last executing test programs: 1.365008823s ago: executing program 4 (id=712): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @private1={0xfc, 0x1, '\x00', 0x1}, 0x6}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@newtaction={0xeb0, 0x30, 0xb, 0x0, 0x0, {}, [{0xe9c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xb, 0x0, 0x0, 0x0, 0x4}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0xe50, 0x2, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x1}, [{}, {}, {}, {0x0, 0x0, 0x0, 0x8db}, {0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {0x52}, {}, {0x0, 0x0, 0x401}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, {}, {}, {0x0, 0x0, 0x0, 0x7}, {0x40}, {0x0, 0x6}, {}, {}, {}, {}, {}, {0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0xd01}, {0x0, 0x0, 0x0, 0x0, 0x3, 0x2000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x9, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {0x6}, {0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x401}, {}, {0x0, 0xfffffffc}, {0x0, 0x0, 0x8001}, {0xa}, {0x8000, 0x0, 0xff}, {}, {}, {}, {}, {0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x0, 0x4}, {}, {}, {}, {0x1, 0x0, 0x0, 0x401}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, {0x0, 0x0, 0x0, 0x1d4ce113}, {}, {0x400}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x1000000}, {}, {0x2}, {0x0, 0x0, 0x0, 0x7}, {0x0, 0x9}, {}, {}, {}, {0x0, 0x3}, {}, {0x400000}, {}, {0x0, 0x0, 0x0, 0x2000}, {0x0, 0xe90c, 0x0, 0x400000}, {0xfffffffd}, {0x0, 0x0, 0x0, 0x4, 0x4000}, {0x0, 0x1}, {}, {}, {0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x1}, {0x0, 0x3}, {0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x40}], [{}, {0x3}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {0x6}, {}, {}, {}, {0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {0x0, 0x721119ea02b29831}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x3}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xeb0}}, 0x4000) 1.329694654s ago: executing program 3 (id=714): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet_sctp(0x2, 0x5, 0x84) close(r2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}], 0x1, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r4}}], 0x20, 0x2400e044}, 0x0) 1.302842174s ago: executing program 4 (id=717): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r0, 0x2007ffc) sendfile(r0, r0, 0x0, 0x800000009) r1 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x1000) fallocate(r1, 0x0, 0x0, 0x8800000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006280)={0x0, 0x0, 0x0}, 0x0) writev(r2, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1) 1.241274286s ago: executing program 3 (id=719): socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x2, 0x1}, 0x1205, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x40000000000000, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x28) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r1, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0}}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00') 1.090783379s ago: executing program 3 (id=723): r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x40, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x1c1002, 0x0) write(r1, 0x0, 0x0) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc2(0x0, r2) sendmsg$TIPC_NL_NET_SET(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000340)={0x14, r3, 0x200, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4048091) openat(0xffffffffffffff9c, 0x0, 0x1000, 0x80) write$selinux_load(r0, &(0x7f0000000340)={0xf97cff8c, 0x8}, 0x2000) 1.030486799s ago: executing program 4 (id=724): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x4}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r4, @ANYBLOB="4000aa000a0002"], 0x28}}, 0x0) 1.02446574s ago: executing program 3 (id=725): syz_io_uring_submit(0x0, 0x0, 0x0) r0 = mq_open(&(0x7f0000000040)='!seli\x1a\x1d!\xa7\x00\x00inux\x00G\xd0\xc6(X', 0x6e93ebbbcc0884f2, 0x10, &(0x7f0000000300)={0x0, 0x1, 0x3}) setsockopt$MRT6_DEL_MIF(0xffffffffffffffff, 0x29, 0xcb, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) mq_timedreceive(r0, &(0x7f00000003c0)=""/83, 0x53, 0x8000000000002003, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) 963.398711ms ago: executing program 2 (id=727): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000010000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$key(0xffffffffffffffff, 0x0, 0x20000000) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x891c, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x18) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0) r3 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x5eab, 0x8, 0x2, 0x400250}, &(0x7f0000000300)=0x0, &(0x7f0000000400)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x2007, @fd=r2, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(r3, 0x74d1, 0x4c3, 0x43, 0x0, 0xfffffffffffffd1d) 923.409452ms ago: executing program 4 (id=729): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x50) socket(0x23, 0x1, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x20, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x10003, 0xd1, &(0x7f0000000340)=""/209, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480), 0x10, 0x3ff}, 0x94) openat(0xffffffffffffff9c, 0x0, 0x1c1002, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x0, &(0x7f0000000040)}) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @multicast2}}}}) 875.543753ms ago: executing program 2 (id=732): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000400)='io_uring_create\x00', r2}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r3}, 0x18) io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x0, 0x0, 0x0, r3}) 832.129284ms ago: executing program 4 (id=734): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x454e, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000)=0x56, 0x4) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) 831.666424ms ago: executing program 1 (id=735): socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x2, 0x1}, 0x1205, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x40000000000000, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x28) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r1, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0}}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000000)='bridge0\x00') 725.392416ms ago: executing program 0 (id=736): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r0, 0x2007ffc) sendfile(r0, r0, 0x0, 0x800000009) r1 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x1000) fallocate(r1, 0x0, 0x0, 0x8800000) r2 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006280)={0x0, 0x0, 0x0}, 0x0) writev(r2, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1) 725.082576ms ago: executing program 2 (id=737): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000040000000f00000007"], 0x13) close(0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/mnt\x00') 697.743866ms ago: executing program 1 (id=738): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x110d41, 0xa04, 0xfffffffc, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300030e000000000700000000000004000900a0000000015204f089b96478db1d8a5f756509e977fb1a030000000002000100000000000000020d1600003f030006000000000002004e21000000800000000000000000030005003200000002"], 0x70}, 0x1, 0x7}, 0x0) 669.345277ms ago: executing program 2 (id=739): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b0000000700000008000000a6ad6a1a05"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r3, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 640.573897ms ago: executing program 4 (id=740): r0 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x20000000000001d2, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000001000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0) preadv2(r4, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1) 627.666137ms ago: executing program 2 (id=741): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) close(0x3) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @rand_addr=' \x01\x00'}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000180)=@assoc_value, 0x8) 589.583589ms ago: executing program 1 (id=742): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x100, 0x2000000, 0x0, 0x0, 0x0}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff11000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6tnl0\x00', 0x210}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}, 0x0, 0x0, 0x400, 0x8, 0x0, 0x4, 0x0, 0x0, 0x7, 0x0, 0x100000}, 0x0, 0x0, 0xffffffffffffffff, 0xc) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080)) 531.851179ms ago: executing program 2 (id=743): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r1, 0x1000) r2 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) read$ptp(0xffffffffffffffff, &(0x7f0000000280)=""/176, 0xb0) ioctl$HIDIOCGFEATURE(r2, 0xc0404807, &(0x7f0000000340)={0x0, "87bffd670230e6fc03b5d899c89937769ce2b8b4ba3950f879aa53114f92e408ee5e162b567642ba85636e0ae5117e38267d64e7c383dd68b77c4a97ee1cef24"}) 458.039971ms ago: executing program 0 (id=744): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8a}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000400000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000c}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.memory_pressure\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000001, 0x12, r2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) 457.437971ms ago: executing program 1 (id=745): r0 = socket$inet6(0xa, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x8, 0xf9, 0x7ffc1ffb}]}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r1}, 0x10) sysinfo(0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, 0x0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r2, 0x8922, 0x0) socket$kcm(0x10, 0x2, 0x0) msync(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x6) 413.511372ms ago: executing program 1 (id=746): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040), 0x10) listen(r1, 0x0) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) sendmmsg(r2, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) r3 = accept4$unix(r1, 0x0, 0x0, 0x0) recvfrom$unix(r3, &(0x7f0000000140)=""/263, 0x40000, 0x0, 0x0, 0x0) 412.931882ms ago: executing program 0 (id=747): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x3a9, 0x3, 0x0, {{}, {@val={0x8, 0x140}, @void}}}, 0x1c}}, 0x4004050) 340.920663ms ago: executing program 0 (id=748): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioprio_set$uid(0x3, 0x0, 0x0) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) 329.149794ms ago: executing program 1 (id=749): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x4000, &(0x7f0000000300)={[{@resuid}, {@dioread_nolock}, {@noblock_validity}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000009c0)=';', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r3, &(0x7f00000009c0)="3bf58d", 0x3) sendfile(r3, r2, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 180.388456ms ago: executing program 3 (id=750): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) setpriority(0x2, 0x0, 0x1) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24000000) io_pgetevents(0x0, 0x9, 0x0, 0x0, 0x0, 0x0) 103.996258ms ago: executing program 0 (id=751): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 103.782648ms ago: executing program 3 (id=752): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000680)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0182101, &(0x7f0000000080)={r1, 0x1001, 0x3}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000380)) bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[], 0x48) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000abc010000000a05000000000000000000010000000900010073797a3000000000d30006003407ae8929b5d5805c2cb15c6832bdf04f6f732bf6c75790a071b67033b0bb7e81aac8c9ccb093263d99fcafa58fe6c7126fc1d2ccbc1888abd4a61e1818723b358b147b8836997950921d849981687e7eb599e28bd439758eefcbda6f7906db339e68d3869e4011ddfb254a2dda9b523f928b3626f8faa75357d4f9cb925df5cde675f9e8bb05e4f8cc9a0610fb2945b1b755b94883afb3697a7535ea5f9db3ce21c1f0cc3fb343e830c6a947f512c56b1a706b86e76bc58a075f7cb0322f7fa6fb5df1718361423df5cbd47608ca000900010073797a310000000008000240000000030c000440000000000000000499000600db2b252f3c9b3b419bda841c524cb69270214a733fee6d8e10561ce9d682ad271b8a317d699b2f000178b2aca7c7058e0df489887ebdcf11c4ddf03bc9b1284f5fb568bac9b64b06c9d8c2acf08c892fb2abeb7c72bc9c8fa0c7425b5aa3df8074d8412d67fad836b6cc1c0be2fff19dbd1830e29ae4bc6aaa4f42c244e40238dc8e2a247b1792a177693b55dc155f631634db5af90000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000098000000060a010400000000000000000100000008000b40000000005c000480580001800b000100746172676574000048000280300003005fad843dc5c1efe84ced18d4422d5b0b86e8441958d3d2ea41149f1e55359af069a2a5e039ccf56f068a5a0b09000100534e41540000000008000240000000020900010073797a30"], 