last executing test programs: 1.138479469s ago: executing program 0 (id=890): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0x1, 0x0) 1.13418589s ago: executing program 1 (id=891): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) 1.019029809s ago: executing program 1 (id=893): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000012c0)='scsi_dispatch_cmd_start\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 980.756502ms ago: executing program 1 (id=894): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) pipe(&(0x7f0000005880)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_selinux(r2, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0) 477.118402ms ago: executing program 2 (id=895): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x6a) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000140)='./file0\x00', 0x12000021) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200018"], 0x69) close(r0) execve(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) 476.569282ms ago: executing program 1 (id=905): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x18) mkdir(&(0x7f0000000000)='./control\x00', 0x0) r1 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000100)='./control\x00', 0x0) unlinkat(r1, &(0x7f0000000140)='./control\x00', 0x200) 459.493854ms ago: executing program 2 (id=896): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='9p_protocol_dump\x00', r0}, 0x10) mkdir(&(0x7f0000000200)='./file0\x00', 0x50) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) 453.813924ms ago: executing program 1 (id=897): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f00000003c0)={&(0x7f0000000180), 0x10, &(0x7f0000000380)=[{&(0x7f0000000480)="c3e972bd85a6d84136d6dd55048d3593a74f338ce6772ab9a6f64041c2f6fbbecdc08ebcd3192b6a53662dae7c8e9c665e80a5d0925f728dcac30c29793992e588952653d414cb8ccdabc38767fee819ec5af0c5ee936880fe8549b4ed347779cab4ffd4e0b62c53a1c01db28f2b3f91c34211c9353bc1dece61511917c2245fd66cb8dffeacb4d46d627c97b498bf1ff6b313bfbc9765457c831771d5eec7997ec242e4505f01c1bb3e069b2e630f42a2be86598a61", 0x64}, {&(0x7f0000000300)='V', 0x1}, {&(0x7f0000001600)="3eed50d0125719a810f88e3f47186fe4dae74182dfd109a2587c4797410c9b8e39bd3d9aa144d5908647c30c8db69b5c17084c9b1bfbb8680737c4f88abcdbc7d294d72ab1b344270915df9ddf5635644c351c22b29d948ac4106bce7107570beed63077cfbc98ef71699eae65d37724d995b553e7a3ade619b522313ab382caf879feb48942878e605ee3ee2872794e3abe22a3f025068b628a5d92468092a5cc649bbbd978b5772e537939432a502122235ced312dafd108c9ffeb0b38cc16da9418ca01d485a6afb5827da4df6e1121ec307de14bb32b6a977608e4576a998182dd93d592ff43e55bfdbbce23ecd501e43b3e93ef8d9d01711dff54c301e299d3801a3cffe6c9883fbd0e47124dc02569f62d48b878fcb58ce99fcffcd2a5166eff3ad93cf1d137274993d86a3b3730d63ded759f6ca88fa449e5575b15321e5a58a1f888eed7466db4976ce35f6d2efb5ad05d99a66482dc607cb5acb24d326803bd337519cc98103f59c63b5962cd72e4497d1b00817d6e09de70270a09b493c2226617b1c9ef9d506be00d6e07f14633a966f04ecca90fb8d2b963ad6f3817935bd6534fa3da1c5dc468789cbf1192f3c0bff3777f1edd2ada5d35f88f12f29e952c44445ce623509d66811c80a9e0f13ad85aba37d86ff0da4dda601d9e8acb264233bc939fb056316612cff687d5c44157be05bcc88b333ff2a40041d98f1acfe6e2231a84e09bd7a54a0442cf87ce3ee8fd8da39da1862862ae40fc3cb3055c8b70e62f243850707341f51426bb3e71c7a4fffefab060db786000618b05eb087a424a2f30f6a232ff44b605f70ceec0a8f70e37907f6e0bbba21e9d5b7ecb6d287742b75c101ba79525918c3473eae38f3c177249dfa8816661c9921f0b0c858d53ab87c8407b97950c842111002edd1d1e80b801b495da28bcd5409bc971e55dab1857e188ac9728efc8f9a4543945f86ade13b445eacecbbf848a96410ac37c57e3e9e8bc8b8fadd559d225c7468639da2b5d1208558b51e94c14faa7947a7c60e81a96bb5d194cc7289adbc02ebb4b49be1f1efc429db2f9b79b5a22919dba0c35341042c5776942c52365367c4bfc95b42be383cca7107161ded7e851d0126da33d581f1e2b08d0c061e86d31e7a83f9b51c79b4034c7deda7697034e1404c6e8e459f76c2efe64350146c7437ef808e04ca14df5f6f500264fd977272bbf8fc096774e8eb61d0963430751ac1425a073f84346b0eba368cba7fa34adc420800d4f99927280eba199f9695cf88124fafc3a2b1226d2f2ab3ea27c69a127650cf5c725b54c02bd8729033cf699ce7f030f9a3442056244da3cfb61a8126dba11377624f39eb009242152fd7b8b88de7dd86057f29bfcb7b7df0e65e7e9ac9eeaa41afa62743698bff03d5b2d51fb6bca2d92294e8e177cfa3661b26f1c040e9bed983b7bc0aa154eb9c92e4ee25091318c53113a1c23ac62d2d71504cba99041f29a4f332133292cf20abec9222a2acca57cac48fa6c0668ee5eecb494741a64d33b011dcca74696d4614c5b45a5d20983b1708d365ed3ffa60f9161972a611c22642c3c259b41f943f6d7a8b60f284d325e38fe76f0645e069ff70cae38850ccf973193b6232c987df26239a574691f7f07fffa6deae1eb0324fe546573c36f2a2c31cd442517a9b036ae6a2a491e7343864693c107a5dc2585820863c146c1ba6caa4fea9b87d567716f4c8ca1a9d2848055cd750512d3b7415d090019dc8a04a1a1d28931093cd8f00e94c407ca1fa2a5ce903d9df26e008c07cd13afa783220e1bd5e6b60645f3dbb6ecb4156fedafa2dd25498c6a99d94f0b38125ea7741b75109dcac9f80635f79f5c8a0483bb9f05a3a5bf721c7541edb252449f8b13e63c370a6146332f03ca1f1b6fe0bed984f13744bb7fa0fe322e83ddf9ffb2083e94f33604a0a199220c450dad94bf154805e7f9e4350ca2d81adf2978c87dcc8a8a7d56297ec124bfef0d28f35777205e973272c87e01070f14f5b14daa3b5104d9ff6b296c4f16ed49eb42d35e7ba3bccb7a26c33a263df88aadd596e9d9de0abbd4d449df11081f2cd62e1d8962b9b9feb25a3b8e03537d61a61c11ac22b7211d12c84e60a6abcc219e558b2513d8c530b3c7a57cdc47de545aafbb2a13c0e6c75b1b92fa241c713c83a09c92b2b61d565120372a9143415583c9596f27a663d4967cd653b08cebd6cb96c1f0dc80d57267ac9a8281d7149bde880828ee27d69a6818db58320db29d1b044eaf6ab8a5108bc522de406990b5393b1f7e7bab71bf6cf8eed1cd59c7607d662e8b313f5c4fce0f59b1027371381011b63dd5b2b09739082c0d62ffad96e30153a395234937d377c32fe7af82aca3a19d0ebc4a5c5fb5ff190f14d5695c703b571fb4bf03756635cafc6cf6267eab836c347a9d07e8089fc105346934cf3364e5be370b3c42b94bc5ae3d17a817398566a2953251eb91697d67278145df9a4b917bcca1bf211780b22f4caacfcb7604c84f943d05f6fdf8edbd258d7d8dbf84f9d99e57472c5b1c2337d749a1f345e662e2536d23c7a63bbbbf00f8b5b0a2106a0342ab27b9a10b82e82668cd49e0cbb09d7be0217645f1dda3be59c8232fa290d34791cda52aa5b5cec6339ab96a2eb3f5328cc7c0e6717c2824344547a2ed518f6b2b4e4fe5b684596aa6a9d3988fc5d5ff4cb46cec99d951b8386b10949a163af974b7543df97b4882a4ed60e927a1deb67c5f814235bef65fea79a2c712815be7403c93a3707fb90d4604ec3a6a3b0928f253f6ab6bd56c958e026c8c58172c4ac2a3efe2ecd5cea70c8313f9ac2d638bc296ba99e2ca86d2fd06b5402cdcddc3f3c9845d5ae77f6f36963b91e8f6cdccd17abe8d40ed02463af4bb0e496344f350097f1cc13313fa1e172b63556ed2b8a8121c01a5fb343ff7767821626fc49b0d6bd522e1c9bf137d5a5bccb4bc8dbb64c83a82ef6c2894f3896c9f6bf0c3764011d53eeb6db9ea9dae22d3ebcca4942d5828c0bca0d9ea37701d5a06c066ac4fe318e11e9c0d6c658ac810fb5d7836cfffe4ccbb0934e5567d74695980a156d4bf1c18861c5a29ccd349999dc20562d00e1f6c1851ae563541086438d60b975c8ceb466414ff60efa0b2dee790fd0659ffa98b92414c13d5a6825368f56c4984412205041cd8e006c7127d4395ecdffb5addf80ef938ce54a367154c4fc286d5f969325c12b13655a9a956dd3b98281f537e837669fc55d8930676e807aa8cd046e0f4583d59f86cb99f3f7a7ddde1fb39111fdec7677d2fee4b8f4814a5def5ebcc67c653384ce80eaffd880405f7edf8fd3ea049f040595df4a75e2f892e7a85e0ba351fb8d263bfff7168bb85017b360fcd2ba89346682a6ea7ccc46afbdb5ab444e3f477238b2ab503bde914d3cf1789539cde9c0621152cd97bff9f235d88a1ef4ea4309db3a05d401af7fb82784b050ef529dab4f1f003eb29710a962f7538c521e617e2f0efac36182d09985e1d725cc38c3833a53742a02f76fb2854a9e45f0febacf3bda83f11183ef5b9fef02ebcdf56d4104b175bad937d8f61964f97d673577cdcbbb48d8eb62b063ee6563b9ff053719baff871bcd83822d865b2f7ef023076425ac5cd71b1f2309de0c6f14cc9c4d3e8fad945f756a7c8a084ea1bfdf5ac6e740043e7f7bdaca06774b084ae314c2636529d4fdcd965c7f8c07156572620b827d694efdc9d2bfc5aa9391220a83765f2c71fcd48d4acaed60afb53d1013fa3b15e948ec4159f7d130ef85b594018346e99034c18738285223ea53a6b1d5cf11a607de2e19608ba03ec970a915b773824261f3fc931dd6d3b934d89f07baf14776314c3eeb8cd0537ef5736f565fbd14e520d4ab2f77ed9597b76ff91f8d1f99ebd6e473efda7accb273975a06944d1037032129992b994ca791a09b4d83980a1e494b0f97098df5f6fb6bbb02722adb11dc319c565c2c363cbd19d9fb3efb4613b62d6584cd53f7bd80e3e89304f444ce9dd1835661e3bb4de02ccf568a2a5daaf0d56898d4286c3fb62e22af62d7ac318685834467f337561dde2e0c1e2827cdffcf42c17728ee64b3ff4ccc0227590badd0bd7e448b8cca0892d6a5e0130d2ac665f47c6b28daa101c1b319869bdd39fa924d6d9ba7d72feda5f21ac78641c7d4801d41c7879721b3be4dab40d9c4a78552440101f373489cc5240b0144a9ce32691a784b6dfe971a21bb5980ff67da2d1bb90b223c9e192a39c1aeadd1f5c790811079c0b51a97105c99b6f95d71bb3ea47c33d9dcb0a53c929c44499e184a3cd722c908d3b0d157e28ffdeb2ed7192e780d96a7a2f0fd5a87bdc973e049da0caf931f26f5a21813e2e602ceb2259997e0205ce48fd9424bd6d4d75dd4301f429ee30745cd839a40dbeab4c3db2f0f10bbaea071ca41d1392385681730a3678a5f60f604dbe19cb9d7dd234337e327451b8cc65394af399432ef