last executing test programs: 1.354683076s ago: executing program 1 (id=669): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) 1.322055998s ago: executing program 1 (id=672): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x610}]}, 0x34}}, 0x0) 1.29294114s ago: executing program 1 (id=674): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$TIOCL_SETVESABLANK(r1, 0x560e, &(0x7f0000000140)) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000080)={0xd, 0x18, 0x3, 0x0, 0x0, 0x1000}) 1.192741208s ago: executing program 0 (id=682): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='kmem_cache_free\x00', r2, 0x0, 0xfffffffffbfffffc}, 0x18) syz_emit_ethernet(0x3e, &(0x7f0000000580)=ANY=[], 0x0) 1.100349245s ago: executing program 0 (id=686): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) r2 = dup(r1) write$UHID_INPUT(r2, &(0x7f0000002080)={0xf, {"a2e3ad214fc752f91b500e0f30f70e06d038e7ff7fc6e5539b3250078b089b3b08385d090890e0878f0e1ac6e7049b3d6d959bffe8d178708c523c921b1b5b31300d3b5d0736cd3b78130baa61d8e809fc889b0709b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f36243520a3c5f803541bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000045ef509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b906000000783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51015f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f761f13a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b6306006b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a99cc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000029566e78000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ebbd633500", 0x1000}}, 0x1006) ioctl$VT_RELDISP(r1, 0x5605) 1.096320635s ago: executing program 0 (id=697): r0 = syz_io_uring_setup(0xcc8, &(0x7f0000000300)={0x0, 0x24c1, 0x10, 0x40003, 0x310}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0xc, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x842a}}) io_uring_enter(r0, 0xdb4, 0xd44a, 0x5, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000040)={0xfffffffffffffffe, r0, 0x33, {0x5, 0x10001}, 0x6}, 0x1) 629.289101ms ago: executing program 3 (id=687): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) ioctl$SG_IO(r0, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffe, 0x6, 0x2, @scatter={0x0, 0x40000, 0x0}, &(0x7f00000014c0)="0000501effd4", 0x0, 0x800004, 0x10030, 0x1, 0x0}) 581.516535ms ago: executing program 3 (id=692): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0) r1 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r0, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x30) 449.396335ms ago: executing program 4 (id=694): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000540)={0x1, &(0x7f0000000300)=[{0x200000000006, 0x3, 0x2, 0x7ffc0002}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0, 0x0, 0x7}, 0x18) lsm_get_self_attr(0x64, &(0x7f0000000040), &(0x7f0000000000)=0x101, 0x0) setreuid(0x0, 0xee00) 449.001975ms ago: executing program 1 (id=695): open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46f8e) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x18) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [], 0x6b}}) 448.422255ms ago: executing program 4 (id=707): unshare(0x2040400) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=ANY=[@ANYBLOB="240000003f000500000000000000df25047c0000040000000c0001"], 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x0) 407.113348ms ago: executing program 1 (id=696): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) tgkill(0x0, 0x0, 0x2e) 406.934858ms ago: executing program 4 (id=699): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeda}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r0}, 0x18) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) close(r1) 356.300603ms ago: executing program 3 (id=700): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xd, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) add_key(&(0x7f00000001c0)='ceph\x00', 0x0, &(0x7f0000000840)='\x00\x00\x00\x00\x00\x00\x00\x00\x00*\x00\x00', 0xc, 0xffffffffffffffff) 355.997552ms ago: executing program 4 (id=701): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000001000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r2, 0x2) 353.558952ms ago: executing program 1 (id=702): r0 = syz_io_uring_setup(0x5c6, &(0x7f0000000140)={0x0, 0x80001021, 0x80, 0x6, 0x237}, &(0x7f0000000340)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1}) io_uring_enter(r0, 0x6e2, 0x3900, 0x1, 0x0, 0xe00) pause() 339.155373ms ago: executing program 4 (id=703): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff000000850000000e000000650000005000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffb5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000600)=0x14) close(r0) 335.972534ms ago: executing program 3 (id=704): r0 = socket$caif_stream(0x25, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000800)="c7", 0x1}], 0x1) 295.714877ms ago: executing program 3 (id=705): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0xdf) write$binfmt_elf64(r0, &(0x7f0000000980)=ANY=[@ANYBLOB="7f454c4600000006010000000000000003003e000000000003000000000000004000000000000000980100000000000002000000000038000200000002000000000000600300000008000000000000000d00000000000000ed08000000000000f0ffffffffffffff0000000000000000080000000000000003000000cff5ffff800300000000000001000000000000000500000000000000ff"], 0x5b0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x5, 0x20005, 0xb, 0x0, 0x0, 0x0, 0xcd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x1000) 290.814337ms ago: executing program 4 (id=708): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$TIOCL_SETVESABLANK(r1, 0x560e, &(0x7f0000000140)) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000080)={0xd, 0x18, 0x3, 0x0, 0x0, 0x1000}) 259.06366ms ago: executing program 3 (id=709): ioprio_set$pid(0x2, 0x0, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)) r0 = socket$inet6_udp(0xa, 0x2, 0x0) pipe2(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) sendfile(r1, r0, 0x0, 0x110003) 239.687411ms ago: executing program 0 (id=710): bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x22c7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 125.75821ms ago: executing program 2 (id=713): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000008c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x28}, 0x1, 0x0, 0x0, 0xc800}, 0x20008800) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) r1 = syz_io_uring_setup(0x112, &(0x7f00000002c0)={0x0, 0xf59b, 0x10000, 0x10003, 0x65, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000280)) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000480), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 109.431381ms ago: executing program 2 (id=714): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000001000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r2, 0x2) 93.064943ms ago: executing program 2 (id=715): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xd, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) add_key(&(0x7f00000001c0)='ceph\x00', 0x0, &(0x7f0000000840)='\x00\x00\x00\x00\x00\x00\x00\x00\x00*\x00\x00', 0xc, 0xffffffffffffffff) 76.182794ms ago: executing program 2 (id=716): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff000000850000000e000000650000005000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffb5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000600)=0x14) close(r0) 60.382655ms ago: executing program 2 (id=717): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000500)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x609e495f}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000400)='kfree\x00', r0}, 0x18) r1 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000fcb000), 0x4) setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000000040), 0x4) 56.535425ms ago: executing program 0 (id=718): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x3800488, &(0x7f0000002200), 0x65, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./bus/file0\x00', 0x0) renameat2(r0, &(0x7f0000000240)='./bus/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x0) 236.36µs ago: executing program 0 (id=719): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x4) write(r1, &(0x7f0000000280)="e8bd8a4c56281ba2ba42cfa5b9fe5fc6dcde2ee431f5595ceadb9a2c95e57f15ee4a83f9e7d78ea996f78bd588bedcdbc730d6d15df6d2a26ca4e55e97ed0522a190ce241a37bad3317fba7e4be3dbbfec5e2f401b5658cc8fda", 0xffffffe5) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000440)={0x8, 0x9, 0x4, 0x9, 0x7, "efc64a26a83c8ffa332b3a5419e8ab2543c4ec"}) 0s ago: executing program 2 (id=720): r0 = syz_io_uring_setup(0xcc8, &(0x7f0000000300)={0x0, 0x24c1, 0x10, 0x40003, 0x310}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0xc, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x842a}}) io_uring_enter(r0, 