last executing test programs: 3.177740168s ago: executing program 1 (id=313): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_process_fork\x00', r2}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 2.511801501s ago: executing program 2 (id=323): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000005efe2100850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$inet6_udp(0xa, 0x2, 0x0) r0 = epoll_create1(0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$RTC_PIE_ON(r1, 0x7005) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000}, 0x0, &(0x7f0000002840)={0xff, 0xffff, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]}) chdir(0x0) close_range(r2, 0xffffffffffffffff, 0x0) 2.215052162s ago: executing program 1 (id=328): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r3}, 0x10) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 1.956693913s ago: executing program 1 (id=329): write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000180), 0x12) msgsnd(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x8, 0x0) msgctl$IPC_RMID(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 1.853177144s ago: executing program 1 (id=331): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0) flock(r1, 0x5) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) flock(r2, 0x2) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000b60000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x10) 1.790963474s ago: executing program 3 (id=332): bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) socket$pppl2tp(0x18, 0x1, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000240)='./file0\x00', 0x18000, &(0x7f0000002f40)=ANY=[@ANYRES8=0x0, @ANYRES64, @ANYRES16=0x0, @ANYRESDEC, @ANYRES32, @ANYRES32], 0x1, 0x2ee, &(0x7f0000001a80)="$eJzs3M9PE1sUwPHTH5S2BMri5b28l7xwoxvdTKC6VhoDibGJBKnxR2IywFSbji2ZaTA1RnTl1vhHuCAs2ZEo/wAbd7px446NiQtZGMd0OkNpGUBKaRG+n4TMYe49nXtnBnLuhGHzzuvHxbyt5fWKhONKQiIiWyLDEhZfyNuG3TgmO72QiwPfPv5/6+69G5lsdmJaqcnMzKW0Umpo5N2TZwmv21q/bAw/2Pya/rLx98a/mz9nHhVsVbBVqVxRupotf67os6ah5gt2UVNqyjR021CFkm1Y9fZyvT1vlhcWqkovzQ8mFyzDtpVeqqqiUVWVsqpYVRV5qBdKStM0NZgUHCS3PD2tZ9pMnuvwYHBMLCujR0Qksaslt9yTAQEAgJ5qrf/DojpZ/6+cW68M3F4d8ur/tVhQ/X/5U/2zmur/uIgE1v/+8QPrf/1w9f/uiuhsOVL9j5NhJLZrV6gR1hqtjJ70fn5dL++vjLoB9T8AAAAAAAAAAAAAAAAAAAAAAH+CLcdJOY6T8rf+V7+IxEXE/z4gNSIiV3swZHTQEa4/ToHGi3vRIRHz1WJuMVffeh3WRcQUQ0YlJT/c+8FTi/03j1TNsLw3l7z8pcVcxG3J5KXg5o9Jqk9a8x1n8np2YkzVNef3SXJnflpS8ldwfjowPyYXzu/I1yQlH+akLKbMu+No5D8fU+razWxLfsLtBwAAAADAaaCpbYHrd03bq72ev72+bn0+EGmsr0cD1+dR+S/a27kDAAAAAHBW2NWnRd00DWufICEH92k/iB7TJ/sz/N0s/28Zjm+m+wT+wZua4t7Ojp+W0CFOyx5BWNrJGqnNRh11Fv5jo736yNR4965g0zD+efP2e+cOcWU1fsBM2w8i+98AfV37BQQAAACgaxpFv79nvLcDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAADgDOrGv0nr9RwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk+JXAAAA//+qDgR1") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) fdatasync(r0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f00000000c0), 0xfdef) 1.731246604s ago: executing program 4 (id=333): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000005c0)={[{@nogrpid}, {@min_batch_time}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nobarrier}, {@nodiscard}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000040)=ANY=[], 0xfe37, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) unlink(&(0x7f0000000180)='./file1\x00') 1.657426974s ago: executing program 2 (id=335): unshare(0x62040200) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@ipv4_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@FRA_GENERIC_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x1}]}, 0x24}}, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x1) lseek(0xffffffffffffffff, 0x7, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)}, 0x24004880) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getxattr(0x0, 0x0, 0x0, 0x0) 1.608567314s ago: executing program 0 (id=336): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000001340)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000340)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) lsm_set_self_attr(0x64, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48) mlock2(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) eventfd2(0xff, 0x80800) 1.505699795s ago: executing program 0 (id=337): r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$PPPIOCSMRU1(r0, 0x40047452, 0x0) syz_mount_image$iso9660(&(0x7f0000002900), &(0x7f0000000240)='./file1\x00', 0x8c48, &(0x7f00000002c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT=0x0, @ANYRES32], 0x1, 0x5d1, &(0x7f0000002940)="$eJzs3E1v3MYZAOChLUULpTUKBLUVx0AYJwf3YGV3VcsQ0oO3FCUx2V0uSCqQT0VQy6lQKS3iFmh88yVt0BY99Vzk2l/QP5XfoIL7oegrq/hz2+B5AHuGy5cz79A0B0tpGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAECXrzWYrCt2sv70Tf7dkvch7U/ZP2vvPieKE+RDC3FG/IUT1n9BohKXRR0tvfBv70/qvm+HaaOtaaNRFIzx+/epPPnhj7lJ94HwUhSkJvRKPvnj820/293c/n3UiL8Bh9PTHbKb9rMyzXmczjbMyj9dWV5vvb22U8UbWTcv7ZZX24qRIO1VexLeSeyGEtZU4Xb6fb/c31zvdNL6V/Cxura3dvd1uNlfjD5cHaaco8/77Hy6XyVbW7Wb9zWFMvft2++1wt74QP8qquEo7vTh+uLe/u3JRknVQ6/sEtS8Kajfb7Var3W6t3lm7c7fZbIyv1qMP5pqnhNOHzM3+ouWVey00/lpfKMONyT3utRd6I4dncJj8Y9YpAAAAAC9ZNHzGHg2fzi8NaxtZN22eiDmMZpYeAAAA8AIMv9pfGz8ACGEpRGe//wMAAAD/3/4ydY1diKJQDhaiyVKVwc570UGnrnUOLo8+uny6xWrjenRl3MiwWJ0bbyXpjejNUdCbk+hvxsXDi/KIimI+evJ8CYS/heujmOsPRuWDyZ5RL4sbWTddTvLuB63Q6Vy5VKU71R8/2/tRCEVxePmrfu9KFB7u7e8u//p3+w+GuTypW3lyMP4Niej0qp6TuSyEY7n8ISyNVkMujUd87+SI54cPYupRf9XvLY76bQ66c0fjvzQ8+vDMP+mU8X8Z3hrFvLU4KhdPjr9R99laPjn6P9WjP55Fa7Dz3sK4s/HI558uixujmBu33q2Ld2+N98wfy6J9URbt4+d/dC7CpRBW5543i+PnYmVKFodhb3935fwsvve5AJiVh0er70/Mu+Hb+f/MvDu+vcWnm5pyl7tgdq+n8Atn999c2MuX4Z1RzDvX58Y/2QghnLqjNy+aV5rnz+tnxhrC+Vn8O9z81z9D2A43J8HfNcfW/f79xKwaHXxdH/D1mX4nK83LbjuqNy4vHPw+XH30xePbeweffLr76e5n7fbKavPnzeaddpgfDmNcmHsAOEdafBMtVn+OiiIb/Kq1ttbqVFtpXOTJR3GRrW+mcdav0iLZ6vQ303hQ5FWe5N268nG2npZxuT0Y5EUVb+RFPMjLbGf45pd4/OqXMu11+lWWXArdtFOmcZL3q05SxetZmcSD7V92s3IrLYYHl4M0yTaypFNleT8u8+0iSZfjuEzTY4HZetqvso2srvbjQZH1OsX9+OO8u91L4/W0TIpsUOWjBid9Zf2NvOgNm12e9ckGgP8Rj8L4DXZHr7J76kpoXL0bwpSY8/o984wUAHhlTs/SC7NOCAAAAAAAAAAAAAAAOOP4cr1fjBflPfeKwKmVRjiqTF01+MyVe6+ft+vtlzScZ6yEEOZeaheTFyfNfKQ/jErj8+F/jlmnMXnP4rO2E4UQLg7+cR0zoxsSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEzx3wAAAP//FIyK+A==") mkdir(0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f00000001c0)={[{@noauto_da_alloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@stripe={'stripe', 0x3d, 0x7}}, {@commit={'commit', 0x3d, 0x5}}, {@orlov}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@max_batch_time}, {@data_err_abort}]}, 0xd, 0x5e1, &(0x7f0000001840)="$eJzs3c9vFFUcAPDv2/6gpWgLMQoepIkxkCgtLWCI8QBXQxr8ES9erLQgUqChNVo0oSR4MTFejDHx5EG8+wcokSsnPXnw4smQEDUcTVwz25nSbXdbWtpu7Xw+ydKZ93Z4b7r97nvz9r3ZAEqrP/unErEvIiZTRG+anc9rjzyzf+559//++Ez2SFGtvv5nipSnFc9P+c+e/OCuiPj5pxR72paWOzVz9cLoxMT4lXx/cPri5ODUzNVD5y+Onhs/N35p+MXh48eOHjs+dHhN53WtQdqpG+990PvpyFvffv1PGvrut5EUJ+KV/InZeexYU0nN9Ud/7XeSlmb1HF/nslqlLf87WfgSp/YWVohVKV6/joh4KnqjLR68eL3xyastrRywoaopogqUVBL/UFJFP6C4tl94PR9zV//ANnXv5NwAwNL4b58bG4yu2tjAzvspFg7rpIhY28hcvV0Rcef2yI2zt0duxKLxRGBjzV6PiL2N4j/V4r8vuqKvFv+VuvjP+gWn859Z+mtrLH/xULH4h80zF/9dy8Z/NIn/txfE/ztrLL//wea73XXx373WUwIAAAAAAIDSunUyIl5o9Pl/ZX7+TzSY/9MTESfWofz+RftLP/+v3F2HYoAG7u2NeLnh/N9KMfu3ry3feqw2H6AjnT0/MX44Ih6PiIPRsSPbH1qmjEOf7fmqWV5/Pv+veGTl38nnAub1uNu+aGHu2Oj06KOeNxBx73rE0w3n/6b59j81aP+z94PJ+t2m9jx383SzvJXjH9go1W8iDjRs/x/ctSItf3+OwVp/YLDoFSz1zEef/9Cs/LXGv1tMwKPL2v+dy8d/X1p4v56p1ZdxZKa92ixvtf3/7/P+f2d6o3bLmc48/cPR6ekrQxGd6VRbllqXPrz6OsN2VMRDES9Z/B98dvnxv0b9/+6ImF30f6e/6tcUF578t+f3ZvXR/4fWyeJ/bFXt/+o3hm/2/dis/Idr/4/W2vqDeYrxP5jzZRGmnfXpDcKxvVHWZtcXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALaDSkTsilQZmN+uVAYGInoi4onYWZm4PDX9/NnL718ay/Jq3/9fKb7pt3duPxXf/9+3YH940f6RiNgdEV+0ddf2B85cnhhr9ckDAAAAAAAAAAAAAAAAAADAFtHTZP1/5o+2VtcO2HDtra4A0DIN4v+XVtQD2Hzafygv8Q/lJf6hvMQ/lJf4h/IS/1Be4h/KS/wDAAAAAMC2snv/rV9TRMy+1F17ZDrzvI6W1gzYaJVWVwBoGbf4gfIy9QfKyzU+kFbI72p60EpHLmfyzCMcDAAAAAAAAAAAAAClc2Cf9f9QVtb/Q3lZ/w/lVaz/39/iegCbzzU+ECus5G+4/n/FowAAAAAAAAAAAACA9TQ1c/XC6MTE+BUbb26NamzmRrVavZb9FWyV+vzPN4qp8FulPos2irV+D3dU696TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAev8FAAD//5nVJVc=") r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r2}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) 1.447027165s ago: executing program 4 (id=338): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000100)=@req3, 0x1c) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_int(r0, 0x0, 0x2, 0x0, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge_slave_1\x00', 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 1.368340726s ago: executing program 2 (id=339): r0 = syz_io_uring_setup(0x5b23, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xe, &(0x7f0000001780)={0x867, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000000)=""/226, 0xe2}, {&(0x7f0000000240)=""/221, 0xdd}, {&(0x7f0000000340)=""/198, 0xc6}, {&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000001440)=""/153, 0x99}, {&(0x7f0000001500)=""/167, 0xa7}, {&(0x7f0000000100)=""/29, 0x1d}, {&(0x7f00000015c0)=""/233, 0xe9}], &(0x7f0000001740)=[0x4], 0x8}, 0x20) syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCH_MFLUSH(r3, 0x9208, 0x63) 1.355412306s ago: executing program 0 (id=340): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000500)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000440)=@ccm_128={{0x303}, "fd6c108f22fbb90d", "5c1e64c104d72fbe70793b5285074702", "350f8fc2", "e03cc7b20800"}, 0x28) write$binfmt_script(r0, &(0x7f0000001300), 0x8f) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000340)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000240)=0x40) writev(r0, &(0x7f00000030c0)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1) close(r0) 1.346661886s ago: executing program 4 (id=341): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='qdisc_create\x00', r0}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000ac0)=@newlink={0x3c, 0x10, 0xff05, 0x70bd2b, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x8001}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x526}]}}}]}, 0x3c}}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x4) r3 = socket$inet_sctp(0x2, 0x1, 0x84) r4 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000007fc0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000140)=0x8) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) 1.281146926s ago: executing program 4 (id=342): sched_setaffinity(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1008002, &(0x7f0000000800), 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") creat(&(0x7f0000000240)='./bus\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r2, &(0x7f0000004200)='t', 0x1) sendfile(r2, r1, 0x0, 0x3ffff) sendfile(r2, r1, 0x0, 0x7ffff000) 1.251988336s ago: executing program 3 (id=343): openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000540), 0x84) mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) perf_event_open(&(0x7f0000000400)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x82, 0x200000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x9}, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1e, 0x12, r3, 0x0) 1.226634056s ago: executing program 2 (id=344): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffea9, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) io_setup(0x2007, &(0x7f0000000200)=0x0) r3 = eventfd2(0x0, 0x0) io_submit(r2, 0x2, &(0x7f0000000480)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1, r3}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f00000001c0)="5f18ab32505b5506", 0x8}]) shutdown(r1, 0x0) 1.188536396s ago: executing program 0 (id=345): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2}, &(0x7f0000000000), &(0x7f00000005c0)=r3}, 0x20) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) 1.076048536s ago: executing program 3 (id=346): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pim6reg1\x00', 0xe511}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) close(0xffffffffffffffff) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) 1.039682227s ago: executing program 2 (id=347): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000280)='./file1\x00', 0x482, &(0x7f0000000800)=ANY=[@ANYBLOB="756e695f786c6174653d312c6e6f6e756d7461696c3d300000000000000008303030303030303030303034303030303030303030302c73686f72746e616d653d65722c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d6d697865642c696f630100727365743d757466f69e75731725e72216799ebd57484a7e1948a8aa65667265652c757466383d312c6e66733d6e6f7374616c655f726f2c73686f72682e616d653d6d697865642c757466383d306d653d77696e6e742c007aea3388304ddedb3208ceb9b2c23924743277bd2c0d0019d44efede967f3df81cce421f7aafa8aa7c706311ab7a0ce39abf7858b6ba6ef5206da03692650000000000000001d0559b166f8c433d34c03a60999dea3bab649a260b216354ecc726cd1f6519546e8ef6ae17a0da1b9313ef4b5633c5f1bf756a7816d304d61c4d15539bae9f6e8dc91d178c85744c5cc226ca0568f9f6da8997bc10100b836488e47d0b7e6ccffaf123b1000000d6d876f2e37dde582f497ab6d4d11f7211b4aaf087f529ffc0000ee312a30cc69ae25ac6a986a76824020b12971980e00a27786eef1c2537fdcb1de9c4bed7175c6704f0c39d14da07a8edf97525a0c8138686d6e2b8d90102027245729e944719894ebe079bf1ab2b7002c54c5c714bff93d9475ff23f653874321e4ecc1ebd2baa44aea86a1617e53fcc5683e5c7b14e5158239aebf96ef3b73359414993575bf4e880ac24d7fee38c5a22f6fae6a22a2185cd5a25b7bc11062d649340f8220bfa18cae94fd73afbb38b2fc20a263e091c5eb14ce630628aaf65b7ccab9b4d3b2c220153cd28c86e6c8e58903c66698fd27f4f22a9fd1dd67d70de664e3b985f20ada8c0f531865a9093fe6d3cd52c721dcfe391a812583c4e745b824429ce98f2a7928d22c9b5302719058f593fddbbb60ca7"], 0x1, 0x258, &(0x7f0000001140)="$eJzs3E9rI3UYB/DHtm7/LLvpQQQF8Yde9DJs6wuQILsgFpS6EfUgzNqpho5JyYRKRNy9efV1LB71JLi+gV68effWi+BlD2KkabpN1oIgG6c2nw8k84RfvuQZZhKeCSRH73/z2d5ule3m/VhYSbEQcS8eRqwfV2NPjbcLo/pKTLoXr179/ZcX3v3gw7eaW1s3t1O61bz92mZK6fqLP37+5bcv/dS/+t53139YjsP1j45+2/z18NnD547+vP1pu0rtKnW6/ZSnO91uP79TFmmnXe1lKb1TFnlVpHanKnpT67tld39/kPLOzrW1/V5RVSnvDNJeMUj9bur3Bin/JG93UpZl6dpa8E9a97e382bdXTAzS8d3vV4zX4yI1b8tt+7X0RQAUK+LPf8fTy3m/9kx/8+D4/l/bfz+nWb+BwAAAAAAAAAAAACA/4OHw2FjOBw2Trent+WIWImI08d198lsOP7zbeKHeysR5dcHrYPWyfZkvbkb7SijiBvRiD9G58PYSX3rza2bN9LIejwo747zdw9ai9P5jWjE+vn5jZN8igffL57ln461yfxmNOKZ8/Obj/KTr38lXnl5Ip9FI37+OLpRxs7ovD7Lf7WR0htvbz2WXx09DwAAAC6DLD1y7vV7lk2vL49z/+L7gceur5fi+aX69hsAAADmSTX4Yi8vy6KnuITF6xFxAdpQTBYrT/qgrMYsWq37kwkAAHjSzob+ujsBAAAAAAAAAAAAAAAAAACA+fVf/OFZ3fsIAAAAAAAAAAAAAAAAAAAAAAAAF8VfAQAA//+gfid7") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x2, 0x0) io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(r2, 0x19, 0x0, 0x0) mkdirat(r2, &(0x7f0000000180)='./bus\x00', 0x0) renameat2(r2, &(0x7f0000000380)='./file0\x00', r2, &(0x7f0000000200)='./bus/file0\x00', 0x0) 952.728547ms ago: executing program 1 (id=348): ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) r0 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000009f910000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) clock_getres(0x2, 0x0) setresgid(0x0, 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, 0x0, 0x0) syz_usb_disconnect(r0) syslog(0x2, &(0x7f0000000000)=""/94, 0x5e) 943.468617ms ago: executing program 0 (id=349): r0 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000580)=""/52, 0x34}], 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x201}, @generic={0x66, 0x8}, @initr0, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x44, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c00048048000180080001"], 0x122}}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80a, &(0x7f0000000000)={[{@grpquota}, {@lazytime}, {@data_err_abort}, {@errors_remount}]}, 0x1, 0x79b, &(0x7f0000000a40)="$eJzs3c1rXFUbAPDnTpImTfu+zQsv2LppVloonbQ1tgqCERciWCjo2jZMpiFmkimZSWlCFhYRBBG0uBB049qPunMruvZvcCMiLVXTYsWFjNz5SKb5mHw0k2mb3w9ucs6dc+ecZ+7cc8/MPcwNYM8aTP9kIo5ExIdJxKH6+iQieqqp7oiRWrl7iwu5dEmiUnn996Ra5u7iQi6atkkdqGcOR8T370Ycz6yutzQ3PzlaKORn6vmh8tTlodLc/ImJqdHx/Hh++syp4eHTZ589e2bnYv3zx/mDtz565emvR/5+54kbH/yQxEgcrD/WHMdOGYzB+mvSk76E93l5pyvrsKTTDWBb0kOzq3aUx5E4FF3VFADwOEvP/xUAYI9JnP8BYI9pfA9wd3Eh11g6+43E7rr9UkT01eJvXN+sPdJdv2bXV70O2n83ie76FdHYwetdgxHx2bdvfpku0abrkABreftaRFwcGFzd/yer5ixs1clNlBlckdf/we75Lh3/PLfW+C+zNP6JpfHPst41jt3tGIzY15xfffxnbq654Ys7UHl9/PdCbW5bGmjT+G9p0tpAVz33nzRzNCImCvm0b/tvRByLnt5LE4X8qRZ1HLvzz531Hmse//1x/a0v0vrT/8slMje7e+/fZmy0PPogMTe7fS3iye7luX33VvX/fdWx7sr9n6473+qJjy4nX33+vU/XK5bGn8bbWFbH316VzyOeirXjb0hazk8cSnf/ydrftev45udP+terv3n/p0taf+OzwG5I939/6/gHkub5mqWdrX/j+Nd+/+9L3qimG53H1dFyeeZUxL7ktdXrTy9v28g3yqfx1yJdGX+m5fs//SR4cZMxdt/67avtx7+kLVMs0/jHtrT/t564cW+ya/vxp/t/uJo6Vl+zmf5vsw18kNcOAAAAAAAAAAAAAAAAAAAAAAAAADYrExEHI8lkl9KZTDZbu4f3/6M/UyiWyscvFWenx6J6r+yB6Mk0furyUC2fNH7/dKApf3pF/pmI+F9EfNy7v5rP5oqFsU4HDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1B9a5/3/q195Otw4AaJu+DUvcyd+XrVQqlTa2BwBov43P/wDA46bF+X//brYDANg9Pv8DwN7j/A8Ae4/zPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG12/ty5dKn8tbiQS/NjV+ZmJ4tXTozlS5PZqdlcNlecuZwdLxbHC/lsrji10fMVisXLwzE9e3WonC+Vh0pz8xemirPT5QsTU6Pj+Qv5nl2JCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2pjQ3PzlaKORnHovE+xHxEDSjHYkkHopmdCTxy4mfDrcqc32Dt/HIQxHFI5bodM8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Gj4NwAA//8PbSWm") chdir(&(0x7f0000000080)='./file0\x00') 889.019487ms ago: executing program 2 (id=350): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000008640)=[{0x0}], 0x1, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) write(r1, &(0x7f0000000000)="fa", 0xfffffdef) creat(0x0, 0x0) io_setup(0x200, 0x0) io_submit(0x0, 0x0, 0x0) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) 869.204318ms ago: executing program 3 (id=351): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000a000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r4, 0x0, 0x8000000000000}, 0x18) bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000080)={r3, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 612.332958ms ago: executing program 3 (id=352): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r4}, 0x69) 243.12426ms ago: executing program 4 (id=353): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000067dfb4a518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40010) 174.19086ms ago: executing program 4 (id=354): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "ff00f7000000000000000000af88008300"}) r2 = syz_open_pts(r1, 0x141601) write(r2, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TCSETSF(r2, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0xfffffffc, 0x0, 0x0, "682341f2fd71a6a76177920ea7e60c0ac7a4a5"}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffa}]}) close_range(r3, 0xffffffffffffffff, 0x0) 126.58085ms ago: executing program 1 (id=355): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r3}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast}) 59.80444ms ago: executing program 0 (id=356): syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf9, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x1010091, 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2200c3a, 0x0) socket(0x2c, 0x4, 0x3) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) pipe2$9p(0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYBLOB, @ANYRESHEX]) 0s ago: executing program 3 (id=357): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r2, 0x0, 0x5}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f00000002c0)={{0x9, 0x1}, 'port0\x00', 0x2, 0x2, 0x5, 0x5, 0x5, 0x5, 0x3, 0x0, 0x7, 0x5}) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) kernel console output (not intermixed with test programs): syzkaller syzkaller login: [ 19.715550][ T29] kauditd_printk_skb: 64 callbacks suppressed [ 19.715567][ T29] audit: type=1400 audit(1732086577.169:76): avc: denied { transition } for pid=3198 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.719623][ T29] audit: type=1400 audit(1732086577.169:77): avc: denied { noatsecure } for pid=3198 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.722484][ T29] audit: type=1400 audit(1732086577.169:78): avc: denied { write } for pid=3198 comm="sh" path="pipe:[511]" dev="pipefs" ino=511 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 19.725788][ T29] audit: type=1400 audit(1732086577.169:79): avc: denied { rlimitinh } for pid=3198 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.728537][ T29] audit: type=1400 audit(1732086577.169:80): avc: denied { siginh } for pid=3198 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.943302][ T29] audit: type=1400 audit(1732086578.399:81): avc: denied { read } for pid=3001 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.0.2' (ED25519) to the list of known hosts. [ 27.863459][ T29] audit: type=1400 audit(1732086585.309:82): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 27.864624][ T3308] cgroup: Unknown subsys name 'net' [ 27.886698][ T29] audit: type=1400 audit(1732086585.309:83): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.914008][ T29] audit: type=1400 audit(1732086585.339:84): avc: denied { unmount } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 28.046134][ T3308] cgroup: Unknown subsys name 'cpuset' [ 28.052201][ T3308] cgroup: Unknown subsys name 'rlimit' [ 28.200126][ T29] audit: type=1400 audit(1732086585.649:85): avc: denied { setattr } for pid=3308 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 28.225219][ T29] audit: type=1400 audit(1732086585.649:86): avc: denied { create } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.245770][ T29] audit: type=1400 audit(1732086585.649:87): avc: denied { write } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.253808][ T3310] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 28.266162][ T29] audit: type=1400 audit(1732086585.649:88): avc: denied { read } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.294959][ T29] audit: type=1400 audit(1732086585.649:89): avc: denied { mounton } for pid=3308 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 28.319821][ T29] audit: type=1400 audit(1732086585.649:90): avc: denied { mount } for pid=3308 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 28.343191][ T29] audit: type=1400 audit(1732086585.729:91): avc: denied { relabelto } for pid=3310 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.372357][ T3308] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 30.100114][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 30.116077][ T3318] chnl_net:caif_netlink_parms(): no params data found [ 30.155584][ T3324] chnl_net:caif_netlink_parms(): no params data found [ 30.199179][ T3323] chnl_net:caif_netlink_parms(): no params data found [ 30.246183][ T3318] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.253289][ T3318] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.260535][ T3318] bridge_slave_0: entered