7fc3765d055874ebdca14e5999292d6f72f31e92bacf25db5ef8f5212952c1910de06ddbe1687a0e1837922f2228289916ed3aeb7b9cc24da3ae47139e371930afa6d3573df6732c26c0c7ae06d9cedfa77160711bcb06e6553338deae4c5731cf53cc154113096d02f3036d7d9edfcdc331e4bb860c5208489212e904eab70e7f860b0379895cbdecbf7a0b7a25e5b853c7dbe08a4e296a30afec8cf5a9f6ea4aef32a508655d539a770b21e660c9ee1d7688c56abeb7cf1afccc8d59780cf26312589e0c8e1bc00ad7b1325cd9a5dd69246e0b33407c381ea09265154aec297e4ccdf9785a1042a83e77c13d4ce4360782f2428f9916b5cd123b089eb683d30c1e895b9944aa905a1a5b52301d8cc5e4741834ead6ebdb5dc05c9c49c5e883e99d40b9838037beaf876534d747856103e59caf6266fbbe760b6ef83d004634b74f14f8eb4aef93c4cc9cbbd78d83d532c70feef51ea3f170b25d81a6a9b074bfca7e9b3771bf83517e0dd9d0600f70b86b20f61fe36076f8bada334b2390fa954973bc901619a3cfd039349cb328625f495ab288dbdd6dbfd022c2a83f59e0b998619a12e35891b5ae9e83a71765507b4a571cd2241e5885c705244c1022688bef7c5065fbcf219fc01753adb611b3fbc09403dcb10a4f99d788667eff75fa27074ca8481a633530e26163ccf7dada049d23e717e067b6fa5b2f652bc50abda9e7ccdc5f2f3c35ecc2c4431c819c9691be4422e379750774e9f39dae06f26423c8a4278789c9f3111b43f6dd25b0ad47c4cc5fda3f3ed82079c9366e0adced883488f429c1d7e1b351fd0bb204dd7977ef224c4df6d7a5f7697bc6500a7d03a8a914154779fa7092bf1be6bad4092367ce5d295a5d5d0e7c469f372ca2011d612637025e89f178ae9ada0c5b73bcb7d7c034ff595263cd4216e3c76ba5f3d81932a088a90bf8043e877e299c670ef1622a098d5519d9adc4ee7d4cd00e5934a4375fa83fdb81214b892482b31bdde59a70aaf25cb7f417c3a2a91c4e54b48149f6c41d9d396ee6ff13e3028c64a7c9b1f2e7c6e67184a3d52d6f570db3d225c947423c4c6533f22df57d15c5e5a3183422bd378b06fe4732a9401dcb19840fb8fa5c50a0ff497fef362c507753e46b8881d3e767f3b1d893a3805941c94f2efa05ce34b9ea81d716984af6834230d4707a87089d40779503ee6a9bb245d7d997f14acb80e89731c042bbbbe3dcd05177b0ee0eec23455830ef5b65aca357f2b0b887e0b9821c0", 0x1000}, {&(0x7f0000000340)="b768eb20304f2fdc5a9694a4867840d93170ca1a86406f", 0xfffffec0}], 0x4, 0x0, 0x0, 0x8010}, 0x0) dup2(r2, r1) 417.758937ms ago: executing program 1 (id=900): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000600)='./file0\x00', 0xc8d0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12) write(r1, &(0x7f0000000080)="4f1002f8839db50f6b17361b58", 0xd) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 369.613051ms ago: executing program 4 (id=904): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r2, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c) 350.139982ms ago: executing program 3 (id=906): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) ioperm(0x9, 0x9, 0x7) 349.409112ms ago: executing program 4 (id=907): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, {0xffed}, {0xb}}}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x48, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}]}}}]}, 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x28020, 0xac}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}]}}}]}, 0x3c}}, 0x20004090) 317.659235ms ago: executing program 2 (id=908): r0 = syz_clone(0x2b00b100, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0) ptrace(0x4206, r0) wait4(r0, 0x0, 0x8, 0x0) r1 = syz_io_uring_setup(0x4aa, &(0x7f0000000380)={0x0, 0xfffffffc, 0x10100, 0x10000000, 0x13a}, &(0x7f0000000000)=0x0, &(0x7f0000000600)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8126}}) io_uring_enter(r1, 0x38c5, 0x2000000, 0x0, 0x0, 0x0) 316.905255ms ago: executing program 4 (id=909): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) 302.729556ms ago: executing program 0 (id=910): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a9a4850000000400000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a800800028004000500080000003e"], 0x44}}, 0x0) 284.570228ms ago: executing program 3 (id=911): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbdf25047c0000100036800c00020007009300000000000c0001"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) 255.39831ms ago: executing program 0 (id=912): socket$inet(0x2, 0x1, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0x4}, 0x100b28, 0x6, 0x0, 0x7, 0x8, 0x20005, 0x80, 0x0, 0x0, 0x0, 0x20000009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) 249.76346ms ago: executing program 4 (id=913): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000f000000050030000000000005002f000000000008000300", @ANYRES32=r3], 0x2c}}, 0x0) 206.246194ms ago: executing program 3 (id=914): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x81, &(0x7f00000002c0)="1ae96d0103010000", 0x8) close_range(r1, 0xffffffffffffffff, 0x0) 198.603234ms ago: executing program 4 (id=915): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000100)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x4000) fallocate(r0, 0x0, 0x0, 0x1000f4) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x500, 0x61, 0x10, 0x7b}, [@ldst={0x6, 0x0, 0x3, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) 174.734507ms ago: executing program 3 (id=916): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0) writev(r2, &(0x7f0000000940)=[{&(0x7f0000000200)='\f7', 0x2}, {&(0x7f0000000100)='0', 0x1}], 0x2) 157.379898ms ago: executing program 3 (id=917): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a500850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) 135.08105ms ago: executing program 0 (id=918): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x65, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x4, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 107.731412ms ago: executing program 2 (id=919): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f00000000c0)=0xc) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)={0x28, 0x18, 0x1, 0x0, 0x0, {0x2}, [@typed={0x8, 0x800, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @uid=r3}]}]}, 0x28}}, 0x10040080) 92.336613ms ago: executing program 3 (id=920): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0x1, 0x0) 67.488355ms ago: executing program 4 (id=921): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000540)) ioctl$NS_GET_USERNS(r1, 0xb701, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, 0x0, 0x1) 66.853535ms ago: executing program 0 (id=931): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) 56.893886ms ago: executing program 2 (id=922): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1, 0x0, 0x6}, 0x18) r2 = io_uring_setup(0x7cac, &(0x7f00000000c0)={0x0, 0x753a, 0x8, 0x2, 0x1fd}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 31.062438ms ago: executing program 0 (id=923): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) pipe(&(0x7f0000005880)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_selinux(r2, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0) 0s ago: executing program 2 (id=924): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0xf1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) close(0x3) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x58}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.107' (ED25519) to the list of known hosts. [ 24.669079][ T29] audit: type=1400 audit(1755980881.878:62): avc: denied { mounton } for pid=3258 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 24.670223][ T3258] cgroup: Unknown subsys name 'net' [ 24.691927][ T29] audit: type=1400 audit(1755980881.878:63): avc: denied { mount } for pid=3258 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.719167][ T29] audit: type=1400 audit(1755980881.918:64): avc: denied { unmount } for pid=3258 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.935586][ T3258] cgroup: Unknown subsys name 'cpuset' [ 24.941738][ T3258] cgroup: Unknown subsys name 'rlimit' [ 25.132345][ T29] audit: type=1400 audit(1755980882.338:65): avc: denied { setattr } for pid=3258 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.155674][ T29] audit: type=1400 audit(1755980882.338:66): avc: denied { create } for pid=3258 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.176172][ T29] audit: type=1400 audit(1755980882.338:67): avc: denied { write } for pid=3258 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.196502][ T29] audit: type=1400 audit(1755980882.338:68): avc: denied { read } for pid=3258 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.216800][ T29] audit: type=1400 audit(1755980882.348:69): avc: denied { mounton } for pid=3258 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.224659][ T3295] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 25.241566][ T29] audit: type=1400 audit(1755980882.348:70): avc: denied { mount } for pid=3258 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 