last executing test programs: 1.593370265s ago: executing program 1 (id=835): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) socket$tipc(0x1e, 0x2, 0x0) r2 = syz_io_uring_setup(0x83a, &(0x7f0000000180)={0x0, 0x2b94, 0x1000, 0x4, 0x3cf}, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0x6, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x1a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x1000}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.355734499s ago: executing program 1 (id=838): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) r3 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0xfffffffe, 0x0, 0x1}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r2, 0x0, &(0x7f0000001c00)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) readv(r2, &(0x7f00000004c0)=[{&(0x7f00000001c0)=""/114, 0x72}], 0x1) io_uring_enter(r3, 0x47f5, 0x6021, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.200578272s ago: executing program 2 (id=849): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$inet_sctp(0x2, 0x5, 0x84) close(r2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}], 0x1, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r4}}], 0x20, 0x2400e044}, 0x0) 1.147221682s ago: executing program 3 (id=851): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001980)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x40050) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) recvmmsg$unix(r2, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000002780)=[{&(0x7f0000003100)=""/4096, 0x1000}], 0x1}}], 0x2, 0x400122a0, 0x0) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) close_range(r1, 0xffffffffffffffff, 0x100000000000000) 1.095508473s ago: executing program 2 (id=852): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = io_uring_setup(0x792b, &(0x7f0000000600)={0x0, 0x2002, 0x1, 0x0, 0x4b1}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r3}, 0x10) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2000002, 0x42032, 0xffffffffffffffff, 0x80000000) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) 1.003154625s ago: executing program 3 (id=857): r0 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000340)=ANY=[@ANYRES32], 0x1) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @local}, &(0x7f0000000140)=0xc) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x1, r1}) r3 = socket(0xa, 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3e, &(0x7f0000000000)=0xfffffffc, 0x4) ioctl(r3, 0x8916, &(0x7f0000000000)) ioctl(r3, 0x8936, &(0x7f0000000000)) 997.228924ms ago: executing program 2 (id=858): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000340)={r1, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) r3 = syz_open_pts(r0, 0x0) dup3(r3, r0, 0x0) 965.037555ms ago: executing program 3 (id=859): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) r3 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa004}, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000180)="10030600e0ff020004004788aa96a13bb100001100007fca1a00", 0x10608, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14) 942.215065ms ago: executing program 2 (id=860): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x4}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r3 = dup3(r2, r1, 0x0) recvmmsg(r3, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) 912.465546ms ago: executing program 3 (id=862): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0xc4, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0xb0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x3, r4}}]}, {0x4, 0xa}, {0xc}, {0xffac, 0x8, {0x0, 0x2}}}}, @m_mpls={0x5c, 0x2, 0x0, 0x0, {{0x9}, {0x30}, {0x4}, {0xc}, {0xc}}}]}]}, 0xc4}}, 0x0) 858.389457ms ago: executing program 3 (id=866): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) syz_io_uring_setup(0xe46, &(0x7f0000000380)={0x0, 0x5f39, 0x0, 0x4001, 0x2b7}, 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) close(r2) 816.918477ms ago: executing program 2 (id=869): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r0, 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff000) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) recvmmsg(r0, 0x0, 0x0, 0x40000033, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc3, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xa19a, 0x1000}, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f0000000340)='cpu\t&0&&\t') 729.743089ms ago: executing program 2 (id=872): syz_open_procfs(0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x2}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x5}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x55}, 0x4000) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x7, @loopback, 0x800000}, 0x1c) 729.559989ms ago: executing program 4 (id=873): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) r2 = epoll_create1(0x80000) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f00000000c0)={0xe000001a}) read$char_usb(r3, &(0x7f0000001980)=""/179, 0xb3) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000000)) 704.791399ms ago: executing program 0 (id=875): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'ip6gretap0\x00'}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r3}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40) 582.650591ms ago: executing program 0 (id=876): openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x441, 0x20) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) syz_mount_image$ext4(&(0x7f0000000300)='ext2\x00', &(0x7f0000000480)='./bus\x00', 0x0, &(0x7f0000000780)={[{@delalloc}, {@noload}, {@acl}, {@usrjquota}], [{@func={'func', 0x3d, 'MODULE_CHECK'}}, {@fowner_eq}, {@func={'func', 0x3d, 'FILE_CHECK'}}, {@fowner_lt}, {@fsname={'fsname', 0x3d, 'sched_switch\x00,<\xdcsP\aT*9\xb0\xdd\xe4{!#'}}]}, 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0x8004587d, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4}) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) 538.058242ms ago: executing program 0 (id=877): timer_create(0x9, 0x0, &(0x7f0000000500)=0x0) timer_settime(r0, 0x0, &(0x7f0000000540)={{0x77359400}, {0x77359400}}, 0x0) timer_gettime(r0, &(0x7f0000000000)) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x7, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x4, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000000), &(0x7f0000000080)=@udp}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r3, 0xffffffffffffffff}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000009c0)={{r4}, &(0x7f00000008c0), &(0x7f0000000980)='%pB \x00'}, 0x20) 533.598862ms ago: executing program 4 (id=878): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4, 0x0, 0x2}, 0x18) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r5, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) 499.510292ms ago: executing program 0 (id=879): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r2}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) 499.086512ms ago: executing program 1 (id=880): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x4}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r3 = dup3(r2, r1, 0x0) recvmmsg(r3, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) 434.755103ms ago: executing program 0 (id=881): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x4040) 434.458143ms ago: executing program 4 (id=882): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x6d33, 0x1000, 0x0, 0x4000000}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) 433.972833ms ago: executing program 4 (id=883): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = perf_event_open(&(0x7f0000000380)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x8) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, r0, 0x3) r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0xd814, 0x8, 0x80000000, 0xfffffffc}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x0, @fd_index=0x4, 0xfffffffffffffffd, 0x0}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) 400.725053ms ago: executing program 4 (id=884): r0 = io_uring_setup(0x1d48, &(0x7f0000000340)={0x0, 0x3350, 0x1000, 0xffffffff, 0x3bd}) r1 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) listen(r1, 0x4) recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}}], 0x1, 0x40000100, 0x0) close_range(r0, r1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3, 0x0, 0x2}, 0x18) 383.322344ms ago: executing program 1 (id=885): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000580)='./file0\x00', 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="002918d910d46be7099c66b02010b1f0b7c3dc1dabe625969fb0adc922385af53d57a1d35dd71c90d9dd649b53142dd3d4108b4c7db82e8475d5bb6fa2fa626cd92c7326ce1ba2f33b0aef2b2164e01d910058000084696959ea7f5a607a6572d2640cf9312a07000000260e3651a0cbfd2c080990fb4c76e9e613a759863734a70d0600ec77e8ba76aacbb21e4b903aa4873a9951f269a9c0f87805a1a0cbdf6b8644a1de05a8d9dd9687d67c8af7f68cb59e60d1fbefb49b93d6b72cce4162edc4468a13987d94d428df36915621aeff6dc1358a7331fa69e05c417c0196322e1e6b8dc29c496c76d02dfc2d7b48616fb3f01b221f4f8f484a00090964922de8909a1f9f7ef655a12a68a56cb341a8fba4cd81cedec9cb518d13d2a2564427b63b037494748a24daa21fe1256df68d000b2778bf0437cc642cd83c5a1b34eeffdf93ecbd85bb340eeef68dd60101769c74f94d217264c171feea0305bfc87c36247d90b129a9973f00000001d99b195d2f75653a0193672783c6dbca5d1445110621d8095064f0a034f492cf5aa4767a772d6f4967722546bfd83d3202f76c20a9d7f40f9e7818d77129df7fd072804e0227ecaa03dddd303a318d6f7763ce011543587e6a306780ca2f37db7e8a5b64a5059ac91ff2110e40ea13d70e1504653ba9eebcf61b427797fb3fd79d2bb9aaa13c9729fe323c4ac222991981381e004684fb200b17d2f6ede181067662ad8a31f45b613869ca8fc5b1dbe62407a1f6dcb86a4c430210e9bcfca9b83283b87316c4d17f388e0bab0500000092a82e12f8e5348f11e7739033e9081bfc598746cf032fa55d0300470000000019ac65f89ca7d96da3ca2db52f8ec80462fddf42dbbca24b720000000000000000000000000000005214e7febdbc00"], 0x1, 0x120b, &(0x7f0000002300)="$eJzs3M9rXFUUB/CTNv1hajJRa7UF6UE3unk2WbhyEyQF6YDSNoVWEF7NRIeZzIS8ITBFbHdu/TvEpTtB/AeyceNacJeNyy7EJ84LtglxEcFOWz6fzRzm3i9zH28YeJd7Zu/9bzZ7G1WxUY7ixMxMzG5F5MOMjBNxMhoP4p1bv/z6xo3bd66ttNur1zOvrtxcei8zFy7/+MmX37350+jcre8XfjgTu4uf7v2+/Nvuhd2Le3/e/KJbZbfKwXCUZd4dDkfl3X4n17tVr8j8uN8pq052B1Vn+8D4Rn+4tTXOcrA+P7e13amqLAfj7HXGORrmaHuc5edld5BFUeT8XPDfnY61bx/WdR1R16fidNR1Xb8Qc3EuXoz5WIhWLMZL8XK8Eufj1bgQr8XrcXEya9orBwAAAAAAAAAAAAAAAAAAgOeL/n8AAAAAAAAAAAAAAAAAAACYPv3/AAAAAAAAAAAAAAAAAAAAMH36/wEAAAAAAAAAAAAAAAAAAGD6bty+c22l3V69nnk2YvPrnbWdtea1GV/ZiG70oxNXohV/xKT7v9HUVz9sr17JicV4d/P+fv7+ztrJg/mlyd8JHJlfavJ5MH8m5h7PL0crzh+dXz4yfzbefuuxfBGt+PmzGEY/1uPv7KP8V0uZH3zUPpS/NJkHAAAAz4Mi/3Hk83tR5MxMM/XQePPmv+8P1K1D+wOHnq9n49LsFC+ciWp8r1f2+53tZ6vY/0rGvV55+WlYj+IYxf69e/C0rOcZLU5FxP/4EVP8UeKJeXTTp70SAAAAAAAAAAAAjuMYBwNnm/O2xz9OOO1rBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5iB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFcFAAD//78558w=") r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000001300)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 282.023676ms ago: executing program 1 (id=886): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xffffffffffffff1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r2, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0) 281.559466ms ago: executing program 4 (id=887): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) r1 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4}, &(0x7f00000001c0)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1}) io_uring_enter(r1, 0x6e2, 0x3900, 0x1, 0x0, 0xe00) rt_sigsuspend(&(0x7f00000002c0)={[0x225c17d03]}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 264.729796ms ago: executing program 1 (id=888): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x1e, 0x0, 0x5, 0xef, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) socket$inet(0x2b, 0x801, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x5f8, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10) 