0xdb4, 0xd44a, 0x5, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000040)={0xfffffffffffffffe, r0, 0x33, {0x5, 0x10001}, 0x6}, 0x1) kernel console output (not intermixed with test programs): [ 18.543098][ T29] audit: type=1400 audit(1765651748.367:66): avc: denied { read open } for pid=3201 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 Warning: Permanently added '10.128.1.35' (ED25519) to the list of known hosts. [ 25.193879][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 25.193894][ T29] audit: type=1400 audit(1765651755.107:70): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.222789][ T29] audit: type=1400 audit(1765651755.137:71): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.223520][ T3306] cgroup: Unknown subsys name 'net' [ 25.250385][ T29] audit: type=1400 audit(1765651755.167:72): avc: denied { unmount } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.359455][ T3306] cgroup: Unknown subsys name 'cpuset' [ 25.365459][ T3306] cgroup: Unknown subsys name 'rlimit' [ 25.554424][ T29] audit: type=1400 audit(1765651755.467:73): avc: denied { setattr } for pid=3306 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.577955][ T29] audit: type=1400 audit(1765651755.467:74): avc: denied { create } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.598408][ T29] audit: type=1400 audit(1765651755.467:75): avc: denied { write } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.613978][ T3310] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 25.618779][ T29] audit: type=1400 audit(1765651755.467:76): avc: denied { read } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 25.647618][ T29] audit: type=1400 audit(1765651755.477:77): avc: denied { read } for pid=3046 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 25.665869][ T3306] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 25.668507][ T29] audit: type=1400 audit(1765651755.477:78): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.701882][ T29] audit: type=1400 audit(1765651755.487:79): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 27.216093][ T3322] chnl_net:caif_netlink_parms(): no params data found [ 27.286838][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.293929][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.301266][ T3322] bridge_slave_0: entered allmulticast mode [ 27.307691][ T3322] bridge_slave_0: entered promiscuous mode [ 27.316458][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.323596][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.330754][ T3322] bridge_slave_1: entered allmulticast mode [ 27.337070][ T3322] bridge_slave_1: entered promiscuous mode [ 27.366589][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.379354][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.416117][ T3322] team0: Port device team_slave_0 added [ 27.432090][ T3322] team0: Port device team_slave_1 added [ 27.452805][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.459795][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.485681][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.498763][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.505734][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.531668][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.558588][ T3316] chnl_net:caif_netlink_parms(): no params data found [ 27.603127][ T3321] chnl_net:caif_netlink_parms(): no params data found [ 27.613381][ T3322] hsr_slave_0: entered promiscuous mode [ 27.619320][ T3322] hsr_slave_1: entered promiscuous mode [ 27.627439][ T3326] chnl_net:caif_netlink_parms(): no params data found [ 27.697934][ T3316] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.705038][ T3316] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.712136][ T3316] bridge_slave_0: entered allmulticast mode [ 27.718450][ T3316] bridge_slave_0: entered promiscuous mode [ 27.728874][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 27.741528][ T3316] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.748676][ T3316] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.755741][ T3316] bridge_slave_1: entered allmulticast mode [ 27.762130][ T3316] bridge_slave_1: entered promiscuous mode [ 27.809354][ T3326] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.816387][ T3326] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.823490][ T3326] bridge_slave_0: entered allmulticast mode [ 27.829869][ T3326] bridge_slave_0: entered promiscuous mode [ 27.838422][ T3326] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.845498][ T3326] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.852616][ T3326] bridge_slave_1: entered allmulticast mode [ 27.858967][ T3326] bridge_slave_1: entered promiscuous mode [ 27.866289][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.875457][ T3321] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.882516][ T3321] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.889770][ T3321] bridge_slave_0: entered allmulticast mode [ 27.895995][ T3321] bridge_slave_0: entered promiscuous mode [ 27.911755][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.920938][ T3321] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.927981][ T3321] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.935125][ T3321] bridge_slave_1: entered allmulticast mode [ 27.941347][ T3321] bridge_slave_1: entered promiscuous mode [ 27.974585][ T3321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.987714][ T3326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.005544][ T3321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.017698][ T3326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.027568][ T3316] team0: Port device team_slave_0 added [ 28.048560][ T3316] team0: Port device team_slave_1 added [ 28.054325][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.061387][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.068633][ T3317] bridge_slave_0: entered allmulticast mode [ 28.074947][ T3317] bridge_slave_0: entered promiscuous mode [ 28.097059][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.104179][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.111363][ T3317] bridge_slave_1: entered allmulticast mode [ 28.117676][ T3317] bridge_slave_1: entered promiscuous mode [ 28.124702][ T3321] team0: Port device team_slave_0 added [ 28.131006][ T3326] team0: Port device team_slave_0 added [ 28.146340][ T3321] team0: Port device team_slave_1 added [ 28.157611][ T3326] team0: Port device team_slave_1 added [ 28.163476][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.170458][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 28.196524][ T3316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.223038][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.230085][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 28.256017][ T3316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.267785][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.277580][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.284578][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 28.310525][ T3321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.330498][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.347689][ T3321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.354672][ T3321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 28.380560][ T3321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.391481][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.398397][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 28.424342][ T3326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.435368][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.442350][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 28.468248][ T3326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.504107][ T3317] team0: Port device team_slave_0 added [ 28.512346][ T3317] team0: Port device team_slave_1 added [ 28.541991][ T3326] hsr_slave_0: entered promiscuous mode [ 28.547946][ T3326] hsr_slave_1: entered promiscuous mode [ 28.553698][ T3326] debugfs: 'hsr0' already exists in 'hsr' [ 28.559427][ T3326] Cannot create hsr debugfs directory [ 28.564924][ T3322] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 28.575348][ T3316] hsr_slave_0: entered promiscuous mode [ 28.581133][ T3316] hsr_slave_1: entered promiscuous mode [ 28.586857][ T3316] debugfs: 'hsr0' already exists in 'hsr' [ 28.592604][ T3316] Cannot create hsr debugfs directory [ 28.608084][ T3321] hsr_slave_0: entered promiscuous mode [ 28.613915][ T3321] hsr_slave_1: entered promiscuous mode [ 28.619783][ T3321] debugfs: 'hsr0' already exists in 'hsr' [ 28.625484][ T3321] Cannot create hsr debugfs directory [ 28.631005][ T3322] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 