0x2a8}, 0x1, 0x0, 0x0, 0x84}, 0x0) 0s ago: executing program 0 (id=753): r0 = socket(0x2, 0x2, 0x1) io_submit(0x0, 0x1, &(0x7f0000001fc0)=[&(0x7f0000001f80)={0x0, 0x0, 0x0, 0x1, 0x8eb9, r0, 0x0, 0xfffffeb0}]) r1 = socket$kcm(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) recvmsg$unix(r2, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x84, 0x64, &(0x7f0000000000)=r3, 0x10) ioctl$sock_bt_hci(r3, 0x400448e6, &(0x7f0000000380)="7653ce9a748b54b8ba51ae4acb597fec49845c5455b94634c9df844263d22f4176999dbdf63a3c9005649f25fe760b6dad2f11319b2a77e2bafc11880aecfc69e3a69c759244ab480c2625c8ff9a40272a798f7b12b6ef9d5ccb1e577574c760278153efc1cb91d7fde7975c726ab6657297c4bf8abd8cbcc1a1d415f9f8b7a8db9aef9030a53edefa8dafa9") bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x18) syz_emit_ethernet(0x200000, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.28' (ED25519) to the list of known hosts. [ 21.131189][ T29] audit: type=1400 audit(1757538392.593:62): avc: denied { mounton } for pid=3232 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.132078][ T3232] cgroup: Unknown subsys name 'net' [ 21.153931][ T29] audit: type=1400 audit(1757538392.593:63): avc: denied { mount } for pid=3232 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.181342][ T29] audit: type=1400 audit(1757538392.623:64): avc: denied { unmount } for pid=3232 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.339939][ T3232] cgroup: Unknown subsys name 'cpuset' [ 21.346012][ T3232] cgroup: Unknown subsys name 'rlimit' [ 21.455487][ T29] audit: type=1400 audit(1757538392.913:65): avc: denied { setattr } for pid=3232 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.478909][ T29] audit: type=1400 audit(1757538392.913:66): avc: denied { create } for pid=3232 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 21.499461][ T29] audit: type=1400 audit(1757538392.913:67): avc: denied { write } for pid=3232 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 21.507429][ T3293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.519856][ T29] audit: type=1400 audit(1757538392.913:68): avc: denied { read } for pid=3232 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.548633][ T29] audit: type=1400 audit(1757538392.913:69): avc: denied { mounton } for pid=3232 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.573428][ T29] audit: type=1400 audit(1757538392.913:70): avc: denied { mount } for pid=3232 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.595063][ T3232] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.596643][ T29] audit: type=1400 audit(1757538392.983:71): avc: denied { relabelto } for pid=3293 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.446361][ T3302] chnl_net:caif_netlink_parms(): no params data found [ 23.457004][ T3310] chnl_net:caif_netlink_parms(): no params data found [ 23.497938][ T3308] chnl_net:caif_netlink_parms(): no params data found [ 23.509857][ T3303] chnl_net:caif_netlink_parms(): no params data found [ 23.518680][ T3306] chnl_net:caif_netlink_parms(): no params data found [ 23.575472][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.582552][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.589829][ T3310] bridge_slave_0: entered allmulticast mode [ 23.596258][ T3310] bridge_slave_0: entered promiscuous mode [ 23.613210][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.620287][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.627378][ T3310] bridge_slave_1: entered allmulticast mode [ 23.633741][ T3310] bridge_slave_1: entered promiscuous mode [ 23.643635][ T3302] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.650766][ T3302] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.657855][ T3302] bridge_slave_0: entered allmulticast mode [ 23.664267][ T3302] bridge_slave_0: entered promiscuous mode [ 23.686652][ T3302] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.693818][ T3302] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.701038][ T3302] bridge_slave_1: entered allmulticast mode [ 23.707564][ T3302] bridge_slave_1: entered promiscuous mode [ 23.717091][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 23.739247][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 23.753265][ T3303] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.760401][ T3303] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.767555][ T3303] bridge_slave_0: entered allmulticast mode [ 23.773992][ T3303] bridge_slave_0: entered promiscuous mode [ 23.790459][ T3302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 23.808418][ T3306] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.815585][ T3306] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.822799][ T3306] bridge_slave_0: entered allmulticast mode [ 23.829067][ T3306] bridge_slave_0: entered promiscuous mode [ 23.835582][ T3303] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.842667][ T3303] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.850735][ T3303] bridge_slave_1: entered allmulticast mode [ 23.856895][ T3303] bridge_slave_1: entered promiscuous mode [ 23.863233][ T3308] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.870306][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.877371][ T3308] bridge_slave_0: entered allmulticast mode [ 23.883979][ T3308] bridge_slave_0: entered promiscuous mode [ 23.891723][ T3302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 23.906264][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.913343][ T3306] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.920549][ T3306] bridge_slave_1: entered allmulticast mode [ 23.926868][ T3306] bridge_slave_1: entered promiscuous mode [ 23.937891][ T3308] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.944951][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.952244][ T3308] bridge_slave_1: entered allmulticast mode [ 23.958585][ T3308] bridge_slave_1: entered promiscuous mode [ 23.970039][ T3310] team0: Port device team_slave_0 added [ 23.993641][ T3310] team0: Port device team_slave_1 added [ 24.004211][ T3302] team0: Port device team_slave_0 added [ 24.015457][ T3303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.034365][ T3302] team0: Port device team_slave_1 added [ 24.041211][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.051149][ T3303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.065946][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 24.076227][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.085502][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.092465][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.118391][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.139417][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 24.157509][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.164496][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.190482][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 24.201382][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.208299][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.234294][ T3302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.249780][ T3303] team0: Port device team_slave_0 added [ 24.262131][ T3308] team0: Port device team_slave_0 added [ 24.268096][ T3302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.275102][ T3302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.301265][ T3302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 24.317340][ T3303] team0: Port device team_slave_1 added [ 24.329437][ T3308] team0: Port device team_slave_1 added [ 24.340208][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.347154][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.373092][ T3303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.386188][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.393222][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.419097][ T3303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 24.430421][ T3306] team0: Port device team_slave_0 added [ 24.454192][ T3306] team0: Port device team_slave_1 added [ 24.478978][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.485988][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.512272][ T3308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.523449][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.530427][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.556707][ T3308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 24.574321][ T3310] hsr_slave_0: entered promiscuous mode [ 24.580416][ T3310] hsr_slave_1: entered promiscuous mode [ 24.587575][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 24.594903][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.620816][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 24.634180][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 24.641198][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 24.667403][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 24.703722][ T3302] hsr_slave_0: entered promiscuous mode [ 24.709685][ T3302] hsr_slave_1: entered promiscuous mode [ 24.715390][ T3302] debugfs: 'hsr0' already exists in 'hsr' [ 24.721213][ T3302] Cannot create hsr debugfs directory [ 24.733933][ T3303] hsr_slave_0: entered promiscuous mode [ 24.740007][ T3303] hsr_slave_1: entered promiscuous mode [ 24.745818][ T3303] debugfs: 'hsr0' already exists in 'hsr' [ 24.752081][ T3303] Cannot create hsr debugfs directory [ 24.763467][ T3308] hsr_slave_0: entered promiscuous mode [ 24.769836][ T3308] hsr_slave_1: entered promiscuous mode [ 24.775732][ T3308] debugfs: 'hsr0' already exists in 'hsr' [ 24.781732][ T3308] Cannot create hsr debugfs directory [ 24.818996][ T3306] hsr_slave_0: entered promiscuous mode [ 24.825002][ T3306] hsr_slave_1: entered promiscuous mode [ 24.830902][ T3306] debugfs: 'hsr0' already exists in 'hsr' [ 24.836625][ T3306] Cannot create hsr debugfs directory [ 25.013819][ T3310] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 25.022497][ T3310] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 25.031480][ T3310] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 25.042068][ T3310] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 25.067375][ T3303] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 25.080150][ T3303] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 25.089148][ T3303] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 25.101191][ T3303] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 25.125950][ T3302] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 25.135967][ T3302] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 25.151259][ T3302] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 25.160237][ T3302] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 25.186759][ T3306] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 25.197143][ T3306] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 25.205863][ T3306] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 25.214872][ T3306] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 25.249438][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.264250][ T3308] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 25.273396][ T3308] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 25.282677][ T3308] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 25.291630][ T3308] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 25.319174][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.343277][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.350401][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.359121][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.366197][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.375634][ T3303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.395262][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.408709][ T3306] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.426020][ T3302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.436278][ T3303] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.448050][ T563] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.455185][ T563] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.463689][ T563] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.470739][ T563] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.487132][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.494238][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.502863][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.509927][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.535296][ T3302] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.568574][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.575665][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.589177][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.596369][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.646068][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.677920][ T3308] 8021q: adding VLAN 0 to HW filter on device team0 [ 25.687418][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.710528][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.717627][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.726260][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.733402][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.751734][ T3303] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.779539][ T3302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.805533][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.897611][ T3310] veth0_vlan: entered promiscuous mode [ 25.911966][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 25.923285][ T3302] veth0_vlan: entered promiscuous mode [ 25.933743][ T3310] veth1_vlan: entered promiscuous mode [ 25.948102][ T3302] veth1_vlan: entered promiscuous mode [ 25.971962][ T3310] veth0_macvtap: entered promiscuous mode [ 25.983516][ T3310] veth1_macvtap: entered promiscuous mode [ 26.021510][ T3302] veth0_macvtap: entered promiscuous mode [ 26.028591][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 26.037680][ T3306] veth0_vlan: entered promiscuous mode [ 26.045220][ T3303] veth0_vlan: entered promiscuous mode [ 26.054006][ T3306] veth1_vlan: entered promiscuous mode [ 26.062709][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 26.070702][ T3302] veth1_macvtap: entered promiscuous mode [ 26.091340][ T31] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.101566][ T31] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.112973][ T3308] veth0_vlan: entered promiscuous mode [ 26.120904][ T3303] veth1_vlan: entered promiscuous mode [ 26.129239][ T31] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.139432][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 26.155102][ T3444] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.167158][ T3303] veth0_macvtap: entered promiscuous mode [ 26.174993][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 26.191205][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 26.191220][ T29] audit: type=1400 audit(1757538397.653:81): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/root/syzkaller.4FTIIB/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 26.198350][ T3303] veth1_macvtap: entered promiscuous mode [ 26.227603][ T29] audit: type=1400 audit(1757538397.653:82): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 26.241808][ T51] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.249585][ T29] audit: type=1400 audit(1757538397.653:83): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/root/syzkaller.4FTIIB/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 26.283508][ T29] audit: type=1400 audit(1757538397.653:84): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 26.305313][ T29] audit: type=1400 audit(1757538397.653:85): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/root/syzkaller.4FTIIB/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 26.332148][ T29] audit: type=1400 audit(1757538397.653:86): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/root/syzkaller.4FTIIB/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4093 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 26.359612][ T29] audit: type=1400 audit(1757538397.653:87): avc: denied { unmount } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 26.379732][ T29] audit: type=1400 audit(1757538397.693:88): avc: denied { mounton } for pid=3310 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 26.402518][ T29] audit: type=1400 audit(1757538397.693:89): avc: denied { mount } for pid=3310 comm="syz-executor" name="/" dev="gadgetfs" ino=5121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 26.427396][ T3308] veth1_vlan: entered promiscuous mode [ 26.434736][ T3306] veth0_macvtap: entered promiscuous mode [ 26.434832][ T3310] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 26.442254][ T3306] veth1_macvtap: entered promiscuous mode [ 26.462285][ T51] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.471105][ T51] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.487995][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 26.497251][ T51] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.509133][ T29] audit: type=1400 audit(1757538397.963:90): avc: denied { read write } for pid=3310 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 26.540955][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 26.553206][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 26.571196][ T84] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.581656][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 26.598697][ T3308] veth0_macvtap: entered promiscuous mode [ 26.615636][ T84] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.631615][ T3308] veth1_macvtap: entered promiscuous mode [ 26.639720][ T84] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.658080][ T41] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.675348][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 26.700969][ T41] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.711380][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 26.725521][ T41] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.746551][ T41] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.785853][ T41] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.831609][ T41] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.860054][ T41] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.869544][ T41] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 26.878872][ T41] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 27.079319][ T3508] Driver unsupported XDP return value 0 on prog (id 14) dev N/A, expect packet loss! [ 27.097763][ T3506] syz.1.14 (3506) used greatest stack depth: 10688 bytes left [ 27.295358][ T3516] mmap: syz.1.17 (3516) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 27.354231][ T3532] netlink: 12 bytes leftover after parsing attributes in process `syz.0.24'. [ 27.397692][ T3537] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3537 comm=syz.0.26 [ 27.454280][ C1] hrtimer: interrupt took 46085 ns [ 27.512856][ T3546] netlink: 12 bytes leftover after parsing attributes in process `syz.4.30'. [ 27.570285][ T3554] netlink: 28 bytes leftover after parsing attributes in process `syz.0.34'. [ 27.620279][ T3561] @: renamed from vlan0 (while UP) [ 27.697701][ T3567] netlink: 96 bytes leftover after parsing attributes in process `syz.4.40'. [ 27.739667][ T3571] capability: warning: `syz.4.42' uses 32-bit capabilities (legacy support in use) [ 27.759002][ T3573] process 'syz.0.43' launched '/dev/fd/6' with NULL argv: empty string added [ 28.071563][ T3598] netlink: 'syz.2.52': attribute type 30 has an invalid length. [ 28.119657][ T3598] Zero length message leads to an empty skb [ 28.244532][ T3609] loop2: detected capacity change from 0 to 256 [ 28.285365][ T3615] loop4: detected capacity change from 0 to 1024 [ 28.300130][ T3615] EXT4-fs: Ignoring removed nomblk_io_submit option [ 28.342393][ T3615] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 28.357317][ T3619] loop2: detected capacity change from 0 to 1024 [ 28.364265][ T3619] ======================================================= [ 28.364265][ T3619] WARNING: The mand mount option has been deprecated and [ 28.364265][ T3619] and is ignored by this kernel. Remove the mand [ 28.364265][ T3619] option from the mount to silence this warning. [ 28.364265][ T3619] ======================================================= [ 28.420727][ T3619] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 28.470934][ T3619] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 369:freeing already freed block (bit 23); block bitmap corrupt. [ 28.490982][ T3636] netlink: 28 bytes leftover after parsing attributes in process `syz.3.68'. [ 28.499853][ T3636] netlink: 28 bytes leftover after parsing attributes in process `syz.3.68'. [ 28.520656][ T3639] loop0: detected capacity change from 0 to 512 [ 28.534270][ T3639] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 28.566882][ T3639] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e12c, mo2=0002] [ 28.586772][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 28.607555][ T3639] System zones: 1-12 [ 28.611725][ T3639] EXT4-fs (loop0): orphan cleanup on readonly fs [ 28.623452][ T3639] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.69: bg 0: block 361: padding at end of block bitmap is not set [ 28.644158][ T3653] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 28.659764][ T3639] EXT4-fs (loop0): Remounting filesystem read-only [ 28.667306][ T3639] EXT4-fs (loop0): 1 truncate cleaned up [ 28.675317][ T3639] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 28.742017][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 28.794437][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 28.845751][ T3669] lo: entered promiscuous mode [ 28.851180][ T3669] lo: entered allmulticast mode [ 28.860634][ T3669] tunl0: entered promiscuous mode [ 28.865696][ T3669] tunl0: entered allmulticast mode [ 28.873077][ T3669] gre0: entered promiscuous mode [ 28.878139][ T3669] gre0: entered allmulticast mode [ 28.885033][ T3669] gretap0: entered promiscuous mode [ 28.890294][ T3669] gretap0: entered allmulticast mode [ 28.897476][ T3669] erspan0: entered promiscuous mode [ 28.903196][ T3669] erspan0: entered allmulticast mode [ 28.910378][ T3669] ip_vti0: entered promiscuous mode [ 28.915604][ T3669] ip_vti0: entered allmulticast mode [ 28.955610][ T3669] ip6_vti0: entered promiscuous mode [ 28.961223][ T3669] ip6_vti0: entered allmulticast mode [ 28.967927][ T3669] sit0: entered promiscuous mode [ 28.973080][ T3669] sit0: entered allmulticast mode [ 28.981566][ T3669] ip6tnl0: entered promiscuous mode [ 28.986814][ T3669] ip6tnl0: entered allmulticast mode [ 28.993824][ T3669] ip6gre0: entered promiscuous mode [ 28.999370][ T3669] ip6gre0: entered allmulticast mode [ 29.005894][ T3669] syz_tun: entered promiscuous mode [ 29.011210][ T3669] syz_tun: entered allmulticast mode [ 29.023746][ T3669] ip6gretap0: entered promiscuous mode [ 29.029257][ T3669] ip6gretap0: entered allmulticast mode [ 29.036464][ T3669] bridge0: entered promiscuous mode [ 29.041768][ T3669] bridge0: entered allmulticast mode [ 29.048257][ T3669] vcan0: entered promiscuous mode [ 29.053378][ T3669] vcan0: entered allmulticast mode [ 29.059374][ T3669] bond0: entered promiscuous mode [ 29.064438][ T3669] bond_slave_0: entered promiscuous mode [ 29.070347][ T3669] bond_slave_1: entered promiscuous mode [ 29.076050][ T3669] bond0: entered allmulticast mode [ 29.081265][ T3669] bond_slave_0: entered allmulticast mode [ 29.086977][ T3669] bond_slave_1: entered allmulticast mode [ 29.095947][ T3669] team0: entered promiscuous mode [ 29.101103][ T3669] team_slave_0: entered promiscuous mode [ 29.106799][ T3669] team_slave_1: entered promiscuous mode [ 29.112627][ T3669] team0: entered allmulticast mode [ 29.117809][ T3669] team_slave_0: entered allmulticast mode [ 29.123652][ T3669] team_slave_1: entered allmulticast mode [ 29.135809][ T3669] dummy0: entered promiscuous mode [ 29.141047][ T3669] dummy0: entered allmulticast mode [ 29.147171][ T3669] nlmon0: entered promiscuous mode [ 29.152378][ T3669] nlmon0: entered allmulticast mode [ 29.158881][ T3669] caif0: entered promiscuous mode [ 29.164110][ T3669] caif0: entered allmulticast mode [ 29.169252][ T3669] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 29.325183][ T3696] IPVS: length: 19 != 8 [ 29.436087][ T3705] capability: warning: `syz.1.93' uses deprecated v2 capabilities in a way that may be insecure [ 29.477149][ T3708] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 29.519007][ T3710] loop1: detected capacity change from 0 to 512 [ 29.531577][ T3710] EXT4-fs (loop1): blocks per group (255) and clusters per group (8192) inconsistent [ 30.394655][ T3784] loop0: detected capacity change from 0 to 512 [ 30.446630][ T3784] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 30.643416][ T3807] loop0: detected capacity change from 0 to 512 [ 30.672099][ T3807] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 30.712836][ T3807] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.768839][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.737340][ T29] kauditd_printk_skb: 182 callbacks suppressed [ 31.737355][ T29] audit: type=1326 audit(1757538403.193:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3891 comm="syz.2.