561.89µs ago: executing program 3 (id=889): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x5, 0x6, 0x8, 0xad, 0x0, 0xffffffffffffffff, 0x4000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4002, 0x5, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000000, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 0s ago: executing program 0 (id=890): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345}) r0 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0x0, 0x10, 0x0, 0x30f}, &(0x7f00000000c0)=0x0, &(0x7f0000000540)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x21, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts. [ 27.816635][ T29] audit: type=1400 audit(1750257077.586:62): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 27.817683][ T3295] cgroup: Unknown subsys name 'net' [ 27.839411][ T29] audit: type=1400 audit(1750257077.586:63): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.866758][ T29] audit: type=1400 audit(1750257077.616:64): avc: denied { unmount } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 28.002697][ T3295] cgroup: Unknown subsys name 'cpuset' [ 28.008958][ T3295] cgroup: Unknown subsys name 'rlimit' [ 28.101277][ T29] audit: type=1400 audit(1750257077.866:65): avc: denied { setattr } for pid=3295 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 28.124743][ T29] audit: type=1400 audit(1750257077.876:66): avc: denied { create } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.145333][ T29] audit: type=1400 audit(1750257077.876:67): avc: denied { write } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.165735][ T29] audit: type=1400 audit(1750257077.876:68): avc: denied { read } for pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.186041][ T29] audit: type=1400 audit(1750257077.886:69): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 28.210885][ T29] audit: type=1400 audit(1750257077.886:70): avc: denied { mount } for pid=3295 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 28.220251][ T3300] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 28.243140][ T29] audit: type=1400 audit(1750257078.016:71): avc: denied { relabelto } for pid=3300 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.313693][ T3295] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 29.435861][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 29.484779][ T3307] chnl_net:caif_netlink_parms(): no params data found [ 29.500172][ T3310] chnl_net:caif_netlink_parms(): no params data found [ 29.541759][ T3306] chnl_net:caif_netlink_parms(): no params data found [ 29.564608][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.571704][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.579069][ T3317] bridge_slave_0: entered allmulticast mode [ 29.585612][ T3317] bridge_slave_0: entered promiscuous mode [ 29.592455][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.599559][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.606784][ T3317] bridge_slave_1: entered allmulticast mode [ 29.613183][ T3317] bridge_slave_1: entered promiscuous mode [ 29.659295][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.686122][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.701823][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.709039][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.716217][ T3310] bridge_slave_0: entered allmulticast mode [ 29.722620][ T3310] bridge_slave_0: entered promiscuous mode [ 29.736593][ T3318] chnl_net:caif_netlink_parms(): no params data found [ 29.753079][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.760241][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.767441][ T3310] bridge_slave_1: entered allmulticast mode [ 29.773975][ T3310] bridge_slave_1: entered promiscuous mode [ 29.797277][ T3317] team0: Port device team_slave_0 added [ 29.803892][ T3317] team0: Port device team_slave_1 added [ 29.814893][ T3307] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.822068][ T3307] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.829177][ T3307] bridge_slave_0: entered allmulticast mode [ 29.835834][ T3307] bridge_slave_0: entered promiscuous mode [ 29.847760][ T3306] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.854922][ T3306] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.862117][ T3306] bridge_slave_0: entered allmulticast mode [ 29.868537][ T3306] bridge_slave_0: entered promiscuous mode [ 29.888197][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.897338][ T3307] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.904494][ T3307] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.911584][ T3307] bridge_slave_1: entered allmulticast mode [ 29.918091][ T3307] bridge_slave_1: entered promiscuous mode [ 29.924333][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.931448][ T3306] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.938626][ T3306] bridge_slave_1: entered allmulticast mode [ 29.945184][ T3306] bridge_slave_1: entered promiscuous mode [ 29.959330][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.968713][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.975693][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.001638][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.034435][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.041416][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.067436][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.084451][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.103906][ T3310] team0: Port device team_slave_0 added [ 30.114534][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.124640][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.139899][ T3310] team0: Port device team_slave_1 added [ 30.152620][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.166456][ T3318] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.173588][ T3318] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.180942][ T3318] bridge_slave_0: entered allmulticast mode [ 30.187827][ T3318] bridge_slave_0: entered promiscuous mode [ 30.217305][ T3318] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.224485][ T3318] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.231669][ T3318] bridge_slave_1: entered allmulticast mode [ 30.238190][ T3318] bridge_slave_1: entered promiscuous mode [ 30.249332][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.256334][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.282391][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.295358][ T3317] hsr_slave_0: entered promiscuous mode [ 30.301507][ T3317] hsr_slave_1: entered promiscuous mode [ 30.318691][ T3307] team0: Port device team_slave_0 added [ 30.325223][ T3306] team0: Port device team_slave_0 added [ 30.331564][ T3307] team0: Port device team_slave_1 added [ 30.347030][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.354074][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.380259][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.394555][ T3306] team0: Port device team_slave_1 added [ 30.406873][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.432103][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.439070][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.465042][ T3307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.476866][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.498289][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.505305][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.531285][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.542561][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.549597][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.575688][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.593263][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.600235][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.626365][ T3307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.656579][ T3310] hsr_slave_0: entered promiscuous mode [ 30.662759][ T3310] hsr_slave_1: entered promiscuous mode [ 30.668715][ T3310] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 30.676315][ T3310] Cannot create hsr debugfs directory [ 30.687248][ T3318] team0: Port device team_slave_0 added [ 30.706936][ T3318] team0: Port device team_slave_1 added [ 30.727180][ T3306] hsr_slave_0: entered promiscuous mode [ 30.733209][ T3306] hsr_slave_1: entered promiscuous mode [ 30.739070][ T3306] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 30.746991][ T3306] Cannot create hsr debugfs directory [ 30.769856][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.776906][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.803007][ T3318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.816196][ T3307] hsr_slave_0: entered promiscuous mode [ 30.822467][ T3307] hsr_slave_1: entered promiscuous mode [ 30.828501][ T3307] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 30.836096][ T3307] Cannot create hsr debugfs directory [ 30.860652][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.867697][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.893780][ T3318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.974407][ T3318] hsr_slave_0: entered promiscuous mode [ 30.980412][ T3318] hsr_slave_1: entered promiscuous mode [ 30.986428][ T3318] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 30.994026][ T3318] Cannot create hsr debugfs directory [ 31.089327][ T3317] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 31.105790][ T3317] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 31.119549][ T3317] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 31.133135][ T3317] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 31.154504][ T3307] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 31.163456][ T3307] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 31.179701][ T3307] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 31.189407][ T3307] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 31.214283][ T3310] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 31.223206][ T3310] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 31.232612][ T3310] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 31.245778][ T3310] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 31.280619][ T3306] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 31.292165][ T3306] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 31.318849][ T3306] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 31.331419][ T3318] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 31.340459][ T3306] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 31.355801][ T3318] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 31.364694][ T3318] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 31.377098][ T3318] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 31.408578][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.429054][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.450712][ T3307] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.463243][ T146] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.470328][ T146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.489803][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.500620][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.507707][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.522280][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.539289][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.546392][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.565212][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.572447][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.600925][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.624429][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.631508][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.646762][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.655751][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.664836][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.671988][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.688121][ T3306] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.709501][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.716617][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.736476][ T3318] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.746092][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.753342][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.775019][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.782168][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.791005][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.798108][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.820283][ T3307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.840941][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.918663][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.948644][ T3318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.999035][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.073993][ T3307] veth0_vlan: entered promiscuous mode [ 32.093943][ T3307] veth1_vlan: entered promiscuous mode [ 32.134351][ T3310] veth0_vlan: entered promiscuous mode [ 32.169734][ T3310] veth1_vlan: entered promiscuous mode [ 32.176769][ T3306] veth0_vlan: entered promiscuous mode [ 32.184779][ T3318] veth0_vlan: entered promiscuous mode [ 32.192910][ T3307] veth0_macvtap: entered promiscuous mode [ 32.200206][ T3307] veth1_macvtap: entered promiscuous mode [ 32.217805][ T3317] veth0_vlan: entered promiscuous mode [ 32.226531][ T3306] veth1_vlan: entered promiscuous mode [ 32.235331][ T3318] veth1_vlan: entered promiscuous mode [ 32.246917][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.255333][ T3317] veth1_vlan: entered promiscuous mode [ 32.262805][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.271831][ T3307] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.280701][ T3307] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.289555][ T3307] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.298405][ T3307] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.325060][ T3310] veth0_macvtap: entered promiscuous mode [ 32.332960][ T3306] veth0_macvtap: entered promiscuous mode [ 32.340761][ T3310] veth1_macvtap: entered promiscuous mode [ 32.354591][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.366334][ T3318] veth0_macvtap: entered promiscuous mode [ 32.375183][ T3306] veth1_macvtap: entered promiscuous mode [ 32.391876][ T3318] veth1_macvtap: entered promiscuous mode [ 32.401181][ T3307] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 32.404400][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.430436][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.447538][ T3317] veth0_macvtap: entered promiscuous mode [ 32.456898][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.464961][ T3317] veth1_macvtap: entered promiscuous mode [ 32.471699][ T3310] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.480525][ T3310] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.483219][ T3475] SELinux: Context system_u:object_r:systemd_logger_exec_t:s0 is not valid (left unmapped). [ 32.489261][ T3310] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.508138][ T3310] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.524883][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.537663][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.546949][ T3477] Driver unsupported XDP return value 0 on prog (id 3) dev N/A, expect packet loss! [ 32.554486][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.564837][ T3306] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.573688][ T3306] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.582528][ T3306] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.591376][ T3306] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.606973][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.617073][ T3318] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.625893][ T3318] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.634820][ T3318] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.638789][ T3479] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7'. [ 32.643643][ T3318] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.668316][ T3317] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.677158][ T3317] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.685923][ T3317] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.694667][ T3317] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.777514][ T3482] loop3: detected capacity change from 0 to 2048 [ 32.825670][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 32.825686][ T29] audit: type=1400 audit(1750257082.596:106): avc: denied { create } for pid=3489 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 32.861922][ C1] hrtimer: interrupt took 45570 ns [ 32.890722][ T29] audit: type=1400 audit(1750257082.596:107): avc: denied { mounton } for pid=3487 comm="syz.0.1" path="/0/file0" dev="proc" ino=4026532981 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=dir permissive=1 [ 32.913635][ T29] audit: type=1400 audit(1750257082.596:108): avc: denied { mount } for pid=3487 comm="syz.0.1" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 32.935277][ T29] audit: type=1400 audit(1750257082.626:109): avc: denied { create } for pid=3492 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 32.936152][ T3482] EXT4-fs (loop3): failed to initialize system zone (-117) [ 32.954623][ T29] audit: type=1400 audit(1750257082.646:110): avc: denied { connect } for pid=3492 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 32.972120][ T3482] EXT4-fs (loop3): mount failed [ 32.981180][ T29] audit: type=1400 audit(1750257082.646:111): avc: denied { write } for pid=3492 comm="syz.4.5" path="socket:[4676]" dev="sockfs" ino=4676 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 33.018106][ T29] audit: type=1400 audit(1750257082.656:112): avc: denied { unmount } for pid=3318 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 33.038106][ T29] audit: type=1400 audit(1750257082.686:113): avc: denied { write } for pid=3489 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 33.058219][ T29] audit: type=1400 audit(1750257082.686:114): avc: denied { read } for pid=3489 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 33.071948][ T3501] netlink: 'syz.1.11': attribute type 1 has an invalid length. [ 33.110933][ T3501] gretap0: entered allmulticast mode [ 33.128391][ T29] audit: type=1400 audit(1750257082.886:115): avc: denied { tracepoint } for pid=3481 comm="syz.3.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 33.375067][ T3529] syz.2.24: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 33.389549][ T3529] CPU: 1 UID: 0 PID: 3529 Comm: syz.2.24 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(voluntary) [ 33.389622][ T3529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 33.389643][ T3529] Call Trace: [ 33.389650][ T3529] [ 33.389659][ T3529] __dump_stack+0x1d/0x30 [ 33.389690][ T3529] dump_stack_lvl+0xe8/0x140 [ 33.389714][ T3529] dump_stack+0x15/0x1b [ 33.389756][ T3529] warn_alloc+0x12b/0x1a0 [ 33.389794][ T3529] ? bpf_get_stack_raw_tp+0x106/0x130 [ 33.389831][ T3529] __vmalloc_node_range_noprof+0x9c/0xe00 [ 33.389874][ T3529] ? _raw_spin_unlock+0x26/0x50 [ 33.389952][ T3529] ? finish_task_switch+0xad/0x2b0 [ 33.389980][ T3529] ? __schedule+0x6a8/0xb30 [ 33.390009][ T3529] ? __cond_resched+0x4e/0x90 [ 33.390117][ T3529] ? should_fail_ex+0x30/0x280 [ 33.390148][ T3529] ? xskq_create+0x36/0xe0 [ 33.390171][ T3529] vmalloc_user_noprof+0x7d/0xb0 [ 33.390272][ T3529] ? xskq_create+0x80/0xe0 [ 33.390299][ T3529] xskq_create+0x80/0xe0 [ 33.390327][ T3529] xsk_init_queue+0x95/0xf0 [ 33.390358][ T3529] xsk_setsockopt+0x3de/0x510 [ 33.390437][ T3529] ? __pfx_xsk_setsockopt+0x10/0x10 [ 33.390466][ T3529] __sys_setsockopt+0x181/0x200 [ 33.390505][ T3529] __x64_sys_setsockopt+0x64/0x80 [ 33.390540][ T3529] x64_sys_call+0x2bd5/0x2fb0 [ 33.390634][ T3529] do_syscall_64+0xd2/0x200 [ 33.390656][ T3529] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 33.390689][ T3529] ? clear_bhb_loop+0x40/0x90 [ 33.390718][ T3529] ? clear_bhb_loop+0x40/0x90 [ 33.390809][ T3529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 33.390837][ T3529] RIP: 0033:0x7f65464de929 [ 33.390857][ T3529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 33.390946][ T3529] RSP: 002b:00007f6544b47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 33.390968][ T3529] RAX: ffffffffffffffda RBX: 00007f6546705fa0 RCX: 00007f65464de929 [ 33.391014][ T3529] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 33.391059][ T3529] RBP: 00007f6546560b39 R08: 0000000000000004 R09: 0000000000000000 [ 33.391074][ T3529] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 33.391088][ T3529] R13: 0000000000000000 R14: 00007f6546705fa0 R15: 00007ffe913de5c8 [ 33.391112][ T3529] [ 33.391124][ T3529] Mem-Info: [ 33.625153][ T3529] active_anon:5400 inactive_anon:0 isolated_anon:0 [ 33.625153][ T3529] active_file:7204 inactive_file:2168 isolated_file:0 [ 33.625153][ T3529] unevictable:2048 dirty:1335 writeback:0 [ 33.625153][ T3529] slab_reclaimable:2819 slab_unreclaimable:13163 [ 33.625153][ T3529] mapped:29005 shmem:151 pagetables:1066 [ 33.625153][ T3529] sec_pagetables:0 bounce:0 [ 33.625153][ T3529] kernel_misc_reclaimable:0 [ 33.625153][ T3529] free:1901886 free_pcp:8020 free_cma:0 [ 33.670399][ T3529] Node 0 active_anon:21484kB inactive_anon:0kB active_file:28816kB inactive_file:8672kB unevictable:8192kB isolated(anon):0kB isolated(file):0kB mapped:116020kB dirty:5340kB writeback:0kB shmem:604kB writeback_tmp:0kB kernel_stack:3296kB pagetables:4264kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 33.699509][ T3529] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 33.728167][ T3529] lowmem_reserve[]: 0 2882 7860 7860 [ 33.733607][ T3529] Node 0 DMA32 free:2947736kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951364kB mlocked:0kB bounce:0kB free_pcp:3628kB local_pcp:3528kB free_cma:0kB [ 33.764337][ T3529] lowmem_reserve[]: 0 0 4978 4978 [ 33.769433][ T3529] Node 0 Normal free:4643972kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:21600kB inactive_anon:0kB active_file:28816kB inactive_file:8672kB unevictable:8192kB writepending:5340kB present:5242880kB managed:5098232kB mlocked:8192kB bounce:0kB free_pcp:30624kB local_pcp:22168kB free_cma:0kB [ 33.802283][ T3529] lowmem_reserve[]: 0 0 0 0 [ 33.806904][ T3529] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 33.819690][ T3529] Node 0 DMA32: 2*4kB (M) 2*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947736kB [ 33.836021][ T3529] Node 0 Normal: 1*4kB (U) 2*8kB (UE) 1*16kB (M) 1*32kB (M) 3*64kB (UME) 1*128kB (E) 1*256kB (M) 1*512kB (M) 2*1024kB (UM) 2*2048kB (UM) 1132*4096kB (M) = 4643972kB [ 33.852825][ T3529] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 33.862271][ T3529] 8196 total pagecache pages [ 33.866934][ T3529] 0 pages in swap cache [ 33.871110][ T3529] Free swap = 124996kB [ 33.875347][ T3529] Total swap = 124996kB [ 33.879586][ T3529] 2097051 pages RAM [ 33.883434][ T3529] 0 pages HighMem/MovableOnly [ 33.888182][ T3529] 80812 pages reserved [ 33.901953][ T3540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 33.922066][ T3540] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 34.061816][ T3540] ======================================================= [ 34.061816][ T3540] WARNING: The mand mount option has been deprecated and [ 34.061816][ T3540] and is ignored by this kernel. Remove the mand [ 34.061816][ T3540] option from the mount to silence this warning. [ 34.061816][ T3540] ======================================================= [ 34.105894][ T3540] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 34.214031][ T3555] netlink: 12 bytes leftover after parsing attributes in process `syz.1.35'. [ 34.283317][ T3564] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.334236][ T3566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.40'. [ 34.343441][ T3566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.40'. [ 34.374330][ T3569] macvlan1: entered promiscuous mode [ 34.380613][ T3569] ipvlan0: entered promiscuous mode [ 34.386615][ T3569] ipvlan0: left promiscuous mode [ 34.393213][ T3569] macvlan1: left promiscuous mode [ 34.698139][ T3589] loop1: detected capacity change from 0 to 128 [ 34.791313][ T3596] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3596 comm=syz.0.52 [ 35.651740][ T3653] syz_tun: entered allmulticast mode [ 35.678293][ T3653] syz_tun: left allmulticast mode [ 35.741105][ T3564] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.815710][ T3564] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.865164][ T3564] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.933719][ T3564] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.978724][ T3564] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.003673][ T3564] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.030996][ T3564] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.067293][ T3564] syz.2.39 (3564) used greatest stack depth: 10872 bytes left [ 36.194143][ T3678] wireguard0: entered promiscuous mode [ 36.200171][ T3678] wireguard0: entered allmulticast mode [ 36.327788][ T3678] syz.3.84 (3678) used greatest stack depth: 10696 bytes left [ 36.398693][ T3689] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 37.481186][ T3834] netlink: 4 bytes leftover after parsing attributes in process `syz.4.121'. [ 37.505383][ T3836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 37.538053][ T3836] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 37.870334][ T3861] syz.4.133 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 37.928194][ T29] kauditd_printk_skb: 174 callbacks suppressed [ 37.928211][ T29] audit: type=1400 audit(1750257087.696:290): avc: denied { name_bind } for pid=3864 comm="syz.4.134" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 37.966022][ T3867] netlink: 56 bytes leftover after parsing attributes in process `syz.3.135'. [ 37.975186][ T3867] netlink: 24 bytes leftover after parsing attributes in process `syz.3.135'. [ 38.058594][ T29] audit: type=1326 audit(1750257087.826:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3874 comm="syz.4.138" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff09d94e929 code=0x0 [ 38.133452][ T29] audit: type=1400 audit(1750257087.896:292): avc: denied { create } for pid=3878 comm="syz.3.140" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 38.154123][ T29] audit: type=1400 audit(1750257087.906:293): avc: denied { mounton } for pid=3878 comm="syz.3.140" path="/23/file0" dev="tmpfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 38.225609][ T29] audit: type=1400 audit(1750257087.976:294): avc: denied { unlink } for pid=3307 comm="syz-executor" name="file0" dev="tmpfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 38.256621][ T3890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.144'. [ 38.265666][ T3890] Zero length message leads to an empty skb [ 38.304957][ T29] audit: type=1400 audit(1750257088.076:295): avc: denied { read } for pid=3893 comm="syz.2.147" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 38.343753][ T29] audit: type=1400 audit(1750257088.076:296): avc: denied { open } for pid=3893 comm="syz.2.147" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 38.367155][ T29] audit: type=1400 audit(1750257088.076:297): avc: denied { ioctl } for pid=3893 comm="syz.2.147" path="/dev/rtc0" dev="devtmpfs" ino=244 ioctlcmd=0x7002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 38.485284][ T3899] process 'syz.1.149' launched './file0' with NULL argv: empty string added [ 38.499256][ T29] audit: type=1400 audit(1750257088.266:298): avc: denied { execute_no_trans } for pid=3898 comm="syz.1.149" path="/36/file0" dev="tmpfs" ino=206 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 38.575679][ T3904] loop1: detected capacity change from 0 to 128 [ 38.593597][ T3904] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 38.610407][ T29] audit: type=1400 audit(1750257088.376:299): avc: denied { mount } for pid=3903 comm="syz.1.151" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 38.642446][ T3904] ext4 filesystem being mounted at /37/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 38.783287][ T3306] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 38.794556][ T3910] loop0: detected capacity change from 0 to 512 [ 38.847997][ T3910] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.866482][ T3910] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 38.883916][ T3910] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.154: corrupted inode contents [ 38.903394][ T3910] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.154: mark_inode_dirty error [ 38.924585][ T3910] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.154: corrupted inode contents [ 38.937432][ T3910] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.154: mark_inode_dirty error [ 38.990176][ T3494] udevd (3494) used greatest stack depth: 10672 bytes left [ 39.001148][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.035964][ T3928] netlink: 'syz.3.162': attribute type 12 has an invalid length. [ 39.121243][ T3931] loop4: detected capacity change from 0 to 8192 [ 39.131721][ T3944] loop2: detected capacity change from 0 to 2048 [ 39.149511][ T3944] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.170022][ T3951] loop0: detected capacity change from 0 to 1024 [ 39.188766][ T3951] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.239052][ T3951] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.171: Allocating blocks 449-513 which overlap fs metadata [ 39.276572][ T3950] EXT4-fs (loop0): pa ffff888106ae2070: logic 48, phys. 177, len 21 [ 39.284753][ T3950] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4 [ 39.300652][ T3951] syz.0.171 (3951) used greatest stack depth: 10640 bytes left [ 39.373943][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.456489][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.946446][ T4015] netlink: 68 bytes leftover after parsing attributes in process `+}[@'. [ 40.245647][ T4037] netlink: 'syz.3.206': attribute type 39 has an invalid length. [ 40.305873][ T4045] netlink: 24 bytes leftover after parsing attributes in process `syz.1.209'. [ 40.344100][ T4047] netlink: 24 bytes leftover after parsing attributes in process `syz.1.210'. [ 40.477641][ T4059] syz.3.214 (4059) used greatest stack depth: 9432 bytes left [ 40.687209][ T4079] netlink: 40 bytes leftover after parsing attributes in process `syz.1.222'. [ 40.731272][ T4086] netlink: 'syz.1.226': attribute type 13 has an invalid length. [ 41.240188][ T4102] mmap: syz.4.230 (4102) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 41.341067][ T4086] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.351636][ T4086] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.735202][ T4086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 41.745833][ T4086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 41.785985][ T4125] netlink: 'syz.4.236': attribute type 10 has an invalid length. [ 41.816640][ T4086] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.825686][ T4086] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.834850][ T4086] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.843912][ T4086] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.009200][ T4136] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 42.041981][ T4136] SELinux: failed to load policy [ 42.076085][ T4135] syz.4.240 (4135) used greatest stack depth: 9128 bytes left [ 42.196947][ T4127] pimreg: entered allmulticast mode [ 42.312326][ T4141] loop1: detected capacity change from 0 to 2048 [ 42.391180][ T1807] pimreg (unregistering): left allmulticast mode [ 42.565772][ T4166] netlink: 12 bytes leftover after parsing attributes in process `syz.3.251'. [ 42.652415][ T4177] wg2: entered promiscuous mode [ 42.657339][ T4177] wg2: entered allmulticast mode [ 42.923832][ T4207] xt_hashlimit: max too large, truncated to 1048576 [ 43.024966][ T29] kauditd_printk_skb: 234 callbacks suppressed [ 43.024982][ T29] audit: type=1400 audit(1750257092.796:534): avc: denied { name_connect } for pid=4214 comm="syz.3.272" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 43.082849][ T4222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.274'. [ 43.094690][ T4222] bridge_slave_0: default FDB implementation only supports local addresses [ 43.104183][ T4222] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 43.115742][ T29] audit: type=1326 audit(1750257092.886:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4223 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 43.139065][ T29] audit: type=1326 audit(1750257092.886:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4223 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 43.166198][ T29] audit: type=1326 audit(1750257092.886:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4223 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 43.189533][ T29] audit: type=1326 audit(1750257092.886:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4223 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 43.213054][ T29] audit: type=1326 audit(1750257092.886:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4223 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 43.236380][ T29] audit: type=1326 audit(1750257092.886:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4223 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 43.259538][ T29] audit: type=1326 audit(1750257092.886:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4223 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 43.282817][ T29] audit: type=1326 audit(1750257092.886:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4223 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 43.306084][ T29] audit: type=1326 audit(1750257092.886:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4223 comm="syz.3.