25.273526][ T29] audit: type=1400 audit(1755980882.468:71): avc: denied { relabelto } for pid=3295 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.310842][ T3258] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.985313][ T3309] chnl_net:caif_netlink_parms(): no params data found [ 27.057444][ T3304] chnl_net:caif_netlink_parms(): no params data found [ 27.070751][ T3310] chnl_net:caif_netlink_parms(): no params data found [ 27.085357][ T3309] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.092407][ T3309] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.099682][ T3309] bridge_slave_0: entered allmulticast mode [ 27.106130][ T3309] bridge_slave_0: entered promiscuous mode [ 27.112515][ T3305] chnl_net:caif_netlink_parms(): no params data found [ 27.141543][ T3309] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.148645][ T3309] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.155884][ T3309] bridge_slave_1: entered allmulticast mode [ 27.162245][ T3309] bridge_slave_1: entered promiscuous mode [ 27.192133][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.214656][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.259139][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.266239][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.273633][ T3310] bridge_slave_0: entered allmulticast mode [ 27.280059][ T3310] bridge_slave_0: entered promiscuous mode [ 27.295891][ T3304] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.303023][ T3304] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.310528][ T3304] bridge_slave_0: entered allmulticast mode [ 27.316811][ T3304] bridge_slave_0: entered promiscuous mode [ 27.325162][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.332286][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.339597][ T3310] bridge_slave_1: entered allmulticast mode [ 27.345970][ T3310] bridge_slave_1: entered promiscuous mode [ 27.352606][ T3309] team0: Port device team_slave_0 added [ 27.359384][ T3309] team0: Port device team_slave_1 added [ 27.365162][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.372223][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.379538][ T3305] bridge_slave_0: entered allmulticast mode [ 27.385897][ T3305] bridge_slave_0: entered promiscuous mode [ 27.392180][ T3304] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.399278][ T3304] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.406500][ T3304] bridge_slave_1: entered allmulticast mode [ 27.412806][ T3304] bridge_slave_1: entered promiscuous mode [ 27.419167][ T3303] chnl_net:caif_netlink_parms(): no params data found [ 27.436847][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.444002][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.451200][ T3305] bridge_slave_1: entered allmulticast mode [ 27.457752][ T3305] bridge_slave_1: entered promiscuous mode [ 27.490116][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.507307][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.516685][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.523622][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.549565][ T3309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.560724][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.567685][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.593661][ T3309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.605995][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.620968][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.635530][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.657321][ T3305] team0: Port device team_slave_0 added [ 27.663895][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.683684][ T3310] team0: Port device team_slave_0 added [ 27.692638][ T3305] team0: Port device team_slave_1 added [ 27.713030][ T3310] team0: Port device team_slave_1 added [ 27.736805][ T3304] team0: Port device team_slave_0 added [ 27.747450][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.754384][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.780306][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.795906][ T3303] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.803021][ T3303] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.810162][ T3303] bridge_slave_0: entered allmulticast mode [ 27.816555][ T3303] bridge_slave_0: entered promiscuous mode [ 27.823335][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.830309][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.856236][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.872436][ T3304] team0: Port device team_slave_1 added [ 27.878575][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.885608][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.911621][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.922328][ T3303] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.929445][ T3303] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.936575][ T3303] bridge_slave_1: entered allmulticast mode [ 27.942929][ T3303] bridge_slave_1: entered promiscuous mode [ 27.949365][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.956332][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 27.982238][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.997856][ T3309] hsr_slave_0: entered promiscuous mode [ 28.003812][ T3309] hsr_slave_1: entered promiscuous mode [ 28.038118][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.045087][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.070986][ T3304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.110057][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.117122][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.143045][ T3304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.154806][ T3303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.168032][ T3305] hsr_slave_0: entered promiscuous mode [ 28.173910][ T3305] hsr_slave_1: entered promiscuous mode [ 28.179811][ T3305] debugfs: 'hsr0' already exists in 'hsr' [ 28.185556][ T3305] Cannot create hsr debugfs directory [ 28.198043][ T3310] hsr_slave_0: entered promiscuous mode [ 28.204000][ T3310] hsr_slave_1: entered promiscuous mode [ 28.209978][ T3310] debugfs: 'hsr0' already exists in 'hsr' [ 28.215754][ T3310] Cannot create hsr debugfs directory [ 28.221980][ T3303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.263973][ T3304] hsr_slave_0: entered promiscuous mode [ 28.270088][ T3304] hsr_slave_1: entered promiscuous mode [ 28.275893][ T3304] debugfs: 'hsr0' already exists in 'hsr' [ 28.281615][ T3304] Cannot create hsr debugfs directory [ 28.292171][ T3303] team0: Port device team_slave_0 added [ 28.298810][ T3303] team0: Port device team_slave_1 added [ 28.339738][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.346817][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.372791][ T3303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.396029][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.403057][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.429034][ T3303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.501713][ T3303] hsr_slave_0: entered promiscuous mode [ 28.508719][ T3303] hsr_slave_1: entered promiscuous mode [ 28.514546][ T3303] debugfs: 'hsr0' already exists in 'hsr' [ 28.520367][ T3303] Cannot create hsr debugfs directory [ 28.574149][ T3309] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 28.582579][ T3309] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 28.599764][ T3309] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 28.608371][ T3309] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 28.654678][ T3305] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 28.672996][ T3305] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 28.681924][ T3305] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 28.694408][ T3305] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 28.716808][ T3310] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 28.736106][ T3310] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 28.745369][ T3310] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 28.754261][ T3310] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 28.788552][ T3304] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 28.798322][ T3304] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 28.808505][ T3304] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 28.820144][ T3304] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 