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 31.788887][ T29] audit: type=1326 audit(1757538403.233:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3891 comm="syz.2.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd8b811d510 code=0x7ffc0000 [ 31.812277][ T29] audit: type=1326 audit(1757538403.233:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3891 comm="syz.2.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 31.835719][ T29] audit: type=1326 audit(1757538403.233:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3891 comm="syz.2.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 31.859161][ T29] audit: type=1326 audit(1757538403.233:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3891 comm="syz.2.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 31.882993][ T29] audit: type=1400 audit(1757538403.233:278): avc: denied { checkpoint_restore } for pid=3891 comm="syz.2.109" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 31.904794][ T29] audit: type=1326 audit(1757538403.233:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3891 comm="syz.2.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 31.928121][ T29] audit: type=1326 audit(1757538403.233:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3891 comm="syz.2.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 32.065408][ T29] audit: type=1400 audit(1757538403.523:281): avc: denied { create } for pid=3901 comm="syz.3.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 32.123305][ T29] audit: type=1400 audit(1757538403.583:282): avc: denied { create } for pid=3905 comm="syz.3.116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 32.144565][ T3906] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 32.152431][ T3906] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 32.329867][ T3925] netlink: 80 bytes leftover after parsing attributes in process `syz.2.125'. [ 32.394910][ T3934] loop4: detected capacity change from 0 to 1024 [ 32.424701][ T3934] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.481411][ T3934] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 32.567340][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.610874][ T3954] netlink: 8 bytes leftover after parsing attributes in process `syz.4.135'. [ 32.646851][ T3957] netlink: 48 bytes leftover after parsing attributes in process `syz.1.137'. [ 33.156921][ T4010] netlink: 12 bytes leftover after parsing attributes in process `syz.2.160'. [ 33.180532][ T4012] netlink: 32 bytes leftover after parsing attributes in process `syz.1.161'. [ 33.277802][ T4020] loop1: detected capacity change from 0 to 2048 [ 33.325884][ T4020] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.423856][ T3302] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 33.481331][ T3302] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 33.542426][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.596196][ T4018] syz.0.163 (4018) used greatest stack depth: 10168 bytes left [ 33.622972][ T4043] netlink: 4 bytes leftover after parsing attributes in process `syz.0.173'. [ 33.633341][ T4041] loop4: detected capacity change from 0 to 164 [ 33.642347][ T4045] netlink: 'syz.3.174': attribute type 1 has an invalid length. [ 33.667547][ T4045] 8021q: adding VLAN 0 to HW filter on device bond1 [ 33.682320][ T4041] syz.4.172: attempt to access beyond end of device [ 33.682320][ T4041] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 33.701570][ T4043] netlink: 12 bytes leftover after parsing attributes in process `syz.0.173'. [ 33.714010][ T4045] netlink: 4 bytes leftover after parsing attributes in process `syz.3.174'. [ 33.723183][ T4041] syz.4.172: attempt to access beyond end of device [ 33.723183][ T4041] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 33.726061][ T4043] netlink: 156 bytes leftover after parsing attributes in process `syz.0.173'. [ 33.774195][ T4045] bond1 (unregistering): Released all slaves [ 33.863855][ T4057] loop4: detected capacity change from 0 to 512 [ 33.974647][ T4057] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.021847][ T4057] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.057503][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.104614][ T4081] netlink: 24 bytes leftover after parsing attributes in process `syz.1.188'. [ 34.171024][ T4087] netlink: 20 bytes leftover after parsing attributes in process `syz.1.193'. [ 34.218920][ T4094] 8021q: adding VLAN 0 to HW filter on device bond1 [ 34.234189][ T4094] bond1 (unregistering): Released all slaves [ 34.567173][ T3379] kernel write not supported for file bpf-prog (pid: 3379 comm: kworker/1:3) [ 34.582288][ T4136] 9pnet: p9_errstr2errno: server reported unknown error [ 34.871878][ T4169] ref_ctr increment failed for inode: 0xff offset: 0xf ref_ctr_offset: 0x82 of mm: 0xffff88810005c500 [ 34.896578][ T4168] uprobe: syz.1.228:4168 failed to unregister, leaking uprobe [ 35.050791][ T4184] loop1: detected capacity change from 0 to 512 [ 35.057257][ T4189] loop3: detected capacity change from 0 to 512 [ 35.081562][ T4184] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 35.084538][ T4189] EXT4-fs: Ignoring removed nobh option [ 35.135929][ T4189] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.166669][ T4184] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 35.199029][ T4204] syz.4.241 uses obsolete (PF_INET,SOCK_PACKET) [ 35.206768][ T4184] EXT4-fs (loop1): 1 truncate cleaned up [ 35.213166][ T4184] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.236666][ T4184] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.281074][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.397289][ T3379] IPVS: starting estimator thread 0... [ 35.489385][ T4217] IPVS: using max 2832 ests per chain, 141600 per kthread [ 35.677918][ T4236] loop3: detected capacity change from 0 to 512 [ 35.748410][ T4245] 8021q: adding VLAN 0 to HW filter on device bond1 [ 35.762520][ T4236] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.801580][ T4236] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.817706][ T4245] bond1 (unregistering): Released all slaves [ 35.864520][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.237503][ T4285] loop0: detected capacity change from 0 to 512 [ 36.279794][ T4285] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.293410][ T4285] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 36.309787][ T4293] netlink: 'syz.4.276': attribute type 1 has an invalid length. [ 36.329009][ T4293] 8021q: adding VLAN 0 to HW filter on device bond1 [ 36.337847][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.353868][ T4293] bond1 (unregistering): Released all slaves [ 36.355634][ T4296] loop1: detected capacity change from 0 to 512 [ 36.398516][ T4296] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.440042][ T4296] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 36.564273][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.979741][ T3412] IPVS: starting estimator thread 0... [ 37.079681][ T4341] IPVS: using max 2640 ests per chain, 132000 per kthread [ 37.316735][ T29] kauditd_printk_skb: 238 callbacks suppressed [ 37.316748][ T29] audit: type=1400 audit(1757538408.773:519): avc: denied { sqpoll } for pid=4354 comm="syz.0.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 38.374181][ T29] audit: type=1400 audit(1757538409.833:520): avc: denied { read } for pid=4438 comm="syz.0.315" name="usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 38.397378][ T29] audit: type=1400 audit(1757538409.833:521): avc: denied { open } for pid=4438 comm="syz.0.315" path="/dev/usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 38.480125][ T29] audit: type=1400 audit(1757538409.883:522): avc: denied { ioctl } for pid=4438 comm="syz.0.315" path="/dev/usbmon7" dev="devtmpfs" ino=163 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 38.525948][ T4449] __nla_validate_parse: 11 callbacks suppressed [ 38.525966][ T4449] netlink: 28 bytes leftover after parsing attributes in process `syz.1.308'. [ 38.541151][ T4449] netlink: 28 bytes leftover after parsing attributes in process `syz.1.308'. [ 39.587018][ T4550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.312'. [ 39.640123][ T4562] netlink: 'syz.2.314': attribute type 10 has an invalid length. [ 39.693789][ T29] audit: type=1326 audit(1757538411.153:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4566 comm="syz.3.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 39.717097][ T29] audit: type=1326 audit(1757538411.153:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4566 comm="syz.3.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 39.740380][ T29] audit: type=1326 audit(1757538411.153:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4566 comm="syz.3.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 39.763604][ T29] audit: type=1326 audit(1757538411.153:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4566 comm="syz.3.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 39.786874][ T29] audit: type=1326 audit(1757538411.153:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4566 comm="syz.3.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 39.810258][ T29] audit: type=1326 audit(1757538411.153:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4566 comm="syz.3.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 39.839764][ T4579] netlink: 'syz.2.314': attribute type 10 has an invalid length. [ 39.848112][ T4562] team0: Port device dummy0 added [ 39.856527][ T4579] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 39.881381][ T4579] team0: Failed to send options change via netlink (err -105) [ 39.897144][ T4579] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 39.916238][ T4579] team0: Port device dummy0 removed [ 39.933804][ T4579] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 40.035407][ T4593] netlink: 'syz.2.317': attribute type 10 has an invalid length. [ 40.043187][ T4593] netlink: 40 bytes leftover after parsing attributes in process `syz.2.317'. [ 40.066744][ T4593] dummy0: entered promiscuous mode [ 40.075285][ T4593] bond0: (slave dummy0): Releasing backup interface [ 40.608740][ T4558] syz.0.313 (4558) used greatest stack depth: 7528 bytes left [ 40.630064][ T4618] netlink: 8 bytes leftover after parsing attributes in process `syz.1.328'. [ 40.667247][ T4623] netlink: 4 bytes leftover after parsing attributes in process `syz.3.330'. [ 40.689879][ T4623] team1: entered promiscuous mode [ 40.694993][ T4623] team1: entered allmulticast mode [ 40.695461][ T4622] ref_ctr increment failed for inode: 0x14b offset: 0xb ref_ctr_offset: 0x82 of mm: 0xffff8881049bae00 [ 40.713655][ T4622] ref_ctr increment failed for inode: 0x14b offset: 0xf ref_ctr_offset: 0x82 of mm: 0xffff8881049bae00 [ 40.747138][ T4620] uprobe: syz.4.329:4620 failed to unregister, leaking uprobe [ 40.767893][ T4629] netlink: 12 bytes leftover after parsing attributes in process `syz.3.332'. [ 40.813648][ T4620] uprobe: syz.4.329:4620 failed to unregister, leaking uprobe [ 41.337080][ T4655] netlink: 8 bytes leftover after parsing attributes in process `syz.0.342'. [ 41.435429][ T4658] netlink: 4 bytes leftover after parsing attributes in process `syz.4.343'. [ 41.468885][ T4658] team1: entered promiscuous mode [ 41.474124][ T4658] team1: entered allmulticast mode [ 41.525828][ T4664] loop4: detected capacity change from 0 to 256 [ 41.571007][ T4665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.345'. [ 41.609645][ T4667] loop3: detected capacity change from 0 to 512 [ 41.631477][ T4667] EXT4-fs (loop3): blocks per group (255) and clusters per group (8192) inconsistent [ 41.769536][ T4678] loop0: detected capacity change from 0 to 512 [ 41.779582][ T4678] ------------[ cut here ]------------ [ 41.785047][ T4678] EA inode 11 i_nlink=2 [ 41.785444][ T4678] WARNING: CPU: 1 PID: 4678 at fs/ext4/xattr.c:1053 ext4_xattr_inode_update_ref+0x3d4/0x3f0 [ 41.799967][ T4678] Modules linked in: [ 41.804000][ T4678] CPU: 1 UID: 0 PID: 4678 Comm: syz.0.344 Not tainted syzkaller #0 PREEMPT(voluntary) [ 41.813762][ T4678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 41.823934][ T4678] RIP: 0010:ext4_xattr_inode_update_ref+0x3d4/0x3f0 [ 41.830675][ T4678] Code: 90 49 8d 7e 40 e8 0c 00 b8 ff 4d 8b 6e 40 4c 89 e7 e8 20 fb b7 ff 41 8b 56 48 48 c7 c7 1b a2 54 86 4c 89 ee e8 ed e4 66 ff 90 <0f> 0b 90 90 e9 58 fe ff ff e8 fe a2 ad 03 66 66 66 