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 43.363973][ T4239] IPv4: Oversized IP packet from 127.202.26.0 [ 43.510558][ T4251] netlink: 12 bytes leftover after parsing attributes in process `syz.3.287'. [ 43.582237][ T4260] loop4: detected capacity change from 0 to 164 [ 43.602102][ T4260] Unable to read rock-ridge attributes [ 43.696773][ T4274] IPv4: Oversized IP packet from 127.202.26.0 [ 43.804992][ T4285] netlink: 'syz.4.303': attribute type 6 has an invalid length. [ 43.851147][ T4287] loop2: detected capacity change from 0 to 512 [ 43.865789][ T4287] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 43.889177][ T4270] pimreg: entered allmulticast mode [ 43.910143][ T4287] EXT4-fs (loop2): orphan cleanup on readonly fs [ 43.927021][ T4287] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 43.973089][ T4287] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 44.013677][ T4305] netlink: 'syz.3.311': attribute type 10 has an invalid length. [ 44.024367][ T4287] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.304: bg 0: block 40: padding at end of block bitmap is not set [ 44.041928][ T4287] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 44.050954][ T1807] pimreg (unregistering): left allmulticast mode [ 44.055744][ T4287] EXT4-fs (loop2): 1 truncate cleaned up [ 44.063682][ T4287] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 44.091703][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.095795][ T4311] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 44.123653][ T4314] loop1: detected capacity change from 0 to 2048 [ 44.135866][ T4311] netlink: 'syz.4.314': attribute type 4 has an invalid length. [ 44.155712][ T4314] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.255593][ T4331] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 44.280781][ T4331] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 44.293030][ T4331] EXT4-fs (loop1): This should not happen!! Data will be lost [ 44.293030][ T4331] [ 44.302933][ T4331] EXT4-fs (loop1): Total free blocks count 0 [ 44.308938][ T4331] EXT4-fs (loop1): Free/Dirty block details [ 44.314941][ T4331] EXT4-fs (loop1): free_blocks=2415919504 [ 44.320681][ T4331] EXT4-fs (loop1): dirty_blocks=1472 [ 44.326069][ T4331] EXT4-fs (loop1): Block reservation details [ 44.332321][ T4331] EXT4-fs (loop1): i_reserved_data_blocks=92 [ 44.343739][ T4331] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 44.364909][ T4338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.321'. [ 44.581223][ T4340] loop0: detected capacity change from 0 to 2048 [ 44.721057][ T4345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.325'. [ 44.733460][ T4345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.325'. [ 44.767042][ T4347] netlink: 'syz.0.326': attribute type 10 has an invalid length. [ 45.315937][ T4365] loop0: detected capacity change from 0 to 8192 [ 45.373460][ T4365] loop0: p1 p2 p3 p4 [ 45.377638][ T4365] loop0: p1 start 51379968 is beyond EOD, truncated [ 45.384371][ T4365] loop0: p2 start 4293394690 is beyond EOD, truncated [ 45.391193][ T4365] loop0: p3 size 100663552 extends beyond EOD, truncated [ 45.429369][ T4365] loop0: p4 size 50331648 extends beyond EOD, truncated [ 45.508831][ T4369] netlink: 5 bytes leftover after parsing attributes in process `syz.2.334'. [ 45.571542][ T4361] syz.4.333 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 45.582498][ T4361] CPU: 0 UID: 0 PID: 4361 Comm: syz.4.333 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(voluntary) [ 45.582532][ T4361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 45.582574][ T4361] Call Trace: [ 45.582581][ T4361] [ 45.582588][ T4361] __dump_stack+0x1d/0x30 [ 45.582608][ T4361] dump_stack_lvl+0xe8/0x140 [ 45.582627][ T4361] dump_stack+0x15/0x1b [ 45.582648][ T4361] dump_header+0x81/0x220 [ 45.582796][ T4361] oom_kill_process+0x334/0x3f0 [ 45.582850][ T4361] out_of_memory+0x979/0xb80 [ 45.582924][ T4361] try_charge_memcg+0x5e6/0x9e0 [ 45.582973][ T4361] charge_memcg+0x51/0xc0 [ 45.583004][ T4361] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 45.583041][ T4361] __read_swap_cache_async+0x1df/0x350 [ 45.583123][ T4361] swap_cluster_readahead+0x277/0x3e0 [ 45.583169][ T4361] swapin_readahead+0xde/0x6f0 [ 45.583268][ T4361] ? __filemap_get_folio+0x4f7/0x6b0 [ 45.583301][ T4361] ? swap_cache_get_folio+0x77/0x200 [ 45.583373][ T4361] do_swap_page+0x301/0x2430 [ 45.583400][ T4361] ? finish_task_switch+0xad/0x2b0 [ 45.583438][ T4361] ? __pfx_default_wake_function+0x10/0x10 [ 45.583464][ T4361] handle_mm_fault+0x9a5/0x2be0 [ 45.583486][ T4361] ? mas_walk+0xf2/0x120 [ 45.583529][ T4361] do_user_addr_fault+0x636/0x1090 [ 45.583570][ T4361] ? fpregs_restore_userregs+0xad/0x1d0 [ 45.583606][ T4361] ? switch_fpu_return+0xe/0x20 [ 45.583632][ T4361] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 45.583734][ T4361] exc_page_fault+0x62/0xa0 [ 45.583837][ T4361] asm_exc_page_fault+0x26/0x30 [ 45.583860][ T4361] RIP: 0033:0x7ff09d82538c [ 45.583875][ T4361] Code: 66 0f 1f 44 00 00 69 3d 26 03 e8 00 e8 03 00 00 48 8d 1d 27 0c 35 00 e8 02 95 12 00 eb 0c 48 81 c3 e0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 e0 00 00 [ 45.583959][ T4361] RSP: 002b:00007ffc8bb1bb10 EFLAGS: 00010202 [ 45.583979][ T4361] RAX: 0000000000000000 RBX: 00007ff09db75fa0 RCX: 0000000000000000 [ 45.583996][ T4361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055556154a808 [ 45.584011][ T4361] RBP: 00007ff09db77ba0 R08: 0000000000000000 R09: 7fffffffffffffff [ 45.584026][ T4361] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000b272 [ 45.584070][ T4361] R13: 00007ffc8bb1bc00 R14: ffffffffffffffff R15: 00007ffc8bb1bc20 [ 45.584089][ T4361] [ 45.584095][ T4361] memory: usage 307200kB, limit 307200kB, failcnt 122 [ 45.820534][ T4361] memory+swap: usage 307380kB, limit 9007199254740988kB, failcnt 0 [ 45.828466][ T4361] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0 [ 45.835781][ T4361] Memory cgroup stats for /syz4: [ 45.836633][ T4361] cache 0 [ 45.844764][ T4361] rss 0 [ 45.847548][ T4361] shmem 0 [ 45.850499][ T4361] mapped_file 0 [ 45.854094][ T4361] dirty 0 [ 45.857059][ T4361] writeback 8192 [ 45.860618][ T4361] workingset_refault_anon 1032 [ 45.865479][ T4361] workingset_refault_file 1 [ 45.869995][ T4361] swap 184320 [ 45.873357][ T4361] swapcached 8192 [ 45.877005][ T4361] pgpgin 17973 [ 45.880391][ T4361] pgpgout 17971 [ 45.884026][ T4361] pgfault 31193 [ 45.887583][ T4361] pgmajfault 136 [ 45.891220][ T4361] inactive_anon 8192 [ 45.895154][ T4361] active_anon 0 [ 45.898619][ T4361] inactive_file 0 [ 45.902278][ T4361] active_file 0 [ 45.905755][ T4361] unevictable 0 [ 45.909281][ T4361] hierarchical_memory_limit 314572800 [ 45.914692][ T4361] hierarchical_memsw_limit 9223372036854771712 [ 45.920931][ T4361] total_cache 0 [ 45.924481][ T4361] total_rss 0 [ 45.927782][ T4361] total_shmem 0 [ 45.931248][ T4361] total_mapped_file 0 [ 45.935332][ T4361] total_dirty 0 [ 45.938799][ T4361] total_writeback 8192 [ 45.942907][ T4361] total_workingset_refault_anon 1032 [ 45.948205][ T4361] total_workingset_refault_file 1 [ 45.953325][ T4361] total_swap 184320 [ 45.957148][ T4361] total_swapcached 8192 [ 45.961378][ T4361] total_pgpgin 17973 [ 45.965337][ T4361] total_pgpgout 17971 [ 45.969355][ T4361] total_pgfault 31198 [ 45.973516][ T4361] total_pgmajfault 136 [ 45.977689][ T4361] total_inactive_anon 8192 [ 45.982247][ T4361] total_active_anon 0 [ 45.986246][ T4361] total_inactive_file 0 [ 45.990422][ T4361] total_active_file 0 [ 45.994454][ T4361] total_unevictable 0 [ 45.998436][ T4361] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.333,pid=4361,uid=0 [ 46.012946][ T4361] Memory cgroup out of memory: Killed process 4361 (syz.4.333) total-vm:95668kB, anon-rss:936kB, file-rss:22188kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 46.154168][ T4393] loop1: detected capacity change from 0 to 1024 [ 46.164302][ T4393] EXT4-fs: Ignoring removed nobh option [ 46.169958][ T4393] EXT4-fs: Ignoring removed bh option [ 46.206248][ T4393] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.274754][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.301586][ T4362] syz.4.333 (4362) used greatest stack depth: 6952 bytes left [ 46.424129][ T4418] netlink: 12 bytes leftover after parsing attributes in process `syz.2.353'. [ 46.503256][ T4128] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 46.511239][ T4128] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 46.558294][ T4433] loop0: detected capacity change from 0 to 512 [ 46.578739][ T4433] EXT4-fs: Ignoring removed bh option [ 46.591416][ T4433] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 46.604527][ T4433] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 46.610636][ T4437] loop1: detected capacity change from 0 to 2048 [ 46.613590][ T4433] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 46.669626][ T4433] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 46.672660][ T4437] loop1: p1 < > p4 [ 46.693487][ T4433] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 46.702189][ T4433] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.717586][ T4437] loop1: p4 size 8388608 extends beyond EOD, truncated [ 46.857026][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.006418][ T4448] loop0: detected capacity change from 0 to 512 [ 47.038377][ T4448] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.093046][ T4448] ext4 filesystem being mounted at /55/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 47.110443][ T4448] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.365: corrupted inode contents [ 47.132681][ T4448] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.365: mark_inode_dirty error [ 47.198173][ T4448] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.365: corrupted inode contents [ 47.248932][ T4463] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.365: corrupted inode contents [ 47.281208][ T4463] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.365: mark_inode_dirty error [ 47.313336][ T4463] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.365: corrupted inode contents [ 47.328460][ T4463] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.365: mark_inode_dirty error [ 47.341629][ T4463] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.365: corrupted inode contents [ 47.362048][ T4463] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.365: mark_inode_dirty error [ 47.408011][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.438884][ T4473] netlink: 68 bytes leftover after parsing attributes in process `syz.2.378'. [ 47.497497][ T4485] loop2: detected capacity change from 0 to 1024 [ 47.524846][ T4485] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.546768][ T4485] Trying to write to read-only block-device loop2 [ 47.599159][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.700338][ T4502] loop1: detected capacity change from 0 to 1024 [ 47.707840][ T4502] EXT4-fs: Ignoring removed nobh option [ 47.715700][ T4502] EXT4-fs: Ignoring removed bh option [ 47.755295][ T4502] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.830783][ T4502] EXT4-fs error (device loop1): mb_free_blocks:1948: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt. [ 47.864078][ T4502] EXT4-fs (loop1): Remounting filesystem read-only [ 47.938487][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.064108][ T29] kauditd_printk_skb: 119 callbacks suppressed [ 48.064126][ T29] audit: type=1326 audit(1750257097.836:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4532 comm="syz.0.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f92a7e929 code=0x7ffc0000 [ 48.123277][ T29] audit: type=1326 audit(1750257097.836:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4532 comm="syz.0.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f92a7e929 code=0x7ffc0000 [ 48.146681][ T29] audit: type=1326 audit(1750257097.836:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4532 comm="syz.0.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f92a7e929 code=0x7ffc0000 [ 48.170122][ T29] audit: type=1326 audit(1750257097.836:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4532 comm="syz.0.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f92a7e929 code=0x7ffc0000 [ 48.193388][ T29] audit: type=1326 audit(1750257097.836:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4532 comm="syz.0.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f92a7e929 code=0x7ffc0000 [ 48.216875][ T29] audit: type=1326 audit(1750257097.836:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4532 comm="syz.0.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f92a7e929 code=0x7ffc0000 [ 48.240144][ T29] audit: type=1326 audit(1750257097.836:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4532 comm="syz.0.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f92a7e929 code=0x7ffc0000 [ 48.263442][ T29] audit: type=1326 audit(1750257097.836:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4532 comm="syz.0.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f92a7e929 code=0x7ffc0000 [ 48.286674][ T29] audit: type=1326 audit(1750257097.836:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4532 comm="syz.0.