allmulticast mode [ 30.266887][ T3318] bridge_slave_0: entered promiscuous mode [ 30.273313][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.280474][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.287669][ T3317] bridge_slave_0: entered allmulticast mode [ 30.294131][ T3317] bridge_slave_0: entered promiscuous mode [ 30.302349][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.309543][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.316698][ T3317] bridge_slave_1: entered allmulticast mode [ 30.322995][ T3317] bridge_slave_1: entered promiscuous mode [ 30.337855][ T3318] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.344971][ T3318] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.352194][ T3318] bridge_slave_1: entered allmulticast mode [ 30.358602][ T3318] bridge_slave_1: entered promiscuous mode [ 30.381105][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.402751][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.429017][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.442997][ T3324] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.450115][ T3324] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.457317][ T3324] bridge_slave_0: entered allmulticast mode [ 30.463753][ T3324] bridge_slave_0: entered promiscuous mode [ 30.470292][ T3326] chnl_net:caif_netlink_parms(): no params data found [ 30.478848][ T3323] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.485984][ T3323] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.493173][ T3323] bridge_slave_0: entered allmulticast mode [ 30.499667][ T3323] bridge_slave_0: entered promiscuous mode [ 30.507270][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.520610][ T3324] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.527796][ T3324] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.535035][ T3324] bridge_slave_1: entered allmulticast mode [ 30.541497][ T3324] bridge_slave_1: entered promiscuous mode [ 30.550312][ T3323] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.557474][ T3323] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.564565][ T3323] bridge_slave_1: entered allmulticast mode [ 30.571102][ T3323] bridge_slave_1: entered promiscuous mode [ 30.591781][ T3318] team0: Port device team_slave_0 added [ 30.598417][ T3318] team0: Port device team_slave_1 added [ 30.621046][ T3317] team0: Port device team_slave_0 added [ 30.639322][ T3324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.649502][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.659270][ T3317] team0: Port device team_slave_1 added [ 30.684021][ T3324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.699136][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.717564][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.724524][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.750449][ T3318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.783150][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.790193][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.816178][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.827309][ T3318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.834259][ T3318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.860199][ T3318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.873088][ T3326] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.880219][ T3326] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.887669][ T3326] bridge_slave_0: entered allmulticast mode [ 30.894062][ T3326] bridge_slave_0: entered promiscuous mode [ 30.900706][ T3326] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.907832][ T3326] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.915310][ T3326] bridge_slave_1: entered allmulticast mode [ 30.921691][ T3326] bridge_slave_1: entered promiscuous mode [ 30.928533][ T3324] team0: Port device team_slave_0 added [ 30.939804][ T3323] team0: Port device team_slave_0 added [ 30.945737][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.952682][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.978780][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.000236][ T3324] team0: Port device team_slave_1 added [ 31.011045][ T3323] team0: Port device team_slave_1 added [ 31.041606][ T3326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.061199][ T3317] hsr_slave_0: entered promiscuous mode [ 31.067224][ T3317] hsr_slave_1: entered promiscuous mode [ 31.074976][ T3318] hsr_slave_0: entered promiscuous mode [ 31.081154][ T3318] hsr_slave_1: entered promiscuous mode [ 31.087062][ T3318] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 31.094602][ T3318] Cannot create hsr debugfs directory [ 31.100289][ T3324] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.107332][ T3324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.133397][ T3324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.145102][ T3326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.161204][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.168277][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.194260][ T3323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.210765][ T3324] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.217764][ T3324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.243794][ T3324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.260226][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.267231][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.293144][ T3323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.327951][ T3326] team0: Port device team_slave_0 added [ 31.350093][ T3326] team0: Port device team_slave_1 added [ 31.373945][ T3323] hsr_slave_0: entered promiscuous mode [ 31.379933][ T3323] hsr_slave_1: entered promiscuous mode [ 31.385894][ T3323] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 31.393468][ T3323] Cannot create hsr debugfs directory [ 31.408432][ T3324] hsr_slave_0: entered promiscuous mode [ 31.414663][ T3324] hsr_slave_1: entered promiscuous mode [ 31.420936][ T3324] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 31.428537][ T3324] Cannot create hsr debugfs directory [ 31.445392][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.452352][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.478304][ T3326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.489470][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.496556][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.522465][ T3326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.611643][ T3326] hsr_slave_0: entered promiscuous mode [ 31.617768][ T3326] hsr_slave_1: entered promiscuous mode [ 31.623610][ T3326] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 31.631216][ T3326] Cannot create hsr debugfs directory [ 31.690739][ T3317] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 31.717009][ T3317] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 31.726040][ T3317] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 31.738415][ T3317] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 31.772060][ T3318] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 31.786427][ T3318] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 31.794984][ T3318] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 31.803713][ T3318] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 31.832759][ T3323] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 31.846670][ T3323] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 31.861976][ T3323] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 31.870984][ T3323] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 31.906997][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.920824][ T3324] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 31.933720][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.945706][ T3324] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 31.954201][ T3324] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 31.963238][ T3324] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 31.976475][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.983559][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.995992][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.003100][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.035528][ T3326] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 32.044573][ T3326] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 32.054303][ T3326] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 32.065461][ T3326] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 32.080770][ T3317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.101333][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.146803][ T3318] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.159123][ T1788] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.166228][ T1788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.188035][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.204438][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.218978][ T1788] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.226077][ T1788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.248514][ T3324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.266040][ T3323] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.277098][ T1788] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.284173][ T1788] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.296547][ T3326] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.307957][ T3326] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.319376][ T1788] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.326548][ T1788] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.342760][ T3324] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.354014][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.361132][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.372245][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.379496][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.403321][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.410393][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.419283][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.426346][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.442099][ T3318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.505974][ T3324] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 32.516601][ T3324] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.583497][ T3317] veth0_vlan: entered promiscuous mode [ 32.600677][ T3323] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.630449][ T3317] veth1_vlan: entered promiscuous mode [ 32.647549][ T3318] veth0_vlan: entered promiscuous mode [ 32.662376][ T3326] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.690171][ T3318] veth1_vlan: entered promiscuous mode [ 32.697703][ T3317] veth0_macvtap: entered promiscuous mode [ 32.713999][ T3317] veth1_macvtap: entered promiscuous mode [ 32.724246][ T3324] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.744296][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.765979][ T3318] veth0_macvtap: entered promiscuous mode [ 32.787075][ T3318] veth1_macvtap: entered promiscuous mode [ 32.799665][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.814724][ T3318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 32.825261][ T3318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.838757][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.847623][ T3317] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.856410][ T3317] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.865162][ T3317] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.873869][ T3317] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.889567][ T3323] veth0_vlan: entered promiscuous mode [ 32.896984][ T3318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 32.907536][ T3318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 32.918467][ T3318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.928629][ T3318] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.937433][ T3318] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.946233][ T3318] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.955041][ T3318] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.980455][ T3326] veth0_vlan: entered promiscuous mode [ 32.989606][ T3324] veth0_vlan: entered promiscuous mode [ 33.004808][ T29] kauditd_printk_skb: 18 callbacks suppressed [ 33.004914][ T29] audit: type=1400 audit(1732086590.449:110): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/root/syzkaller.e1ZEMH/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 33.009834][ T3323] veth1_vlan: entered promiscuous mode [ 33.025271][ T29] audit: type=1400 audit(1732086590.449:111): avc: denied { mount } for pid=3317 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 33.062798][ T29] audit: type=1400 audit(1732086590.459:112): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/root/syzkaller.e1ZEMH/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 33.088115][ T29] audit: type=1400 audit(1732086590.459:113): avc: denied { mount } for pid=3317 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 33.110020][ T29] audit: type=1400 audit(1732086590.459:114): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/root/syzkaller.e1ZEMH/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 33.136757][ T29] audit: type=1400 audit(1732086590.459:115): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/root/syzkaller.e1ZEMH/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4491 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 33.164295][ T29] audit: type=1400 audit(1732086590.459:116): avc: denied { unmount } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 33.185118][ T29] audit: type=1400 audit(1732086590.489:117): avc: denied { mounton } for pid=3317 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=502 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 33.209236][ T3326] veth1_vlan: entered promiscuous mode [ 33.224046][ T3326] veth0_macvtap: entered promiscuous mode [ 33.240729][ T3323] veth0_macvtap: entered promiscuous mode [ 33.251185][ T3324] veth1_vlan: entered promiscuous mode [ 33.254606][ T3317] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 33.258696][ T3326] veth1_macvtap: entered promiscuous mode [ 33.289505][ T29] audit: type=1400 audit(1732086590.739:118): avc: denied { read write } for pid=3318 comm="syz-executor" name="loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 33.291311][ T3324] veth0_macvtap: entered promiscuous mode [ 33.321189][ T3324] veth1_macvtap: entered promiscuous mode [ 33.331455][ T3324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.341926][ T3324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.351816][ T3324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.362275][ T3324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.362316][ T29] audit: type=1400 audit(1732086590.769:119): avc: denied { open } for pid=3318 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 33.372957][ T3324] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.412019][ T3323] veth1_macvtap: entered promiscuous mode [ 33.429689][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.440154][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.450073][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.460726][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.470557][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.481019][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.493475][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.508372][ T3324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.515583][ T3461] loop0: detected capacity change from 0 to 1024 [ 33.518826][ T3324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.526504][ T3461] EXT4-fs: Ignoring removed mblk_io_submit option [ 33.534927][ T3324] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.551944][ T3324] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.566360][ T3324] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.576586][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.587061][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.596895][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.607373][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.617206][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.627656][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.638174][ T3461] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.650042][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.660528][ T3324] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.666035][ T3461] process 'syz.0.6' launched './file0/file0' with NULL argv: empty string added [ 33.669339][ T3324] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.687026][ T3324] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.695980][ T3324] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.706485][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.717065][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.726974][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.737527][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.747484][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.757958][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.767956][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.778488][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.788939][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.797142][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.807673][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.817523][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.828022][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.837849][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.848298][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.858119][ T3326] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.868624][ T3326] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.879164][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.890013][ T3323] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.898805][ T3323] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.907568][ T3323] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.916514][ T3323] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.926265][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.950931][ T3326] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.959766][ T3326] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.968565][ T3326] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.977385][ T3326] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.007716][ T3475] loop4: detected capacity change from 0 to 512 [ 34.016121][ T3475] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 34.024134][ T3475] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01c, mo2=0002] [ 34.036285][ T3475] EXT4-fs (loop4): orphan cleanup on readonly fs [ 34.044869][ T3475] EXT4-fs warning (device loop4): ext4_block_to_path:107: block 3279949761 > max in inode 13 [ 34.045397][ T3480] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 34.096367][ T3475] EXT4-fs warning (device loop4): ext4_block_to_path:107: block 3279949762 > max in inode 13 [ 34.097568][ T3480] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3480 comm=syz.0.9 [ 34.106760][ T3475] EXT4-fs (loop4): 1 truncate cleaned up [ 34.125131][ T3475] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 34.162497][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.189728][ T3486] loop3: detected capacity change from 0 to 512 [ 34.207700][ T3486] ======================================================= [ 34.207700][ T3486] WARNING: The mand mount option has been deprecated and [ 34.207700][ T3486] and is ignored by this kernel. Remove the mand [ 34.207700][ T3486] option from the mount to silence this warning. [ 34.207700][ T3486] ======================================================= [ 34.258048][ T3486] EXT4-fs: Ignoring removed nobh option [ 34.263650][ T3486] EXT4-fs: Ignoring removed mblk_io_submit option [ 34.277428][ T3486] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.328292][ T3486] syz.3.4 (3486) used greatest stack depth: 10520 bytes left [ 34.339882][ T3495] loop0: detected capacity change from 0 to 128 [ 34.348335][ T3496] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 34.363621][ T3323] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.386344][ T3496] hsr_slave_1 (unregistering): left promiscuous mode [ 34.394254][ T3495] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 34.408808][ T3495] ext4 filesystem being mounted at /3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 34.499706][ T3318] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 34.522255][ T3506] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 34.567149][ T3509] netlink: 4 bytes leftover after parsing attributes in process `syz.0.17'. [ 34.593251][ T3511] loop4: detected capacity change from 0 to 512 [ 34.617788][ T3511] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002] [ 34.631575][ T3511] System zones: 0-2, 18-18, 34-34 [ 34.641705][ T3511] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.18: bg 0: block 248: padding at end of block bitmap is not set [ 34.663084][ T3511] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.18: Failed to acquire dquot type 1 [ 34.717720][ T3511] EXT4-fs (loop4): 1 truncate cleaned up [ 34.723877][ T3511] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.738624][ T3511] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.770264][ T3511] : renamed from vlan1 (while UP) [ 34.778974][ T3511] syz.4.18 (3511) used greatest stack depth: 9304 bytes left [ 34.809616][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.851041][ T3527] bridge0: port 3(syz_tun) entered blocking state [ 34.857723][ T3527] bridge0: port 3(syz_tun) entered disabled state [ 34.889125][ T3527] syz_tun: entered allmulticast mode [ 34.895182][ T3527] syz_tun: entered promiscuous mode [ 34.915178][ T3527] bridge0: port 3(syz_tun) entered blocking state [ 34.921706][ T3527] bridge0: port 3(syz_tun) entered forwarding state [ 34.946633][ T3538] bridge0: entered promiscuous mode [ 34.953482][ T3532] loop3: detected capacity change from 0 to 764 [ 35.002188][ T3532] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 35.016846][ T3543] loop0: detected capacity change from 0 to 128 [ 35.103355][ T3549] syz.0.26: attempt to access beyond end of device [ 35.103355][ T3549] loop0: rw=34817, sector=97, nr_sectors = 32 limit=128 [ 35.195407][ T3548] syzkaller0: entered promiscuous mode [ 35.200976][ T3548] syzkaller0: entered allmulticast mode [ 35.286442][ T3560] ALSA: seq fatal error: cannot create timer (-22) [ 35.303286][ T3563] netlink: 4 bytes leftover after parsing attributes in process `syz.1.31'. [ 35.312073][ T3563] netlink: 'syz.1.31': attribute type 15 has an invalid length. [ 35.319891][ T3563] netlink: 'syz.1.31': attribute type 18 has an invalid length. [ 35.330593][ T3563] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 3072 - 0 [ 35.339480][ T3563] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 3072 - 0 [ 35.348368][ T3563] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 3072 - 0 [ 35.357152][ T3563] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 3072 - 0 [ 35.366070][ T3563] vxlan0: entered promiscuous mode [ 35.390220][ T3566] loop7: detected capacity change from 0 to 16384 [ 35.455691][ T3566] loop7: detected capacity change from 16384 to 16383 [ 35.581925][ T3570] serio: Serial port ptm0 [ 35.667449][ T3581] loop2: detected capacity change from 0 to 512 [ 35.689590][ T3583] IPv6: Can't replace route, no match found [ 35.698821][ T3581] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.715639][ T3581] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 35.756346][ T3587] loop6: detected capacity change from 0 to 7 [ 35.762713][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.773869][ T3587] Buffer I/O error on dev loop6, logical block 0, async page read [ 35.782914][ T3587] Buffer I/O error on dev loop6, logical block 0, async page read [ 35.790891][ T3587] loop6: unable to read partition table [ 35.801506][ T3587] loop_reread_partitions: partition scan of loop6 (被xڬdƤݡ [ 35.801506][ T3587] ) failed (rc=-5) [ 35.844873][ T3590] loop2: detected capacity change from 0 to 1024 [ 35.877119][ T3590] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.907392][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.987480][ T3599] loop2: detected capacity change from 0 to 4096 [ 35.994311][ T3599] EXT4-fs: Ignoring removed nobh option [ 36.019975][ T3599] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.192085][ T3607] veth1_macvtap: left promiscuous mode [ 36.197868][ T3607] macsec0: entered promiscuous mode [ 36.213943][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.299813][ T3614] syz.0.52: attempt to access beyond end of device [ 36.299813][ T3614] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 36.314543][ T3614] mmap: syz.0.52 (3614) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 36.348106][ T3617] sd 0:0:1:0: device reset [ 36.412367][ T3621] loop3: detected capacity change from 0 to 4096 [ 36.440871][ T3621] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.464910][ T3631] loop4: detected capacity change from 0 to 2048 [ 36.626724][ T3323] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.858012][ T3657] loop1: detected capacity change from 0 to 512 [ 36.879015][ T3657] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.891780][ T3657] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 36.923384][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.989708][ T3663] loop1: detected capacity change from 0 to 512 [ 36.997202][ T3663] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 37.257325][ T3672] loop1: detected capacity change from 0 to 512 [ 37.268533][ T3672] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.73: corrupted in-inode xattr: invalid ea_ino [ 37.282050][ T3672] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.73: couldn't read orphan inode 15 (err -117) [ 37.294432][ T3672] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.340718][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.376290][ T3677] loop1: detected capacity change from 0 to 512 [ 37.407728][ T3677] EXT4-fs (loop1): too many log groups per flexible block group [ 37.415457][ T3677] EXT4-fs (loop1): failed to initialize mballoc (-12) [ 37.441567][ T3677] EXT4-fs (loop1): mount failed [ 37.532226][ T3685] loop3: detected capacity change from 0 to 512 [ 37.571850][ T3685] EXT4-fs warning (device loop3): ext4_enable_quotas:7156: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 37.584527][ T3692] loop0: detected capacity change from 0 to 512 [ 37.593351][ T3692] EXT4-fs: Ignoring removed orlov option [ 37.599337][ T3692] EXT4-fs: Ignoring removed oldalloc option [ 37.605551][ T3685] EXT4-fs (loop3): mount failed [ 37.613327][ T3692] EXT4-fs error (device loop0): ext4_xattr_inode_iget:436: comm syz.0.79: Parent and EA inode have the same ino 15 [ 37.627411][ T3692] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2863: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 37.640562][ T3692] EXT4-fs error (device loop0): ext4_xattr_inode_iget:436: comm syz.0.79: Parent and EA inode have the same ino 15 [ 37.654416][ T3692] EXT4-fs (loop0): 1 orphan inode deleted [ 37.667950][ T3692] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.699956][ T3694] loop1: detected capacity change from 0 to 512 [ 37.718568][ T3694] EXT4-fs: Ignoring removed oldalloc option [ 37.731254][ T3692] syz.0.79 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 37.751655][ T3694] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 37.764825][ T3694] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 37.804660][ T3694] EXT4-fs (loop1): 1 truncate cleaned up [ 37.808141][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.814940][ T3694] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.853201][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.875189][ T3704] loop3: detected capacity change from 0 to 512 [ 37.902253][ T3704] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.915052][ T3705] ------------[ cut here ]------------ [ 37.919351][ T3714] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 37.920530][ T3705] refcount_t: underflow; use-after-free. [ 37.935855][ T3705] WARNING: CPU: 0 PID: 3705 at lib/refcount.c:28 refcount_warn_saturate+0x1c6/0x230 [ 37.938189][ T3704] ext4 filesystem being mounted at /11/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 37.945299][ T3705] Modules linked in: [ 37.945330][ T3705] CPU: 0 UID: 0 PID: 3705 Comm: syz.0.82 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 [ 37.945357][ T3705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 37.979747][ T3705] RIP: 0010:refcount_warn_saturate+0x1c6/0x230 [ 37.986065][ T3705] Code: 72 ff ff ff e8 eb c6 70 ff 48 c7 c7 78 f9 b2 86 e8 9f ae 89 ff c6 05 e0 6c f3 04 01 90 48 c7 c7 86 e2 1b 86 e8 2b 78 52 ff 90 <0f> 0b 90 90 e9 43 ff ff ff e8 bc c6 70 ff 48 c7 c7 75 f9 b2 86 e8 [ 38.005743][ T3705] RSP: 0018:ffffc9000d283cd8 EFLAGS: 00010246 [ 38.005766][ T3705] RAX: 7a6a07d154310c00 RBX: ffff88811a01e9e4 RCX: 0000000000040000 [ 38.005797][ T3705] RDX: ffffc90001d52000 RSI: 00000000000228a6 RDI: 00000000000228a7 [ 38.005812][ T3705] RBP: 0000000000000003 R08: ffffffff81120637 R09: 0000000000000000 [ 38.005828][ T3705] R10: 0001ffffffffffff R11: 0001c9000d283b17 R12: ffff88811582c668 [ 38.005845][ T3705] R13: ffff88811582c618 R14: ffff88811a01e9e4 R15: 0000000000000000 [ 38.005858][ T3705] FS: 00007f58d86d76c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 [ 38.005952][ T3705] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.005967][ T3705] CR2: 0000001b3321bff8 CR3: 00000001160ca000 CR4: 00000000003506f0 [ 38.005985][ T3705] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.006026][ T3705] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.006043][ T3705] Call Trace: [ 38.006051][ T3705] [ 38.006060][ T3705] ? __warn+0x141/0x350 [ 38.006083][ T3705] ? report_bug+0x315/0x420 [ 38.006115][ T3705] ? refcount_warn_saturate+0x1c6/0x230 [ 38.006255][ T3705] ? handle_bug+0x60/0x90 [ 38.006287][ T3705] ? exc_invalid_op+0x1a/0x50 [ 38.006315][ T3705] ? asm_exc_invalid_op+0x1a/0x20 [ 38.006375][ T3705] ? __warn_printk+0x167/0x1b0 [ 38.006477][ T3705] ? refcount_warn_saturate+0x1c6/0x230 [ 38.006509][ T3705] ? refcount_warn_saturate+0x1c5/0x230 [ 38.006597][ T3705] sk_skb_reason_drop+0xe9/0x290 [ 38.006633][ T3705] j1939_session_put+0x157/0x2a0 [ 38.006684][ T3705] j1939_sk_release+0x278/0x4f0 [ 38.006777][ T3705] ? __pfx_autoremove_wake_function+0x10/0x10 [ 38.006853][ T3705] sock_close+0x68/0x150 [ 38.006884][ T3705] ? __pfx_sock_close+0x10/0x10 [ 38.006916][ T3705] __fput+0x17a/0x6d0 [ 38.006961][ T3705] ____fput+0x1c/0x30 [ 38.007015][ T3705] task_work_run+0x13a/0x1a0 [ 38.007049][ T3705] syscall_exit_to_user_mode+0xa8/0x120 [ 38.007076][ T3705] do_syscall_64+0xd6/0x1c0 [ 38.007138][ T3705] ? clear_bhb_loop+0x55/0xb0 [ 38.007166][ T3705] ? clear_bhb_loop+0x55/0xb0 [ 38.007200][ T3705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 38.007228][ T3705] RIP: 0033:0x7f58d9a5e759 [ 38.007247][ T3705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 38.007271][ T3705] RSP: 002b:00007f58d86d7038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 38.007306][ T3705] RAX: 0000000000000000 RBX: 00007f58d9c15f80 RCX: 00007f58d9a5e759 [ 38.007319][ T3705] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 38.007332][ T3705] RBP: 00007f58d9ad175e R08: 0000000000000000 R09: 0000000000000000 [ 38.007346][ T3705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 38.007358][ T3705] R13: 0000000000000000 R14: 00007f58d9c15f80 R15: 00007fff8ab3ecf8 [ 38.007424][ T3705] [ 38.007431][ T3705] ---[ end trace 0000000000000000 ]--- [ 38.037880][ T29] kauditd_printk_skb: 350 callbacks suppressed [ 38.037898][ T29] audit: type=1400 audit(1732086595.489:467): avc: denied { write } for pid=3701 comm="syz.3.84" path="/11/bus/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 38.199215][ T3723] EXT4-fs error (device loop3): ext4_do_update_inode:5153: inode #19: comm syz.3.84: corrupted inode contents [ 38.354084][ T3723] EXT4-fs error (device loop3): ext4_dirty_inode:6041: inode #19: comm syz.3.84: mark_inode_dirty error [ 38.367465][ T3723] EXT4-fs error (device loop3): ext4_do_update_inode:5153: inode #19: comm syz.3.84: corrupted inode contents [ 38.374284][ T29] audit: type=1400 audit(1732086595.589:468): avc: denied { create } for pid=3703 comm="syz.1.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 38.391055][ T3723] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3006: inode #19: comm syz.3.84: mark_inode_dirty error [ 38.398383][ T29] audit: type=1400 audit(1732086595.589:469): avc: denied { write } for pid=3703 comm="syz.1.85" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 38.411995][ T3723] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3009: inode #19: comm syz.3.84: mark inode dirty (error -117) [ 38.429347][ T29] audit: type=1326 audit(1732086595.639:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3721 comm="syz.4.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b72be759 code=0x7ffc0000 [ 38.429383][ T29] audit: type=1326 audit(1732086595.649:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3721 comm="syz.4.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b72be759 code=0x7ffc0000 [ 38.429412][ T29] audit: type=1326 audit(1732086595.649:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3721 comm="syz.4.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5b72be759 code=0x7ffc0000 [ 38.429473][ T29] audit: type=1326 audit(1732086595.649:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3721 comm="syz.4.