28.832283][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.859391][ T3309] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.876738][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.896094][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.903124][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.915465][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.922506][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.942975][ T3303] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 28.951678][ T3303] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 28.965260][ T3305] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.972162][ T3303] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 28.986686][ T3303] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 29.003236][ T3309] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.019541][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.026705][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.038264][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.045329][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.076845][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.102340][ T3304] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.147131][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.154790][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.161849][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.172275][ T3303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.183642][ T3309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.194571][ T1728] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.201727][ T1728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.220356][ T3303] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.235035][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.247372][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.254440][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.263225][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.270269][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.284881][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.304237][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.311293][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.324766][ T1728] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.331890][ T1728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.351419][ T3303] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.361883][ T3303] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.392562][ T3310] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.403119][ T3310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.486338][ T3304] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.510137][ T3309] veth0_vlan: entered promiscuous mode [ 29.531582][ T3309] veth1_vlan: entered promiscuous mode [ 29.546100][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.557556][ T3303] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.576009][ T3305] veth0_vlan: entered promiscuous mode [ 29.583651][ T3305] veth1_vlan: entered promiscuous mode [ 29.606885][ T3309] veth0_macvtap: entered promiscuous mode [ 29.638855][ T3305] veth0_macvtap: entered promiscuous mode [ 29.654473][ T3305] veth1_macvtap: entered promiscuous mode [ 29.667050][ T3309] veth1_macvtap: entered promiscuous mode [ 29.681728][ T3304] veth0_vlan: entered promiscuous mode [ 29.696022][ T3304] veth1_vlan: entered promiscuous mode [ 29.704574][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.722871][ T3310] veth0_vlan: entered promiscuous mode [ 29.730359][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.742517][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.758590][ T3310] veth1_vlan: entered promiscuous mode [ 29.765991][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.773721][ T3304] veth0_macvtap: entered promiscuous mode [ 29.790406][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.799167][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.812067][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.821329][ T3304] veth1_macvtap: entered promiscuous mode [ 29.830528][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.848016][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.860745][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.870527][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.880792][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.884013][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 29.884027][ T29] audit: type=1400 audit(1755980887.088:81): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/root/syzkaller.Ob3GM4/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 29.892859][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.895803][ T29] audit: type=1400 audit(1755980887.088:82): avc: denied { mount } for pid=3309 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 29.924180][ T3310] veth0_macvtap: entered promiscuous mode [ 29.927321][ T29] audit: type=1400 audit(1755980887.088:83): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/root/syzkaller.Ob3GM4/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 29.980098][ T29] audit: type=1400 audit(1755980887.088:84): avc: denied { mount } for pid=3309 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 30.001864][ T29] audit: type=1400 audit(1755980887.088:85): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/root/syzkaller.Ob3GM4/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 30.028469][ T29] audit: type=1400 audit(1755980887.088:86): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/root/syzkaller.Ob3GM4/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 30.055773][ T29] audit: type=1400 audit(1755980887.088:87): avc: denied { unmount } for pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 30.077142][ T29] audit: type=1400 audit(1755980887.288:88): avc: denied { mounton } for pid=3309 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 30.079102][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.099858][ T29] audit: type=1400 audit(1755980887.288:89): avc: denied { mount } for pid=3309 comm="syz-executor" name="/" dev="gadgetfs" ino=4768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 30.130188][ T3310] veth1_macvtap: entered promiscuous mode [ 30.139333][ T3309] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 30.142478][ T3303] veth0_vlan: entered promiscuous mode [ 30.174441][ T3303] veth1_vlan: entered promiscuous mode [ 30.182130][ T29] audit: type=1400 audit(1755980887.378:90): avc: denied { read write } for pid=3309 comm="syz-executor" name="loop2" dev="devtmpfs" ino=102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 30.212545][ T1728] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.223290][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.235667][ T52] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.250024][ T52] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.266696][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.274109][ T52] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.285234][ T3303] veth0_macvtap: entered promiscuous mode [ 30.297370][ T3303] veth1_macvtap: entered promiscuous mode [ 30.314833][ T1728] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.346878][ T1728] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.360533][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.368498][ T52] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.381290][ T52] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.405891][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.430537][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.447547][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.532463][ T3495] loop3: detected capacity change from 0 to 512 [ 30.551176][ T3501] netlink: 56 bytes leftover after parsing attributes in process `syz.1.8'. [ 30.575052][ T3495] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 30.580913][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.595493][ T52] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.646479][ T3495] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 30.664680][ T3510] smc: net device bond0 applied user defined pnetid SYZ0 [ 30.664685][ T3495] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.4: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 30.721628][ T3510] smc: net device bond0 erased user defined pnetid SYZ0 [ 30.747293][ T3310] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 