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f92a7e929 code=0x7ffc0000 [ 48.309959][ T29] audit: type=1326 audit(1750257097.836:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4532 comm="syz.0.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f92a7e929 code=0x7ffc0000 [ 48.403381][ T4544] syzkaller1: entered promiscuous mode [ 48.408903][ T4544] syzkaller1: entered allmulticast mode [ 48.572450][ T4576] netlink: 14593 bytes leftover after parsing attributes in process `syz.0.418'. [ 48.692908][ T4582] netlink: 'syz.1.421': attribute type 12 has an invalid length. [ 48.807325][ T4595] netlink: 1276 bytes leftover after parsing attributes in process `syz.2.424'. [ 48.857141][ T4601] netlink: 4 bytes leftover after parsing attributes in process `syz.1.428'. [ 48.867860][ T4601] netlink: 12 bytes leftover after parsing attributes in process `syz.1.428'. [ 48.893952][ T4599] netlink: 8 bytes leftover after parsing attributes in process `syz.4.427'. [ 48.917936][ T4599] bridge_slave_0: left allmulticast mode [ 48.923832][ T4599] bridge_slave_0: left promiscuous mode [ 48.929541][ T4599] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.939327][ T4599] bridge_slave_1: left allmulticast mode [ 48.945232][ T4599] bridge_slave_1: left promiscuous mode [ 48.951009][ T4599] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.961248][ T4599] bond0: (slave bond_slave_0): Releasing backup interface [ 48.971689][ T4599] bond0: (slave bond_slave_1): Releasing backup interface [ 48.983504][ T4599] team0: Port device team_slave_0 removed [ 48.993245][ T4599] team0: Port device team_slave_1 removed [ 49.000310][ T4599] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 49.007829][ T4599] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 49.017080][ T4599] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 49.024779][ T4599] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 49.618050][ T4649] netlink: 'syz.0.449': attribute type 21 has an invalid length. [ 49.650436][ T4649] netlink: 132 bytes leftover after parsing attributes in process `syz.0.449'. [ 49.899423][ T4671] 9pnet: p9_errstr2errno: server reported unknown error [ 49.957466][ T4678] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 50.082639][ T4698] loop1: detected capacity change from 0 to 512 [ 50.112925][ T4698] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 50.152563][ T4698] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.172004][ T4698] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.208749][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.304709][ T4722] wireguard0: entered promiscuous mode [ 50.307023][ T4728] loop1: detected capacity change from 0 to 512 [ 50.316608][ T4722] wireguard0: entered allmulticast mode [ 50.319128][ T4728] EXT4-fs: Ignoring removed nobh option [ 50.332119][ T4728] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 50.346796][ T4728] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #13: comm syz.1.485: attempt to clear invalid blocks 2 len 1 [ 50.360335][ T4728] EXT4-fs (loop1): Remounting filesystem read-only [ 50.367950][ T4728] EXT4-fs (loop1): 1 truncate cleaned up [ 50.385387][ T4728] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.440484][ T4733] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 50.440819][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.690292][ T4757] loop1: detected capacity change from 0 to 2048 [ 50.715392][ T4760] loop4: detected capacity change from 0 to 512 [ 50.737013][ T4762] netlink: 'syz.0.498': attribute type 1 has an invalid length. [ 50.742642][ T4757] loop1: p1 < > p4 [ 50.750037][ T4757] loop1: p4 size 8388608 extends beyond EOD, truncated [ 50.756683][ T4762] 8021q: adding VLAN 0 to HW filter on device bond1 [ 50.765557][ T4760] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.790486][ T4760] ext4 filesystem being mounted at /88/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 50.813207][ T4762] 8021q: adding VLAN 0 to HW filter on device bond1 [ 50.820560][ T4762] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 50.831798][ T4762] bond1: (slave vti0): Error -95 calling set_mac_address [ 50.840348][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.900829][ T4769] wireguard0: entered promiscuous mode [ 50.907372][ T4769] wireguard0: entered allmulticast mode [ 51.144100][ T4792] syz.1.509 uses obsolete (PF_INET,SOCK_PACKET) [ 51.159587][ T4794] netlink: 24 bytes leftover after parsing attributes in process `syz.3.510'. [ 51.199176][ T4794] netlink: 4 bytes leftover after parsing attributes in process `syz.3.510'. [ 51.208123][ T4795] loop4: detected capacity change from 0 to 8192 [ 51.242958][ T4795] loop4: p1 p2 p3 p4 [ 51.247055][ T4795] loop4: p1 start 51379968 is beyond EOD, truncated [ 51.253755][ T4795] loop4: p2 start 4293394690 is beyond EOD, truncated [ 51.260585][ T4795] loop4: p3 size 100663552 extends beyond EOD, truncated [ 51.268643][ T4795] loop4: p4 size 50331648 extends beyond EOD, truncated [ 51.496623][ T4822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 51.499864][ T4816] openvswitch: netlink: Message has 6 unknown bytes. [ 51.505162][ T4822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 51.526450][ T4822] loop2: detected capacity change from 0 to 4096 [ 51.866887][ T4827] loop0: detected capacity change from 0 to 512 [ 51.908334][ T4827] EXT4-fs (loop0): 1 orphan inode deleted [ 51.933429][ T4827] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.974433][ T4827] ext4 filesystem being mounted at /90/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.098098][ T4838] wireguard0: entered promiscuous mode [ 52.105089][ T4838] wireguard0: entered allmulticast mode [ 52.321058][ T3767] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:63: Failed to release dquot type 1 [ 52.349112][ T4852] loop4: detected capacity change from 0 to 512 [ 52.363959][ T4827] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 52.385331][ T4852] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 52.402162][ T4852] EXT4-fs (loop4): orphan cleanup on readonly fs [ 52.420983][ T4855] loop2: detected capacity change from 0 to 8192 [ 52.430294][ T4852] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 52.447622][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.456696][ T4852] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 52.464242][ T4852] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.535: bg 0: block 40: padding at end of block bitmap is not set [ 52.489103][ T4855] loop2: p1 p2 p3 p4 [ 52.494423][ T4855] loop2: p1 start 51379968 is beyond EOD, truncated [ 52.494486][ T4852] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 52.501046][ T4855] loop2: p2 start 4293394690 is beyond EOD, truncated [ 52.501067][ T4855] loop2: p3 size 100663552 extends beyond EOD, truncated [ 52.530388][ T4852] EXT4-fs (loop4): 1 truncate cleaned up [ 52.543218][ T4855] loop2: p4 size 50331648 extends beyond EOD, truncated [ 52.562419][ T4852] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 52.640745][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.722301][ T4876] tipc: Started in network mode [ 52.727408][ T4876] tipc: Node identity ac14140f, cluster identity 4711 [ 52.734451][ T4876] tipc: New replicast peer: 0.0.255.255 [ 52.740356][ T4876] tipc: Enabled bearer , priority 10 [ 52.883755][ T4886] wireguard0: entered promiscuous mode [ 52.895530][ T4886] wireguard0: entered allmulticast mode [ 53.163308][ T4920] netlink: 'syz.2.564': attribute type 4 has an invalid length. [ 53.210419][ T4925] netlink: 'syz.3.565': attribute type 1 has an invalid length. [ 53.261664][ T29] kauditd_printk_skb: 187 callbacks suppressed [ 53.261682][ T29] audit: type=1326 audit(1750257103.026:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.4.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09d94e929 code=0x7ffc0000 [ 53.298690][ T4925] 8021q: adding VLAN 0 to HW filter on device bond1 [ 53.307280][ T29] audit: type=1326 audit(1750257103.066:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.4.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09d94e929 code=0x7ffc0000 [ 53.330689][ T29] audit: type=1326 audit(1750257103.066:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.4.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7ff09d94e929 code=0x7ffc0000 [ 53.344311][ T4941] loop0: detected capacity change from 0 to 256 [ 53.354303][ T29] audit: type=1326 audit(1750257103.066:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.4.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09d94e929 code=0x7ffc0000 [ 53.370788][ T4944] netlink: 8 bytes leftover after parsing attributes in process `syz.1.571'. [ 53.383561][ T29] audit: type=1326 audit(1750257103.066:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.4.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09d94e929 code=0x7ffc0000 [ 53.402836][ T4941] FAT-fs (loop0): bogus number of FAT sectors [ 53.415667][ T29] audit: type=1326 audit(1750257103.066:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.4.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff09d94e929 code=0x7ffc0000 [ 53.421753][ T4941] FAT-fs (loop0): Can't find a valid FAT filesystem [ 53.445095][ T29] audit: type=1326 audit(1750257103.066:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.4.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09d94e929 code=0x7ffc0000 [ 53.475167][ T29] audit: type=1326 audit(1750257103.066:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.4.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff09d94e929 code=0x7ffc0000 [ 53.495501][ T4944] bridge_slave_0: left allmulticast mode [ 53.498587][ T29] audit: type=1326 audit(1750257103.066:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.4.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff09d94e929 code=0x7ffc0000 [ 53.504030][ T4944] bridge_slave_0: left promiscuous mode [ 53.527208][ T29] audit: type=1326 audit(1750257103.066:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4934 comm="syz.4.570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff09d94e929 code=0x7ffc0000 [ 53.556683][ T4944] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.574764][ T4944] bridge_slave_1: left allmulticast mode [ 53.580504][ T4944] bridge_slave_1: left promiscuous mode [ 53.586852][ T4944] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.602332][ T4944] bond0: (slave bond_slave_0): Releasing backup interface [ 53.611974][ T4944] bond0: (slave bond_slave_1): Releasing backup interface [ 53.620533][ T4944] team0: Port device team_slave_0 removed [ 53.628380][ T4944] team0: Port device team_slave_1 removed [ 53.634511][ T4944] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 53.643443][ T4944] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 53.667241][ T4925] 8021q: adding VLAN 0 to HW filter on device bond1 [ 53.678835][ T4925] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 53.691026][ T4925] bond1: (slave vti0): Error -95 calling set_mac_address [ 53.701454][ T4951] loop4: detected capacity change from 0 to 512 [ 53.710866][ T4951] EXT4-fs: Ignoring removed nomblk_io_submit option [ 53.725024][ T4951] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.738450][ T4951] ext4 filesystem being mounted at /111/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 53.739981][ T4953] loop1: detected capacity change from 0 to 256 [ 53.779642][ T4953] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 53.843459][ T4953] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 53.862209][ T3381] tipc: Node number set to 2886997007 [ 53.937717][ T4965] loop1: detected capacity change from 0 to 2048 [ 53.952741][ T4965] EXT4-fs: Ignoring removed bh option [ 53.973321][ T4971] netlink: 4 bytes leftover after parsing attributes in process `syz.0.583'. [ 53.983293][ T4971] netlink: 12 bytes leftover after