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b72be759 code=0x7ffc0000 [ 38.429502][ T29] audit: type=1326 audit(1732086595.649:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3721 comm="syz.4.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5b72be759 code=0x7ffc0000 [ 38.429609][ T29] audit: type=1326 audit(1732086595.649:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3721 comm="syz.4.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5b72be759 code=0x7ffc0000 [ 38.429666][ T29] audit: type=1326 audit(1732086595.649:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3721 comm="syz.4.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff5b72be759 code=0x7ffc0000 [ 38.446017][ T3723] EXT4-fs warning (device loop3): ext4_evict_inode:276: xattr delete (err -117) [ 38.746301][ T3323] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.767891][ T3743] pim6reg1: entered promiscuous mode [ 38.773210][ T3743] pim6reg1: entered allmulticast mode [ 38.785061][ T3745] loop3: detected capacity change from 0 to 1024 [ 38.792829][ T3745] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 38.804941][ T3745] JBD2: no valid journal superblock found [ 38.810806][ T3745] EXT4-fs (loop3): Could not load journal inode [ 38.844748][ T3749] loop3: detected capacity change from 0 to 128 [ 38.871440][ T3751] netlink: 28 bytes leftover after parsing attributes in process `syz.1.101'. [ 38.888321][ T3749] syz.3.100: attempt to access beyond end of device [ 38.888321][ T3749] loop3: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 38.913191][ T3749] syz.3.100: attempt to access beyond end of device [ 38.913191][ T3749] loop3: rw=0, sector=177, nr_sectors = 1 limit=128 [ 38.927066][ T3748] syz.3.100: attempt to access beyond end of device [ 38.927066][ T3748] loop3: rw=524288, sector=145, nr_sectors = 32 limit=128 [ 38.941466][ T3748] syz.3.100: attempt to access beyond end of device [ 38.941466][ T3748] loop3: rw=524288, sector=185, nr_sectors = 184 limit=128 [ 38.977086][ T3757] netlink: 'syz.2.104': attribute type 39 has an invalid length. [ 38.984936][ T3757] netlink: 8 bytes leftover after parsing attributes in process `syz.2.104'. [ 38.995252][ T3757] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.996308][ T3748] syz.3.100: attempt to access beyond end of device [ 38.996308][ T3748] loop3: rw=0, sector=177, nr_sectors = 1 limit=128 [ 39.002533][ T3757] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.015431][ T3748] Buffer I/O error on dev loop3, logical block 177, async page read [ 39.033217][ T3748] syz.3.100: attempt to access beyond end of device [ 39.033217][ T3748] loop3: rw=0, sector=178, nr_sectors = 1 limit=128 [ 39.046408][ T3748] Buffer I/O error on dev loop3, logical block 178, async page read [ 39.054456][ T3748] syz.3.100: attempt to access beyond end of device [ 39.054456][ T3748] loop3: rw=0, sector=179, nr_sectors = 1 limit=128 [ 39.067972][ T3748] Buffer I/O error on dev loop3, logical block 179, async page read [ 39.074880][ T3759] ref_ctr increment failed for inode: 0x94 offset: 0x9 ref_ctr_offset: 0x82 of mm: 0xffff888100057480 [ 39.076174][ T3748] syz.3.100: attempt to access beyond end of device [ 39.076174][ T3748] loop3: rw=0, sector=180, nr_sectors = 1 limit=128 [ 39.100320][ T3748] Buffer I/O error on dev loop3, logical block 180, async page read [ 39.108426][ T3748] Buffer I/O error on dev loop3, logical block 181, async page read [ 39.116458][ T3758] uprobe: syz.1.105:3758 failed to unregister, leaking uprobe [ 39.116505][ T3748] Buffer I/O error on dev loop3, logical block 182, async page read [ 39.137296][ T3748] Buffer I/O error on dev loop3, logical block 183, async page read [ 39.146663][ T3748] Buffer I/O error on dev loop3, logical block 184, async page read [ 39.239788][ T3769] loop1: detected capacity change from 0 to 128 [ 39.262234][ T3769] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 39.307499][ T3769] ext4 filesystem being mounted at /27/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 39.502388][ T3324] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 39.621257][ T3784] wireguard0: entered promiscuous mode [ 39.626834][ T3784] wireguard0: entered allmulticast mode [ 39.825661][ T3796] loop1: detected capacity change from 0 to 512 [ 39.850429][ T3797] loop0: detected capacity change from 0 to 2048 [ 39.886020][ T3796] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2813: inode #11: comm syz.1.119: corrupted xattr block 95: invalid header [ 39.919239][ T3797] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 39.927593][ T3801] loop4: detected capacity change from 0 to 512 [ 40.009085][ T3796] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.119: bg 0: block 7: invalid block bitmap [ 40.022787][ T3801] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 40.032629][ T3796] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 40.055153][ T3796] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2977: inode #11: comm syz.1.119: corrupted xattr block 95: invalid header [ 40.077791][ T3801] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.088218][ T3796] EXT4-fs warning (device loop1): ext4_evict_inode:276: xattr delete (err -117) [ 40.114341][ T3796] EXT4-fs (loop1): 1 orphan inode deleted [ 40.120471][ T3796] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.133630][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.145847][ T3801] EXT4-fs error (device loop4): ext4_do_update_inode:5153: inode #2: comm syz.4.121: corrupted inode contents [ 40.195453][ T3801] EXT4-fs error (device loop4): ext4_dirty_inode:6041: inode #2: comm syz.4.121: mark_inode_dirty error [ 40.216451][ T3801] EXT4-fs error (device loop4): ext4_do_update_inode:5153: inode #2: comm syz.4.121: corrupted inode contents [ 40.272701][ C1] hrtimer: interrupt took 38750 ns [ 40.286196][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.315920][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.400259][ T3824] netlink: 36 bytes leftover after parsing attributes in process `syz.0.128'. [ 40.417149][ T3825] loop4: detected capacity change from 0 to 512 [ 40.477099][ T3825] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.505524][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 40.515526][ T3825] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.584437][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.604953][ T3840] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 40.662239][ T3848] loop2: detected capacity change from 0 to 512 [ 40.693834][ T3842] infiniband syz1: set active [ 40.698592][ T3842] infiniband syz1: added team_slave_0 [ 40.718248][ T3842] RDS/IB: syz1: added [ 40.727204][ T3848] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 40.739971][ T3842] smc: adding ib device syz1 with port count 1 [ 40.747901][ T3842] smc: ib device syz1 port 1 has pnetid [ 40.755377][ T3848] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.932909][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 41.516598][ T3880] netdevsim netdevsim4: Firmware load for '../file0/file0' refused, path contains '..' component [ 41.540098][ T3882] loop1: detected capacity change from 0 to 2048 [ 41.547091][ T3882] EXT4-fs: Ignoring removed mblk_io_submit option [ 41.570782][ T3885] loop4: detected capacity change from 0 to 512 [ 41.579704][ T3882] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.597152][ T3882] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.150: bg 0: block 234: padding at end of block bitmap is not set [ 41.642306][ T3882] EXT4-fs (loop1): Remounting filesystem read-only [ 41.660736][ T3885] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.674105][ T3885] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.700357][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.730697][ T3880] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 41.796859][ T3885] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 41.827866][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.848815][ T3905] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 41.887205][ T3908] loop4: detected capacity change from 0 to 128 [ 41.902553][ T3903] loop0: detected capacity change from 0 to 512 [ 41.947952][ T3903] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #2: comm syz.0.158: corrupted xattr block 255: invalid header [ 41.980883][ T3903] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 41.981325][ T3903] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.981428][ T3903] EXT4-fs error (device loop0): ext4_xattr_block_get:596: inode #2: comm syz.0.158: corrupted xattr block 255: invalid header [ 41.982078][ T3903] SELinux: (dev loop0, type ext4) getxattr errno 117 [ 41.984346][ T3903] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.127311][ T3921] loop4: detected capacity change from 0 to 512 [ 42.153488][ T3921] EXT4-fs error (device loop4): ext4_orphan_get:1389: inode #17: comm syz.4.165: iget: bogus i_mode (0) [ 42.179970][ T3921] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.165: couldn't read orphan inode 17 (err -117) [ 42.223031][ T3927] syz.2.163[3927] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 42.223096][ T3927] syz.2.163[3927] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 42.235964][ T3921] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.270264][ T3927] syz.2.163[3927] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 42.292162][ T3921] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.165: bg 0: block 7: invalid block bitmap [ 42.349017][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.434589][ T3934] loop4: detected capacity change from 0 to 512 [ 42.460583][ T3934] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.169: corrupted in-inode xattr: invalid ea_ino [ 42.485398][ T3934] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.169: couldn't read orphan inode 15 (err -117) [ 42.499447][ T3934] EXT4-fs (loop4): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.562832][ T3317] EXT4-fs (loop4): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 42.689403][ T3943] loop4: detected capacity change from 0 to 4096 [ 42.703676][ T3943] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.818746][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.873376][ T3954] loop4: detected capacity change from 0 to 2048 [ 42.877363][ T3948] loop2: detected capacity change from 0 to 4096 [ 42.923800][ T3948] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.936673][ T3954] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.970182][ T3961] syzkaller0: entered promiscuous mode [ 42.975928][ T3961] syzkaller0: entered allmulticast mode [ 43.022821][ T3966] loop3: detected capacity change from 0 to 512 [ 43.065116][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.083838][ T3966] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.108143][ T3966] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.137879][ T3970] loop0: detected capacity change from 0 to 512 [ 43.167721][ T3970] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.182: corrupted in-inode xattr: invalid ea_ino [ 43.171832][ T3323] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.191602][ T3970] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.182: couldn't read orphan inode 15 (err -117) [ 43.238786][ T3970] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.283500][ T3979] bond_slave_1: mtu less than device minimum [ 43.297653][ T3326] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.328983][ T3318] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 43.501212][ T29] kauditd_printk_skb: 177 callbacks suppressed [ 43.501226][ T29] audit: type=1400 audit(1732086600.949:654): avc: denied { write } for pid=3989 comm="syz.2.189" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 43.535063][ T3992] loop3: detected capacity change from 0 to 2048 [ 43.637888][ T3996] loop0: detected capacity change from 0 to 1024 [ 43.646820][ T3992] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.727190][ T3996] EXT4-fs: Ignoring removed nobh option [ 43.732866][ T3996] EXT4-fs: Ignoring removed orlov option [ 43.835824][ T29] audit: type=1400 audit(1732086601.239:655): avc: denied { read } for pid=3993 comm="syz.2.191" name="rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 43.858810][ T29] audit: type=1400 audit(1732086601.239:656): avc: denied { open } for pid=3993 comm="syz.2.191" path="/dev/rtc0" dev="devtmpfs" ino=244 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 43.882058][ T29] audit: type=1400 audit(1732086601.239:657): avc: denied { ioctl } for pid=3993 comm="syz.2.191" path="/dev/rtc0" dev="devtmpfs" ino=244 ioctlcmd=0x7007 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 44.044303][ T3996] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e842c018, mo2=0002] [ 44.054174][ T3323] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.083177][ T3996] System zones: 0-1, 3-12 [ 44.088359][ T3996] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.107443][ T29] audit: type=1400 audit(1732086601.559:658): avc: denied { mounton } for pid=3995 comm="syz.0.192" path="/50/file0/file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.150067][ T29] audit: type=1326 audit(1732086601.599:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4008 comm="syz.3.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f916be5e759 code=0x7ffc0000 [ 44.173348][ T29] audit: type=1326 audit(1732086601.599:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4008 comm="syz.3.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f916be5e759 code=0x7ffc0000 [ 44.196699][ T29] audit: type=1326 audit(1732086601.599:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4008 comm="syz.3.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f916be5e759 code=0x7ffc0000 [ 44.219943][ T29] audit: type=1326 audit(1732086601.599:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4008 comm="syz.3.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f916be5e759 code=0x7ffc0000 [ 44.250270][ T29] audit: type=1326 audit(1732086601.599:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4008 comm="syz.3.194" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f916be5e759 code=0x7ffc0000 [ 44.302972][ T4011] team0 (unregistering): Port device team_slave_0 removed [ 44.348781][ T3318] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.369957][ T4011] team0 (unregistering): Port device team_slave_1 removed [ 44.909338][ T4042] loop4: detected capacity change from 0 to 2048 [ 44.947594][ T4042] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.044285][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.159119][ T4050] syz.0.208[4050] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.159235][ T4050] syz.0.208[4050] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.220748][ T4050] syz.0.208[4050] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.364715][ T4058] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.464190][ T4058] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.484492][ T4060] loop1: detected capacity change from 0 to 256 [ 45.519261][ T4058] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.599541][ T4058] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.703313][ T4058] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.729689][ T4058] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.790028][ T4058] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.832115][ T4058] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.054342][ T4076] loop4: detected capacity change from 0 to 1024 [ 46.090869][ T4076] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 46.121078][ T4076] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 46.147379][ T4076] EXT4-fs (loop4): orphan cleanup on readonly fs [ 46.155903][ T4076] EXT4-fs error (device loop4): __ext4_get_inode_loc:4435: comm syz.4.219: Invalid inode table block 0 in block_group 0 [ 46.168662][ T4076] EXT4-fs (loop4): Remounting filesystem read-only [ 46.175193][ T4076] EXT4-fs (loop4): 1 truncate cleaned up [ 46.203985][ T4076] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 46.216750][ T4076] SELinux: (dev loop4, type ext4) getxattr errno 5 [ 46.223551][ T4076] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.290617][ T4085] loop4: detected capacity change from 0 to 1024 [ 46.305853][ T4085] EXT4-fs: Ignoring removed oldalloc option [ 46.364809][ T4081] loop3: detected capacity change from 0 to 4096 [ 46.387734][ T4081] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.404622][ T4085] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.537971][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.581061][ T4095] loop1: detected capacity change from 0 to 256 [ 46.615606][ T3323] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.629503][ T4095] FAT-fs (loop1): bogus number of FAT sectors [ 46.635690][ T4095] FAT-fs (loop1): Can't find a valid FAT filesystem [ 46.660671][ T4097] netlink: 12 bytes leftover after parsing attributes in process `syz.4.224'. [ 46.669775][ T4097] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 46.677215][ T4097] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 46.742353][ T4097] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 46.749901][ T4097] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 46.799614][ T4104] loop1: detected capacity change from 0 to 128 [ 46.812167][ T4070] syz.2.217 (4070) used greatest stack depth: 7280 bytes left [ 46.841862][ T4104] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 46.899263][ T4104] ext4 filesystem being mounted at /47/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 46.952617][ T4111] vlan2: entered promiscuous mode [ 46.957871][ T4111] ip6gretap0: entered promiscuous mode [ 46.963572][ T4111] vlan2: entered allmulticast mode [ 46.968733][ T4111] ip6gretap0: entered allmulticast mode [ 46.978233][ T4112] loop3: detected capacity change from 0 to 128 [ 46.993699][ T4111] ip6gretap0: left allmulticast mode [ 46.999077][ T4111] ip6gretap0: left promiscuous mode [ 47.012788][ T4112] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 47.038832][ T3324] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 47.050019][ T4112] ext4 filesystem being mounted at /35/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 47.151795][ T4118] loop1: detected capacity change from 0 to 1024 [ 47.196889][ T4118] EXT4-fs: Ignoring removed mblk_io_submit option [ 47.222404][ T3323] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 47.232681][ T4124] vlan0: entered promiscuous mode [ 47.244363][ T4118] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.265392][ T4124] vlan2: entered promiscuous mode [ 47.270692][ T4124] vlan2: entered allmulticast mode [ 47.282488][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.291872][ T4129] syzkaller0: entered allmulticast mode [ 47.300853][ T4129] syzkaller0 (unregistering): left allmulticast mode [ 47.361734][ T4133] loop3: detected capacity change from 0 to 512 [ 47.382212][ T4135] netlink: 8 bytes leftover after parsing attributes in process `syz.0.240'. [ 47.395123][ T4133] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.411306][ T4133] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.430637][ T4139] loop1: detected capacity change from 0 to 512 [ 47.454788][ T4139] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 47.465565][ T4133] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 47.488346][ T4139] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 47.504673][ T3323] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.514503][ T4139] System zones: 1-12 [ 47.531006][ T4143] netlink: 8 bytes leftover after parsing attributes in process `syz.2.243'. [ 47.547785][ T4139] EXT4-fs (loop1): 1 truncate cleaned up [ 47.561061][ T4143] netlink: 12 bytes leftover after parsing attributes in process `syz.2.243'. [ 47.569974][ T4143] netlink: 16 bytes leftover after parsing attributes in process `syz.2.243'. [ 47.582707][ T4139] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.628709][ T4147] loop2: detected capacity change from 0 to 512 [ 47.656814][ T4147] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 47.677215][ T4151] pim6reg: entered allmulticast mode [ 47.698132][ T4147] EXT4-fs (loop2): 1 truncate cleaned up [ 47.700885][ T4151] pim6reg: left allmulticast mode [ 47.864522][ T4158] team0: Device ipvlan2 failed to register rx_handler [ 47.901916][ T4160] pim6reg1: entered promiscuous mode [ 47.907322][ T4160] pim6reg1: entered allmulticast mode [ 48.002040][ T4164] SELinux: syz.0.251 (4164) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 48.040224][ T4164] sch_tbf: burst 1 is lower than device lo mtu (65550) ! [ 48.079227][ T4166] syzkaller0: entered allmulticast mode [ 48.089361][ T4170] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 48.105210][ T4166] syzkaller0 (unregistering): left allmulticast mode [ 48.222356][ T4175] loop2: detected capacity change from 0 to 128 [ 48.442176][ T4185] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 48.448732][ T4185] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 48.453421][ T4186] loop3: detected capacity change from 0 to 2048 [ 48.456521][ T4185] vhci_hcd vhci_hcd.0: Device attached [ 48.492423][ T4187] vhci_hcd: connection closed [ 48.493182][ T2389] vhci_hcd: stop threads [ 48.502167][ T2389] vhci_hcd: release socket [ 48.506661][ T2389] vhci_hcd: disconnect device [ 48.516242][ T29] kauditd_printk_skb: 181 callbacks suppressed [ 48.516257][ T29] audit: type=1400 audit(1732086605.969:843): avc: denied { execute } for pid=4183 comm="syz.3.260" path="/38/file1/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 48.610976][ T29] audit: type=1326 audit(1732086606.039:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4191 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 48.634317][ T29] audit: type=1326 audit(1732086606.039:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4191 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 48.658121][ T29] audit: type=1326 audit(1732086606.039:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4191 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 48.681341][ T29] audit: type=1326 audit(1732086606.039:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4191 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 48.704670][ T29] audit: type=1326 audit(1732086606.039:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4191 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 48.728124][ T29] audit: type=1326 audit(1732086606.039:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4191 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 48.751392][ T29] audit: type=1326 audit(1732086606.039:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4191 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 48.774742][ T29] audit: type=1326 audit(1732086606.039:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4191 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 48.798028][ T29] audit: type=1326 audit(1732086606.039:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4191 comm="syz.1.261" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 48.886538][ T4198] ip6_vti0: mtu greater than device maximum [ 48.940316][ T4205] netlink: 'syz.1.266': attribute type 1 has an invalid length. [ 48.949934][ T4205] netlink: 'syz.1.266': attribute type 9 has an invalid length. [ 49.076584][ T4208] syzkaller0: entered promiscuous mode [ 49.082084][ T4208] syzkaller0: entered allmulticast mode [ 49.234457][ T4225] syzkaller0: entered promiscuous mode [ 49.240058][ T4225] syzkaller0: entered allmulticast mode [ 49.328658][ T4228] syz.1.275[4228] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 49.328753][ T4228] syz.1.275[4228] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 49.346739][ T4228] syz.1.275[4228] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 49.437159][ T4234] ip6gre1: entered allmulticast mode [ 49.531547][ T4237] Illegal XDP return value 2262238932 on prog (id 233) dev N/A, expect packet loss! [ 50.143806][ T4254] syzkaller0: entered promiscuous mode [ 50.149887][ T4254] syzkaller0: entered allmulticast mode [ 50.376500][ T4273] xt_hashlimit: max too large, truncated to 1048576 [ 50.395200][ T4276] loop4: detected capacity change from 0 to 512 [ 50.403724][ T4273] Cannot find set identified by id 0 to match [ 50.411972][ T4276] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 50.471092][ T4279] loop1: detected capacity change from 0 to 1024 [ 50.486250][ T4276] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a000c018, mo2=0002] [ 50.498682][ T4279] EXT4-fs: Ignoring removed mblk_io_submit option [ 50.514886][ T4276] System zones: 1-12 [ 50.541832][ T4276] EXT4-fs (loop4): 1 truncate cleaned up [ 50.701011][ T4290] loop1: detected capacity change from 0 to 128 [ 50.724827][ T4293] loop3: detected capacity change from 0 to 512 [ 50.743199][ T4295] IPv4: Oversized IP packet from 127.202.26.0 [ 50.784012][ T4293] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.804954][ T4290] bio_check_eod: 220 callbacks suppressed [ 50.804968][ T4290] syz.1.299: attempt to access beyond end of device [ 50.804968][ T4290] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 50.824084][ T4290] buffer_io_error: 216 callbacks suppressed [ 50.824160][ T4290] Buffer I/O error on dev loop1, logical block 128, lost async page write [ 50.849517][ T4304] loop2: detected capacity change from 0 to 512 [ 50.870766][ T4304] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 50.934432][ T4304] EXT4-fs (loop2): 1 truncate cleaned up [ 50.985969][ T4325] pim6reg1: entered promiscuous mode [ 50.991561][ T4325] pim6reg1: entered allmulticast mode [ 51.212169][ T4341] loop0: detected capacity change from 0 to 128 [ 51.221210][ T4339] syzkaller0: entered promiscuous mode [ 51.226756][ T4339] syzkaller0: entered allmulticast mode [ 51.268390][ T4341] ext4 filesystem being mounted at /66/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 51.297769][ T4344] capability: warning: `syz.4.309' uses deprecated v2 capabilities in a way that may be insecure [ 51.346286][ T4341] netlink: 4 bytes leftover after parsing attributes in process `syz.0.308'. [ 51.394826][ T4341] EXT4-fs (loop0): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 ro. Quota mode: none. [ 51.444181][ T4349] loop4: detected capacity change from 0 to 128 [ 51.484577][ T4349] ext4 filesystem being mounted at /56/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 51.514384][ T4354] smc: net device bond0 applied user defined pnetid SYZ0 [ 51.557808][ T4354] smc: net device bond0 erased user defined pnetid SYZ0 [ 51.968845][ T4368] loop3: detected capacity change from 0 to 512 [ 51.987146][ T4368] EXT4-fs error (device loop3): ext4_orphan_get:1389: inode #17: comm syz.3.319: iget: bogus i_mode (0) [ 52.002239][ T4368] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.319: couldn't read orphan inode 17 (err -117) [ 52.020372][ T4368] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.319: bg 0: block 7: invalid block bitmap [ 52.857980][ T4405] loop3: detected capacity change from 0 to 128 [ 52.955593][ T4408] loop4: detected capacity change from 0 to 512 [ 52.979559][ T4408] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 52.990989][ T4405] syz.3.332: attempt to access beyond end of device [ 52.990989][ T4405] loop3: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 53.045817][ T4408] EXT4-fs (loop4): 1 truncate cleaned up [ 53.072708][ T4405] syz.3.332: attempt to access beyond end of device [ 53.072708][ T4405] loop3: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 53.125673][ T4405] syz.3.332: attempt to access beyond end of device [ 53.125673][ T4405] loop3: rw=0, sector=145, nr_sectors = 8 limit=128 [ 53.150833][ T4419] loop0: detected capacity change from 0 to 736 [ 53.159310][ T4405] syz.3.332: attempt to access beyond end of device [ 53.159310][ T4405] loop3: rw=0, sector=145, nr_sectors = 8 limit=128 [ 53.247527][ T4405] syz.3.332: attempt to access beyond end of device [ 53.247527][ T4405] loop3: rw=0, sector=145, nr_sectors = 8 limit=128 [ 53.294829][ T4405] syz.3.332: attempt to access beyond end of device [ 53.294829][ T4405] loop3: rw=0, sector=145, nr_sectors = 8 limit=128 [ 53.429802][ T4434] loop4: detected capacity change from 0 to 1024 [ 53.464740][ T4441] ref_ctr increment failed for inode: 0x13b offset: 0x9 ref_ctr_offset: 0x82 of mm: 0xffff888112ae39c0 [ 53.470283][ T4442] netlink: 4 bytes leftover after parsing attributes in process `syz.0.345'. [ 53.484766][ T4439] uprobe: syz.3.343:4439 failed to unregister, leaking uprobe [ 53.498365][ T4442] infiniband syz1: set down [ 53.503594][ T4442] team0 (unregistering): Port device team_slave_0 removed [ 53.513681][ T4442] team0 (unregistering): Port device team_slave_1 removed [ 53.567311][ T4446] syz.3.346[4446] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.567384][ T4446] syz.3.346[4446] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.578960][ T4446] syz.3.346[4446] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.592622][ T4446] netlink: 4 bytes leftover after parsing attributes in process `syz.3.346'. [ 53.616009][ T4446] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.629182][ T4446] bridge_slave_0 (unregistering): left allmulticast mode [ 53.636291][ T4446] bridge_slave_0 (unregistering): left promiscuous mode [ 53.643449][ T4446] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.652182][ T4449] loop2: detected capacity change from 0 to 128 [ 53.706404][ T29] kauditd_printk_skb: 306 callbacks suppressed [ 53.706429][ T29] audit: type=1326 audit(1732086611.159:1159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4450 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 53.745476][ T29] audit: type=1326 audit(1732086611.159:1160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4450 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 53.768915][ T29] audit: type=1326 audit(1732086611.159:1161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4450 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 53.792465][ T29] audit: type=1326 audit(1732086611.159:1162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4450 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 53.816008][ T29] audit: type=1326 audit(1732086611.159:1163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4450 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 53.839520][ T29] audit: type=1326 audit(1732086611.159:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4450 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 53.862863][ T29] audit: type=1326 audit(1732086611.159:1165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4450 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 53.886310][ T29] audit: type=1326 audit(1732086611.159:1166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4450 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f296e8fd3ea code=0x7ffc0000 [ 53.909514][ T29] audit: type=1326 audit(1732086611.159:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4450 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f296e930845 code=0x7ffc0000 [ 53.933541][ T29] audit: type=1326 audit(1732086611.389:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4450 comm="syz.1.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f296e8fe759 code=0x7ffc0000 [ 54.007736][ T4456] loop0: detected capacity change from 0 to 2048 [ 54.078284][ T4456] EXT4-fs error (device loop0): ext4_find_extent:938: inode #2: comm syz.0.349: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 54.124664][ T4456] EXT4-fs (loop0): Remounting filesystem read-only [ 54.540171][ T4470] pim6reg1: entered promiscuous mode [ 54.545626][ T4470] pim6reg1: entered allmulticast mode [ 54.635287][ T4468] ================================================================== [ 54.643425][ T4468] BUG: KCSAN: data-race in __tty_hangup / tty_hung_up_p [ 54.650403][ T4468] [ 54.652755][ T4468] write to 0xffff888115c6d310 of 8 bytes by task 4475 on cpu 1: [ 54.660385][ T4468] __tty_hangup+0x1d6/0x530 [ 54.664925][ T4468] tty_vhangup+0x17/0x20 [ 54.669195][ T4468] pty_close+0x262/0x280 [ 54.673483][ T4468] tty_release+0x206/0x930 [ 54.677917][ T4468] __fput+0x17a/0x6d0 [ 54.681920][ T4468] ____fput+0x1c/0x30 [ 54.685937][ T4468] task_work_run+0x13a/0x1a0 [ 54.690543][ T4468] syscall_exit_to_user_mode+0xa8/0x120 [ 54.696099][ T4468] do_syscall_64+0xd6/0x1c0 [ 54.700615][ T4468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.706530][ T4468] [ 54.708852][ T4468] read to 0xffff888115c6d310 of 8 bytes by task 4468 on cpu 0: [ 54.716392][ T4468] tty_hung_up_p+0x20/0x50 [ 54.720829][ T4468] n_tty_write+0x2e7/0xb80 [ 54.725260][ T4468] file_tty_write+0x37a/0x680 [ 54.729932][ T4468] tty_write+0x28/0x30 [ 54.733994][ T4468] vfs_write+0x77f/0x920 [ 54.738258][ T4468] ksys_write+0xe8/0x1b0 [ 54.742501][ T4468] __x64_sys_write+0x42/0x50 [ 54.747093][ T4468] x64_sys_call+0x287e/0x2dc0 [ 54.751783][ T4468] do_syscall_64+0xc9/0x1c0 [ 54.756294][ T4468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.762188][ T4468] [ 54.764502][ T4468] value changed: 0xffffffff8569cef8 -> 0xffffffff8569cd90 [ 54.771707][ T4468] [ 54.774027][ T4468] Reported by Kernel Concurrency Sanitizer on: [ 54.780170][ T4468] CPU: 0 UID: 0 PID: 4468 Comm: syz.4.354 Tainted: G W 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 [ 54.791888][ T4468] Tainted: [W]=WARN [ 54.795683][ T4468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 54.805744][ T4468] ================================================================== [ 54.874374][ T4478] loop0: detected capacity change from 0 to 2048 [ 54.926374][ T4478] loop0: p2 < > [ 54.968315][ T3490] udevd[3490]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory