316] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 28.714908][ T3315] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 28.723392][ T3316] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 28.733091][ T3315] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 28.741732][ T3316] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 28.753420][ T3315] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 28.773998][ T3315] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 28.792086][ T3317] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 28.801138][ T3317] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 28.816127][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.826381][ T3317] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 28.846051][ T3317] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 28.859243][ T3321] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 28.874057][ T3321] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 28.886577][ T3321] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 28.898032][ T3318] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.906978][ T3321] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 28.921202][ T2703] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.928336][ T2703] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.944471][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.951712][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.995555][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.006514][ T3315] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.040581][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.049479][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.056602][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.073150][ T3318] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.087358][ T55] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.094466][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.113204][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.122497][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.140760][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.147920][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.169257][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.177723][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.184900][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.199458][ T3317] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.209826][ T3317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.225477][ T3316] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.237739][ T3315] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.267226][ T3321] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.276705][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.283801][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.301287][ T3318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.310129][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.317383][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.351033][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.360317][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.367473][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.377048][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.384328][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.401357][ T3321] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.411961][ T3321] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.438499][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.552419][ T3321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.607158][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.625743][ T3317] veth0_vlan: entered promiscuous mode [ 29.640459][ T3315] veth0_vlan: entered promiscuous mode [ 29.652514][ T3317] veth1_vlan: entered promiscuous mode [ 29.677332][ T3315] veth1_vlan: entered promiscuous mode [ 29.692776][ T3317] veth0_macvtap: entered promiscuous mode [ 29.702939][ T3317] veth1_macvtap: entered promiscuous mode [ 29.715232][ T3318] veth0_vlan: entered promiscuous mode [ 29.738030][ T3318] veth1_vlan: entered promiscuous mode [ 29.760133][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.778612][ T3321] veth0_vlan: entered promiscuous mode [ 29.786351][ T3315] veth0_macvtap: entered promiscuous mode [ 29.797214][ T3316] veth0_vlan: entered promiscuous mode [ 29.807322][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.817515][ T3315] veth1_macvtap: entered promiscuous mode [ 29.826149][ T3316] veth1_vlan: entered promiscuous mode [ 29.832717][ T3321] veth1_vlan: entered promiscuous mode [ 29.841152][ T3317] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.850132][ T3317] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.858881][ T3317] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.867739][ T3317] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.882405][ T3318] veth0_macvtap: entered promiscuous mode [ 29.899953][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.911460][ T3318] veth1_macvtap: entered promiscuous mode [ 29.922850][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.940994][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.951646][ T3315] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.960731][ T3315] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.969815][ T3315] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.978627][ T3315] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.990769][ T3317] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 29.995317][ T3316] veth0_macvtap: entered promiscuous mode [ 30.013692][ T3316] veth1_macvtap: entered promiscuous mode [ 30.024791][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.036735][ T3321] veth0_macvtap: entered promiscuous mode [ 30.052115][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.060927][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.069269][ T3318] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.078147][ T3318] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.086913][ T3318] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.095990][ T3318] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.117044][ T3316] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.125899][ T3316] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.134692][ T3316] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.143457][ T3316] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.154017][ T3321] veth1_macvtap: entered promiscuous mode [ 30.191766][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.220677][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.236464][ C0] hrtimer: interrupt took 44383 ns [ 30.252035][ T3321] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.260980][ T3321] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.269852][ T3321] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.278640][ T3321] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.361014][ T29] kauditd_printk_skb: 32 callbacks suppressed [ 30.361032][ T29] audit: type=1400 audit(1749009870.850:104): avc: denied { map } for pid=3468 comm="syz.0.7" path="socket:[5148]" dev="sockfs" ino=5148 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 30.416715][ T3457] sd 0:0:1:0: device reset [ 30.426667][ T29] audit: type=1400 audit(1749009870.890:105): avc: denied { read } for pid=3456 comm="syz.3.6" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 30.450455][ T29] audit: type=1400 audit(1749009870.890:106): avc: denied { open } for pid=3456 comm="syz.3.6" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 30.474737][ T29] audit: type=1400 audit(1749009870.910:107): avc: denied { ioctl } for pid=3456 comm="syz.3.6" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x2284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 30.511337][ T3472] loop0: detected capacity change from 0 to 128 [ 30.531791][ T29] audit: type=1400 audit(1749009871.020:108): avc: denied { create } for pid=3473 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 30.597772][ T29] audit: type=1400 audit(1749009871.030:109): avc: denied { mount } for pid=3471 comm="syz.0.8" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 30.620001][ T29] audit: type=1400 audit(1749009871.040:110): avc: denied { write } for pid=3473 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 30.639957][ T29] audit: type=1400 audit(1749009871.040:111): avc: denied { nlmsg_write } for pid=3473 comm="syz.1.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 30.660614][ T29] audit: type=1400 audit(1749009871.050:112): avc: denied { unmount } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 30.680682][ T29] audit: type=1400 audit(1749009871.090:113): avc: denied { create } for pid=3475 comm="syz.0.