66 66 2e 0f 1f [ 41.850699][ T4678] RSP: 0018:ffffc9000353f5f0 EFLAGS: 00010246 [ 41.856771][ T4678] RAX: 1b3179d27ad43d00 RBX: ffff888119ca9760 RCX: 0000000000080000 [ 41.864767][ T4678] RDX: ffffc90002a25000 RSI: 0000000000004a14 RDI: 0000000000004a15 [ 41.872813][ T4678] RBP: 0000000000000002 R08: 0001c9000353f46f R09: 0000000000000000 [ 41.880857][ T4678] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff888119ca9710 [ 41.888831][ T4678] R13: 000000000000000b R14: ffff888119ca96c8 R15: 0000000000000001 [ 41.896896][ T4678] FS: 00007f160dc466c0(0000) GS:ffff8882aef40000(0000) knlGS:0000000000000000 [ 41.905909][ T4678] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.912548][ T4678] CR2: 0000000034747865 CR3: 000000011a50e000 CR4: 00000000003506f0 [ 41.920551][ T4678] Call Trace: [ 41.923828][ T4678] [ 41.926767][ T4678] ext4_xattr_set_entry+0x77f/0x1020 [ 41.932107][ T4678] ext4_xattr_ibody_set+0x184/0x3c0 [ 41.937335][ T4678] ext4_expand_extra_isize_ea+0xcb6/0x11f0 [ 41.943284][ T4678] __ext4_expand_extra_isize+0x246/0x280 [ 41.948932][ T4678] __ext4_mark_inode_dirty+0x29d/0x3f0 [ 41.954454][ T4678] ext4_evict_inode+0x80e/0xd90 [ 41.959341][ T4678] ? __pfx_ext4_evict_inode+0x10/0x10 [ 41.964842][ T4678] evict+0x2e3/0x550 [ 41.968898][ T4678] ? __dquot_initialize+0x146/0x7c0 [ 41.974160][ T4678] iput+0x447/0x5b0 [ 41.978045][ T4678] ext4_process_orphan+0x1a9/0x1c0 [ 41.983232][ T4678] ext4_orphan_cleanup+0x6a8/0xa00 [ 41.988360][ T4678] ext4_fill_super+0x3260/0x35d0 [ 41.993392][ T4678] ? set_blocksize+0x1a8/0x310 [ 41.998248][ T4678] ? sb_set_blocksize+0xe3/0x100 [ 42.003258][ T4678] ? setup_bdev_super+0x30e/0x370 [ 42.008287][ T4678] ? __pfx_ext4_fill_super+0x10/0x10 [ 42.013689][ T4678] get_tree_bdev_flags+0x291/0x300 [ 42.018804][ T4678] ? __pfx_ext4_fill_super+0x10/0x10 [ 42.024162][ T4678] get_tree_bdev+0x1f/0x30 [ 42.028585][ T4678] ext4_get_tree+0x1c/0x30 [ 42.033093][ T4678] vfs_get_tree+0x54/0x1d0 [ 42.037593][ T4678] do_new_mount+0x207/0x5e0 [ 42.042154][ T4678] ? security_capable+0x83/0x90 [ 42.047016][ T4678] path_mount+0x4a4/0xb20 [ 42.051514][ T4678] ? user_path_at+0x109/0x130 [ 42.056263][ T4678] __se_sys_mount+0x28f/0x2e0 [ 42.061052][ T4678] __x64_sys_mount+0x67/0x80 [ 42.065644][ T4678] x64_sys_call+0x2b4d/0x2ff0 [ 42.070353][ T4678] do_syscall_64+0xd2/0x200 [ 42.074861][ T4678] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 42.081005][ T4678] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 42.086728][ T4678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 42.092661][ T4678] RIP: 0033:0x7f160f20034a [ 42.097069][ T4678] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 42.116722][ T4678] RSP: 002b:00007f160dc45e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 42.125162][ T4678] RAX: ffffffffffffffda RBX: 00007f160dc45ef0 RCX: 00007f160f20034a [ 42.133249][ T4678] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f160dc45eb0 [ 42.141237][ T4678] RBP: 0000200000000180 R08: 00007f160dc45ef0 R09: 0000000000800700 [ 42.149209][ T4678] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 42.157216][ T4678] R13: 00007f160dc45eb0 R14: 0000000000000473 R15: 0000200000000680 [ 42.165226][ T4678] [ 42.168238][ T4678] ---[ end trace 0000000000000000 ]--- [ 42.174084][ T4678] EXT4-fs (loop0): 1 orphan inode deleted [ 42.180224][ T4678] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.320400][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.454968][ T29] kauditd_printk_skb: 119 callbacks suppressed [ 42.454980][ T29] audit: type=1326 audit(1757538413.913:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4674 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7f5704ebeba9 code=0x7ffc0000 [ 42.484449][ T29] audit: type=1326 audit(1757538413.913:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4674 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5704ebeba9 code=0x7ffc0000 [ 42.507784][ T29] audit: type=1326 audit(1757538413.913:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4674 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5704ebeba9 code=0x7ffc0000 [ 42.719339][ T29] audit: type=1400 audit(1757538414.173:651): avc: denied { mounton } for pid=4701 comm="syz.3.360" path="/69/file0" dev="tmpfs" ino=375 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 42.937392][ T29] audit: type=1326 audit(1757538414.393:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4709 comm="syz.2.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 42.975864][ T29] audit: type=1326 audit(1757538414.393:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4709 comm="syz.2.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 42.980004][ T4711] netlink: 'syz.4.364': attribute type 6 has an invalid length. [ 42.999250][ T29] audit: type=1326 audit(1757538414.393:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4709 comm="syz.2.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 43.030073][ T29] audit: type=1326 audit(1757538414.393:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4709 comm="syz.2.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 43.053322][ T29] audit: type=1326 audit(1757538414.393:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4709 comm="syz.2.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 43.076533][ T29] audit: type=1326 audit(1757538414.393:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4709 comm="syz.2.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b811eba9 code=0x7ffc0000 [ 44.265591][ T4765] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 44.272278][ T4765] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 44.279745][ T4765] vhci_hcd vhci_hcd.0: Device attached [ 44.291692][ T4765] __nla_validate_parse: 5 callbacks suppressed [ 44.291705][ T4765] netlink: 100 bytes leftover after parsing attributes in process `syz.4.387'. [ 44.312760][ T4770] vhci_hcd: connection closed [ 44.312986][ T3444] vhci_hcd: stop threads [ 44.321969][ T3444] vhci_hcd: release socket [ 44.326384][ T3444] vhci_hcd: disconnect device [ 44.375110][ T4782] netlink: 4 bytes leftover after parsing attributes in process `syz.1.393'. [ 44.524743][ T4790] loop1: detected capacity change from 0 to 256 [ 44.595187][ T4796] loop1: detected capacity change from 0 to 2048 [ 44.613479][ T4796] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.644480][ T3302] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 44.660357][ T3302] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 44.683079][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.292681][ T4815] ipvlan2: entered promiscuous mode [ 45.298790][ T4815] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 45.307270][ T4815] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 45.418382][ T4826] netlink: 'syz.1.408': attribute type 6 has an invalid length. [ 45.419900][ T4828] loop2: detected capacity change from 0 to 256 [ 45.547039][ T4849] netlink: zone id is out of range [ 45.553462][ T4849] netlink: zone id is out of range [ 45.611173][ T4855] loop2: detected capacity change from 0 to 128 [ 45.641412][ T4855] netlink: 12 bytes leftover after parsing attributes in process `syz.2.417'. [ 45.698514][ T4864] loop2: detected capacity change from 0 to 1024 [ 45.739282][ T4864] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.793215][ T4864] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.419: Allocating blocks 449-513 which overlap fs metadata [ 45.811383][ T4864] EXT4-fs (loop2): pa ffff88810720c620: logic 48, phys. 177, len 21 [ 45.819501][ T4864] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 45.834573][ T4864] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28 [ 45.846886][ T4864] EXT4-fs (loop2): This should not happen!! Data will be lost [ 45.846886][ T4864] [ 45.856602][ T4864] EXT4-fs (loop2): Total free blocks count 0 [ 45.862659][ T4864] EXT4-fs (loop2): Free/Dirty block details [ 45.868556][ T4864] EXT4-fs (loop2): free_blocks=64 [ 45.873658][ T4864] EXT4-fs (loop2): dirty_blocks=0 [ 45.878675][ T4864] EXT4-fs (loop2): Block reservation details [ 45.884685][ T4864] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 47.472777][ T4981] ipvlan2: entered promiscuous mode [ 47.485533][ T4981] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 47.497379][ T4981] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 47.560969][ T29] kauditd_printk_skb: 926 callbacks suppressed [ 47.561004][ T29] audit: type=1400 audit(1757538419.023:1584): avc: denied { write } for pid=4988 comm="syz.3.426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 47.672508][ T29] audit: type=1400 audit(1757538419.133:1585): avc: denied { read write } for pid=5000 comm="syz.0.431" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 47.695726][ T29] audit: type=1400 audit(1757538419.133:1586): avc: denied { open } for pid=5000 comm="syz.0.431" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 47.793753][ T5007] ref_ctr increment failed for inode: 0x1b7 offset: 0xb ref_ctr_offset: 0x82 of mm: 0xffff8881049bd640 [ 47.808101][ T5005] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.815360][ T5005] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.818390][ T5007] ref_ctr increment failed for inode: 0x1b7 offset: 0xf ref_ctr_offset: 0x82 of mm: 0xffff8881049bd640 [ 47.845827][ T5006] uprobe: syz.4.433:5006 failed to unregister, leaking uprobe [ 47.863039][ T4997] loop2: detected capacity change from 0 to 512 [ 47.872737][ T5005] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 47.877310][ T4997] EXT4-fs (loop2): 1 orphan inode deleted [ 47.884898][ T5005] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 47.889741][ T4997] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.924518][ T4387] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.959631][ T4387] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.970665][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.980551][ T4387] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.991361][ T5006] uprobe: syz.4.433:5006 failed to unregister, leaking uprobe [ 47.999862][ T4387] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.028870][ T5012] loop2: detected capacity change from 0 to 2048 [ 48.041081][ T5012] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.064744][ T3308] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 48.079570][ T3308] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 48.099893][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.141410][ T29] audit: type=1400 audit(1757538419.603:1587): avc: denied { write } for pid=5021 comm="syz.2.437" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 48.211769][ T5029] loop2: detected capacity change from 0 to 128 [ 48.224067][ T29] audit: type=1326 audit(1757538419.683:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5030 comm="syz.1.442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5704ebeba9 code=0x7ffc0000 [ 48.248255][ T29] audit: type=1326 audit(1757538419.683:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5030 comm="syz.1.442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5704ebeba9 code=0x7ffc0000 [ 48.285096][ T5029] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 48.294629][ T29] audit: type=1326 audit(1757538419.683:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5030 comm="syz.1.442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f5704ebeba9 code=0x7ffc0000 [ 48.318192][ T29] audit: type=1326 audit(1757538419.683:1591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5030 comm="syz.1.442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5704ebeba9 code=0x7ffc0000 [ 48.332948][ T5029] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 48.341520][ T29] audit: type=1326 audit(1757538419.683:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5030 comm="syz.1.442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5704ebeba9 code=0x7ffc0000 [ 48.376846][ T29] audit: type=1326 audit(1757538419.733:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5030 comm="syz.1.442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5704ebeba9 code=0x7ffc0000 [ 48.428331][ T3308] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 48.611155][ T5045] delete_channel: no stack [ 48.646964][ T5050] ref_ctr increment failed for inode: 0x1f6 offset: 0xb ref_ctr_offset: 0x82 of mm: 0xffff88810005ed40 [ 48.690089][ T5050] ref_ctr increment failed for inode: 0x1f6 offset: 0xf ref_ctr_offset: 0x82 of mm: 0xffff88810005ed40 [ 48.711248][ T5041] loop4: detected capacity change from 0 to 512 [ 48.729198][ T5049] uprobe: syz.2.450:5049 failed to unregister, leaking uprobe [ 48.739440][ T5041] EXT4-fs (loop4): 1 orphan inode deleted [ 48.755654][ T5041] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.826492][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.872916][ T5062] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.889905][ T5049] uprobe: syz.2.450:5049 failed to unregister, leaking uprobe [ 48.932482][ T5062] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.997196][ T5071] ipvlan2: entered promiscuous mode [ 49.003325][ T5071] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 49.011524][ T5071] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 49.029738][ T5062] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.072358][ T5062] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.131430][ T5082] : renamed from vlan1 (while UP) [ 49.138201][ T3444] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.161331][ T3444] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.170443][ T3444] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.178775][ T3444] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.252594][ T5086] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.259772][ T5086] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.310443][ T5086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 49.321966][ T5086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 49.350897][ T9] syz1: Port: 1 Link DOWN [ 49.350979][ T4357] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.374570][ T4357] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.384937][ T4357] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.394158][ T4357] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.461643][ T5098] netlink: 4 bytes leftover after parsing attributes in process `syz.4.471'. [ 49.524507][ T5103] loop4: detected capacity change from 0 to 2048 [ 49.552969][ T5103] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.565234][ T5105] ipvlan2: entered promiscuous mode [ 49.571399][ T5105] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 49.579428][ T5105] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 49.612100][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.644117][ T5109] delete_channel: no stack [ 49.691421][ T5113] : renamed from vlan1 (while UP) [ 49.703379][ T5116] netlink: 96 bytes leftover after parsing attributes in process `syz.1.478'. [ 49.763241][ T5119] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.770468][ T5119] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.812801][ T5125] loop1: detected capacity change from 0 to 2048 [ 49.836788][ T5119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 49.869116][ T5119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 49.886168][ T5125] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.949167][ T4370] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.005239][ T4370] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.040795][ T5139] delete_channel: no stack [ 50.043696][ T5141] netlink: 'syz.1.482': attribute type 10 has an invalid length. [ 50.054771][ T4357] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.071238][ T4357] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.097672][ T5141] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.195746][ T5141] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 50.204548][ T5152] : renamed from vlan1 [ 50.321278][ T5162] loop3: detected capacity change from 0 to 1024 [ 50.341692][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.342341][ T5162] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.435226][ T5162] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.497: Allocating blocks 449-513 which overlap fs metadata [ 50.447259][ T5173] netlink: 'syz.2.501': attribute type 1 has an invalid length. [ 50.462877][ T5174] EXT4-fs (loop3): pa ffff88810724e0e0: logic 48, phys. 177, len 21 [ 50.470915][ T5174] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 50.474888][ T5173] bond1: entered promiscuous mode [ 50.486346][ T5173] 8021q: adding VLAN 0 to HW filter on device bond1 [ 50.496987][ T5162] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28 [ 50.498715][ T5173] netlink: 3 bytes leftover after parsing attributes in process `syz.2.501'. [ 50.509382][ T5162] EXT4-fs (loop3): This should not happen!! Data will be lost [ 50.509382][ T5162] [ 50.521410][ T5173] batadv1: entered promiscuous mode [ 50.527801][ T5162] EXT4-fs (loop3): Total free blocks count 0 [ 50.532949][ T5173] batadv1: entered allmulticast mode [ 50.538974][ T5162] EXT4-fs (loop3): Free/Dirty block details [ 50.545295][ T5173] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 50.550272][ T5162] EXT4-fs (loop3): free_blocks=64 [ 50.550353][ T5162] EXT4-fs (loop3): dirty_blocks=0 [ 50.550363][ T5162] EXT4-fs (loop3): Block reservation details [ 50.558803][ T5173] bond1: (slave batadv1): making interface the new active one [ 50.562163][ T5162] EXT4-fs (loop3): i_reserved_data_blocks=0 [ 50.567830][ T5173] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 50.759024][ T5186] 9pnet: p9_errstr2errno: server reported unknown error [ 50.988072][ T5207] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5207 comm=syz.3.515 [ 51.002926][ T5207] netlink: 'syz.3.515': attribute type 1 has an invalid length. [ 51.057716][ T5207] bond1: (slave bridge2): making interface the new active one [ 51.066861][ T5207] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 51.105008][ T5216] loop2: detected capacity change from 0 to 1024 [ 51.119018][ T5218] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.128568][ T5218] FAT-fs (loop7): unable to read boot sector [ 51.140278][ T5216] EXT4-fs: Ignoring removed orlov option [ 51.168265][ T5216] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.236229][ T5225] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.278382][ T5225] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.418186][ T5225] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.502521][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.520287][ T5225] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.614218][ T4387] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.655001][ T4387] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.678228][ T4387] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.715619][ T4387] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.785655][ T5253] netlink: 'syz.4.535': attribute type 10 has an invalid length. [ 51.807411][ T5253] team0: Port device dummy0 added [ 51.921393][ T5265] netlink: 5 bytes leftover after parsing attributes in process `syz.1.539'. [ 51.945742][ T5265] 0XD: renamed from gretap0 (while UP) [ 51.963172][ T5271] loop3: detected capacity change from 0 to 512 [ 51.973435][ T5265] 0XD: entered allmulticast mode [ 51.979229][ T5265] A link change request failed with some changes committed already. Interface 30XD may have been left with an inconsistent configuration, please check. [ 52.022795][ T5271] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.540: Failed to acquire dquot type 1 [ 52.059198][ T5271] EXT4-fs (loop3): 1 truncate cleaned up [ 52.081090][ T5271] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.133749][ T5271] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.250927][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.311151][ T5301] 9pnet: p9_errstr2errno: server reported unknown error [ 52.317740][ T5294] bond0: (slave batadv0): Releasing backup interface [ 52.348173][ T5294] bridge_slave_0: left allmulticast mode [ 52.353907][ T5294] bridge_slave_0: left promiscuous mode [ 52.359621][ T5294] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.370617][ T5294] bridge_slave_1: left allmulticast mode [ 52.376248][ T5294] bridge_slave_1: left promiscuous mode [ 52.382048][ T5294] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.394806][ T5294] bond0: (slave bond_slave_0): Releasing backup interface [ 52.406243][ T5294] bond0: (slave bond_slave_1): Releasing backup interface [ 52.420335][ T5294] team0: Port device team_slave_0 removed [ 52.428242][ T5294] team0: Port device team_slave_1 removed [ 52.435358][ T5294] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 52.442865][ T5294] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 52.458406][ T5294] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 52.466228][ T5294] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 52.487144][ T5308] netlink: 8 bytes leftover after parsing attributes in process `syz.0.559'. [ 52.502985][ T5303] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.543828][ T5313] syzkaller1: entered promiscuous mode [ 52.549611][ T5313] syzkaller1: entered allmulticast mode [ 52.549783][ T5315] loop4: detected capacity change from 0 to 2048 [ 52.573613][ T5315] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.589882][ T5303] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.667560][ T5303] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.762263][ T5327] loop1: detected capacity change from 0 to 512 [ 52.792780][ T5303] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.797687][ T5315] netlink: 'syz.4.552': attribute type 10 has an invalid length. [ 52.821962][ T5315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.845002][ T5315] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 52.845454][ T5327] __quota_error: 364 callbacks suppressed [ 52.845470][ T5327] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 52.869994][ T5327] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 52.879412][ T5327] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.556: Failed to acquire dquot type 1 [ 52.892342][ T5327] EXT4-fs (loop1): 1 truncate cleaned up [ 52.898403][ T5327] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.919754][ T4357] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.930826][ T4357] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.933551][ T5327] ext4 filesystem being mounted at /119/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.974129][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.988785][ T4409] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.008057][ T4409] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.060586][ T3302] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.071022][ T5339] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 53.080277][ T5339] FAT-fs (loop9): unable to read boot sector [ 53.103972][ T5345] 9pnet: p9_errstr2errno: server reported unknown error [ 53.118123][ T5340] netlink: 'syz.3.563': attribute type 21 has an invalid length. [ 53.135726][ T5340] netlink: 132 bytes leftover after parsing attributes in process `syz.3.563'. [ 53.478866][ T5364] loop2: detected capacity change from 0 to 2048 [ 53.493066][ T5364] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.513955][ T5368] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 53.525974][ T5368] FAT-fs (loop3): unable to read boot sector [ 53.611133][ T5372] netlink: 'syz.2.571': attribute type 10 has an invalid length. [ 53.641832][ T5374] syzkaller1: entered promiscuous mode [ 53.647354][ T5374] syzkaller1: entered allmulticast mode [ 53.671455][ T5372] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.680767][ T5372] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 53.833802][ T5378] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 53.864082][ T5378] FAT-fs (loop1): unable to read boot sector [ 53.878997][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.947385][ T5376] loop3: detected capacity change from 0 to 8192 [ 53.989084][ T5386] bridge_slave_0: left allmulticast mode [ 53.994908][ T5386] bridge_slave_0: left promiscuous mode [ 54.000579][ T5386] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.011393][ T5386] bridge_slave_1: left allmulticast mode [ 54.017060][ T5386] bridge_slave_1: left promiscuous mode [ 54.022730][ T5386] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.070870][ T5386] bond0: (slave bond_slave_0): Releasing backup interface [ 54.092898][ T5386] bond0: (slave bond_slave_1): Releasing backup interface [ 54.104318][ T29] audit: type=1326 audit(54.094:1956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5391 comm="syz.3.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 54.105715][ T5390] netlink: 14 bytes leftover after parsing attributes in process `syz.2.584'. [ 54.127560][ T5386] team0: Port device team_slave_0 removed [ 54.138976][ T29] audit: type=1326 audit(54.124:1957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5391 comm="syz.3.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 54.166065][ T29] audit: type=1326 audit(54.134:1958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5391 comm="syz.3.