28.639956][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.646879][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 28.672837][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.683951][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.690915][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 28.716795][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.727770][ T3322] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 28.743901][ T3322] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 28.801152][ T3317] hsr_slave_0: entered promiscuous mode [ 28.807078][ T3317] hsr_slave_1: entered promiscuous mode [ 28.813022][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 28.818790][ T3317] Cannot create hsr debugfs directory [ 28.957037][ T3326] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 28.973487][ T3326] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 28.985864][ T3326] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 28.994532][ T3326] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 29.010880][ T3317] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 29.026176][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.033413][ T3317] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 29.050660][ T3317] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 29.063036][ T3316] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 29.071819][ T3317] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 29.082418][ T3316] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 29.094659][ T3316] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 29.103592][ T3316] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 29.117204][ T3322] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.133405][ T933] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.140467][ T933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.163245][ T933] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.170320][ T933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.178569][ T3321] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 29.190191][ T3321] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 29.201304][ T3321] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 29.210310][ T3321] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 29.249202][ T3322] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.259581][ T3322] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.307455][ T3326] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.315565][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.327968][ T3326] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.351931][ T1521] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.359011][ T1521] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.375147][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.384820][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.393445][ T1521] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.400595][ T1521] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.413827][ T3321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.424739][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.431819][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.445421][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.459928][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.466992][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.478488][ T3321] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.499323][ T3316] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.507904][ T933] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.514963][ T933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.528047][ T933] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.535098][ T933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.553170][ T933] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.560235][ T933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.573690][ T933] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.580851][ T933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.603361][ T3317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.640650][ T3321] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.651116][ T3321] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.668099][ T3322] veth0_vlan: entered promiscuous mode [ 29.699259][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.717639][ T3322] veth1_vlan: entered promiscuous mode [ 29.740461][ T3321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.773172][ T3322] veth0_macvtap: entered promiscuous mode [ 29.781340][ T3322] veth1_macvtap: entered promiscuous mode [ 29.806769][ T3326] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.827399][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.845989][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.854744][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.872884][ T1521] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.899361][ T1521] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.910120][ T3317] veth0_vlan: entered promiscuous mode [ 29.917480][ T3317] veth1_vlan: entered promiscuous mode [ 29.932921][ T1521] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.959466][ T3317] veth0_macvtap: entered promiscuous mode [ 29.975153][ T3322] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 29.975577][ T1521] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.005413][ T3317] veth1_macvtap: entered promiscuous mode [ 30.034917][ T3326] veth0_vlan: entered promiscuous mode [ 30.061086][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.079192][ T3326] veth1_vlan: entered promiscuous mode [ 30.085992][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.110661][ T946] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.120449][ T3316] veth0_vlan: entered promiscuous mode [ 30.130799][ T3321] veth0_vlan: entered promiscuous mode [ 30.136441][ T946] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.147190][ T946] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.157346][ T3316] veth1_vlan: entered promiscuous mode [ 30.164044][ T3321] veth1_vlan: entered promiscuous mode [ 30.170458][ T946] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.208806][ T3493] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 30.213838][ T3326] veth0_macvtap: entered promiscuous mode [ 30.226874][ T3493] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 30.248052][ T3326] veth1_macvtap: entered promiscuous mode [ 30.266906][ T3496] loop1: detected capacity change from 0 to 1024 [ 30.274512][ T29] kauditd_printk_skb: 43 callbacks suppressed [ 30.274525][ T29] audit: type=1400 audit(1765651760.187:123): avc: denied { create } for pid=3497 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 30.277925][ T3496] EXT4-fs: inline encryption not supported [ 30.282971][ T3321] veth0_macvtap: entered promiscuous mode [ 30.300936][ T3496] EXT4-fs: Ignoring removed orlov option [ 30.309901][ T3321] veth1_macvtap: entered promiscuous mode [ 30.328681][ T29] audit: type=1400 audit(1765651760.237:124): avc: denied { write } for pid=3497 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 30.357807][ T3496] EXT4-fs (loop1): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 30.361780][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.375915][ T3316] veth0_macvtap: entered promiscuous mode [ 30.385691][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.404959][ T3316] veth1_macvtap: entered promiscuous mode [ 30.411218][ T3496] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e840c018, mo2=0002] [ 30.415598][ T3502] IPv6: NLM_F_CREATE should be specified when creating new route [ 30.425605][ T3496] System zones: 0-1, 3-12 [ 30.428188][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.441656][ T3496] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.442978][ T3321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.468545][ T29] audit: type=1400 audit(1765651760.377:125): avc: denied { mount } for pid=3495 comm="syz.1.9" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 30.503068][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.520189][ T295] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.524157][ T29] audit: type=1400 audit(1765651760.437:126): avc: denied { setattr } for pid=3495 comm="syz.1.9" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.550866][ T29] audit: type=1400 audit(1765651760.467:127): avc: denied { add_name } for pid=3495 comm="syz.1.9" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.572600][ T29] audit: type=1400 audit(1765651760.467:128): avc: denied { create } for pid=3495 comm="syz.1.9" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 30.593904][ T29] audit: type=1400 audit(1765651760.467:129): avc: denied { read append open } for pid=3495 comm="syz.1.9" path="/4/file1/cpuset.effective_cpus" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 30.620606][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.640537][ T295] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.664688][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.691577][ T295] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.742467][ T295] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.757714][ T29] audit: type=1400 audit(1765651760.667:130): avc: denied { create } for pid=3517 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 30.777759][ T3519] gre0: entered promiscuous mode [ 30.782815][ T3519] gre0: entered allmulticast mode [ 30.791464][ T29] audit: type=1400 audit(1765651760.687:131): avc: denied { setopt } for pid=3517 comm="syz.2.3" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 30.811526][ T295] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.821427][ T295] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.830605][ T295] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.842024][ T295] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.858887][ T29] audit: type=1400 audit(1765651760.707:132): avc: denied { read write } for pid=3326 comm="syz-executor" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 30.896223][ T3529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 30.899847][ T295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.926373][ T3532] syz.3.17 uses obsolete (PF_INET,SOCK_PACKET) [ 30.933420][ T295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.947957][ T3529] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 30.961170][ T295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.970220][ T295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.000452][ T3536] openvswitch: netlink: Missing key (keys=40, expected=80) [ 31.027803][ T3538] loop2: detected capacity change from 0 to 512 [ 31.037626][ T3538] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 31.064312][ T3538] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 31.072642][ T3538] EXT4-fs (loop2): orphan cleanup on readonly fs [ 31.081860][ T3538] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.19: corrupted inode contents [ 31.093889][ T3538] EXT4-fs (loop2): Remounting filesystem read-only [ 31.100892][ T3538] EXT4-fs (loop2): 1 truncate cleaned up [ 31.106862][ T52] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 31.117399][ T52] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 31.128370][ T52] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 31.140004][ T3538] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 31.169235][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.182032][ T3549] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 31.256137][ T3558] loop1: detected capacity change from 0 to 512 [ 31.371613][ T3558] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 31.384251][ T3558] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.419997][ T3558] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.28: corrupted xattr block 6: invalid header [ 31.441988][ T3558] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=12 [ 31.442144][ T3568] netlink: 28 bytes leftover after parsing attributes in process `syz.2.32'. [ 31.451436][ T3558] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.28: corrupted xattr block 6: invalid header [ 31.459863][ T3568] netlink: 'syz.2.32': attribute type 7 has an invalid length. [ 31.480344][ T3568] netlink: 'syz.2.32': attribute type 8 has an invalid length. [ 31.487929][ T3568] netlink: 4 bytes leftover after parsing attributes in process `syz.2.32'. [ 31.501667][ T3570] netlink: 20 bytes leftover after parsing attributes in process `syz.3.31'. [ 31.510855][ T3558] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=12 [ 31.540704][ T3558] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.28: corrupted xattr block 6: invalid header [ 31.588716][ T3558] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=12 [ 31.606637][ T3558] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.28: corrupted xattr block 6: invalid header [ 31.625330][ T3578] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3578 comm=syz.3.36 [ 31.637757][ T3578] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=3578 comm=syz.3.36 [ 31.650847][ T3558] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=12 [ 31.685099][ T3558] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.28: corrupted xattr block 6: invalid header [ 31.719916][ T3558] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=12 [ 31.749299][ T3558] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #12: comm syz.1.28: corrupted xattr block 6: invalid header [ 31.796010][ T3591] loop0: detected capacity change from 0 to 512 [ 31.886745][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.912916][ T3597] loop4: detected capacity change from 0 to 512 [ 31.915056][ T3599] netlink: 340 bytes leftover after parsing attributes in process `syz.0.47'. [ 31.935797][ T3597] netlink: 'syz.4.45': attribute type 1 has an invalid length. [ 31.943458][ T3597] netlink: 'syz.4.45': attribute type 4 has an invalid length. [ 31.951109][ T3597] netlink: 212 bytes leftover after parsing attributes in process `syz.4.45'. [ 32.017782][ T3606] loop4: detected capacity change from 0 to 512 [ 32.030984][ T3606] EXT4-fs: Ignoring removed i_version option [ 32.037059][ T3606] EXT4-fs: Ignoring removed bh option [ 32.046609][ T3604] 9pnet: p9_errstr2errno: server reported unknown error [ 32.075755][ T3606] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.107758][ T3606] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 32.115249][ T3611] loop0: detected capacity change from 0 to 2048 [ 32.160993][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.267017][ T3623] loop1: detected capacity change from 0 to 2048 [ 32.309460][ T3556] loop1: p1 < > p4 [ 32.317183][ T3556] loop1: p4 size 8388608 extends beyond EOD, truncated [ 32.332621][ T3634] netlink: 12 bytes leftover after parsing attributes in process `syz.0.59'. [ 32.351266][ T3634] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 32.365469][ T3623] loop1: p1 < > p4 [ 32.369558][ T3637] SELinux: failed to load policy [ 32.369829][ T3623] loop1: p4 size 8388608 extends beyond EOD, truncated [ 32.512284][ T3556] udevd[3556]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 32.513380][ T3632] udevd[3632]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 32.539116][ T3656] loop4: detected capacity change from 0 to 128 [ 32.567795][ T3656] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 32.584855][ T3656] ext4 filesystem being mounted at /11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 32.645071][ T3321] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 32.731924][ T3664] loop3: detected capacity change from 0 to 1024 [ 32.766959][ T3664] ======================================================= [ 32.766959][ T3664] WARNING: The mand mount option has been deprecated and [ 32.766959][ T3664] and is ignored by this kernel. Remove the mand [ 32.766959][ T3664] option from the mount to silence this warning. [ 32.766959][ T3664] ======================================================= [ 32.836992][ T3678] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 32.868969][ T3678] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.81: invalid indirect mapped block 2683928664 (level 1) [ 32.919133][ T3678] EXT4-fs (loop1): Remounting filesystem read-only [ 32.925869][ T3678] EXT4-fs (loop1): 1 truncate cleaned up [ 32.933340][ T3664] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 32.958061][ T3678] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.972639][ T3664] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.987629][ T3682] infiniband syz!: set active [ 32.992353][ T3682] infiniband syz!: added team_slave_0 [ 33.019873][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.031425][ T3664] EXT4-fs error (device loop3): ext4_map_blocks:825: inode #15: block 3: comm syz.3.75: lblock 3 mapped to illegal pblock 3 (length 3) [ 33.048354][ T3664] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 33.060647][ T3664] EXT4-fs (loop3): This should not happen!! Data will be lost [ 33.060647][ T3664] [ 33.073609][ T3682] RDS/IB: syz!: added [ 33.108688][ T3682] smc: adding ib device syz! with port count 1 [ 33.121638][ T3682] smc: ib device syz! port 1 has no pnetid [ 33.185112][ T3695] ------------[ cut here ]------------ [ 33.190670][ T3695] EA inode 11 i_nlink=2 [ 33.190694][ T3695] WARNING: fs/ext4/xattr.c:1058 at 0x0, CPU#1: syz.1.87/3695 [ 33.198538][ T3693] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.202345][ T3695] Modules linked in: [ 33.202382][ T3695] CPU: 1 UID: 0 PID: 3695 Comm: syz.1.87 Not