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 30.700891][ T23] af_packet: tpacket_rcv: packet too big, clamped from 96 to 4294967272. macoff=96 [ 30.750610][ T3485] tipc: Enabling of bearer rejected, failed to enable media [ 30.759895][ T3480] hub 8-0:1.0: USB hub found [ 30.764995][ T3480] hub 8-0:1.0: 8 ports detected [ 30.787224][ T3478] 9pnet: p9_errstr2errno: server reported unknown error 1844674407 [ 30.902204][ T3494] veth0: entered promiscuous mode [ 30.924393][ T3494] veth0: left promiscuous mode [ 30.975867][ T3502] syz.3.22 uses obsolete (PF_INET,SOCK_PACKET) [ 31.003223][ T3500] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 31.162562][ T3526] netlink: 'syz.2.25': attribute type 13 has an invalid length. [ 31.170558][ T3526] netlink: 64 bytes leftover after parsing attributes in process `syz.2.25'. [ 31.249961][ T3528] netlink: 44 bytes leftover after parsing attributes in process `syz.1.29'. [ 31.259064][ T3528] netlink: 4 bytes leftover after parsing attributes in process `syz.1.29'. [ 31.326974][ T3533] netlink: 24 bytes leftover after parsing attributes in process `syz.4.32'. [ 31.329973][ T3534] loop3: detected capacity change from 0 to 512 [ 31.365631][ T3534] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 31.425913][ T3541] loop1: detected capacity change from 0 to 256 [ 31.498770][ T3534] EXT4-fs error (device loop3): ext4_orphan_get:1419: comm syz.3.31: bad orphan inode 15 [ 31.516420][ T3534] ext4_test_bit(bit=14, block=18) = 1 [ 31.522621][ T3534] is_bad_inode(inode)=0 [ 31.526831][ T3534] NEXT_ORPHAN(inode)=1023 [ 31.531200][ T3534] max_ino=32 [ 31.531423][ T3547] loop1: detected capacity change from 0 to 2048 [ 31.534417][ T3534] i_nlink=0 [ 31.536203][ T3534] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none. [ 31.585364][ T3547] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 31.598005][ T3534] ext2 filesystem being mounted at /8/éq‰Y’3aK supports timestamps until 2038-01-19 (0x7fffffff) [ 31.610366][ T3547] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 31.639555][ T3547] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 31.651997][ T3547] EXT4-fs (loop1): This should not happen!! Data will be lost [ 31.651997][ T3547] [ 31.661808][ T3547] EXT4-fs (loop1): Total free blocks count 0 [ 31.667922][ T3547] EXT4-fs (loop1): Free/Dirty block details [ 31.673858][ T3547] EXT4-fs (loop1): free_blocks=2415919104 [ 31.679731][ T3547] EXT4-fs (loop1): dirty_blocks=16 [ 31.684914][ T3547] EXT4-fs (loop1): Block reservation details [ 31.690926][ T3547] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 31.708603][ T3547] syz.1.38 (3547) used greatest stack depth: 9784 bytes left [ 31.728846][ T41] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 28 [ 31.899379][ T3567] loop1: detected capacity change from 0 to 1024 [ 31.907039][ T3567] ======================================================= [ 31.907039][ T3567] WARNING: The mand mount option has been deprecated and [ 31.907039][ T3567] and is ignored by this kernel. Remove the mand [ 31.907039][ T3567] option from the mount to silence this warning. [ 31.907039][ T3567] ======================================================= [ 31.976471][ T3571] netlink: 'syz.2.47': attribute type 4 has an invalid length. [ 31.987197][ T3567] EXT4-fs (loop1): inodes count not valid: 32 vs 1312 [ 32.001038][ T3571] netlink: 'syz.2.47': attribute type 4 has an invalid length. [ 32.263405][ T3582] loop0: detected capacity change from 0 to 512 [ 32.273405][ T3582] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 32.308583][ T3582] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.324616][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0009-000000000000. [ 32.344967][ T3582] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.423559][ T3595] loop4: detected capacity change from 0 to 512 [ 32.480838][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.526334][ T3595] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.568177][ T3595] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.584689][ T3603] loop3: detected capacity change from 0 to 512 [ 32.621618][ T3603] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.670418][ T3603] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 32.708788][ T3595] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.57: corrupted inode contents [ 32.754689][ T3595] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.57: mark_inode_dirty error [ 32.778691][ T3595] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.57: corrupted inode contents [ 32.779126][ T3608] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.807380][ T3595] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.57: mark_inode_dirty error [ 32.834446][ T3595] EXT4-fs error (device loop4): ext4_lookup:1784: inode #18: comm syz.4.57: 'file0' linked to parent dir [ 32.897572][ T3608] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.912050][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.949218][ T3595] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 32.969314][ T3608] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.980247][ T3595] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 33.013373][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.027205][ T3608] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.177839][ T3608] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.190098][ T3608] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.207835][ T3608] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.276378][ T3608] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.304929][ T3632] loop2: detected capacity change from 0 to 512 [ 33.326827][ T3637] loop3: detected capacity change from 0 to 512 [ 33.373614][ T3632] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 33.379901][ T3637] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 33.400884][ T3637] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.71: invalid indirect mapped block 4294967295 (level 1) [ 33.416627][ T3632] EXT4-fs (loop2): mount failed [ 33.426324][ T3637] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.71: invalid indirect mapped block 4294967295 (level 1) [ 33.506488][ T3637] EXT4-fs (loop3): 2 truncates cleaned up [ 33.531613][ T3637] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.574039][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.599306][ T3656] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=3656 comm=syz.1.76 [ 33.605141][ T3391] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 33.642490][ T3391] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 33.961039][ T3685] loop3: detected capacity change from 0 to 512 [ 33.968163][ T3685] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 33.978083][ T3685] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.91: invalid block [ 33.978348][ T3679] SELinux: failed to load policy [ 33.995725][ T3685] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.91: invalid indirect mapped block 4294967295 (level 1) [ 34.011582][ T3681] capability: warning: `syz.0.88' uses 32-bit capabilities (legacy support in use) [ 34.044078][ T3685] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.91: invalid indirect mapped block 4294967295 (level 1) [ 34.060087][ T3685] EXT4-fs (loop3): 2 truncates cleaned up [ 34.075839][ T3685] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.179927][ T3693] EXT4-fs error (device loop3): ext4_inlinedir_to_tree:1340: inode #12: block 7: comm syz.3.91: path /14/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0 [ 34.287780][ T3691] loop0: detected capacity change from 0 to 1024 [ 34.296303][ T3691] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 34.521236][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.812710][ T3705] netlink: 32 bytes leftover after parsing attributes in process `syz.1.98'. [ 35.364059][ T29] kauditd_printk_skb: 249 callbacks suppressed [ 35.364076][ T29] audit: type=1326 audit(1749009875.860:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3719 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fec25e969 code=0x7ffc0000 [ 35.411506][ T29] audit: type=1326 audit(1749009875.890:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3719 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fec25e969 code=0x7ffc0000 [ 35.435172][ T29] audit: type=1326 audit(1749009875.890:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3719 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fec25e969 code=0x7ffc0000 [ 35.458678][ T29] audit: type=1326 audit(1749009875.890:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3719 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fec25e969 code=0x7ffc0000 [ 35.482746][ T29] audit: type=1326 audit(1749009875.890:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3719 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fec25e969 code=0x7ffc0000 [ 35.506337][ T29] audit: type=1326 audit(1749009875.890:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3719 