30.798511][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.928031][ T3547] loop4: detected capacity change from 0 to 8192 [ 31.331660][ T3608] loop2: detected capacity change from 0 to 8192 [ 31.491105][ T3637] loop0: detected capacity change from 0 to 512 [ 31.506105][ T3640] vlan2: entered allmulticast mode [ 31.511342][ T3640] hsr0: entered allmulticast mode [ 31.516458][ T3640] hsr_slave_0: entered allmulticast mode [ 31.522097][ T3640] hsr_slave_1: entered allmulticast mode [ 31.552536][ T3637] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 31.574721][ T3637] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.593417][ T3651] SELinux: Context system_u:object_r:udev_exec_t:s0 is not valid (left unmapped). [ 31.597038][ T3640] Zero length message leads to an empty skb [ 31.641100][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.681573][ T3662] sd 0:0:1:0: device reset [ 31.689927][ T3664] loop9: detected capacity change from 0 to 7 [ 31.701782][ T3664] Buffer I/O error on dev loop9, logical block 0, async page read [ 31.710301][ T3664] Buffer I/O error on dev loop9, logical block 0, async page read [ 31.718163][ T3664] loop9: unable to read partition table [ 31.725589][ T3664] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 31.725589][ T3664] ) failed (rc=-5) [ 31.879132][ T3695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 31.887871][ T3695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 31.903871][ T3695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 31.928821][ T3695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 31.937562][ T3695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 31.946349][ T3695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 31.963584][ T3708] syz.4.89 (3708) used greatest stack depth: 10736 bytes left [ 31.996309][ T3695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 32.005112][ T3695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 32.014145][ T3695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 32.104624][ T3732] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3732 comm=syz.2.99 [ 32.117068][ T3732] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=3732 comm=syz.2.99 [ 32.238021][ T3758] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 32.485325][ T3782] +}[@ (3782) used greatest stack depth: 10072 bytes left [ 32.498333][ T3791] loop2: detected capacity change from 0 to 128 [ 32.510167][ T3791] syz.2.124: attempt to access beyond end of device [ 32.510167][ T3791] loop2: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 32.535442][ T12] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x7d [ 32.897478][ T3813] process 'syz.2.133' launched './file1' with NULL argv: empty string added [ 33.020596][ T3825] loop3: detected capacity change from 0 to 128 [ 33.027145][ T3825] ======================================================= [ 33.027145][ T3825] WARNING: The mand mount option has been deprecated and [ 33.027145][ T3825] and is ignored by this kernel. Remove the mand [ 33.027145][ T3825] option from the mount to silence this warning. [ 33.027145][ T3825] ======================================================= [ 33.403444][ T3825] syz.3.137: attempt to access beyond end of device [ 33.403444][ T3825] loop3: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 33.416821][ T3825] Buffer I/O error on dev loop3, logical block 128, lost async page write [ 33.523733][ T3854] syz.2.150 (3854) used greatest stack depth: 10008 bytes left [ 33.640136][ T3870] loop4: detected capacity change from 0 to 1024 [ 33.711684][ T3870] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.923036][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.940651][ T3895] program syz.2.166 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 34.689490][ T3974] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 34.774138][ T3897] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 34.782947][ T3897] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 34.885380][ T29] kauditd_printk_skb: 288 callbacks suppressed [ 34.885394][ T29] audit: type=1326 audit(1755980892.098:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4006 comm="syz.1.218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 34.915097][ T29] audit: type=1326 audit(1755980892.108:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4006 comm="syz.1.218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=155 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 34.938376][ T29] audit: type=1326 audit(1755980892.108:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4006 comm="syz.1.218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 34.965897][ T29] audit: type=1326 audit(1755980892.168:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4006 comm="syz.1.218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 34.989227][ T29] audit: type=1400 audit(1755980892.178:383): avc: denied { name_bind } for pid=4009 comm="syz.2.220" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 35.014318][ T29] audit: type=1400 audit(1755980892.228:384): avc: denied { read write } for pid=4011 comm="syz.0.219" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 35.038532][ T29] audit: type=1400 audit(1755980892.228:385): avc: denied { open } for pid=4011 comm="syz.0.219" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 35.120811][ T29] audit: type=1400 audit(1755980892.308:386): avc: denied { write } for pid=4017 comm="syz.2.223" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 35.177463][ T4033] batman_adv: batadv0: Adding interface: ipvlan2 [ 35.183842][ T4033] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.209525][ T4033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 35.220342][ T4033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 35.231159][ T4033] batman_adv: batadv0: Interface activated: ipvlan2 [ 35.231492][ T29] audit: type=1400 audit(1755980892.438:387): avc: denied { read } for pid=4036 comm="syz.3.232" path="socket:[5756]" dev="sockfs" ino=5756 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 35.287015][ T29] audit: type=1400 audit(1755980892.498:388): avc: denied { write } for pid=4041 comm="syz.4.235" name="rt_acct" dev="proc" ino=4026532507 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 35.367996][ T4052] SELinux: Context is not valid (left unmapped). [ 35.507202][ T4079] netlink: 'syz.4.253': attribute type 10 has an invalid length. [ 35.516924][ T4081] netlink: 'syz.2.254': attribute type 3 has an invalid length. [ 35.532575][ T4079] team0: Port device geneve1 added [ 35.542459][ T4083] syz.2.255 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 36.046952][ T4108] program syz.3.265 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 36.458741][ T4131] loop4: detected capacity change from 0 to 128 [ 36.467807][ T4125] hub 6-0:1.0: USB hub found [ 36.472578][ T4125] hub 6-0:1.0: 8 ports detected [ 36.515977][ T4137] loop4: detected capacity change from 0 to 512 [ 36.522538][ T4137] EXT4-fs: Ignoring removed bh option [ 36.529801][ T4137] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 36.542923][ T4137] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 36.552065][ T4137] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 36.565206][ T4137] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 36.576183][ T4137] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 36.598492][ T4137] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.643876][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.656345][ T4145] __nla_validate_parse: 9 callbacks suppressed [ 36.656361][ T4145] netlink: 8 bytes leftover after parsing attributes in process `syz.2.282'. [ 36.740738][ T4161] netlink: 'syz.0.290': attribute type 3 has an invalid length. [ 36.785625][ T4165] vhci_hcd: invalid port number 96 [ 36.790780][ T4165] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 36.835101][ T4177] macvtap0: refused to change device tx_queue_len [ 36.876596][ T4184] loop4: detected capacity change from 0 to 512 [ 36.886277][ T4184] EXT4-fs: Ignoring removed oldalloc option [ 36.895557][ T4184] EXT4-fs (loop4): 1 truncate cleaned up [ 36.901592][ T4184] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.916478][ T4184] EXT4-fs (loop4): shut down requested (2) [ 36.922495][ T4184] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 36.931997][ T4184] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 36.952653][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.016618][ T4206] netlink: 16 bytes leftover after parsing attributes in process `syz.2.312'. [ 37.026592][ T4210] netlink: 24 bytes leftover after parsing attributes in process `syz.0.307'. [ 37.083598][ T4221] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 37.089111][ T4222] loop3: detected capacity change from 0 to 1024 [ 37.114791][ T4222] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.145267][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.231867][ T4233] loop3: detected capacity change from 0 to 1024 [ 37.248799][ T4233] EXT4-fs: Ignoring removed orlov option [ 37.302927][ T4233] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 37.553889][ T4233] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.657140][ T4247] macvtap0: refused to change device tx_queue_len [ 37.676428][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.846394][ T4274] loop1: detected capacity change from 0 to 2048 [ 37.858791][ T4276] loop3: detected capacity change from 0 to 512 [ 37.866131][ T4274] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.879452][ T4276] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 37.953869][ T4292] netlink: 120 bytes leftover after parsing attributes in process `+}[@'. [ 37.967329][ T4276] EXT4-fs (loop3): 1 orphan inode deleted [ 37.979966][ T4276] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.001095][ T377] EXT4-fs error (device loop3): ext4_release_dquot:6973: comm kworker/u8:5: Failed to release dquot type 1 [ 38.027775][ T4276] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.060410][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.129791][ T4312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.354'. [ 38.146741][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.186799][ T4320] netlink: 7 bytes leftover after parsing attributes in process `syz.1.355'. [ 38.202884][ T4320] netlink: 7 bytes leftover after parsing attributes in process `syz.1.355'. [ 38.232185][ T4319] syz.2.356 (4319) used greatest stack depth: 9384 bytes left [ 38.261054][ T4330] netlink: 120 bytes leftover after parsing attributes in process `+}[@'. [ 38.301750][ T4334] loop2: detected capacity change from 0 to 8192 [ 38.366473][ T4344] loop3: detected capacity change from 0 to 4096 [ 38.377399][ T4344] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 38.407426][ T4344] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.427952][ T4352] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 38.445766][ T4352] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 38.456382][ T4343] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.468277][ T4354] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4354 comm=syz.0.373 [ 38.480671][ T4354] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4354 comm=syz.0.373 [ 38.526356][ T4357] loop1: detected capacity change from 0 to 128 [ 38.661733][ T4376] netlink: 120 bytes leftover after parsing attributes in process `+}[@'. [ 38.887296][ T4408] netlink: 20 bytes leftover after parsing attributes in process `syz.2.398'. [ 38.918813][ T4415] loop3: detected capacity change from 0 to 256 [ 38.926656][ T4405] SELinux: failed to load policy [ 38.933966][ T1031] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=1031 comm=kworker/1:2 [ 38.950168][ T4417] 9pnet: p9_errstr2errno: server reported unknown error 1844674 [ 39.046353][ T4432] loop2: detected capacity change from 0 to 512 [ 39.058578][ T4432] EXT4-fs: Ignoring removed mblk_io_submit option [ 39.065664][ T4432] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 39.108031][ T4432] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 39.127567][ T4432] EXT4-fs (loop2): 1 truncate cleaned up [ 39.141722][ T4432] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.197229][ T4432] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 39.218288][ T4452] netem: change failed [ 39.272039][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.316524][ T4464] loop2: detected capacity change from 0 to 512 [ 39.343846][ T4467] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check. [ 39.418235][ T4464] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.464246][ T4464] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.649387][ T1728] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 39.664726][ T1728] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 7 with error 28 [ 39.676978][ T1728] EXT4-fs (loop2): This should not happen!! Data will be lost [ 39.676978][ T1728] [ 39.686635][ T1728] EXT4-fs (loop2): Total free blocks count 0 [ 39.692664][ T1728] EXT4-fs (loop2): Free/Dirty block details [ 39.698664][ T1728] EXT4-fs (loop2): free_blocks=65280 [ 39.704050][ T1728] EXT4-fs (loop2): dirty_blocks=7 [ 39.709123][ T1728] EXT4-fs (loop2): Block reservation details [ 39.715161][ T1728] EXT4-fs (loop2): i_reserved_data_blocks=7 [ 39.734874][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.797573][ T4492] veth1_macvtap: left promiscuous mode [ 39.842078][ T4492] macsec0: entered promiscuous mode [ 39.922873][ T29] kauditd_printk_skb: 358 callbacks suppressed [ 39.922922][ T29] audit: type=1400 audit(1755980897.128:746): avc: denied { nlmsg_read } for pid=4531 comm="syz.3.456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 39.971350][ T29] audit: type=1400 audit(1755980897.128:747): avc: denied { audit_write } for pid=4531 comm="syz.3.456" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 39.992370][ T29] audit: type=1107 audit(1755980897.128:748): pid=4531 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 40.019121][ T29] audit: type=1400 audit(1755980897.218:749): avc: denied { connect } for pid=4535 comm="syz.2.458" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 40.039611][ T29] audit: type=1400 audit(1755980897.218:750): avc: denied { write } for pid=4535 comm="syz.2.458" laddr=fe80::a lport=255 faddr=fe80::aa scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 40.079147][ T29] audit: type=1400 audit(1755980897.288:751): avc: denied { create } for pid=4539 comm="syz.2.459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 40.115248][ T29] audit: type=1400 audit(1755980897.308:752): avc: denied { connect } for pid=4539 comm="syz.2.459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 40.134754][ T29] audit: type=1400 audit(1755980897.308:753): avc: denied { write } for pid=4539 comm="syz.2.459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 40.185467][ T29] audit: type=1326 audit(1755980897.378:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4542 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e647debe9 code=0x7ffc0000 [ 40.196597][ T4549] loop2: detected capacity change from 0 to 512 [ 40.208717][ T29] audit: type=1326 audit(1755980897.378:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4542 comm="syz.0.461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f2e647debe9 code=0x7ffc0000 [ 40.226496][ T4549] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 40.307075][ T4549] EXT4-fs (loop2): 1 truncate cleaned up [ 40.355273][ T4549] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.407500][ T4566] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in; [ 40.407500][ T4566] program syz.4.471 not setting count and/or reply_len properly [ 40.484742][ T4575] syz.0.473 uses obsolete (PF_INET,SOCK_PACKET) [ 40.492567][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.690836][ T4607] loop1: detected capacity change from 0 to 1024 [ 40.701232][ T4609] sd 0:0:1:0: device reset [ 40.719109][ T4607] EXT4-fs: Ignoring removed oldalloc option [ 40.730646][ T4607] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 40.739909][ T4610] ipvlan2: entered promiscuous mode [ 40.753596][ T4610] bridge0: port 3(ipvlan2) entered blocking state [ 40.760278][ T4610] bridge0: port 3(ipvlan2) entered disabled state [ 40.767905][ T4610] ipvlan2: entered allmulticast mode [ 40.773221][ T4610] bridge0: entered allmulticast mode [ 40.789539][ T4607] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.791241][ T4610] ipvlan2: left allmulticast mode [ 40.806877][ T4610] bridge0: left allmulticast mode [ 40.828357][ T4627] loop4: detected capacity change from 0 to 256 [ 40.833612][ T4619] vlan2: entered allmulticast mode [ 40.839833][ T4619] hsr0: entered allmulticast mode [ 40.844861][ T4619] hsr_slave_0: entered allmulticast mode [ 40.850533][ T4619] hsr_slave_1: entered allmulticast mode [ 40.881055][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.906954][ T4633] loop1: detected capacity change from 