tainted syzkaller #0 PREEMPT(voluntary) [ 33.214904][ T3693] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.218768][ T3695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 33.248914][ T3695] RIP: 0010:ext4_xattr_inode_update_ref+0x305/0x320 [ 33.255714][ T3695] Code: 51 cf 9c ff 4c 8d 2d da bc 20 05 49 8d 7e 40 e8 d1 61 b8 ff 49 8b 6e 40 4c 89 e7 e8 e5 5c b8 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 2b ff ff ff e8 fc eb ba 03 66 66 66 2e 0f 1f 84 [ 33.275401][ T3695] RSP: 0018:ffffc9001012b5a0 EFLAGS: 00010246 [ 33.281568][ T3695] RAX: ffff88810a36dd10 RBX: ffff88811b0cedb8 RCX: ffffffff81bb4f2b [ 33.289585][ T3695] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff86dc0bf0 [ 33.297545][ T3695] RBP: 000000000000000b R08: 000188811b0ced6b R09: 0000000000000000 [ 33.305530][ T3695] R10: ffffc9001012b4d0 R11: 0001c9001012b4d0 R12: ffff88811b0ced68 [ 33.313571][ T3695] R13: ffffffff86dc0bf0 R14: ffff88811b0ced20 R15: 0000000000000001 [ 33.321696][ T3695] FS: 00007f1e594e76c0(0000) GS:ffff8882aeec2000(0000) knlGS:0000000000000000 [ 33.330641][ T3695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.337215][ T3695] CR2: 00007f4d88c33000 CR3: 000000011d5d0000 CR4: 00000000003506f0 [ 33.345197][ T3695] Call Trace: [ 33.348475][ T3695] [ 33.351419][ T3695] ext4_xattr_set_entry+0x77f/0x1020 [ 33.356714][ T3695] ext4_xattr_ibody_set+0x184/0x3c0 [ 33.361954][ T3695] ext4_expand_extra_isize_ea+0xcbb/0x11f0 [ 33.367790][ T3695] __ext4_expand_extra_isize+0x246/0x280 [ 33.373471][ T3695] __ext4_mark_inode_dirty+0x29d/0x3f0 [ 33.378950][ T3695] ext4_evict_inode+0x7c4/0xd40 [ 33.383856][ T3695] ? __pfx_ext4_evict_inode+0x10/0x10 [ 33.389294][ T3695] evict+0x2af/0x510 [ 33.393277][ T3695] ? __dquot_initialize+0x146/0x7c0 [ 33.393361][ T3664] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #15: block 3: comm syz.3.75: lblock 3 mapped to illegal pblock 3 (length 1) [ 33.398516][ T3695] iput+0x4bd/0x650 [ 33.416266][ T3695] ext4_process_orphan+0x1a9/0x1c0 [ 33.421423][ T3695] ext4_orphan_cleanup+0x6a8/0xa00 [ 33.426549][ T3695] ext4_fill_super+0x3411/0x37a0 [ 33.431561][ T3695] ? set_blocksize+0x1a8/0x310 [ 33.436325][ T3695] ? sb_set_blocksize+0xfc/0x170 [ 33.441278][ T3695] ? setup_bdev_super+0x30e/0x370 [ 33.446414][ T3695] ? __pfx_ext4_fill_super+0x10/0x10 [ 33.451782][ T3695] get_tree_bdev_flags+0x291/0x300 [ 33.456950][ T3695] ? __pfx_ext4_fill_super+0x10/0x10 [ 33.462469][ T3695] get_tree_bdev+0x1f/0x30 [ 33.463056][ T3664] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #15: block 3: comm syz.3.75: lblock 3 mapped to illegal pblock 3 (length 1) [ 33.466994][ T3695] ext4_get_tree+0x1c/0x30 [ 33.485159][ T3695] vfs_get_tree+0x57/0x1d0 [ 33.489595][ T3695] do_new_mount+0x24d/0x6a0 [ 33.494180][ T3695] path_mount+0x4ab/0xb80 [ 33.498506][ T3695] ? user_path_at+0xbf/0x130 [ 33.503126][ T3695] __se_sys_mount+0x28c/0x2e0 [ 33.507855][ T3695] __x64_sys_mount+0x67/0x80 [ 33.512547][ T3695] x64_sys_call+0x2cca/0x3000 [ 33.517248][ T3695] do_syscall_64+0xd8/0x2a0 [ 33.521911][ T3695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 33.527933][ T3695] RIP: 0033:0x7f1e5aa80eea [ 33.531532][ T3664] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #15: block 3: comm syz.3.75: lblock 3 mapped to illegal pblock 3 (length 1) [ 33.532378][ T3695] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 33.565904][ T3695] RSP: 002b:00007f1e594e6e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 33.574437][ T3695] RAX: ffffffffffffffda RBX: 00007f1e594e6ef0 RCX: 00007f1e5aa80eea [ 33.582424][ T3695] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f1e594e6eb0 [ 33.590419][ T3695] RBP: 0000200000000180 R08: 00007f1e594e6ef0 R09: 0000000000800700 [ 33.598389][ T3695] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 33.606450][ T3695] R13: 00007f1e594e6eb0 R14: 000000000000046f R15: 000000000000002c [ 33.614461][ T3695] [ 33.617478][ T3695] ---[ end trace 0000000000000000 ]--- [ 33.623500][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.626050][ T3695] EXT4-fs error (device loop1): ext4_xattr_inode_iget:441: inode #18: comm syz.1.87: iget: bad extra_isize 90 (inode size 256) [ 33.646111][ T3695] EXT4-fs (loop1): Remounting filesystem read-only [ 33.653207][ T3695] EXT4-fs warning (device loop1): ext4_evict_inode:273: xattr delete (err -30) [ 33.662388][ T946] EXT4-fs error (device loop3): ext4_map_blocks:825: inode #15: block 8: comm kworker/u8:7: lblock 8 mapped to illegal pblock 8 (length 8) [ 33.678055][ T946] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 33.690376][ T946] EXT4-fs (loop3): This should not happen!! Data will be lost [ 33.690376][ T946] [ 33.699029][ T3695] EXT4-fs (loop1): 1 orphan inode deleted [ 33.706478][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 33.723310][ T3695] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.768388][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.815057][ T3716] unsupported nla_type 52263 [ 34.052844][ T3732] Alternate GPT is invalid, using primary GPT. [ 34.059224][ T3732] loop3: p2 p3 p7 [ 34.168923][ T3745] random: crng reseeded on system resumption [ 34.186255][ T3307] udevd[3307]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 34.195336][ T3743] SELinux: failed to load policy [ 34.202226][ T3556] udevd[3556]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 34.218908][ T3632] udevd[3632]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 34.340750][ T3762] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.353543][ T3762] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.367655][ T3762] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #2: comm syz.0.118: corrupted inode contents [ 34.390847][ T3762] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #2: comm syz.0.118: mark_inode_dirty error [ 34.412040][ T3762] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #2: comm syz.0.118: corrupted inode contents [ 34.424177][ T3762] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.118: mark_inode_dirty error [ 34.456913][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.519293][ T3782] Driver unsupported XDP return value 0 on prog (id 80) dev N/A, expect packet loss! [ 34.529729][ T3775] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.619614][ T3326] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 34.634312][ T3326] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 34.657055][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.072938][ T23] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 35.088941][ T23] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 35.106982][ T3842] EXT4-fs error (device loop2): ext4_xattr_inode_iget:441: inode #18: comm syz.2.153: iget: bad extra_isize 90 (inode size 256) [ 35.184409][ T3842] EXT4-fs (loop2): Remounting filesystem read-only [ 35.192206][ T3842] EXT4-fs warning (device loop2): ext4_evict_inode:273: xattr delete (err -30) [ 35.201490][ T3842] EXT4-fs (loop2): 1 orphan inode deleted [ 35.207777][ T3842] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.232509][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.295728][ T29] kauditd_printk_skb: 190 callbacks suppressed [ 35.295743][ T29] audit: type=1326 audit(1765651765.207:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3869 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 35.327690][ T29] audit: type=1326 audit(1765651765.207:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3869 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 35.378967][ T29] audit: type=1326 audit(1765651765.297:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3869 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 35.414528][ T29] audit: type=1326 audit(1765651765.317:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3869 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 35.437858][ T29] audit: type=1326 audit(1765651765.317:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3869 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 35.461286][ T29] audit: type=1326 audit(1765651765.317:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3869 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 35.484572][ T29] audit: type=1326 audit(1765651765.317:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3869 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 35.508219][ T29] audit: type=1326 audit(1765651765.317:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3869 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 35.531501][ T29] audit: type=1326 audit(1765651765.317:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3869 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 35.531527][ T29] audit: type=1326 audit(1765651765.317:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3869 comm="syz.2.