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fec25e969 code=0x7ffc0000 [ 35.529846][ T29] audit: type=1326 audit(1749009875.890:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3719 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fec25e969 code=0x7ffc0000 [ 35.553259][ T29] audit: type=1326 audit(1749009875.890:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3719 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7f2fec25e969 code=0x7ffc0000 [ 35.576559][ T29] audit: type=1326 audit(1749009875.890:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3719 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fec25e969 code=0x7ffc0000 [ 35.601271][ T29] audit: type=1400 audit(1749009876.080:371): avc: denied { setopt } for pid=3724 comm="syz.1.105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 35.739269][ T3736] netlink: 2036 bytes leftover after parsing attributes in process `syz.1.107'. [ 35.748596][ T3736] netlink: 24 bytes leftover after parsing attributes in process `syz.1.107'. [ 35.841094][ T3742] loop2: detected capacity change from 0 to 164 [ 35.848384][ T3742] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 35.886997][ T3747] random: crng reseeded on system resumption [ 36.038953][ T3755] SELinux: Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped). [ 36.659425][ T3769] loop1: detected capacity change from 0 to 512 [ 36.681929][ T3769] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 36.707765][ T3769] EXT4-fs (loop1): 1 orphan inode deleted [ 36.714252][ T3769] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.727349][ T3769] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 36.740001][ T55] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 1 [ 36.762191][ T3769] 9pnet: p9_errstr2errno: server reported unknown error [ 36.817689][ T3778] 9pnet: p9_errstr2errno: server reported unknown error [ 36.857824][ T3782] netlink: 20 bytes leftover after parsing attributes in process `syz.3.125'. [ 36.906761][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.956292][ T3793] loop1: detected capacity change from 0 to 1024 [ 36.986837][ T3793] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.055332][ T3793] ext4 filesystem being mounted at /30/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 37.106012][ T3793] EXT4-fs error (device loop1): ext4_map_blocks:816: inode #15: block 3: comm syz.1.129: lblock 3 mapped to illegal pblock 3 (length 1) [ 37.120530][ T3793] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 37.132955][ T3793] EXT4-fs (loop1): This should not happen!! Data will be lost [ 37.132955][ T3793] [ 37.198087][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.229773][ T3807] loop1: detected capacity change from 0 to 512 [ 37.278265][ T3807] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.298562][ T3807] ext4 filesystem being mounted at /31/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 37.592974][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.609605][ T3786] syz.2.126 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 37.623802][ T3786] CPU: 0 UID: 0 PID: 3786 Comm: syz.2.126 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(voluntary) [ 37.623834][ T3786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 37.623848][ T3786] Call Trace: [ 37.623856][ T3786] [ 37.623871][ T3786] __dump_stack+0x1d/0x30 [ 37.623896][ T3786] dump_stack_lvl+0xe8/0x140 [ 37.623988][ T3786] dump_stack+0x15/0x1b [ 37.624004][ T3786] dump_header+0x81/0x220 [ 37.624054][ T3786] oom_kill_process+0x334/0x3f0 [ 37.624096][ T3786] out_of_memory+0x979/0xb80 [ 37.624135][ T3786] try_charge_memcg+0x5e6/0x9e0 [ 37.624168][ T3786] obj_cgroup_charge_pages+0xa6/0x150 [ 37.624306][ T3786] __memcg_kmem_charge_page+0x9f/0x170 [ 37.624337][ T3786] __alloc_frozen_pages_noprof+0x188/0x360 [ 37.624426][ T3786] alloc_pages_mpol+0xb3/0x250 [ 37.624460][ T3786] alloc_pages_noprof+0x90/0x130 [ 37.624487][ T3786] __vmalloc_node_range_noprof+0x6f2/0xe00 [ 37.624594][ T3786] __kvmalloc_node_noprof+0x312/0x4f0 [ 37.624629][ T3786] ? ip_set_alloc+0x1f/0x30 [ 37.624651][ T3786] ? ip_set_alloc+0x1f/0x30 [ 37.624695][ T3786] ? __kmalloc_cache_noprof+0x189/0x320 [ 37.624773][ T3786] ip_set_alloc+0x1f/0x30 [ 37.624795][ T3786] hash_netiface_create+0x282/0x740 [ 37.624827][ T3786] ? __pfx_hash_netiface_create+0x10/0x10 [ 37.624925][ T3786] ip_set_create+0x3c9/0x960 [ 37.624957][ T3786] ? __nla_parse+0x40/0x60 [ 37.624982][ T3786] nfnetlink_rcv_msg+0x4c6/0x590 [ 37.625021][ T3786] ? selinux_capable+0x1f9/0x270 [ 37.625067][ T3786] netlink_rcv_skb+0x123/0x220 [ 37.625106][ T3786] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 37.625215][ T3786] nfnetlink_rcv+0x16b/0x1690 [ 37.625239][ T3786] ? __kfree_skb+0x109/0x150 [ 37.625268][ T3786] ? nlmon_xmit+0x4f/0x60 [ 37.625294][ T3786] ? consume_skb+0x49/0x150 [ 37.625343][ T3786] ? nlmon_xmit+0x4f/0x60 [ 37.625364][ T3786] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 37.625419][ T3786] ? __dev_queue_xmit+0x11c0/0x1fb0 [ 37.625450][ T3786] ? __dev_queue_xmit+0x182/0x1fb0 [ 37.625482][ T3786] ? ref_tracker_free+0x37d/0x3e0 [ 37.625524][ T3786] ? __netlink_deliver_tap+0x4dc/0x500 [ 37.625584][ T3786] netlink_unicast+0x59e/0x670 [ 37.625614][ T3786] netlink_sendmsg+0x58b/0x6b0 [ 37.625711][ T3786] ? __pfx_netlink_sendmsg+0x10/0x10 [ 37.625744][ T3786] __sock_sendmsg+0x145/0x180 [ 37.625767][ T3786] ____sys_sendmsg+0x31e/0x4e0 [ 37.625906][ T3786] ___sys_sendmsg+0x17b/0x1d0 [ 37.625950][ T3786] __x64_sys_sendmsg+0xd4/0x160 [ 37.626034][ T3786] x64_sys_call+0x2999/0x2fb0 [ 37.626054][ T3786] do_syscall_64+0xd2/0x200 [ 37.626156][ T3786] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 37.626198][ T3786] ? clear_bhb_loop+0x40/0x90 [ 37.626221][ T3786] ? clear_bhb_loop+0x40/0x90 [ 37.626245][ T3786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 37.626265][ T3786] RIP: 0033:0x7f7209a3e969 [ 37.626314][ T3786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 37.626331][ T3786] RSP: 002b:00007f72080a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 37.626350][ T3786] RAX: ffffffffffffffda RBX: 00007f7209c65fa0 RCX: 00007f7209a3e969 [ 37.626363][ T3786] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006 [ 37.626377][ T3786] RBP: 00007f7209ac0ab1 R08: 0000000000000000 R09: 0000000000000000 [ 37.626391][ T3786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 37.626429][ T3786] R13: 0000000000000000 R14: 00007f7209c65fa0 R15: 00007ffcf9ebb4d8 [ 37.626493][ T3786] [ 37.972672][ T3786] memory: usage 307200kB, limit 307200kB, failcnt 205 [ 37.979524][ T3786] memory+swap: usage 307392kB, limit 9007199254740988kB, failcnt 0 [ 37.987580][ T3786] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 37.995020][ T3786] Memory cgroup stats for /syz2: [ 38.000709][ T3786] cache 0 [ 38.008705][ T3786] rss 0 [ 38.011489][ T3786] shmem 0 [ 38.014491][ T3786] mapped_file 0 [ 38.017998][ T3786] dirty 0 [ 38.020957][ T3786] writeback 0 [ 38.024288][ T3786] workingset_refault_anon 44 [ 38.028924][ T3786] workingset_refault_file 64 [ 38.033532][ T3786] swap 196608 [ 38.036938][ T3786] swapcached 0 [ 38.040459][ T3786] nr_memmap_boot_pages 23380 [ 38.045086][ T3786] pgpgin 23380 [ 38.048474][ T3786] pglazyfree 26213 [ 38.052295][ T3786] pgfault 22 [ 38.055565][ T3786] a_other 0 [ 38.058732][ T3786] inactive_anon 0 [ 38.062488][ T3786] active_anon 0 [ 38.066044][ T3786] inactive_file 0 [ 38.069702][ T3786] active_file 0 [ 38.073219][ T3786] hierarchical_memory_limit 314572800 [ 38.078657][ T3786] hierarchical_memsw_limit 9223372036854771712 [ 38.084997][ T3786] total_cache 0 [ 38.088477][ T3786] total_rss 0 [ 38.091779][ T3786] total_shmem 0 [ 38.095292][ T3786] total_mapped_file 0 [ 38.099300][ T3786] total_dirty 0 [ 38.102951][ T3786] total_writeback 0 [ 38.106824][ T3786] total_workingset_refault_anon 44 [ 38.111964][ T3786] total_workingset_refault_file 64 [ 38.117177][ T3786] total_swap 196608 [ 38.121002][ T3786] total_swapcached 0 [ 38.124949][ T3786] total_nr_memmap_boot_pages 23380 [ 38.130075][ T3786] total_pgpgin 23380 [ 38.134027][ T3786] total_pglazyfree 26213 [ 38.138376][ T3786] total_pgfault 22 [ 38.142124][ T3786] total_a_other 0 [ 38.145922][ T3786] total_inactive_anon 0 [ 38.150106][ T3786] total_active_anon 0 [ 38.154305][ T3786] total_inactive_file 0 [ 38.158521][ T3786] total_active_file 0 [ 38.162630][ T3786] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.126,pid=3784,uid=0 [ 38.164697][ T3814] netlink: 112 bytes leftover after parsing attributes in process `syz.1.137'. [ 38.177439][ T3786] Memory cgroup out of memory: Killed process 3784 (syz.2.126) total-vm:95796kB, anon-rss:936kB, file-rss:22372kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 38.273169][ T3824] loop0: detected capacity change from 0 to 1024 [ 38.295969][ T3824] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.311808][ T3784] syz.2.126 (3784) used greatest stack depth: 9688 bytes left [ 38.321620][ T3826] netlink: 'syz.4.142': attribute type 10 has an invalid length. [ 38.330143][ T3826] syz_tun: entered promiscuous mode [ 38.339077][ T3826] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 38.355421][ T3824] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.141: Allocating blocks 497-513 which overlap fs metadata [ 38.387207][ T3823] EXT4-fs (loop0): pa ffff888106da4000: logic 128, phys. 273, len 15 [ 38.395521][ T3823] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 38.419225][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.442050][ T3831] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 38.466617][ T3836] loop0: detected capacity change from 0 to 512 [ 38.488554][ T3836] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 38.496564][ T3836] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842c01c, mo2=0002] [ 38.523929][ T3836] System zones: 1-12 [ 38.528120][ T3836] EXT4-fs (loop0): Can't support bigalloc feature without extents feature [ 38.528120][ T3836] [ 38.539301][ T3836] EXT4-fs (loop0): Skipping orphan cleanup due to unknown ROCOMPAT features [ 38.577833][ T3843] netlink: 4 bytes leftover after parsing attributes in process `syz.3.148'. [ 38.594510][ T3836] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 38.642206][ T3836] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 38.667616][ T3786] syz.2.126 (3786) used greatest stack depth: 7160 bytes left [ 38.693279][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.710487][ T3847] loop1: detected capacity change from 0 to 512 [ 38.721414][ T3853] loop2: detected capacity change from 0 to 128 [ 38.725857][ T3847] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.745297][ T3847] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.748512][ T3853] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 38.768524][ T3853] ext4 filesystem being mounted at /28/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 38.818736][ T3316] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 38.838813][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.868822][ T3866] loop1: detected capacity change from 0 to 512 [ 38.896707][ T3866] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.915037][ T3866] ext4 filesystem being mounted at /35/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 38.928662][ T3861] loop0: detected capacity change from 0 to 512 [ 38.991801][ T3861] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.011645][ T3861] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.031572][ T3872] loop3: detected capacity change from 0 to 128 [ 39.038916][ T3872] FAT-fs (loop3): Invalid FSINFO signature: 0x00615252, 0x61417272 (sector = 1) [ 39.093218][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.121991][ T3876] 9pnet: p9_errstr2errno: server reported unknown error [ 39.132317][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.151418][ T3862] netlink: 'syz.3.153': attribute type 10 has an invalid length. [ 39.166401][ T3862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.176752][ T3862] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 39.343854][ T3894] loop1: detected capacity change from 0 to 128 [ 39.369248][ T3894] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 39.402849][ T3897] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22 [ 39.464494][ T3894] ext4 filesystem being mounted at /37/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 39.505815][ T3903] loop3: detected capacity change from 0 to 128 [ 39.536078][ T3902] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 39.544105][ T3902] FAT-fs (loop3): Filesystem has been set read-only [ 39.572449][ T3902] syz.3.167: attempt to access beyond end of device [ 39.572449][ T3902] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 39.620447][ T3902] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 39.628439][ T3902] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 39.640205][ T3903] syz.3.167: attempt to access beyond end of device [ 39.640205][ T3903] loop3: rw=0, sector=2065, nr_sectors = 1 limit=128 [ 39.653770][ T3903] Buffer I/O error on dev loop3, logical block 2065, async page read [ 39.665687][ T3903] syz.3.167: attempt to access beyond end of device [ 39.665687][ T3903] loop3: rw=0, sector=2066, nr_sectors = 1 limit=128 [ 39.678910][ T3903] Buffer I/O error on dev loop3, logical block 2066, async page read [ 39.689238][ T3903] syz.3.167: attempt to access beyond end of device [ 39.689238][ T3903] loop3: rw=0, sector=2067, nr_sectors = 1 limit=128 [ 39.702506][ T3903] Buffer I/O error on dev loop3, logical block 2067, async page read [ 39.712181][ T3903] syz.3.167: attempt to access beyond end of device [ 39.712181][ T3903] loop3: rw=0, sector=2068, nr_sectors = 1 limit=128 [ 39.725516][ T3903] Buffer I/O error on dev loop3, logical block 2068, async page read [ 39.734873][ T3903] syz.3.167: attempt to access beyond end of device [ 39.734873][ T3903] loop3: rw=0, sector=2069, nr_sectors = 1 limit=128 [ 39.748136][ T3903] Buffer I/O error on dev loop3, logical block 2069, async page read [ 39.757520][ T3903] syz.3.167: attempt to access beyond end of device [ 39.757520][ T3903] loop3: rw=0, sector=2070, nr_sectors = 1 limit=128 [ 39.770790][ T3903] Buffer I/O error on dev loop3, logical block 2070, async page read [ 39.781105][ T3903] syz.3.167: attempt to access beyond end of device [ 39.781105][ T3903] loop3: rw=0, sector=2071, nr_sectors = 1 limit=128 [ 39.794610][ T3903] Buffer I/O error on dev loop3, logical block 2071, async page read [ 39.805703][ T3903] syz.3.167: attempt to access beyond end of device [ 39.805703][ T3903] loop3: rw=0, sector=2072, nr_sectors = 1 limit=128 [ 39.818986][ T3903] Buffer I/O error on dev loop3, logical block 2072, async page read [ 39.883984][ T3903] syz.3.167: attempt to access beyond end of device [ 39.883984][ T3903] loop3: rw=0, sector=2065, nr_sectors = 1 limit=128 [ 39.897210][ T3903] Buffer I/O error on dev loop3, logical block 2065, async page read [ 39.905427][ T3903] Buffer I/O error on dev loop3, logical block 2066, async page read [ 39.930100][ T3915] netlink: 'syz.2.173': attribute type 12 has an invalid length. [ 39.961946][ T3914] syzkaller0: entered promiscuous mode [ 39.967560][ T3914] syzkaller0: entered allmulticast mode [ 40.185315][ T3934] veth0: entered promiscuous mode [ 40.214745][ T3934] netlink: 4 bytes leftover after parsing attributes in process `syz.4.180'. [ 40.380716][ T29] kauditd_printk_skb: 384 callbacks suppressed [ 40.380733][ T29] audit: type=1326 audit(1749009880.870:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3938 comm="syz.4.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f0ed15be969 code=0x7ffc0000 [ 40.452013][ T29] audit: type=1326 audit(1749009880.910:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3938 comm="syz.4.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ed15be969 code=0x7ffc0000 [ 40.475555][ T29] audit: type=1326 audit(1749009880.910:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3938 comm="syz.4.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ed15be969 code=0x7ffc0000 [ 40.498985][ T29] audit: type=1326 audit(1749009880.910:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3938 comm="syz.4.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7f0ed15be969 code=0x7ffc0000 [ 40.522421][ T29] audit: type=1326 audit(1749009880.910:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3938 comm="syz.4.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ed15be969 code=0x7ffc0000 [ 40.671478][ T3949] tipc: Started in network mode [ 40.676468][ T3949] tipc: Node identity b2804b7333ac, cluster identity 4711 [ 40.683749][ T3949] tipc: Enabled bearer , priority 0 [ 40.723141][ T3948] tipc: Resetting bearer [ 40.788446][ T3948] tipc: Disabling bearer [ 40.824145][ T29] audit: type=1400 audit(1749009881.310:760): avc: denied { read } for pid=3955 comm="syz.4.189" path="socket:[5099]" dev="sockfs" ino=5099 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 40.931060][ T29] audit: type=1400 audit(1749009881.420:761): avc: denied { module_load } for pid=3961 comm="syz.2.191" path="/sys/power/wakeup_count" dev="sysfs" ino=218 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 41.410199][ T3974] netlink: 'syz.0.195': attribute type 1 has an invalid length. [ 41.438922][ T3974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.195'. [ 41.471680][ T3974] vlan2: entered promiscuous mode [ 41.483947][ T3974] netdevsim netdevsim0 eth2: entered promiscuous mode [ 41.490217][ T3966] Set syz1 is full, maxelem 65536 reached [ 41.516474][ T3974] dummy0: entered promiscuous mode [ 41.583385][ T29] audit: type=1400 audit(1749009882.070:762): avc: denied { read } for pid=3978 comm="syz.0.197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 41.641407][ T3983] loop3: detected capacity change from 0 to 512 [ 41.661077][ T3983] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.787228][ T3997] netlink: 'syz.4.204': attribute type 39 has an invalid length. [ 41.801308][ T3983] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.832230][ T29] audit: type=1400 audit(1749009882.320:763): avc: denied { write } for pid=3982 comm="syz.3.199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 41.852326][ T29] audit: type=1400 audit(1749009882.320:764): avc: denied { nlmsg_write } for pid=3982 comm="syz.3.199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 41.876874][ T4001] bridge_slave_0: left allmulticast mode [ 41.882729][ T4001] bridge_slave_0: left promiscuous mode [ 41.888458][ T4001] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.897647][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.911291][ T4001] bridge_slave_1: left allmulticast mode [ 41.917298][ T4001] bridge_slave_1: left promiscuous mode [ 41.922986][ T4001] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.925743][ T4003] netlink: 4 bytes leftover after parsing attributes in process `syz.3.207'. [ 41.946605][ T4001] bond0: (slave bond_slave_0): Releasing backup interface [ 41.955814][ T4004] netlink: 'syz.2.206': attribute type 10 has an invalid length. [ 41.964283][ T4001] bond0: (slave bond_slave_1): Releasing backup interface [ 41.988772][ T4001] team0: Port device team_slave_0 removed [ 41.999135][ T4001] team0: Port device team_slave_1 removed [ 42.005982][ T4001] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 42.013584][ T4001] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 42.025376][ T4001] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 42.033025][ T4001] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 42.070151][ T4003] 8021q: adding VLAN 0 to HW filter on device team1 [ 42.089232][ T4003] Zero length message leads to an empty skb [ 42.095994][ T4004] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 42.139465][ T3321] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 42.510474][ T4031] Set syz1 is full, maxelem 65536 reached [ 42.655345][ T4055] usb usb8: usbfs: process 4055 (syz.4.226) did not claim interface 0 before use [ 42.689552][ T4058] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.724342][ T4059] netlink: 24 bytes leftover after parsing attributes in process `syz.4.228'. [ 42.753467][ T4058] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.768030][ T4059] netlink: 4 bytes leftover after parsing attributes in process `syz.4.228'. [ 42.787486][ T4058] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.827861][ T4058] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.842705][ T4067] capability: warning: `syz.3.230' uses deprecated v2 capabilities in a way that may be insecure [ 42.920725][ T4058] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.939176][ T4058] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.949366][ T4073] loop4: detected capacity change from 0 to 512 [ 42.951765][ T4058] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.957686][ T4073] EXT4-fs: Ignoring removed nobh option [ 42.967031][ T4058] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.983926][ T4073] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 43.007224][ T4073] EXT4-fs (loop4): 1 truncate cleaned up [ 43.017470][ T4073] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.041745][ T4073] EXT4-fs error (device loop4): ext4_search_dir:1474: inode #12: block 7: comm syz.4.233: bad entry in directory: inode out of bounds - offset=0, inode=16777215, rec_len=16, size=56 fake=0 [ 43.063056][ T4073] EXT4-fs (loop4): Remounting filesystem read-only [ 43.080043][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.135844][ T4086] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 43.147971][ T3391] IPVS: starting estimator thread 0... [ 43.153346][ T4086] batadv_slave_0: entered promiscuous mode [ 43.164501][ T4086] netlink: 76 bytes leftover after parsing attributes in process `syz.0.240'. [ 43.173587][ T4086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 43.206504][ T4086] batadv_slave_0 (unregistering): left promiscuous mode [ 43.236637][ T4089] IPVS: using max 2784 ests per chain, 139200 per kthread [ 43.244039][ T4086] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 43.379969][ T4101] loop1: detected capacity change from 0 to 128 [ 43.406772][ T4105] loop4: detected capacity change from 0 to 512 [ 43.428317][ T4105] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.451319][ T4105] ext4 filesystem being mounted at /53/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 43.676054][ T4116] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents [ 43.704228][ T4116] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #19: comm +}[@: mark_inode_dirty error [ 43.758285][ T4116] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents [ 43.773061][ T4116] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2991: inode #19: comm +}[@: mark_inode_dirty error [ 43.786656][ T4116] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2994: inode #19: comm +}[@: mark inode dirty (error -117) [ 43.799103][ T4116] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117) [ 43.836098][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.171132][ T4131] loop2: detected capacity change from 0 to 2048 [ 44.236111][ T4131] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.286093][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.440778][ T4144] netlink: 'syz.2.259': attribute type 10 has an invalid length. [ 44.608386][ T4149] futex_wake_op: syz.4.261 tries to shift op by -1; fix this program [ 44.632885][ T10] hid-generic 0000:0004:0000.0002: unknown main item tag 0x0 [ 44.638149][ T4144] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.640395][ T10] hid-generic 0000:0004:0000.0002: unknown main item tag 0x0 [ 44.640419][ T10] hid-generic 0000:0004:0000.0002: unknown main item tag 0x0 [ 44.669149][ T10] hid-generic 0000:0004:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 [ 44.700865][ T4144] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 44.742327][ T4154] netlink: 4 bytes leftover after parsing attributes in process `syz.4.263'. [ 44.917846][ T4168] netlink: 12 bytes leftover after parsing attributes in process `syz.1.270'. [ 44.959932][ T4171] netlink: 4 bytes leftover after parsing attributes in process `syz.4.271'. [ 44.974602][ T4171] 8021q: adding VLAN 0 to HW filter on device team1 [ 45.142727][ T4184] bridge: RTM_NEWNEIGH with invalid ether address [ 45.171030][ T3391] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 45.180249][ T3391] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 45.184943][ T4188] SELinux: Context system_u:object_r:fixed_disk_device_t:s0 is not valid (left unmapped). [ 45.251278][ T4196] netlink: 8 bytes leftover after parsing attributes in process `syz.1.281'. [ 45.260140][ T4196] netlink: 12 bytes leftover after parsing attributes in process `syz.1.281'. [ 45.273958][ T4196] bond1: entered promiscuous mode [ 45.279140][ T4196] bond1: entered allmulticast mode [ 45.284719][ T4196] 8021q: adding VLAN 0 to HW filter on device bond1 [ 45.309739][ T4199] loop1: detected capacity change from 0 to 128 [ 45.317874][ T4199] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 45.330189][ T4199] ext4 filesystem being mounted at /58/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 45.378566][ T3321] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 45.466732][ T29] kauditd_printk_skb: 117 callbacks suppressed [ 45.466751][ T29] audit: type=1400 audit(1749009885.960:882): avc: denied { sqpoll } for pid=4204 comm="syz.1.284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 45.660376][ T4211] bridge0: entered promiscuous mode [ 45.679722][ T4211] bridge0: port 3(macvlan2) entered blocking state [ 45.687372][ T4211] bridge0: port 3(macvlan2) entered disabled state [ 45.696610][ T4211] macvlan2: entered allmulticast mode [ 45.702481][ T4211] bridge0: entered allmulticast mode [ 45.711876][ T4211] macvlan2: left allmulticast mode [ 45.718422][ T4211] bridge0: left allmulticast mode [ 45.729412][ T4211] bridge0: left promiscuous mode [ 45.768340][ T29] audit: type=1400 audit(1749009886.250:883): avc: denied { ioctl } for pid=4213 comm="syz.2.287" path="socket:[7484]" dev="sockfs" ino=7484 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 45.798165][ T29] audit: type=1400 audit(1749009886.290:884): avc: denied { bind } for pid=4213 comm="syz.2.287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 45.841205][ T4217] loop2: detected capacity change from 0 to 1024 [ 45.856975][ T4217] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.869364][ T4219] loop4: detected capacity change from 0 to 1024 [ 45.871161][ T4217] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.900694][ T4217] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 3: comm syz.2.288: lblock 3 mapped to illegal pblock 3 (length 13) [ 