0 to 1024 [ 40.918488][ T4633] EXT4-fs: Ignoring removed orlov option [ 40.935983][ T4633] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.958838][ T4641] loop4: detected capacity change from 0 to 512 [ 40.986975][ T4647] loop2: detected capacity change from 0 to 512 [ 41.004307][ T4647] EXT4-fs (loop2): orphan cleanup on readonly fs [ 41.012416][ T4647] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 248: padding at end of block bitmap is not set [ 41.029683][ T4633] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.502: bg 0: block 88: padding at end of block bitmap is not set [ 41.051109][ T4647] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 41.053572][ T4655] 9pnet_fd: Insufficient options for proto=fd [ 41.071199][ T4641] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.085112][ T4647] EXT4-fs (loop2): 1 truncate cleaned up [ 41.088194][ T4641] ext4 filesystem being mounted at /99/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.102305][ T4647] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 41.115021][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.138538][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.151837][ T4647] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 41.160840][ T4659] loop3: detected capacity change from 0 to 512 [ 41.174301][ T4647] EXT4-fs warning (device loop2): read_mmp_block:115: Error -117 while reading MMP block 0 [ 41.214879][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.226039][ T4659] EXT4-fs (loop3): too many log groups per flexible block group [ 41.233750][ T4659] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 41.234874][ T4668] vlan2: entered allmulticast mode [ 41.245742][ T4668] hsr0: entered allmulticast mode [ 41.250780][ T4668] hsr_slave_0: entered allmulticast mode [ 41.251688][ T4671] loop0: detected capacity change from 0 to 128 [ 41.256451][ T4668] hsr_slave_1: entered allmulticast mode [ 41.263574][ T4659] EXT4-fs (loop3): mount failed [ 41.278781][ T4671] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 41.294677][ T4671] System zones: 1-3, 19-19, 35-36 [ 41.300380][ T4671] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 41.314747][ T4671] ext4 filesystem being mounted at /103/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 41.390916][ T4686] loop2: detected capacity change from 0 to 512 [ 41.409312][ T4686] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.425641][ T3305] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 41.435027][ T4686] ext4 filesystem being mounted at /136/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.468694][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.508726][ T4703] netlink: 'syz.0.531': attribute type 3 has an invalid length. [ 41.560665][ T4711] vlan2: entered allmulticast mode [ 41.565972][ T4711] hsr0: entered allmulticast mode [ 41.571130][ T4711] hsr_slave_0: entered allmulticast mode [ 41.576794][ T4711] hsr_slave_1: entered allmulticast mode [ 41.663821][ T4722] loop1: detected capacity change from 0 to 512 [ 41.671043][ T4722] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 41.683144][ T4722] EXT4-fs (loop1): 1 truncate cleaned up [ 41.689297][ T4722] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.735336][ T4727] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in; [ 41.735336][ T4727] program syz.2.538 not setting count and/or reply_len properly [ 41.781255][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.817717][ T4735] __nla_validate_parse: 13 callbacks suppressed [ 41.817731][ T4735] netlink: 34 bytes leftover after parsing attributes in process `syz.0.543'. [ 41.844818][ T4736] netlink: 'syz.4.545': attribute type 3 has an invalid length. [ 41.947872][ T4758] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in; [ 41.947872][ T4758] program syz.1.556 not setting count and/or reply_len properly [ 41.948839][ T4759] loop4: detected capacity change from 0 to 512 [ 41.972539][ T4759] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 42.001972][ T4759] EXT4-fs (loop4): 1 truncate cleaned up [ 42.009588][ T4759] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.044068][ T4770] netlink: 'syz.3.561': attribute type 3 has an invalid length. [ 42.074785][ T4772] netlink: 'syz.1.562': attribute type 10 has an invalid length. [ 42.077060][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.082659][ T4772] netlink: 40 bytes leftover after parsing attributes in process `syz.1.562'. [ 42.130685][ T4772] team0: Port device geneve1 added [ 42.204965][ T4780] loop9: detected capacity change from 0 to 7 [ 42.234157][ T4780] Buffer I/O error on dev loop9, logical block 0, async page read [ 42.242759][ T4780] Buffer I/O error on dev loop9, logical block 0, async page read [ 42.250721][ T4780] loop9: unable to read partition table [ 42.267610][ T4793] netlink: 16 bytes leftover after parsing attributes in process `syz.0.571'. [ 42.271208][ T4780] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 42.271208][ T4780] ) failed (rc=-5) [ 42.341793][ T4802] netlink: 'syz.3.575': attribute type 10 has an invalid length. [ 42.349708][ T4802] netlink: 40 bytes leftover after parsing attributes in process `syz.3.575'. [ 42.373246][ T4802] team0: Port device geneve1 added [ 42.699287][ T4851] loop4: detected capacity change from 0 to 512 [ 42.707980][ T4851] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 42.729922][ T4853] loop0: detected capacity change from 0 to 512 [ 42.738460][ T4851] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.760563][ T4853] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 42.776756][ T4851] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 3: comm syz.4.597: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 42.828993][ T4853] EXT4-fs (loop0): 1 truncate cleaned up [ 42.845326][ T4853] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.859712][ T4851] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 12: comm syz.4.597: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 42.907743][ T4851] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 13: comm syz.4.597: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 42.929518][ T4851] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 14: comm syz.4.597: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 42.951952][ T4851] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 15: comm syz.4.597: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 42.974030][ T4851] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 16: comm syz.4.597: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 42.997890][ T4851] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 17: comm syz.4.597: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 43.021026][ T4851] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #2: block 18: comm syz.4.597: lblock 23 mapped to illegal pblock 18 (length 1) [ 43.057195][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.076786][ T4851] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 19: comm syz.4.597: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 43.125458][ T4851] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 20: comm syz.4.597: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 43.359954][ T4909] loop0: detected capacity change from 0 to 1024 [ 43.379033][ T4909] EXT4-fs: Ignoring removed orlov option [ 43.407714][ T4909] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.468233][ T4909] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.620: bg 0: block 88: padding at end of block bitmap is not set [ 43.521695][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.562669][ T4923] netlink: 8 bytes leftover after parsing attributes in process `syz.3.625'. [ 43.647790][ T3303] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 43.707189][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.808340][ T4954] 9pnet_fd: Insufficient options for proto=fd [ 43.847379][ T4959] loop0: detected capacity change from 0 to 256 [ 43.868744][ T4966] loop3: detected capacity change from 0 to 512 [ 43.878271][ T4966] EXT4-fs (loop3): orphan cleanup on readonly fs [ 43.886407][ T4966] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 248: padding at end of block bitmap is not set [ 43.917718][ T4966] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 43.941306][ T4966] EXT4-fs (loop3): 1 truncate cleaned up [ 43.941588][ T4969] netlink: 8 bytes leftover after parsing attributes in process `syz.0.647'. [ 43.955872][ T4969] netlink: 