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 35.792757][ T1582] tipc: Subscription rejected, illegal request [ 35.822962][ T3915] set_capacity_and_notify: 7 callbacks suppressed [ 35.822991][ T3915] loop4: detected capacity change from 0 to 1024 [ 35.836405][ T3915] EXT4-fs: Ignoring removed mblk_io_submit option [ 35.842828][ T3910] loop0: detected capacity change from 0 to 8192 [ 35.846621][ T3913] loop2: detected capacity change from 0 to 512 [ 35.861767][ T3915] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.879875][ T3913] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 35.906041][ T3915] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 35.919710][ T3919] netlink: 774 bytes leftover after parsing attributes in process `syz.1.180'. [ 35.930260][ T3913] EXT4-fs (loop2): 1 truncate cleaned up [ 35.936304][ T3913] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.966383][ T3923] IPv6: NLM_F_CREATE should be specified when creating new route [ 35.976431][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.037208][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.060976][ T3928] loop1: detected capacity change from 0 to 512 [ 36.074307][ T3929] process 'syz.4.182' launched './file0' with NULL argv: empty string added [ 36.080219][ T3928] EXT4-fs: Ignoring removed i_version option [ 36.089022][ T3928] EXT4-fs: Ignoring removed bh option [ 36.108925][ T3929] Invalid argument reading file caps for ./file0 [ 36.245179][ T3928] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.274329][ T3928] ext4 filesystem being mounted at /43/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 36.332634][ T3928] EXT4-fs error (device loop1): ext4_resize_begin:60: comm syz.1.185: resize_inode disabled but reserved GDT blocks non-zero [ 36.420334][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.560713][ T3952] loop1: detected capacity change from 0 to 512 [ 36.577194][ T3952] EXT4-fs (loop1): 1 truncate cleaned up [ 36.591437][ T3957] loop4: detected capacity change from 0 to 128 [ 36.592409][ T3952] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.684963][ T3963] loop3: detected capacity change from 0 to 512 [ 36.701442][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.718364][ T3959] loop4: detected capacity change from 0 to 512 [ 36.749890][ T3966] netlink: 12 bytes leftover after parsing attributes in process `syz.2.200'. [ 36.766366][ T3963] EXT4-fs: Ignoring removed bh option [ 36.792336][ T3959] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 36.820968][ T3968] netlink: 8 bytes leftover after parsing attributes in process `syz.1.199'. [ 36.833755][ T3963] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.850619][ T3963] ext4 filesystem being mounted at /44/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 36.861666][ T3959] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 36.889046][ T3977] loop1: detected capacity change from 0 to 1024 [ 36.895593][ T3959] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.196: bg 0: block 248: padding at end of block bitmap is not set [ 36.910846][ T3977] EXT4-fs: Ignoring removed orlov option [ 36.926405][ T3959] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.196: Failed to acquire dquot type 1 [ 36.938467][ T3959] EXT4-fs (loop4): 1 truncate cleaned up [ 36.947285][ T3959] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 36.973163][ T3977] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.981152][ T3959] syz.4.196 (3959) used greatest stack depth: 8944 bytes left [ 36.998407][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.031622][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 37.257218][ T4006] batadv_slave_0: entered promiscuous mode [ 37.264123][ T4005] batadv_slave_0: left promiscuous mode [ 37.274044][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.484979][ T4024] loop0: detected capacity change from 0 to 2048 [ 37.519090][ T3632] loop0: p1 < > p4 [ 37.524437][ T3632] loop0: p4 size 8388608 extends beyond EOD, truncated [ 37.541117][ T4024] loop0: p1 < > p4 [ 37.545714][ T4024] loop0: p4 size 8388608 extends beyond EOD, truncated [ 37.688452][ T3556] udevd[3556]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 37.690197][ T3632] udevd[3632]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 37.728685][ T4043] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 37.778809][ T4043] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 37.787150][ T4043] Symlink component flag not implemented [ 37.792818][ T4043] Symlink component flag not implemented [ 37.798954][ T4043] Symlink component flag not implemented (7) [ 37.805074][ T4043] Symlink component flag not implemented (116) [ 37.857054][ T3007] udevd[3007]: worker [3632] terminated by signal 33 (Unknown signal 33) [ 37.896195][ T4052] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 37.931536][ T4052] EXT4-fs (loop1): 1 truncate cleaned up [ 37.972310][ T4052] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.005484][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.015148][ T4068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.240'. [ 38.028504][ T4068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.240'. [ 38.045348][ T4068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.240'. [ 38.055893][ T4068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.240'. [ 38.079453][ T4074] syz.4.243 (4074): /proc/4073/oom_adj is deprecated, please use /proc/4073/oom_score_adj instead. [ 38.171221][ T4091] xt_hashlimit: max too large, truncated to 1048576 [ 38.179642][ T4091] xt_CT: You must specify a L4 protocol and not use inversions on it [ 38.303139][ T4112] EXT4-fs: Ignoring removed mblk_io_submit option [ 38.311070][ T4112] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 38.319017][ T4112] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042e018, mo2=0002] [ 38.327317][ T4112] System zones: 0-1, 15-15, 18-18, 34-34 [ 38.333565][ T4112] EXT4-fs (loop4): orphan cleanup on readonly fs [ 38.351885][ T4112] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.262: bg 0: block 15: invalid block bitmap [ 38.365323][ T4112] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 38.377391][ T4117] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 38.389742][ T4112] EXT4-fs (loop4): 1 truncate cleaned up [ 38.395730][ T4112] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 38.439213][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.637395][ T4147] program syz.1.278 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 38.678056][ T4155] rock: directory entry would overflow storage [ 38.684322][ T4155] rock: sig=0x4f50, size=4, remaining=3 [ 38.689955][ T4155] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 38.727094][ T4162] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 38.749749][ T4162] EXT4-fs (loop4): failed to initialize system zone (-117) [ 38.763507][ T4162] EXT4-fs (loop4): mount failed [ 38.841350][ T4179] netlink: 'syz.4.291': attribute type 29 has an invalid length. [ 38.873540][ T4184] Zero length message leads to an empty skb [ 38.957327][ T4196] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.985025][ T4196] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.300: bg 0: block 234: padding at end of block bitmap is not set [ 38.999513][ T4196] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 117 [ 39.011953][ T4196] EXT4-fs (loop3): This should not happen!! Data will be lost [ 39.011953][ T4196] [ 39.045338][ T959] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 39.057694][ T959] EXT4-fs (loop3): This should not happen!! Data will be lost [ 39.057694][ T959] [ 39.067405][ T959] EXT4-fs (loop3): Total free blocks count 0 [ 39.073398][ T959] EXT4-fs (loop3): Free/Dirty block details [ 39.079318][ T959] EXT4-fs (loop3): free_blocks=0 [ 39.084328][ T959] EXT4-fs (loop3): dirty_blocks=16 [ 39.089447][ T959] EXT4-fs (loop3): Block reservation details [ 39.131158][ T4225] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 39.153512][ T4225] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.254840][ T4242] EXT4-fs error (device loop1): ext4_free_blocks:6728: comm syz.1.311: Freeing blocks not in datazone - block = 0, count = 16 [ 39.332996][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 39.408603][ T4257] netlink: 104 bytes leftover after parsing attributes in process `syz.1.321'. [ 39.516425][ T4267] sd 0:0:1:0: device reset [ 39.540592][ T4268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.557246][ T4268] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.616890][ T4284] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 39.635826][ T4286] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.330: bg 0: block 345: padding at end of block bitmap is not set [ 39.650365][ T4286] EXT4-fs (loop2): Remounting filesystem