45.915410][ T4217] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 45.916796][ T4219] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.927883][ T4217] EXT4-fs (loop2): This should not happen!! Data will be lost [ 45.927883][ T4217] [ 45.955595][ T4224] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.288: lblock 3 mapped to illegal pblock 3 (length 1) [ 45.970076][ T4224] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.288: lblock 3 mapped to illegal pblock 3 (length 1) [ 45.971337][ T4218] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 46.011291][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.020442][ T4224] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.288: lblock 3 mapped to illegal pblock 3 (length 1) [ 46.050823][ T4216] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 8: comm syz.2.288: lblock 8 mapped to illegal pblock 8 (length 4) [ 46.066555][ T4216] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 8: comm syz.2.288: lblock 8 mapped to illegal pblock 8 (length 4) [ 46.074266][ T4224] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.288: lblock 3 mapped to illegal pblock 3 (length 1) [ 46.081385][ T4216] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 8: comm syz.2.288: lblock 8 mapped to illegal pblock 8 (length 4) [ 46.105530][ T4224] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.288: lblock 3 mapped to illegal pblock 3 (length 1) [ 46.123429][ T4224] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #15: block 3: comm syz.2.288: lblock 3 mapped to illegal pblock 3 (length 1) [ 46.216755][ T4232] loop3: detected capacity change from 0 to 512 [ 46.223514][ T4232] EXT4-fs: Ignoring removed nobh option [ 46.231851][ T4232] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 46.243648][ T4232] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 46.254100][ T4232] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.293: Corrupt directory, running e2fsck is recommended [ 46.268572][ T4232] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 46.345163][ T4232] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.293: corrupted in-inode xattr: invalid ea_ino [ 46.374396][ T4232] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.293: couldn't read orphan inode 15 (err -117) [ 46.396136][ T4232] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.440197][ T4232] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 46.451961][ T4232] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 46.462203][ T4232] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.293: Corrupt directory, running e2fsck is recommended [ 46.480316][ T4232] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 46.491896][ T4232] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 46.502304][ T4232] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.293: Corrupt directory, running e2fsck is recommended [ 46.521461][ T4232] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 46.533121][ T4232] EXT4-fs warning (device loop3): dx_probe:849: Enable large directory feature to access it [ 46.543305][ T4232] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.293: Corrupt directory, running e2fsck is recommended [ 46.567369][ T4232] EXT4-fs warning (device loop3): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 46.581173][ T4232] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.293: path /60/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 46.601170][ T4232] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 8: comm syz.3.293: path /60/file0: bad entry in directory: inode out of bounds - offset=0, inode=16810477, rec_len=1024, size=1024 fake=0 [ 46.650024][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.713275][ T4237] netlink: 112 bytes leftover after parsing attributes in process `syz.3.294'. [ 46.757420][ T4240] team_slave_0: entered promiscuous mode [ 46.763126][ T4240] team_slave_1: entered promiscuous mode [ 46.776835][ T4240] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 46.790985][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.801532][ T4240] team0: Device macvtap1 is already an upper device of the team interface [ 46.811234][ T4240] team_slave_0: left promiscuous mode [ 46.816674][ T4240] team_slave_1: left promiscuous mode [ 46.916872][ T4252] netlink: 'syz.3.300': attribute type 4 has an invalid length. [ 46.927991][ T4252] netlink: 'syz.3.300': attribute type 4 has an invalid length. [ 46.962798][ T29] audit: type=1400 audit(1749009887.450:885): avc: denied { mounton } for pid=4255 comm="syz.3.301" path="/64/file0" dev="tmpfs" ino=359 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 47.004065][ T4260] netlink: 24 bytes leftover after parsing attributes in process `syz.4.304'. [ 47.022915][ T4260] netlink: 4 bytes leftover after parsing attributes in process `syz.4.304'. [ 47.101109][ T4265] loop3: detected capacity change from 0 to 512 [ 47.115245][ T4265] Quota error (device loop3): v2_read_file_info: Free block number 1 out of range (1, 6). [ 47.125472][ T4265] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 47.140624][ T4265] EXT4-fs (loop3): mount failed [ 47.191519][ T4272] loop3: detected capacity change from 0 to 512 [ 47.198980][ T4272] EXT4-fs: Ignoring removed orlov option [ 47.206780][ T4272] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 47.216325][ T4272] EXT4-fs (loop3): orphan cleanup on readonly fs [ 47.223303][ T4272] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.307: bg 0: block 248: padding at end of block bitmap is not set [ 47.238255][ T4272] Quota error (device loop3): write_blk: dquota write failed [ 47.245667][ T4272] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 47.255625][ T4272] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.307: Failed to acquire dquot type 1 [ 47.268283][ T4272] EXT4-fs (loop3): 1 truncate cleaned up [ 47.274792][ T4272] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 47.292795][ T4272] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 47.311100][ T4282] netlink: 8 bytes leftover after parsing attributes in process `syz.0.311'. [ 47.320315][ T4283] loop4: detected capacity change from 0 to 512 [ 47.320571][ T4282] IPVS: Error joining to the multicast group [ 47.333391][ T4283] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 47.343380][ T4272] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 47.353722][ T4283] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec028, mo2=0102] [ 47.363930][ T4272] ext4 filesystem being remounted at /66/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 47.376159][ T4283] System zones: 1-12 [ 47.381367][ T4283] EXT4-fs (loop4): 1 truncate cleaned up [ 47.383058][ T4272] netlink: 16 bytes leftover after parsing attributes in process `syz.3.307'. [ 47.397455][ T4283] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.452689][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.489303][ T4298] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 47.489782][ T29] audit: type=1400 audit(1749009887.980:886): avc: denied { load_policy } for pid=4297 comm="syz.3.315" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 47.519232][ T4298] SELinux: failed to load policy [ 47.548045][ T4302] netlink: 'syz.3.317': attribute type 3 has an invalid length. [ 47.556026][ T4302] netlink: 'syz.3.317': attribute type 3 has an invalid length. [ 47.564606][ T4302] netlink: 16 bytes leftover after parsing attributes in process `syz.3.317'. [ 47.611942][ T4309] loop3: detected capacity change from 0 to 512 [ 47.625914][ T4309] Quota error (device loop3): v2_read_file_info: Free block number 1 out of range (1, 6). [ 47.636186][ T4309] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 47.651543][ T4309] EXT4-fs (loop3): mount failed [ 47.655100][ T29] audit: type=1400 audit(1749009888.150:887): avc: denied { read } for pid=4311 comm="syz.0.321" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 47.720281][ T4318] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.732196][ T4316] infiniband syz0: set active [ 47.737060][ T4316] infiniband syz0: added veth0_virt_wifi [ 47.747567][ T4316] RDS/IB: syz0: added [ 47.751699][ T4316] smc: adding ib device syz0 with port count 1 [ 47.758241][ T4316] smc: ib device syz0 port 1 has pnetid [ 47.800390][ T4318] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.872773][ T4318] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.949419][ T4318] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.021430][ T4318] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.036221][ T4318] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.049649][ T4318] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.059420][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.074312][ T4318] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.086573][ T4337] loop1: detected capacity change from 0 to 1024 [ 48.100779][ T4337] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 48.129957][ T4337] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 48.140598][ T4337] EXT4-fs (loop1): orphan cleanup on readonly fs [ 48.147247][ T4337] EXT4-fs error (device loop1): ext4_quota_enable:7124: inode #3: comm syz.1.329: iget: bad i_size value: 1407392063428608 [ 48.160926][ T4337] EXT4-fs error (device loop1): ext4_quota_enable:7127: comm syz.1.329: Bad quota inode: 3, type: 0 [ 48.192006][ T4337] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 48.207077][ T4337] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 48.219349][ T4337] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 48.248479][ T4337] netlink: 20 bytes leftover after parsing attributes in process `syz.1.329'. [ 48.266823][ T4352] bridge_slave_0: left allmulticast mode [ 48.271968][ T4337] IPv6: Can't replace route, no match found [ 48.272571][ T4352] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.303772][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.381051][ T4368] netlink: 24 bytes leftover after parsing attributes in process `syz.3.336'. [ 48.404209][ T4368] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4368 comm=syz.3.336 [ 48.483228][ T4375] syzkaller0: entered allmulticast mode [ 48.837926][ T4392] process 'syz.2.345' launched './file0' with NULL argv: empty string added [ 48.860910][ T4391] pim6reg1: entered promiscuous mode [ 48.866300][ T4391] pim6reg1: entered allmulticast mode [ 49.118925][ T4397] loop2: detected capacity change from 0 to 512 [ 49.130942][ T4397] EXT4-fs: Ignoring removed nobh option [ 49.144783][ T4397] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 49.157450][ T4401] netlink: 36 bytes leftover after parsing attributes in process `syz.1.350'. [ 49.186102][ T4397] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.211336][ T4397] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.251470][ T4406] netlink: 8 bytes leftover after parsing attributes in process `syz.1.351'. [ 49.960010][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.174892][ T4412] syz.0.353 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 50.189299][ T4412] CPU: 0 UID: 0 PID: 4412 Comm: syz.0.353 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(voluntary) [ 50.189319][ T4412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 50.189344][ T4412] Call Trace: [ 50.189348][ T4412] [ 50.189353][ T4412] __dump_stack+0x1d/0x30 [ 50.189365][ T4412] dump_stack_lvl+0xe8/0x140 [ 50.189375][ T4412] dump_stack+0x15/0x1b [ 50.189409][ T4412] dump_header+0x81/0x220 [ 50.189424][ T4412] oom_kill_process+0x334/0x3f0 [ 50.189541][ T4412] out_of_memory+0x979/0xb80 [ 50.189555][ T4412] try_charge_memcg+0x5e6/0x9e0 [ 50.189577][ T4412] obj_cgroup_charge_pages+0xa6/0x150 [ 50.189596][ T4412] __memcg_kmem_charge_page+0x9f/0x170 [ 50.189670][ T4412] __alloc_frozen_pages_noprof+0x188/0x360 [ 50.189765][ T4412] alloc_pages_mpol+0xb3/0x250 [ 50.189809][ T4412] alloc_pages_noprof+0x90/0x130 [ 50.189823][ T4412] __vmalloc_node_range_noprof+0x6f2/0xe00 [ 50.189844][ T4412] __kvmalloc_node_noprof+0x312/0x4f0 [ 50.189936][ T4412] ? ip_set_alloc+0x1f/0x30 [ 50.189999][ T4412] ? ip_set_alloc+0x1f/0x30 [ 50.190010][ T4412] ? __kmalloc_cache_noprof+0x189/0x320 [ 50.190199][ T4412] ip_set_alloc+0x1f/0x30 [ 50.190211][ T4412] hash_netiface_create+0x282/0x740 [ 50.190225][ T4412] ? __pfx_hash_netiface_create+0x10/0x10 [ 50.190238][ T4412] ip_set_create+0x3c9/0x960 [ 50.190298][ T4412] ? __nla_parse+0x40/0x60 [ 50.190310][ T4412] nfnetlink_rcv_msg+0x4c6/0x590 [ 50.190322][ T4412] ? should_fail_ex+0x30/0x280 [ 50.190410][ T4412] ? selinux_capable+0x1f9/0x270 [ 50.190421][ T4412] netlink_rcv_skb+0x123/0x220 [ 50.190434][ T4412] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 50.190447][ T4412] nfnetlink_rcv+0x16b/0x1690 [ 50.190555][ T4412] ? __kfree_skb+0x109/0x150 [ 50.190568][ T4412] ? nlmon_xmit+0x4f/0x60 [ 50.190722][ T4412] ? consume_skb+0x49/0x150 [ 50.190734][ T4412] ? nlmon_xmit+0x4f/0x60 [ 50.190745][ T4412] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 50.190786][ T4412] ? __dev_queue_xmit+0x11c0/0x1fb0 [ 50.190823][ T4412] ? __dev_queue_xmit+0x182/0x1fb0 [ 50.190837][ T4412] ? ref_tracker_free+0x37d/0x3e0 [ 50.190855][ T4412] ? __netlink_deliver_tap+0x4dc/0x500 [ 50.190870][ T4412] netlink_unicast+0x59e/0x670 [ 50.190961][ T4412] netlink_sendmsg+0x58b/0x6b0 [ 50.190996][ T4412] ? __pfx_netlink_sendmsg+0x10/0x10 [ 50.191009][ T4412] __sock_sendmsg+0x145/0x180 [ 50.191045][ T4412] ____sys_sendmsg+0x31e/0x4e0 [ 50.191060][ T4412] ___sys_sendmsg+0x17b/0x1d0 [ 50.191148][ T4412] __x64_sys_sendmsg+0xd4/0x160 [ 50.191171][ T4412] x64_sys_call+0x2999/0x2fb0 [ 50.191188][ T4412] do_syscall_64+0xd2/0x200 [ 50.191262][ T4412] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 50.191279][ T4412] ? clear_bhb_loop+0x40/0x90 [ 50.191336][ T4412] ? clear_bhb_loop+0x40/0x90 [ 50.191350][ T4412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.191364][ T4412] RIP: 0033:0x7f6816ebe969 [ 50.191442][ T4412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.191509][ T4412] RSP: 002b:00007f6815527038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 50.191524][ T4412] RAX: ffffffffffffffda RBX: 00007f68170e5fa0 RCX: 00007f6816ebe969 [ 50.191532][ T4412] RDX: 0000000004000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 50.191541][ T4412] RBP: 00007f6816f40ab1 R08: 0000000000000000 R09: 0000000000000000 [ 50.191578][ T4412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.191586][ T4412] R13: 0000000000000000 R14: 00007f68170e5fa0 R15: 00007fff2741e238 [ 50.191597][ T4412] [ 50.191602][ T4412] memory: usage 307192kB, limit 307200kB, failcnt 242 [ 50.313981][ T4442] pim6reg1: entered promiscuous mode [ 50.315384][ T4412] memory+swap: usage 307372kB, limit 9007199254740988kB, failcnt 0 [ 50.321105][ T4442] pim6reg1: entered allmulticast mode [ 50.325692][ T4412] kmem: usage 307176kB, limit 9007199254740988kB, failcnt 0 [ 50.325716][ T4412] Memory cgroup stats for /syz0: [ 50.327314][ T4412] cache 4096 [ 50.480315][ T29] kauditd_printk_skb: 86 callbacks suppressed [ 50.480340][ T29] audit: type=1326 audit(1749009890.970:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7209a3e969 code=0x7ffc0000 [ 50.493791][ T4412] rss 4096 [ 50.493803][ T4412] shmem 0 [ 50.493810][ T4412] mapped_file 4096 [ 50.493909][ T4412] dirty 0 [ 50.504243][ T29] audit: type=1326 audit(1749009890.990:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7209a3e969 code=0x7ffc0000 [ 50.510257][ T4412] writeback 0 [ 50.519798][ T29] audit: type=1326 audit(1749009891.020:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7209a3e969 code=0x7ffc0000 [ 50.526610][ T4412] workingset_refault_anon 12 [ 50.535795][ T29] audit: type=1326 audit(1749009891.030:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7209a3e969 code=0x7ffc0000 [ 50.542781][ T4412] workingset_refault_file 165 [ 50.546328][ T29] audit: type=1326 audit(1749009891.040:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7209a3e969 code=0x7ffc0000 [ 50.552561][ T4412] swap 184320 [ 50.552571][ T4412] swapcached 12288 [ 50.558169][ T29] audit: type=1326 audit(1749009891.060:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7209a3e969 code=0x7ffc0000 [ 50.566013][ T4412] nr_memmap_boot_pages 22388 [ 50.566023][ T4412] pgpgin 22384 [ 50.566031][ T4412] pglazyfree 22640 [ 50.566039][ T4412] pgfault 13 [ 50.566046][ T4412] a_other 12288 [ 50.572570][ T29] audit: type=1326 audit(1749009891.060:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7209a3e969 code=0x7ffc0000 [ 50.578795][ T4412] inactive_anon 0 [ 50.578803][ T4412] active_anon 0 [ 50.578811][ T4412] inactive_file 0 [ 50.584254][ T29] audit: type=1326 audit(1749009891.080:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7209a3e969 code=0x7ffc0000 [ 50.587001][ T4412] active_file 0 [ 50.595319][ T29] audit: type=1326 audit(1749009891.090:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7209a3e969 code=0x7ffc0000 [ 50.616588][ T4412] hierarchical_memory_limit 314572800 [ 50.616605][ T4412] hierarchical_memsw_limit 9223372036854771712 [ 50.616616][ T4412] total_cache 4096 [ 50.616624][ T4412] total_rss 4096 [ 50.616632][ T4412] total_shmem 0 [ 50.616641][ T4412] total_mapped_file 4096 [ 50.616649][ T4412] total_dirty 0 [ 50.616657][ T4412] total_writeback 0 [ 50.616666][ T4412] total_workingset_refault_anon 12 [ 50.621535][ T29] audit: type=1326 audit(1749009891.120:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4427 comm="syz.2.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7209a3e969 code=0x7ffc0000 [ 50.622768][ T4412] total_workingset_refault_file 165 [ 50.622780][ T4412] total_swap 184320 [ 50.622834][ T4412] total_swapcached 12288 [ 50.945089][ T4412] total_nr_memmap_boot_pages 22388 [ 50.950214][ T4412] total_pgpgin 22384 [ 50.954110][ T4412] total_pglazyfree 22640 [ 50.958382][ T4412] total_pgfault 13 [ 50.962088][ T4412] total_a_other 12288 [ 50.966151][ T4412] total_inactive_anon 0 [ 50.970315][ T4412] total_active_anon 0 [ 50.974327][ T4412] total_inactive_file 0 [ 50.978455][ T4412] total_active_file 0 [ 50.982408][ T4412] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.353,pid=4411,uid=0 [ 50.996959][ T4412] Memory cgroup out of memory: Killed process 4411 (syz.0.353) total-vm:95796kB, anon-rss:936kB, file-rss:22184kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 51.018162][ T4444] netlink: 'syz.1.366': attribute type 1 has an invalid length. [ 51.026256][ T4446] atomic_op ffff888122d18d28 conn xmit_atomic 0000000000000000 [ 51.049667][ T4444] 8021q: adding VLAN 0 to HW filter on device bond2 [ 51.075844][ T4444] netlink: 4 bytes leftover after parsing attributes in process `syz.1.366'. [ 51.116068][ T4444] bond2 (unregistering): Released all slaves [ 51.184563][ T4412] syz.0.353 (4412) used greatest stack depth: 7096 bytes left [ 51.655852][ T4499] lo speed is unknown, defaulting to 1000 [ 51.661695][ T4499] lo speed is unknown, defaulting to 1000 [ 51.667633][ T4499] lo speed is unknown, defaulting to 1000 [ 51.673840][ T4499] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 51.681521][ T4499] infiniband s…z0: RDMA CMA: cma_listen_on_dev, error -98 [ 51.694523][ T4499] lo speed is unknown, defaulting to 1000 [ 51.701048][ T4499] lo speed is unknown, defaulting to 1000 [ 51.707770][ T4499] lo speed is unknown, defaulting to 1000 [ 51.714042][ T4499] lo speed is unknown, defaulting to 1000 [ 51.720390][ T4499] lo speed is unknown, defaulting to 1000 [ 52.050654][ T4518] loop4: detected capacity change from 0 to 128 [ 52.075932][ T4518] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 52.309666][ T4533] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 52.316310][ T4533] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 52.323909][ T4533] vhci_hcd vhci_hcd.0: Device attached [ 52.354980][ T4537] TCP: out of memory -- consider tuning tcp_mem [ 52.378612][ T4530] lo speed is unknown, defaulting to 1000 [ 52.428413][ T3374] IPVS: starting estimator thread 0... [ 52.503934][ T4534] vhci_hcd: connection closed [ 52.504394][ T41] vhci_hcd: stop threads [ 52.514055][ T41] vhci_hcd: release socket [ 52.518690][ T41] vhci_hcd: disconnect device [ 52.543976][ T4543] IPVS: using max 2640 ests per chain, 132000 per kthread [ 52.574813][ T10] usb 9-1: new low-speed USB device number 2 using vhci_hcd [ 52.582265][ T10] usb 9-1: enqueue for inactive port 0 [ 52.588451][ T10] usb 9-1: enqueue for inactive port 0 [ 52.595319][ T10] usb 9-1: enqueue for inactive port 0 [ 52.664071][ T10] vhci_hcd: vhci_device speed not set [ 52.676695][ T4561] bridge: RTM_NEWNEIGH with invalid ether address [ 53.399679][ T4584] ALSA: seq fatal error: cannot create timer (-19) [ 53.422635][ T4589] ªªªªªª: renamed from vlan0 (while UP) [ 53.526954][ T4596] __nla_validate_parse: 1 callbacks suppressed [ 53.526970][ T4596] netlink: 8 bytes leftover after parsing attributes in process `syz.1.417'. [ 53.542261][ T4596] netlink: 4 bytes leftover after parsing attributes in process `syz.1.417'. [ 53.551245][ T4596] netlink: 'syz.1.417': attribute type 11 has an invalid length. [ 53.607701][ T4596] loop1: detected capacity change from 0 to 512 [ 53.616360][ T4596] EXT4-fs (loop1): blocks per group (95) and clusters per group (32768) inconsistent [ 53.811979][ T4608] netlink: 4 bytes leftover after parsing attributes in process `syz.0.422'. [ 53.866824][ T4614] loop2: detected capacity change from 0 to 512 [ 53.876351][ T4608] 8021q: adding VLAN 0 to HW filter on device team1 [ 53.886291][ T4612] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.910960][ T4614] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 53.929392][ T4614] EXT4-fs (loop2): invalid journal inode [ 53.940781][ T4614] EXT4-fs (loop2): can't get journal size [ 53.947867][ T4614] EXT4-fs (loop2): 1 truncate cleaned up [ 53.955063][ T4614] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.968152][ T4612] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.082989][ T4625] loop4: detected capacity change from 0 to 1024 [ 54.099518][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.119504][ T4625] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.135008][ T4612] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.182794][ T4628] netlink: 'syz.2.429': attribute type 4 has an invalid length. [ 54.214126][ T3391] lo speed is unknown, defaulting to 1000 [ 54.220186][ T3391] s…z0: Port: 1 Link DOWN [ 54.225874][ T4612] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.250923][ T4628] netlink: 'syz.2.429': attribute type 4 has an invalid length. [ 54.278545][ T4632] loop1: detected capacity change from 0 to 2048 [ 54.285467][ T4632] EXT4-fs: Ignoring removed i_version option [ 54.294880][ T3391] lo speed is unknown, defaulting to 1000 [ 54.300680][ T3391] s…z0: Port: 1 Link ACTIVE [ 54.308839][ T4612] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.321306][ T4612] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.322952][ T4632] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.332942][ T4612] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.353670][ T4612] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.362333][ T4632] ext4 filesystem being mounted at /97/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.392502][ T4632] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.430: bg 0: block 345: padding at end of block bitmap is not set [ 54.419956][ T4632] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 16 with error 117 [ 54.432507][ T4632] EXT4-fs (loop1): This should not happen!! Data will be lost [ 54.432507][ T4632] [ 54.499695][ T3321] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.509928][ T4641] loop2: detected capacity change from 0 to 256 [ 54.531141][ T4641] netlink: 'syz.2.433': attribute type 13 has an invalid length. [ 54.627659][ T4629] ================================================================== [ 54.635819][ T4629] BUG: KCSAN: data-race in __writeback_single_inode / generic_buffers_fsync_noflush [ 54.645249][ T4629] [ 54.647590][ T4629] read-write to 0xffff888106dfb168 of 4 bytes by task 4625 on cpu 1: [ 54.655668][ T4629] __writeback_single_inode+0x1e3/0x7c0 [ 54.661292][ T4629] writeback_single_inode+0x167/0x3e0 [ 54.666707][ T4629] sync_inode_metadata+0x5b/0x90 [ 54.671675][ T4629] generic_buffers_fsync_noflush+0xd9/0x120 [ 54.677609][ T4629] ext4_sync_file+0x1ab/0x690 [ 54.682363][ T4629] vfs_fsync_range+0x10d/0x130 [ 54.687155][ T4629] ext4_buffered_write_iter+0x34f/0x3c0 [ 54.692738][ T4629] ext4_file_write_iter+0xdbf/0xf00 [ 54.697973][ T4629] iter_file_splice_write+0x5f2/0x970 [ 54.703418][ T4629] direct_splice_actor+0x153/0x2a0 [ 54.708561][ T4629] splice_direct_to_actor+0x30f/0x680 [ 54.713977][ T4629] do_splice_direct+0xda/0x150 [ 54.718772][ T4629] do_sendfile+0x380/0x650 [ 54.723239][ T4629] __x64_sys_sendfile64+0x105/0x150 [ 54.728558][ T4629] x64_sys_call+0xb39/0x2fb0 [ 54.733179][ T4629] do_syscall_64+0xd2/0x200 [ 54.737802][ T4629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.743812][ T4629] [ 54.746161][ T4629] read to 0xffff888106dfb168 of 4 bytes by task 4629 on cpu 0: [ 54.753736][ T4629] generic_buffers_fsync_noflush+0x80/0x120 [ 54.759777][ T4629] ext4_sync_file+0x1ab/0x690 [ 54.764498][ T4629] vfs_fsync_range+0x10d/0x130 [ 54.769384][ T4629] ext4_buffered_write_iter+0x34f/0x3c0 [ 54.774960][ T4629] ext4_file_write_iter+0xdbf/0xf00 [ 54.780198][ T4629] iter_file_splice_write+0x5f2/0x970 [ 54.785609][ T4629] direct_splice_actor+0x153/0x2a0 [ 54.790745][ T4629] splice_direct_to_actor+0x30f/0x680 [ 54.796157][ T4629] do_splice_direct+0xda/0x150 [ 54.800956][ T4629] do_sendfile+0x380/0x650 [ 54.805402][ T4629] __x64_sys_sendfile64+0x105/0x150 [ 54.810718][ T4629] x64_sys_call+0xb39/0x2fb0 [ 54.815343][ T4629] do_syscall_64+0xd2/0x200 [ 54.819887][ T4629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.825916][ T4629] [ 54.828260][ T4629] value changed: 0x00000022 -> 0x00000000 [ 54.834510][ T4629] [ 54.836851][ T4629] Reported by Kernel Concurrency Sanitizer on: [ 54.843021][ T4629] CPU: 0 UID: 0 PID: 4629 Comm: syz.4.428 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(voluntary) [ 54.855287][ T4629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 54.865369][ T4629] ================================================================== [ 54.898718][ T4641] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.907854][ T4641] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.916835][ T4641] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.925829][ T4641] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.947187][ T3392] lo speed is unknown, defaulting to 1000 [ 54.952965][ T3392] s…z0: Port: 1 Link DOWN [ 54.957512][ T1038] syz0: Port: 1 Link DOWN [ 55.075373][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.