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 54.188969][ T29] audit: type=1326 audit(54.164:1959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5391 comm="syz.3.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f91f757ebe3 code=0x7ffc0000 [ 54.190204][ T5386] team0: Port device team_slave_1 removed [ 54.211499][ T29] audit: type=1326 audit(54.164:1960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5391 comm="syz.3.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f91f757ebe3 code=0x7ffc0000 [ 54.239645][ T29] audit: type=1326 audit(54.164:1961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5391 comm="syz.3.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 54.262352][ T29] audit: type=1326 audit(54.164:1962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5391 comm="syz.3.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 54.279344][ T5386] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 54.284967][ T29] audit: type=1326 audit(54.164:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5391 comm="syz.3.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91f757eba9 code=0x7ffc0000 [ 54.325608][ T5386] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 54.337744][ T5390] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 54.409681][ T5390] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 54.421017][ T5390] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 54.444084][ T5390] bond0 (unregistering): Released all slaves [ 54.543270][ T5403] loop0: detected capacity change from 0 to 512 [ 54.554612][ T5403] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 54.570564][ T5403] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0002] [ 54.578479][ T5403] System zones: 1-12 [ 54.600882][ T5403] EXT4-fs (loop0): orphan cleanup on readonly fs [ 54.607324][ T5403] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.597: invalid indirect mapped block 12 (level 1) [ 54.640618][ T5403] EXT4-fs (loop0): Remounting filesystem read-only [ 54.647293][ T5403] EXT4-fs (loop0): 1 truncate cleaned up [ 54.671114][ T5403] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 54.693864][ T5403] netlink: zone id is out of range [ 54.699015][ T5403] netlink: zone id is out of range [ 54.704412][ T5403] netlink: zone id is out of range [ 54.709538][ T5403] netlink: zone id is out of range [ 54.714626][ T5403] netlink: zone id is out of range [ 54.719836][ T5403] netlink: zone id is out of range [ 54.726107][ T5403] netlink: zone id is out of range [ 54.731367][ T5403] netlink: zone id is out of range [ 54.736465][ T5403] netlink: zone id is out of range [ 54.753217][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 55.024506][ T5414] loop0: detected capacity change from 0 to 2048 [ 55.077033][ T5414] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.154481][ T5421] netlink: 'syz.0.601': attribute type 10 has an invalid length. [ 55.166565][ T5423] loop4: detected capacity change from 0 to 512 [ 55.183104][ T5421] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.193415][ T5421] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 55.211343][ T5423] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.591: Failed to acquire dquot type 1 [ 55.251022][ T5423] EXT4-fs (loop4): 1 truncate cleaned up [ 55.260185][ T5423] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.299723][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.322743][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.360629][ T5437] loop3: detected capacity change from 0 to 128 [ 55.371948][ T5436] netlink: 8 bytes leftover after parsing attributes in process `syz.4.596'. [ 55.406059][ T5436] ip6gre1: entered allmulticast mode [ 55.487040][ T5437] syz.3.595: attempt to access beyond end of device [ 55.487040][ T5437] loop3: rw=2049, sector=153, nr_sectors = 8 limit=128 [ 55.500605][ T5437] syz.3.595: attempt to access beyond end of device [ 55.500605][ T5437] loop3: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 55.513960][ T5437] syz.3.595: attempt to access beyond end of device [ 55.513960][ T5437] loop3: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 55.527449][ T5437] syz.3.595: attempt to access beyond end of device [ 55.527449][ T5437] loop3: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 55.540850][ T5437] syz.3.595: attempt to access beyond end of device [ 55.540850][ T5437] loop3: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 55.554296][ T5437] syz.3.595: attempt to access beyond end of device [ 55.554296][ T5437] loop3: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 55.567661][ T5437] syz.3.595: attempt to access beyond end of device [ 55.567661][ T5437] loop3: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 55.581049][ T5437] syz.3.595: attempt to access beyond end of device [ 55.581049][ T5437] loop3: rw=2049, sector=265, nr_sectors = 8 limit=128 [ 55.594446][ T5437] syz.3.595: attempt to access beyond end of device [ 55.594446][ T5437] loop3: rw=2049, sector=281, nr_sectors = 8 limit=128 [ 55.607887][ T5437] syz.3.595: attempt to access beyond end of device [ 55.607887][ T5437] loop3: rw=2049, sector=297, nr_sectors = 8 limit=128 [ 55.790858][ T5446] loop4: detected capacity change from 0 to 8192 [ 55.960498][ T5459] bridge: RTM_NEWNEIGH with invalid ether address [ 56.038246][ T5461] loop0: detected capacity change from 0 to 512 [ 56.052842][ T5461] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.607: Failed to acquire dquot type 1 [ 56.064534][ T5461] EXT4-fs (loop0): 1 truncate cleaned up [ 56.070703][ T5461] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.098917][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.178664][ T5466] netlink: 'syz.1.609': attribute type 10 has an invalid length. [ 56.186862][ T5471] loop3: detected capacity change from 0 to 2048 [ 56.210634][ T5471] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.220272][ T5466] team0: Port device dummy0 added [ 56.283352][ T5477] syzkaller1: entered promiscuous mode [ 56.288946][ T5477] syzkaller1: entered allmulticast mode [ 56.324385][ T5482] netlink: 'syz.3.608': attribute type 10 has an invalid length. [ 56.332483][ T5484] loop1: detected capacity change from 0 to 1024 [ 56.334754][ T5482] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.347530][ T5482] batadv0: entered promiscuous mode [ 56.352842][ T5482] batadv0: entered allmulticast mode [ 56.353686][ T5484] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.358554][ T5482] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 56.383592][ T5484] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.614: Allocating blocks 385-513 which overlap fs metadata [ 56.401292][ T5484] EXT4-fs (loop1): pa ffff88810720c690: logic 16, phys. 129, len 24 [ 56.409344][ T5484] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 56.421084][ T5484] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28 [ 56.433390][ T5484] EXT4-fs (loop1): This should not happen!! Data will be lost [ 56.433390][ T5484] [ 56.443133][ T5484] EXT4-fs (loop1): Total free blocks count 0 [ 56.449225][ T5484] EXT4-fs (loop1): Free/Dirty block details [ 56.455135][ T5484] EXT4-fs (loop1): free_blocks=128 [ 56.460424][ T5484] EXT4-fs (loop1): dirty_blocks=0 [ 56.465505][ T5484] EXT4-fs (loop1): Block reservation details [ 56.471521][ T5484] EXT4-fs (loop1): i_reserved_data_blocks=0 [ 56.486729][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.554428][ T5489] loop4: detected capacity change from 0 to 1024 [ 56.563792][ T5489] EXT4-fs: Ignoring removed bh option [ 56.569595][ T5489] EXT4-fs: inline encryption not supported [ 56.580658][ T5489] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 56.598469][ T5489] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 56.622472][ T5489] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 2: comm syz.4.618: lblock 2 mapped to illegal pblock 2 (length 1) [ 56.637115][ T5489] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 48: comm syz.4.618: lblock 0 mapped to illegal pblock 48 (length 1) [ 56.662685][ T5489] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.618: Failed to acquire dquot type 0 [ 56.678116][ T5489] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 56.688308][ T5489] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.618: mark_inode_dirty error [ 56.700428][ T5489] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 56.703799][ T5502] netlink: 24 bytes leftover after parsing attributes in process `syz.1.622'. [ 56.711051][ T5489] EXT4-fs (loop4): 1 orphan inode deleted [ 56.720503][ T5504] loop3: detected capacity change from 0 to 164 [ 56.726908][ T5489] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.745419][ T4409] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:60: lblock 1 mapped to illegal pblock 1 (length 1) [ 56.763359][ T4409] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:60: Failed to release dquot type 0 [ 56.776747][ T5489] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.786137][ T5489] EXT4-fs error (device loop4): __ext4_get_inode_loc:4861: comm syz.4.618: Invalid inode table block 1 in block_group 0 [ 56.803229][ T5489] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 56.813343][ T5489] EXT4-fs error (device loop4): ext4_quota_off:7221: inode #3: comm syz.4.618: mark_inode_dirty error [ 56.869755][ T5510] tipc: Started in network mode [ 56.874699][ T5510] tipc: Node identity ac14140f, cluster identity 4711 [ 56.885901][ T5510] tipc: New replicast peer: 255.255.255.255 [ 56.892150][ T5510] tipc: Enabled bearer , priority 10 [ 56.962635][ T5518] loop2: detected capacity change from 0 to 2048 [ 56.984089][ T5518] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.020780][ T5525] loop3: detected capacity change from 0 to 1024 [ 57.038561][ T5525] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.633: Failed to acquire dquot type 0 [ 57.088033][ T5525] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 57.121325][ T5525] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #13: comm syz.3.633: corrupted inode contents [ 57.135753][ T5525] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #13: comm syz.3.633: mark_inode_dirty error [ 57.153723][ T5525] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #13: comm syz.3.633: corrupted inode contents [ 57.202810][ T5525] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #13: comm syz.3.633: mark_inode_dirty error [ 57.231558][ T5525] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #13: comm syz.3.633: corrupted inode contents [ 57.254157][ T5537] syzkaller1: entered promiscuous mode [ 57.259707][ T5537] syzkaller1: entered allmulticast mode [ 57.265529][ T5525] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 57.278153][ T5525] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #13: comm syz.3.633: corrupted inode contents [ 57.291517][ T5525] EXT4-fs error (device loop3): ext4_truncate:4666: inode #13: comm syz.3.633: mark_inode_dirty error [ 57.302922][ T5525] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 57.313718][ T5525] EXT4-fs (loop3): 1 truncate cleaned up [ 57.325633][ T5525] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.376853][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.460173][ T10] IPVS: starting estimator thread 0... [ 57.527209][ T5561] netlink: 24 bytes leftover after parsing attributes in process `syz.3.648'. [ 57.549408][ T5554] IPVS: using max 2976 ests per chain, 148800 per kthread [ 57.629131][ T5565] loop4: detected capacity change from 0 to 2048 [ 57.650766][ T5569] netlink: 8 bytes leftover after parsing attributes in process `syz.3.652'. [ 57.662381][ T5569] ip6gre1: entered allmulticast mode [ 57.711327][ T5571] loop3: detected capacity change from 0 to 764 [ 57.727649][ T5565] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.740249][ T5571] rock: directory entry would overflow storage [ 57.746534][ T5571] rock: sig=0x4f50, size=4, remaining=3 [ 57.752256][ T5571] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 57.764742][ T5571] netlink: 20 bytes leftover after parsing attributes in process `syz.3.653'. [ 57.788087][ T5576] loop0: detected capacity change from 0 to 1024 [ 57.804005][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.805355][ T5576] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 57.829250][ T5576] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 57.842366][ T5576] EXT4-fs (loop0): orphan cleanup on readonly fs [ 57.849993][ T5576] __quota_error: 220 callbacks suppressed [ 57.850007][ T5576] Quota error (device loop0): do_check_range: Getting dqdh_entries 512 out of range 0-14 [ 57.866948][ T5576] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 57.877797][ T5576] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.654: Failed to acquire dquot type 0 [ 57.891332][ T5576] Quota error (device loop0): do_check_range: Getting dqdh_entries 512 out of range 0-14 [ 57.895457][ T29] audit: type=1400 audit(57.884:2175): avc: denied { read write } for pid=5580 comm="syz.2.656" name="ptp0" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 57.923946][ T29] audit: type=1400 audit(57.884:2176): avc: denied { open } for pid=5580 comm="syz.2.656" path="/dev/ptp0" dev="devtmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 57.925019][ T5576] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 57.957174][ T3303] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 57.972057][ T3303] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 57.983290][ T5576] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.654: Failed to acquire dquot type 0 [ 57.995409][ T5576] EXT4-fs error (device loop0): ext4_free_blocks:6696: comm syz.0.654: Freeing blocks not in datazone - block = 0, count = 4096 [ 58.010582][ T5579] netlink: 96 bytes leftover after parsing attributes in process `syz.3.655'. [ 58.012308][ T5576] Quota error (device loop0): do_check_range: Getting dqdh_entries 512 out of range 0-14 [ 58.030399][ T9] tipc: Node number set to 2886997007 [ 58.037863][ T5576] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 58.047950][ T5576] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.654: Failed to acquire dquot type 0 [ 58.074728][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.094108][ T5576] EXT4-fs (loop0): 1 orphan inode deleted [ 58.111870][ T5576] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 58.175381][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.440678][ T29] audit: type=1400 audit(58.434:2177): avc: denied { read append } for pid=5609 comm="syz.1.668" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 58.440798][ T5610] random: crng reseeded on system resumption [ 58.463721][ T29] audit: type=1400 audit(58.434:2178): avc: denied { ioctl open } for pid=5609 comm="syz.1.668" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 58.763673][ T5627] wg2: entered promiscuous mode [ 58.768554][ T5627] wg2: entered allmulticast mode [ 58.889894][ T5631] loop2: detected capacity change from 0 to 512 [ 58.930328][ T5631] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 58.943480][ T5631] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 59.030566][ T5645] netlink: 'syz.3.684': attribute type 10 has an invalid length. [ 59.038651][ T5645] dummy0: left promiscuous mode [ 59.043586][ T5645] dummy0: left allmulticast mode [ 59.049627][ T5645] dummy0: entered promiscuous mode [ 59.055621][ T5631] EXT4-fs error (device loop2): xattr_find_entry:333: inode #15: comm syz.2.678: corrupted xattr entries [ 59.112662][ T5645] dummy0: entered allmulticast mode [ 59.118236][ T5645] team0: Port device dummy0 added [ 59.123936][ T5631] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 59.138958][ T5645] netlink: 'syz.3.684': attribute type 10 has an invalid length. [ 59.169563][ T5631] EXT4-fs (loop2): 1 truncate cleaned up [ 59.192283][ T5645] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 59.211667][ T5631] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.229715][ T5645] dummy0: left promiscuous mode [ 59.285335][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.312595][ T5645] dummy0: left allmulticast mode [ 59.320542][ T5645] team0: Failed to send options change via netlink (err -105) [ 59.328124][ T5645] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 59.337447][ T5645] team0: Port device dummy0 removed [ 59.349130][ T5645] dummy0: entered promiscuous mode [ 59.354559][ T5645] dummy0: entered allmulticast mode [ 59.361317][ T5645] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 59.438372][ T5653] loop2: detected capacity change from 0 to 1024 [ 59.442188][ T5654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.686'. [ 59.470909][ T5653] EXT4-fs: Ignoring removed bh option [ 59.486462][ T5653] EXT4-fs: inline encryption not supported [ 59.494799][ T5653] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 59.556766][ T5660] lo speed is unknown, defaulting to 1000 [ 59.564666][ T5660] lo speed is unknown, defaulting to 1000 [ 59.611880][ T5653] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 59.659729][ T5660] lo speed is unknown, defaulting to 1000 [ 59.666550][ T5660] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 59.690475][ T5664] SELinux: failed to load policy [ 59.727761][ T5660] lo speed is unknown, defaulting to 1000 [ 59.733999][ T5660] lo speed is unknown, defaulting to 1000 [ 59.743698][ T5660] lo speed is unknown, defaulting to 1000 [ 59.758205][ T5653] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.687: lblock 2 mapped to illegal pblock 2 (length 1) [ 59.796084][ T5660] lo speed is unknown, defaulting to 1000 [ 59.809767][ T5660] lo speed is unknown, defaulting to 1000 [ 59.824369][ T5653] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.687: lblock 0 mapped to illegal pblock 48 (length 1) [ 59.850308][ T5653] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.687: Failed to acquire dquot type 0 [ 59.890853][ T5653] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 59.915035][ T5677] netlink: 12 bytes leftover after parsing attributes in process `syz.4.697'. [ 59.924770][ T5653] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.687: mark_inode_dirty error [ 59.958578][ T5653] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 59.970371][ T5653] EXT4-fs (loop2): 1 orphan inode deleted [ 59.976587][ T5653] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.994818][ T3444] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 60.025511][ T3444] EXT4-fs error (device loop2): ext4_release_dquot:6973: comm kworker/u8:8: Failed to release dquot type 0 [ 60.040603][ T5653] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.687: lblock 0 mapped to illegal pblock 48 (length 1) [ 60.055510][ T5683] netlink: 16 bytes leftover after parsing attributes in process `syz.1.701'. [ 60.088443][ T5653] ext4: Unknown parameter '18446744073709551615@LqE: 艞t}0$' [ 60.099984][ T5693] loop1: detected capacity change from 0 to 512 [ 60.242637][ T5719] loop4: detected capacity change from 0 to 1024 [ 60.300043][ T5725] bridge0: port 3(ip6gretap0) entered blocking state [ 60.306786][ T5725] bridge0: port 3(ip6gretap0) entered disabled state [ 60.423156][ T5719] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.717: Allocating blocks 449-513 which overlap fs metadata [ 60.448204][ T5736] tipc: Started in network mode [ 60.453186][ T5736] tipc: Node identity dadff75ec56c, cluster identity 4711 [ 60.460426][ T5736] tipc: Enabled bearer , priority 0 [ 60.460784][ T5738] SELinux: policydb table sizes (0,0) do not match mine (5,6) [ 60.478321][ T5738] SELinux: failed to load policy [ 60.503077][ T5735] tipc: Resetting bearer [ 60.549561][ T5735] tipc: Disabling bearer [ 60.562999][ T5743] bridge: RTM_NEWNEIGH with invalid ether address [ 60.577232][ T5749] netlink: 4 bytes leftover after parsing attributes in process `syz.1.728'. [ 60.628385][ T5749] team1: entered promiscuous mode [ 60.633526][ T5749] team1: entered allmulticast mode [ 60.685610][ T5760] loop0: detected capacity change from 0 to 128 [ 60.710993][ T5764] bridge0: port 1(ip6gretap0) entered blocking state [ 60.717733][ T5764] bridge0: port 1(ip6gretap0) entered disabled state [ 60.724862][ T5764] ip6gretap0: entered allmulticast mode [ 60.731058][ T5764] ip6gretap0: entered promiscuous mode [ 60.736893][ T5764] bridge0: port 1(ip6gretap0) entered blocking state [ 60.743616][ T5764] bridge0: port 1(ip6gretap0) entered forwarding state [ 60.835615][ T5770] loop0: detected capacity change from 0 to 1024 [ 60.916050][ T5770] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.736: Allocating blocks 449-513 which overlap fs metadata [ 60.941782][ T5770] EXT4-fs (loop0): pa ffff88810720c5b0: logic 48, phys. 177, len 21 [ 60.949861][ T5770] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 60.965211][ T5770] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 28 with max blocks 4 with error 28 [ 60.977756][ T5770] EXT4-fs (loop0): This should not happen!! Data will be lost [ 60.977756][ T5770] [ 60.987416][ T5770] EXT4-fs (loop0): Total free blocks count 0 [ 60.993510][ T5770] EXT4-fs (loop0): Free/Dirty block details [ 60.999466][ T5770] EXT4-fs (loop0): free_blocks=64 [ 61.004489][ T5770] EXT4-fs (loop0): dirty_blocks=0 [ 61.009612][ T5770] EXT4-fs (loop0): Block reservation details [ 61.015605][ T5770] EXT4-fs (loop0): i_reserved_data_blocks=0 [ 61.032305][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 61.053739][ T10] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 61.224422][ T5804] loop1: detected capacity change from 0 to 512 [ 61.235643][ T5804] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 61.260046][ T5804] EXT4-fs (loop1): 1 truncate cleaned up [ 61.421252][ T5813] netlink: 'syz.0.751': attribute type 10 has an invalid length. [ 61.431863][ T5813] team0: Port device dummy0 added [ 61.438692][ T5813] netlink: 'syz.0.751': attribute type 10 has an invalid length. [ 61.446870][ T5813] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 61.457042][ T5813] team0: Failed to send options change via netlink (err -105) [ 61.465752][ T5813] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 61.466856][ T5814] netlink: 20 bytes leftover after parsing attributes in process `syz.3.752'. [ 61.474918][ T5813] team0: Port device dummy0 removed [ 61.488679][ T5814] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 61.498922][ T5813] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 61.549846][ T5809] ================================================================== [ 61.557960][ T5809] BUG: KCSAN: data-race in xas_find_marked / xas_set_mark [ 61.565090][ T5809] [ 61.567406][ T5809] write to 0xffff888119cda9a4 of 4 bytes by task 5804 on cpu 1: [ 61.575025][ T5809] xas_set_mark+0x12b/0x140 [ 61.579534][ T5809] __folio_start_writeback+0x1dd/0x440 [ 61.584997][ T5809] ext4_bio_write_folio+0x5ad/0x9f0 [ 61.590195][ T5809] mpage_process_page_bufs+0x4a1/0x620 [ 61.595662][ T5809] mpage_prepare_extent_to_map+0x786/0xc00 [ 61.601473][ T5809] ext4_do_writepages+0xa05/0x2750 [ 61.606601][ T5809] ext4_writepages+0x176/0x300 [ 61.611454][ T5809] do_writepages+0x1c3/0x310 [ 61.616048][ T5809] file_write_and_wait_range+0x156/0x2c0 [ 61.621694][ T5809] generic_buffers_fsync_noflush+0x45/0x120 [ 61.627589][ T5809] ext4_sync_file+0x1ab/0x690 [ 61.632275][ T5809] vfs_fsync_range+0x10d/0x130 [ 61.637049][ T5809] ext4_buffered_write_iter+0x34f/0x3c0 [ 61.642610][ T5809] ext4_file_write_iter+0xdbf/0xf00 [ 61.647816][ T5809] iter_file_splice_write+0x663/0xa60 [ 61.653185][ T5809] direct_splice_actor+0x153/0x2a0 [ 61.658297][ T5809] splice_direct_to_actor+0x30f/0x680 [ 61.663669][ T5809] do_splice_direct+0xda/0x150 [ 61.668443][ T5809] do_sendfile+0x380/0x650 [ 61.672861][ T5809] __x64_sys_sendfile64+0x105/0x150 [ 61.678066][ T5809] x64_sys_call+0x2bb0/0x2ff0 [ 61.682752][ T5809] do_syscall_64+0xd2/0x200 [ 61.687254][ T5809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.693149][ T5809] [ 61.695461][ T5809] read to 0xffff888119cda9a4 of 4 bytes by task 5809 on cpu 0: [ 61.702985][ T5809] xas_find_marked+0x5dc/0x620 [ 61.707759][ T5809] find_get_entry+0x5d/0x380 [ 61.712339][ T5809] filemap_get_folios_tag+0x92/0x210 [ 61.717620][ T5809] mpage_prepare_extent_to_map+0x320/0xc00 [ 61.723424][ T5809] ext4_do_writepages+0x708/0x2750 [ 61.728532][ T5809] ext4_writepages+0x176/0x300 [ 61.733292][ T5809] do_writepages+0x1c3/0x310 [ 61.737875][ T5809] filemap_write_and_wait_range+0x144/0x340 [ 61.743763][ T5809] ext4_file_write_iter+0xe04/0xf00 [ 61.748957][ T5809] iter_file_splice_write+0x663/0xa60 [ 61.754321][ T5809] direct_splice_actor+0x153/0x2a0 [ 61.759421][ T5809] splice_direct_to_actor+0x30f/0x680 [ 61.764785][ T5809] do_splice_direct+0xda/0x150 [ 61.769630][ T5809] do_sendfile+0x380/0x650 [ 61.774052][ T5809] __x64_sys_sendfile64+0x105/0x150 [ 61.779256][ T5809] x64_sys_call+0x2bb0/0x2ff0 [ 61.783920][ T5809] do_syscall_64+0xd2/0x200 [ 61.788419][ T5809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.794299][ T5809] [ 61.796602][ T5809] value changed: 0x0a000021 -> 0x04000021 [ 61.802299][ T5809] [ 61.804600][ T5809] Reported by Kernel Concurrency Sanitizer on: [ 61.810734][ T5809] CPU: 0 UID: 0 PID: 5809 Comm: syz.1.749 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 61.821915][ T5809] Tainted: [W]=WARN [ 61.825695][ T5809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 61.835730][ T5809] ==================================================================