read-only [ 39.711912][ T4291] EXT4-fs: Ignoring removed mblk_io_submit option [ 39.753427][ T4291] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 39.761443][ T4291] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042e018, mo2=0002] [ 39.818803][ T4291] System zones: 0-1, 15-15, 18-18, 34-34 [ 39.824623][ T4291] EXT4-fs (loop3): orphan cleanup on readonly fs [ 39.831704][ T4291] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.339: bg 0: block 15: invalid block bitmap [ 39.844137][ T4291] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 39.853465][ T4291] EXT4-fs (loop3): 1 truncate cleaned up [ 39.859975][ T4291] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 39.880198][ T4297] SELinux: failed to load policy [ 39.892261][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.904967][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.917225][ T4301] EXT4-fs: Ignoring removed orlov option [ 39.948525][ T4301] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.020259][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.041205][ T4322] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 40.097007][ T4331] netlink: 104 bytes leftover after parsing attributes in process `syz.2.365'. [ 40.130082][ T4330] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.142850][ T4330] ext4 filesystem being mounted at /63/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.217611][ T4337] EXT4-fs: Ignoring removed mblk_io_submit option [ 40.232039][ T4339] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.355: bg 0: block 345: padding at end of block bitmap is not set [ 40.250620][ T4337] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 40.258539][ T4337] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042e018, mo2=0002] [ 40.266764][ T4339] EXT4-fs (loop4): Remounting filesystem read-only [ 40.288685][ T4337] System zones: 0-1, 15-15, 18-18, 34-34 [ 40.294701][ T4337] EXT4-fs (loop2): orphan cleanup on readonly fs [ 40.339514][ T4337] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.356: bg 0: block 15: invalid block bitmap [ 40.374986][ T4337] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 40.384435][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.394955][ T4337] EXT4-fs (loop2): 1 truncate cleaned up [ 40.401016][ T4337] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 40.449051][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.490778][ T4346] netlink: 272 bytes leftover after parsing attributes in process `syz.2.360'. [ 40.520653][ T4350] netlink: 300 bytes leftover after parsing attributes in process `syz.4.361'. [ 40.531308][ T4349] SELinux: failed to load policy [ 40.561476][ T29] kauditd_printk_skb: 263 callbacks suppressed [ 40.561491][ T29] audit: type=1400 audit(1765651770.477:588): avc: denied { setcheckreqprot } for pid=4353 comm="syz.2.362" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 40.608787][ T4358] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 40.656249][ T4367] netem: change failed [ 40.721208][ T29] audit: type=1400 audit(1765651770.637:589): avc: denied { write } for pid=4374 comm="syz.3.373" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 40.782830][ T29] audit: type=1400 audit(1765651770.697:590): avc: denied { connect } for pid=4380 comm="syz.3.375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 40.814636][ T29] audit: type=1400 audit(1765651770.727:591): avc: denied { write } for pid=4380 comm="syz.3.375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 40.856597][ T4389] sock: sock_set_timeout: `syz.1.381' (pid 4389) tries to set negative timeout [ 40.902189][ T29] audit: type=1326 audit(1765651770.817:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4392 comm="syz.3.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15aa3ef749 code=0x7ffc0000 [ 40.957432][ T29] audit: type=1326 audit(1765651770.847:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4392 comm="syz.3.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15aa3ef749 code=0x7ffc0000 [ 40.980756][ T29] audit: type=1326 audit(1765651770.847:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4392 comm="syz.3.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15aa3ef749 code=0x7ffc0000 [ 41.004079][ T29] audit: type=1326 audit(1765651770.847:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4392 comm="syz.3.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15aa3ef749 code=0x7ffc0000 [ 41.027282][ T29] audit: type=1326 audit(1765651770.847:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4392 comm="syz.3.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15aa3ef749 code=0x7ffc0000 [ 41.050568][ T29] audit: type=1326 audit(1765651770.847:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4392 comm="syz.3.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15aa3ef749 code=0x7ffc0000 [ 41.190383][ T4422] netlink: 'syz.1.396': attribute type 21 has an invalid length. [ 41.239652][ T4429] set_capacity_and_notify: 14 callbacks suppressed [ 41.239668][ T4429] loop1: detected capacity change from 0 to 2048 [ 41.274143][ T4429] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=8842c128, mo2=0002] [ 41.299864][ T4429] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.331004][ T4444] bond1 (unregistering): Released all slaves [ 41.344247][ T4429] EXT4-fs error (device loop1): ext4_ext_precache:649: inode #2: comm syz.1.397: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 41.361177][ T4429] EXT4-fs (loop1): Remounting filesystem read-only [ 41.416806][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.548820][ T4482] loop2: detected capacity change from 0 to 128 [ 41.564964][ T4482] syz.2.422: attempt to access beyond end of device [ 41.564964][ T4482] loop2: rw=2049, sector=145, nr_sectors = 3 limit=128 [ 41.697379][ T3475] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 41.704894][ T3475] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 41.712329][ T3475] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 41.719786][ T3475] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 41.728394][ T3475] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 41.737437][ T3475] hid-generic 00A0:0006:0003.0002: hidraw0: HID v0.05 Device [syz1] on syz0 [ 41.779489][ T4512] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 41.869223][ T3419] kernel write not supported for file /sysvipc/msg (pid: 3419 comm: kworker/0:3) [ 41.885872][ T4535] __nla_validate_parse: 7 callbacks suppressed [ 41.885885][ T4535] netlink: 16 bytes leftover after parsing attributes in process `+}[@'. [ 41.960225][ T4547] loop2: detected capacity change from 0 to 1024 [ 42.002661][ T4547] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.059774][ T4561] netlink: 12 bytes leftover after parsing attributes in process `syz.1.457'. [ 42.068779][ T4561] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 42.083265][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.096126][ T4559] loop3: detected capacity change from 0 to 1024 [ 42.106894][ T4567] loop1: detected capacity change from 0 to 512 [ 42.113574][ T4559] EXT4-fs: Ignoring removed orlov option [ 42.120451][ T4559] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 42.130899][ T4567] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 42.150867][ T4567] EXT4-fs (loop1): 1 orphan inode deleted [ 42.156611][ T4567] EXT4-fs (loop1): 1 truncate cleaned up [ 42.164095][ T4559] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.169096][ T4567] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.211111][ T4567] EXT4-fs error (device loop1): ext4_lookup:1785: inode #15: comm syz.1.461: iget: bad extra_isize 46 (inode size 256) [ 42.224037][ T4567] EXT4-fs (loop1): Remounting filesystem read-only [ 42.250215][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.284293][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.343465][ T4589] netlink: 24 bytes leftover after parsing attributes in process `syz.3.469'. [ 42.422111][ T4605] netlink: 'syz.0.478': attribute type 29 has an invalid length. [ 42.494818][ T4619] syzkaller1: entered promiscuous mode [ 42.500428][ T4619] syzkaller1: entered allmulticast mode [ 42.644714][ T4640] x_tables: duplicate underflow at hook 1 [ 42.694128][ T4648] netlink: 36 bytes leftover after parsing attributes in process `syz.0.499'. [ 42.737970][ T4654] loop4: detected capacity change from 0 to 1024 [ 42.753696][ T4654] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.834170][ T4669] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 42.851492][ T4654] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4215: comm syz.4.502: Allocating blocks 449-513 which overlap fs metadata [ 42.936437][ T4653] EXT4-fs (loop4): pa ffff8881079cc1c0: logic 48, phys. 177, len 21 [ 42.944529][ T4653] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5466: group 0, free 0, pa_free 4 [ 42.974672][ T4678] loop2: detected capacity change from 0 to 512 [ 42.982339][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.011699][ T4678] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 43.039023][ T4678] EXT4-fs (loop2): mount failed [ 43.121030][ T4700] loop4: detected capacity change from 0 to 1024 [ 43.141257][ T4700] EXT4-fs: Ignoring removed bh option [ 43.166679][ T4700] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.236975][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.356163][ T4716] loop2: detected capacity change from 0 to 1024 [ 43.402880][ T4716] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 43.426216][ T4716] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.531099][ T4716] EXT4-fs error (device loop2): ext4_map_blocks:825: inode #15: comm syz.2.521: lblock 0 mapped to illegal pblock 0 (length 1) [ 43.561144][ T4716] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 43.573465][ T4716] EXT4-fs (loop2): This should not happen!! Data will be lost [ 43.573465][ T4716] [ 43.598383][ T4727] loop4: detected capacity change from 0 to 1024 [ 43.609433][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 43.629926][ T4727] EXT4-fs: Ignoring removed oldalloc option [ 43.637569][ T4727] EXT4-fs: Ignoring removed nomblk_io_submit option [ 43.654724][ T4727] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.722956][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.752204][ T4743] EXT4-fs: Ignoring removed nomblk_io_submit option [ 43.770511][ T4743] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.793876][ T4765] SELinux: Context system_u:object is not valid (left unmapped). [ 43.818159][ T3322] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.833226][ T4762] xt_hashlimit: max too large, truncated to 1048576 [ 43.841432][ T4763] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 43.851737][ T4763] EXT4-fs (loop3): orphan cleanup on readonly fs [ 43.869894][ T4763] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.538: corrupted inode contents [ 43.886023][ T4763] EXT4-fs (loop3): Remounting filesystem read-only [ 43.892806][ T4763] EXT4-fs (loop3): 1 truncate cleaned up [ 43.898885][ T1582] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 43.909508][ T1582] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 43.920228][ T1582] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 43.931332][ T4763] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 43.976246][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.016292][ T4790] EXT4-fs: Ignoring removed bh option [ 44.033982][ T4790] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 44.048537][ T4794] netlink: 24 bytes leftover after parsing attributes in process `syz.2.551'. [ 44.058423][ T4794] IPVS: Error connecting to the multicast addr [ 44.069610][ T4790] EXT4-fs (loop3): 1 truncate cleaned up [ 44.075828][ T4790] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.120921][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.221944][ T4817] Alternate GPT is invalid, using primary GPT. [ 44.228325][ T4817] loop1: p2 p3 p7 [ 44.253667][ T4825] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 44.303845][ T4828] program +}[@ is using a deprecated SCSI ioctl, please convert it to SG_IO [ 44.765184][ T4868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.587'. [ 44.796489][ T4874] capability: warning: `syz.1.590' uses deprecated v2 capabilities in a way that may be insecure [ 45.029286][ T4888] netlink: 24 bytes leftover after parsing attributes in process `syz.3.594'. [ 45.165471][ T4908] netlink: 24 bytes leftover after parsing attributes in process `syz.4.606'. [ 45.213184][ T4908] IPVS: Error connecting to the multicast addr [ 45.482062][ T4963] netlink: 12 bytes leftover after parsing attributes in process `syz.4.628'. [ 45.499241][ T4963] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 45.519091][ T4963] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 45.633176][ T29] kauditd_printk_skb: 213 callbacks suppressed [ 45.633263][ T29] audit: type=1400 audit(1765651775.547:804): avc: denied { map } for pid=4980 comm="syz.3.640" path="socket:[8169]" dev="sockfs" ino=8169 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 45.675827][ T29] audit: type=1400 audit(1765651775.547:805): avc: denied { read write } for pid=4980 comm="syz.3.640" path="socket:[8169]" dev="sockfs" ino=8169 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 45.727852][ T4988] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 45.738815][ T4988] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 45.749865][ T4988] JBD2: no valid journal superblock found [ 45.755631][ T4988] EXT4-fs (loop3): Could not load journal inode [ 45.783321][ T4988] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 45.808958][ T4983] hub 9-0:1.0: USB hub found [ 45.819304][ T29] audit: type=1400 audit(1765651775.737:806): avc: denied { ioctl } for pid=4995 comm="syz.3.647" path="/dev/mISDNtimer" dev="devtmpfs" ino=248 ioctlcmd=0x4940 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 45.828894][ T4983] hub 9-0:1.0: 8 ports detected [ 45.938529][ T5009] netlink: 'syz.3.653': attribute type 13 has an invalid length. [ 45.975723][ T5009] gretap0: refused to change device tx_queue_len [ 45.985026][ T5014] 9p: Bad value for 'rfdno' [ 45.990447][ T5009] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 46.026383][ T29] audit: type=1326 audit(1765651775.927:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5012 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 46.049686][ T29] audit: type=1326 audit(1765651775.927:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5012 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 46.072999][ T29] audit: type=1326 audit(1765651775.927:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5012 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 46.096257][ T29] audit: type=1326 audit(1765651775.927:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5012 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 46.119477][ T29] audit: type=1326 audit(1765651775.927:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5012 comm="syz.2.655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5945c8f749 code=0x7ffc0000 [ 46.235697][ T29] audit: type=1326 audit(1765651776.137:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5024 comm="syz.1.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e5aa7f749 code=0x7ffc0000 [ 46.258978][ T29] audit: type=1326 audit(1765651776.137:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5024 comm="syz.1.661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1e5aa7f749 code=0x7ffc0000 [ 46.319342][ T5022] IPv6: NLM_F_CREATE should be specified when creating new route [ 46.477560][ T5064] 9p: Bad value for 'rfdno' [ 47.278041][ T5103] netlink: 'syz.4.707': attribute type 1 has an invalid length. [ 47.287960][ T5105] 9p: Bad value for 'rfdno' [ 47.742063][ T5152] ================================================================== [ 47.750167][ T5152] BUG: KCSAN: data-race in n_tty_write / tty_set_termios [ 47.757199][ T5152] [ 47.759503][ T5152] write to 0xffff88811ba78d08 of 44 bytes by task 5155 on cpu 1: [ 47.767203][ T5152] tty_set_termios+0xc0/0x8c0 [ 47.771867][ T5152] set_termios+0x35b/0x4d0 [ 47.776268][ T5152] tty_mode_ioctl+0x379/0x5c0 [ 47.780928][ T5152] n_tty_ioctl_helper+0x91/0x210 [ 47.785855][ T5152] n_tty_ioctl+0x101/0x230 [ 47.790267][ T5152] tty_ioctl+0x83f/0xb80 [ 47.794492][ T5152] __se_sys_ioctl+0xce/0x140 [ 47.799091][ T5152] __x64_sys_ioctl+0x43/0x50 [ 47.803662][ T5152] x64_sys_call+0x14b0/0x3000 [ 47.808319][ T5152] do_syscall_64+0xd8/0x2a0 [ 47.812808][ T5152] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.818680][ T5152] [ 47.820986][ T5152] read to 0xffff88811ba78d14 of 4 bytes by task 5152 on cpu 0: [ 47.828501][ T5152] n_tty_write+0x9c/0xbf0 [ 47.832811][ T5152] file_tty_write+0x378/0x690 [ 47.837466][ T5152] tty_write+0x25/0x30 [ 47.841520][ T5152] vfs_write+0x52a/0x960 [ 47.845744][ T5152] ksys_write+0xda/0x1a0 [ 47.849975][ T5152] __x64_sys_write+0x40/0x50 [ 47.854541][ T5152] x64_sys_call+0x2847/0x3000 [ 47.859197][ T5152] do_syscall_64+0xd8/0x2a0 [ 47.863697][ T5152] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.869571][ T5152] [ 47.871870][ T5152] value changed: 0x00008a3b -> 0x00000009 [ 47.877570][ T5152] [ 47.879879][ T5152] Reported by Kernel Concurrency Sanitizer on: [ 47.886015][ T5152] CPU: 0 UID: 0 PID: 5152 Comm: syz.0.719 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 47.897200][ T5152] Tainted: [W]=WARN [ 47.900977][ T5152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 47.911012][ T5152] ==================================================================