parsing attributes in process `syz.0.583'. [ 54.005276][ T4965] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.057596][ T4965] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 54.098801][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.119558][ T4965] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 54.131876][ T4965] EXT4-fs (loop1): This should not happen!! Data will be lost [ 54.131876][ T4965] [ 54.141717][ T4965] EXT4-fs (loop1): Total free blocks count 0 [ 54.147788][ T4965] EXT4-fs (loop1): Free/Dirty block details [ 54.154037][ T4965] EXT4-fs (loop1): free_blocks=2415919104 [ 54.159785][ T4965] EXT4-fs (loop1): dirty_blocks=16 [ 54.164928][ T4965] EXT4-fs (loop1): Block reservation details [ 54.170912][ T4965] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 54.209669][ T4965] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 54.240704][ T4988] loop4: detected capacity change from 0 to 2048 [ 54.284169][ T4988] loop4: p1 < > p4 [ 54.299991][ T4988] loop4: p4 size 8388608 extends beyond EOD, truncated [ 54.577332][ T5005] loop4: detected capacity change from 0 to 2048 [ 54.598628][ T5005] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.681129][ T5012] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 54.696429][ T5009] loop1: detected capacity change from 0 to 8192 [ 54.703886][ T5012] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 54.716212][ T5012] EXT4-fs (loop4): This should not happen!! Data will be lost [ 54.716212][ T5012] [ 54.722794][ T5014] netlink: 8 bytes leftover after parsing attributes in process `syz.3.599'. [ 54.725933][ T5012] EXT4-fs (loop4): Total free blocks count 0 [ 54.740721][ T5012] EXT4-fs (loop4): Free/Dirty block details [ 54.746673][ T5012] EXT4-fs (loop4): free_blocks=2415919504 [ 54.752479][ T5012] EXT4-fs (loop4): dirty_blocks=1632 [ 54.757791][ T5012] EXT4-fs (loop4): Block reservation details [ 54.763891][ T5012] EXT4-fs (loop4): i_reserved_data_blocks=102 [ 54.770326][ T5012] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 54.842832][ T5014] bridge_slave_0: left allmulticast mode [ 54.848541][ T5014] bridge_slave_0: left promiscuous mode [ 54.854280][ T5014] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.913992][ T5017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.600'. [ 54.995868][ T5017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.600'. [ 55.023521][ T5014] bridge_slave_1: left allmulticast mode [ 55.029251][ T5014] bridge_slave_1: left promiscuous mode [ 55.034997][ T5014] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.064207][ T5014] bond0: (slave bond_slave_0): Releasing backup interface [ 55.088101][ T5014] bond0: (slave bond_slave_1): Releasing backup interface [ 55.106303][ T5021] netlink: 24 bytes leftover after parsing attributes in process `syz.2.601'. [ 55.168709][ T5014] team0: Port device team_slave_0 removed [ 55.201154][ T5014] team0: Port device team_slave_1 removed [ 55.209681][ T5014] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 55.217361][ T5014] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 55.227465][ T5014] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 55.235048][ T5014] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 55.304529][ T5023] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 55.387597][ T5033] loop1: detected capacity change from 0 to 8192 [ 55.463090][ T5033] loop1: p1 p2 p3 p4 [ 55.482000][ T5033] loop1: p1 start 51379968 is beyond EOD, truncated [ 55.488705][ T5033] loop1: p2 start 4293394690 is beyond EOD, truncated [ 55.495628][ T5033] loop1: p3 size 100663552 extends beyond EOD, truncated [ 55.506308][ T5033] loop1: p4 size 50331648 extends beyond EOD, truncated [ 55.905738][ T5053] loop4: detected capacity change from 0 to 512 [ 55.920803][ T5055] ip6gre1: entered allmulticast mode [ 55.932657][ T5053] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.952301][ T5053] ext4 filesystem being mounted at /117/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 55.965805][ T5053] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.614: corrupted inode contents [ 55.980015][ T5053] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.614: mark_inode_dirty error [ 55.980843][ T5059] netlink: 12 bytes leftover after parsing attributes in process `syz.0.616'. [ 55.991780][ T5053] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.614: corrupted inode contents [ 56.019351][ T5053] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.614: corrupted inode contents [ 56.031256][ T5053] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.614: mark_inode_dirty error [ 56.043594][ T5053] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.614: corrupted inode contents [ 56.055857][ T5053] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.614: mark_inode_dirty error [ 56.067422][ T5053] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.614: corrupted inode contents [ 56.080036][ T5053] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.614: mark_inode_dirty error [ 56.167879][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.200177][ T5071] loop4: detected capacity change from 0 to 1024 [ 56.215066][ T5071] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.237915][ T5071] Trying to write to read-only block-device loop4 [ 56.250531][ T5075] loop0: detected capacity change from 0 to 1024 [ 56.263259][ T5075] EXT4-fs: Ignoring removed nobh option [ 56.269043][ T5075] EXT4-fs: Ignoring removed bh option [ 56.289015][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.298724][ T5075] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.316306][ T5075] EXT4-fs (loop0): shut down requested (2) [ 56.341953][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.434808][ T5092] netlink: 96 bytes leftover after parsing attributes in process `syz.0.628'. [ 56.630549][ T5106] netlink: 12 bytes leftover after parsing attributes in process `syz.4.632'. [ 56.651175][ T5106] bridge0: port 1(vlan2) entered blocking state [ 56.657592][ T5106] bridge0: port 1(vlan2) entered disabled state [ 56.666637][ T5106] vlan2: entered allmulticast mode [ 56.671806][ T5106] bridge0: entered allmulticast mode [ 56.678480][ T5106] vlan2: left allmulticast mode [ 56.683410][ T5106] bridge0: left allmulticast mode [ 56.900441][ T5125] netlink: 4 bytes leftover after parsing attributes in process `syz.2.641'. [ 57.014123][ T5135] netlink: 'syz.1.646': attribute type 1 has an invalid length. [ 57.037064][ T5135] 8021q: adding VLAN 0 to HW filter on device bond1 [ 57.065573][ T5135] 8021q: adding VLAN 0 to HW filter on device bond1 [ 57.074869][ T5135] bond1: (slave vti0): The slave device specified does not support setting the MAC address [ 57.086160][ T5135] bond1: (slave vti0): Error -95 calling set_mac_address [ 57.184167][ T5139] loop1: detected capacity change from 0 to 512 [ 57.190973][ T5139] EXT4-fs: Ignoring removed orlov option [ 57.198281][ T5139] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 57.207533][ T5139] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 57.217138][ T5139] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.647: corrupted in-inode xattr: e_value size too large [ 57.232592][ T5139] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.647: couldn't read orphan inode 15 (err -117) [ 57.246726][ T5139] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.350147][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.725999][ T5171] loop1: detected capacity change from 0 to 2048 [ 57.783827][ T5171] loop1: p1 < > p4 [ 57.789566][ T5171] loop1: p4 size 8388608 extends beyond EOD, truncated [ 57.811042][ T5178] netlink: 'syz.4.661': attribute type 13 has an invalid length. [ 58.790678][ T5178] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.799679][ T5178] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.808692][ T5178] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.817613][ T5178] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 58.882985][ T5211] lo: entered allmulticast mode [ 58.888847][ T5210] lo: left allmulticast mode [ 59.003491][ T5221] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 59.010821][ T5221] IPv6: NLM_F_CREATE should be set when creating new route [ 59.050321][ T5224] loop4: detected capacity change from 0 to 512 [ 59.057013][ T5224] EXT4-fs: Ignoring removed mblk_io_submit option [ 59.186579][ T5242] loop4: detected capacity change from 0 to 128 [ 59.245963][ T5246] loop0: detected capacity change from 0 to 2048 [ 59.263114][ T5251] loop4: detected capacity change from 0 to 512 [ 59.278638][ T5251] EXT4-fs: Ignoring removed nobh option [ 59.298702][ T5251] loop4: detected capacity change from 0 to 512 [ 59.305793][ T5246] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.312692][ T5251] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 59.362648][ T5251] EXT4-fs (loop4): write access unavailable, skipping orphan cleanup [ 59.381643][ T5251] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 59.393815][ T5258] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 59.434436][ T5258] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 59.446704][ T5258] EXT4-fs (loop0): This should not happen!! Data will be lost [ 59.446704][ T5258] [ 59.456461][ T5258] EXT4-fs (loop0): Total free blocks count 0 [ 59.462496][ T5258] EXT4-fs (loop0): Free/Dirty block details [ 59.468405][ T5258] EXT4-fs (loop0): free_blocks=2415919504 [ 59.474192][ T5258] EXT4-fs (loop0): dirty_blocks=1120 [ 59.479554][ T5258] EXT4-fs (loop0): Block reservation details [ 59.485563][ T5258] EXT4-fs (loop0): i_reserved_data_blocks=70 [ 59.545518][ T5258] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 59.562312][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.609100][ T5267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.701'. [ 59.618057][ T5267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.701'. [ 59.688425][ T5269] 9pnet_fd: Insufficient options for proto=fd [ 59.796315][ T5272] netlink: 'syz.3.703': attribute type 3 has an invalid length. [ 59.804118][ T5272] netlink: 'syz.3.703': attribute type 1 has an invalid length. [ 59.811808][ T5272] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.703'. [ 59.969187][ T29] kauditd_printk_skb: 87 callbacks suppressed [ 59.969204][ T29] audit: type=1326 audit(1750257109.736:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5277 comm="syz.3.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 60.055199][ T29] audit: type=1326 audit(1750257109.776:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5277 comm="syz.3.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 60.078661][ T29] audit: type=1326 audit(1750257109.776:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5277 comm="syz.3.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 60.101926][ T29] audit: type=1326 audit(1750257109.776:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5277 comm="syz.3.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 60.125260][ T29] audit: type=1326 audit(1750257109.796:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5277 comm="syz.3.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5837ae929 code=0x7ffc0000 [ 60.148531][ T29] audit: type=1326 audit(1750257109.796:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5277 comm="syz.3.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb5837a58e7 code=0x7ffc0000 [ 60.171731][ T29] audit: type=1326 audit(1750257109.796:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5277 comm="syz.3.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb58374ab19 code=0x7ffc0000 [ 60.194929][ T29] audit: type=1326 audit(1750257109.796:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5277 comm="syz.3.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb5837a58e7 code=0x7ffc0000 [ 60.218149][ T29] audit: type=1326 audit(1750257109.796:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5277 comm="syz.3.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb58374ab19 code=0x7ffc0000 [ 60.241335][ T29] audit: type=1326 audit(1750257109.796:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5277 comm="syz.3.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb5837a58e7 code=0x7ffc0000 [ 60.536004][ T5292] loop2: detected capacity change from 0 to 512 [ 60.550501][ T5292] loop2: detected capacity change from 0 to 512 [ 60.557362][ T5292] EXT4-fs: Ignoring removed orlov option [ 60.564768][ T5292] EXT4-fs: Ignoring removed nomblk_io_submit option [ 60.641358][ T5304] loop0: detected capacity change from 0 to 2048 [ 60.649597][ T5304] EXT4-fs: Ignoring removed nobh option [ 60.664539][ T5304] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 60.698862][ T5314] serio: Serial port ptm0 [ 60.717416][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.478992][ T5349] loop1: detected capacity change from 0 to 256 [ 61.486359][ T5349] FAT-fs (loop1): bogus number of FAT sectors [ 61.492585][ T5349] FAT-fs (loop1): Can't find a valid FAT filesystem [ 61.638922][ T5358] netlink: 8 bytes leftover after parsing attributes in process `syz.1.739'. [ 61.799570][ T5370] loop1: detected capacity change from 0 to 512 [ 61.831011][ T5370] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.744: bg 0: block 5: invalid block bitmap [ 61.853533][ T5370] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 61.881354][ T5370] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.744: invalid indirect mapped block 3 (level 2) [ 61.913983][ T5375] netlink: 4 bytes leftover after parsing attributes in process `syz.3.746'. [ 61.924564][ T5375] netlink: 12 bytes leftover after parsing attributes in process `syz.3.746'. [ 61.937241][ T5370] EXT4-fs (loop1): 1 orphan inode deleted [ 61.943053][ T5370] EXT4-fs (loop1): 1 truncate cleaned up [ 61.952212][ T5370] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.991612][ T5379] netlink: 96 bytes leftover after parsing attributes in process `syz.4.747'. [ 62.068581][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.125088][ T5399] loop4: detected capacity change from 0 to 512 [ 62.364489][ T5436] netlink: 8 bytes leftover after parsing attributes in process `syz.3.773'. [ 62.373573][ T5436] netlink: 'syz.3.773': attribute type 30 has an invalid length. [ 62.390926][ T5436] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 62.400148][ T5436] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 62.409190][ T5436] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 62.417972][ T5436] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 62.431760][ T5436] netlink: 8 bytes leftover after parsing attributes in process `syz.3.773'. [ 62.440714][ T5436] netlink: 'syz.3.773': attribute type 30 has an invalid length. [ 62.567873][ T5451] loop0: detected capacity change from 0 to 8192 [ 62.578014][ T5454] netlink: 14528 bytes leftover after parsing attributes in process `syz.3.782'. [ 62.590202][ T5451] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 62.607038][ T5458] loop4: detected capacity change from 0 to 1024 [ 62.950128][ T5480] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 63.606107][ T5501] loop1: detected capacity change from 0 to 2048 [ 63.625434][ T5501] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 63.640194][ T5505] netlink: 'syz.3.803': attribute type 13 has an invalid length. [ 63.765436][ T5513] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 63.782238][ T5513] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 930 with error 28 [ 63.794686][ T5513] EXT4-fs (loop1): This should not happen!! Data will be lost [ 63.794686][ T5513] [ 63.804568][ T5513] EXT4-fs (loop1): Total free blocks count 0 [ 63.810703][ T5513] EXT4-fs (loop1): Free/Dirty block details [ 63.816666][ T5513] EXT4-fs (loop1): free_blocks=2415919104 [ 63.822454][ T5513] EXT4-fs (loop1): dirty_blocks=944 [ 63.827673][ T5513] EXT4-fs (loop1): Block reservation details [ 63.833986][ T5513] EXT4-fs (loop1): i_reserved_data_blocks=59 [ 64.094144][ T5523] loop0: detected capacity change from 0 to 128 [ 64.119146][ T5524] SELinux: failed to load policy [ 64.126990][ T5523] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 64.139293][ T5523] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.246925][ T3318] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 64.445330][ T3767] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 64.668760][ T5505] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.677870][ T5505] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.686986][ T5505] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.695924][ T5505] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.719390][ T5505] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 64.728471][ T5505] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 64.737432][ T5505] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 64.746358][ T5505] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 64.818516][ T5555] wg2: entered promiscuous mode [ 64.823575][ T5555] wg2: entered allmulticast mode [ 64.829115][ T5564] netlink: 'syz.4.822': attribute type 39 has an invalid length. [ 64.989909][ T29] kauditd_printk_skb: 150 callbacks suppressed [ 64.989922][ T29] audit: type=1400 audit(1750257114.756:1114): avc: denied { bind } for pid=5583 comm="syz.1.830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 65.002071][ T5585] __nla_validate_parse: 1 callbacks suppressed [ 65.002088][ T5585] netlink: 24 bytes leftover after parsing attributes in process `syz.0.827'. [ 65.038143][ T29] audit: type=1400 audit(1750257114.806:1115): avc: denied { listen } for pid=5583 comm="syz.1.830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 65.148058][ T29] audit: type=1326 audit(1750257114.916:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5596 comm="syz.1.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e178ae929 code=0x7ffc0000 [ 65.171485][ T29] audit: type=1326 audit(1750257114.916:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5596 comm="syz.1.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e178ae929 code=0x7ffc0000 [ 65.195058][ T29] audit: type=1326 audit(1750257114.916:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5596 comm="syz.1.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9e178ae929 code=0x7ffc0000 [ 65.218342][ T29] audit: type=1326 audit(1750257114.916:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5596 comm="syz.1.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e178ae929 code=0x7ffc0000 [ 65.241697][ T29] audit: type=1326 audit(1750257114.916:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5596 comm="syz.1.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e178ae929 code=0x7ffc0000 [ 65.265548][ T29] audit: type=1326 audit(1750257114.916:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5596 comm="syz.1.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f9e178ae929 code=0x7ffc0000 [ 65.289049][ T29] audit: type=1326 audit(1750257114.916:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5596 comm="syz.1.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9e178ae963 code=0x7ffc0000 [ 65.312216][ T29] audit: type=1326 audit(1750257114.916:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5596 comm="syz.1.835" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9e178ae963 code=0x7ffc0000 [ 65.445487][ T5623] loop0: detected capacity change from 0 to 256 [ 65.456528][ T5622] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 65.537086][ T5631] loop0: detected capacity change from 0 to 512 [ 65.545494][ T5631] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 65.573615][ T5631] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.591025][ T5631] ext4 filesystem being mounted at /148/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.644495][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.793908][ T5665] netlink: 12 bytes leftover after parsing attributes in process `syz.3.862'. [ 65.802937][ T5665] netlink: 28 bytes leftover after parsing attributes in process `syz.3.862'. [ 65.811933][ T5665] netlink: 12 bytes leftover after parsing attributes in process `syz.3.862'. [ 65.822553][ T5665] netlink: 28 bytes leftover after parsing attributes in process `syz.3.862'. [ 65.831434][ T5665] netlink: 'syz.3.862': attribute type 6 has an invalid length. [ 66.022329][ T5696] ref_ctr_offset mismatch. inode: 0x344 offset: 0x0 ref_ctr_offset(old): 0x3070 ref_ctr_offset(new): 0x0 [ 66.100955][ T5699] loop0: detected capacity change from 0 to 1024 [ 66.107936][ T5699] EXT4-fs: Ignoring removed nobh option [ 66.113661][ T5699] EXT4-fs: Ignoring removed bh option [ 66.123726][ T5699] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.160251][ T5699] EXT4-fs (loop0): shut down requested (0) [ 66.180812][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.253605][ T5711] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.306957][ T5711] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.365611][ T5711] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.376172][ T5725] loop1: detected capacity change from 0 to 8192 [ 66.418089][ T5711] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.500363][ T5711] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.513800][ T5711] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.525771][ T5711] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.537562][ T5711] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.818743][ C1] ================================================================== [ 66.826883][ C1] BUG: KCSAN: data-race in do_select / pollwake [ 66.833160][ C1] [ 66.835493][ C1] read to 0xffffc9000fffb9e0 of 4 bytes by task 5732 on cpu 0: [ 66.843038][ C1] do_select+0xe48/0xf50 [ 66.847287][ C1] core_sys_select+0x3d7/0x6e0 [ 66.852063][ C1] __se_sys_pselect6+0x216/0x280 [ 66.857010][ C1] __x64_sys_pselect6+0x78/0x90 [ 66.861883][ C1] x64_sys_call+0x1caa/0x2fb0 [ 66.866560][ C1] do_syscall_64+0xd2/0x200 [ 66.871069][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.877055][ C1] [ 66.879382][ C1] write to 0xffffc9000fffb9e0 of 4 bytes by interrupt on cpu 1: [ 66.887019][ C1] pollwake+0xb6/0x100 [ 66.891092][ C1] __wake_up+0x63/0xb0 [ 66.895194][ C1] bpf_ringbuf_notify+0x22/0x30 [ 66.900062][ C1] irq_work_run+0xe2/0x2d0 [ 66.904499][ C1] __sysvec_irq_work+0x22/0x170 [ 66.909363][ C1] sysvec_irq_work+0x66/0x80 [ 66.913958][ C1] asm_sysvec_irq_work+0x1a/0x20 [ 66.918898][ C1] native_apic_msr_write+0x3d/0x60 [ 66.924019][ C1] x2apic_send_IPI_self+0x10/0x20 [ 66.929052][ C1] arch_irq_work_raise+0x46/0x50 [ 66.933998][ C1] __irq_work_queue_local+0x10f/0x2c0 [ 66.939376][ C1] irq_work_queue+0x70/0x100 [ 66.943983][ C1] bpf_ringbuf_discard+0xd3/0xf0 [ 66.948943][ C1] bpf_prog_fe0ed97373b08409+0x4b/0x4f [ 66.954428][ C1] bpf_trace_run3+0x10f/0x1d0 [ 66.959107][ C1] kmem_cache_free+0x257/0x300 [ 66.963880][ C1] __io_req_caches_free+0x69/0x170 [ 66.969085][ C1] io_req_caches_free+0x1f/0x30 [ 66.973946][ C1] io_ring_exit_work+0x26d/0x560 [ 66.978890][ C1] process_scheduled_works+0x4ce/0x9d0 [ 66.984363][ C1] worker_thread+0x582/0x770 [ 66.988959][ C1] kthread+0x486/0x510 [ 66.993049][ C1] ret_from_fork+0xdd/0x150 [ 66.997553][ C1] ret_from_fork_asm+0x1a/0x30 [ 67.002318][ C1] [ 67.004635][ C1] value changed: 0x00000001 -> 0x00000000 [ 67.010351][ C1] [ 67.012671][ C1] Reported by Kernel Concurrency Sanitizer on: [ 67.018821][ C1] CPU: 1 UID: 0 PID: 3767 Comm: kworker/u8:63 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(voluntary) [ 67.031501][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 67.041561][ C1] Workqueue: iou_exit io_ring_exit_work [ 67.047124][ C1] ==================================================================