4 bytes leftover after parsing attributes in process `syz.0.647'. [ 43.966019][ T4966] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 43.994393][ T4966] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 44.018600][ T4966] EXT4-fs warning (device loop3): read_mmp_block:115: Error -117 while reading MMP block 0 [ 44.048652][ T4978] ipvlan3: entered promiscuous mode [ 44.059436][ T4978] bridge0: port 3(ipvlan3) entered blocking state [ 44.066047][ T4978] bridge0: port 3(ipvlan3) entered disabled state [ 44.095050][ T4978] ipvlan3: entered allmulticast mode [ 44.100385][ T4978] bridge0: entered allmulticast mode [ 44.106661][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.116620][ T4978] ipvlan3: left allmulticast mode [ 44.121668][ T4978] bridge0: left allmulticast mode [ 44.173625][ T4988] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 44.325188][ T5004] netlink: 4 bytes leftover after parsing attributes in process `syz.2.664'. [ 44.534521][ T5016] program syz.2.679 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 44.554412][ T5020] netlink: 'syz.1.670': attribute type 3 has an invalid length. [ 44.610951][ T5030] loop2: detected capacity change from 0 to 256 [ 44.766363][ T5037] loop0: detected capacity change from 0 to 512 [ 44.796144][ T5037] EXT4-fs (loop0): orphan cleanup on readonly fs [ 44.805785][ T5037] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 248: padding at end of block bitmap is not set [ 44.819816][ T5037] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 44.832262][ T5037] EXT4-fs (loop0): 1 truncate cleaned up [ 44.869359][ T5037] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 44.888216][ T5037] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 44.934299][ T5037] EXT4-fs warning (device loop0): read_mmp_block:115: Error -117 while reading MMP block 0 [ 44.966176][ T5037] +}[@ (5037) used greatest stack depth: 9280 bytes left [ 45.020223][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.027941][ T29] kauditd_printk_skb: 237 callbacks suppressed [ 45.027959][ T29] audit: type=1326 audit(1755980902.218:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5059 comm="syz.1.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 45.058980][ T29] audit: type=1326 audit(1755980902.218:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5059 comm="syz.1.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 45.082233][ T29] audit: type=1326 audit(1755980902.228:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5059 comm="syz.1.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 45.105485][ T29] audit: type=1326 audit(1755980902.228:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5059 comm="syz.1.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 45.163062][ T5070] loop0: detected capacity change from 0 to 128 [ 45.170615][ T29] audit: type=1400 audit(1755980902.348:991): avc: denied { lock } for pid=5063 comm="syz.3.691" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=9472 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 45.196168][ T29] audit: type=1400 audit(1755980902.348:992): avc: denied { create } for pid=5066 comm="syz.1.692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 45.215995][ T29] audit: type=1400 audit(1755980902.348:993): avc: denied { connect } for pid=5066 comm="syz.1.692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 45.235602][ T29] audit: type=1326 audit(1755980902.368:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.0.689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e647debe9 code=0x7ffc0000 [ 45.258907][ T29] audit: type=1326 audit(1755980902.368:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.0.689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e647debe9 code=0x7ffc0000 [ 45.282121][ T29] audit: type=1326 audit(1755980902.368:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.0.689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2e647debe9 code=0x7ffc0000 [ 45.470903][ T5094] smc: net device bond0 applied user defined pnetid SYZ0 [ 45.479541][ T5093] loop1: detected capacity change from 0 to 512 [ 45.514298][ T5093] EXT4-fs: Ignoring removed bh option [ 45.520451][ T5093] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 45.529598][ T5093] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 45.541195][ T5094] smc: net device bond0 erased user defined pnetid SYZ0 [ 45.549118][ T5093] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 45.559786][ T5093] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 45.575145][ T5099] loop4: detected capacity change from 0 to 512 [ 45.581894][ T5093] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.598284][ T5099] EXT4-fs (loop4): orphan cleanup on readonly fs [ 45.614014][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.625583][ T5099] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 248: padding at end of block bitmap is not set [ 45.640052][ T5099] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 45.654269][ T5099] EXT4-fs (loop4): 1 truncate cleaned up [ 45.661029][ T5099] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 45.676123][ T5099] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 45.691421][ T5107] loop3: detected capacity change from 0 to 512 [ 45.697748][ T5099] EXT4-fs warning (device loop4): read_mmp_block:115: Error -117 while reading MMP block 0 [ 45.710401][ T5107] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 45.721631][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.723785][ T5107] EXT4-fs (loop3): 1 truncate cleaned up [ 45.736739][ T5107] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.789484][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.821846][ T5118] netlink: 4 bytes leftover after parsing attributes in process `syz.3.711'. [ 45.848104][ T5118] netlink: 4 bytes leftover after parsing attributes in process `syz.3.711'. [ 45.885012][ T5126] bridge0: port 3(vlan2) entered blocking state [ 45.891353][ T5126] bridge0: port 3(vlan2) entered disabled state [ 45.906651][ T5126] vlan2: entered allmulticast mode [ 45.911800][ T5126] bridge0: entered allmulticast mode [ 45.919227][ T5126] vlan2: left allmulticast mode [ 45.924203][ T5126] bridge0: left allmulticast mode [ 45.950344][ T5134] loop3: detected capacity change from 0 to 512 [ 45.956966][ T5134] EXT4-fs: Ignoring removed bh option [ 45.962935][ T5134] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 45.972022][ T5134] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 45.990351][ T5138] loop2: detected capacity change from 0 to 1024 [ 45.996944][ T5134] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 46.008472][ T5134] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 46.016074][ T5138] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 46.024648][ T5134] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.030341][ T5138] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.055739][ T5138] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.732: bg 0: block 88: padding at end of block bitmap is not set [ 46.084079][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.094466][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.105873][ T5143] vhci_hcd: invalid port number 96 [ 46.111003][ T5143] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 46.144244][ T5149] loop1: detected capacity change from 0 to 512 [ 46.168601][ T5149] EXT4-fs (loop1): orphan cleanup on readonly fs [ 46.175740][ T5149] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 248: padding at end of block bitmap is not set [ 46.204338][ T5149] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm +}[@: Failed to acquire dquot type 1 [ 46.270484][ T5149] EXT4-fs (loop1): 1 truncate cleaned up [ 46.281342][ T5161] loop2: detected capacity change from 0 to 128 [ 46.289138][ T5161] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 46.298348][ T5161] System zones: 1-3, 19-19, 35-36 [ 46.303930][ T5161] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 46.318788][ T5161] ext4 filesystem being mounted at /174/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 46.366927][ T5149] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 46.388374][ T5149] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 46.402834][ T5149] EXT4-fs warning (device loop1): read_mmp_block:115: Error -117 while reading MMP block 0 [ 46.414515][ T3309] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 46.465255][ T3304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.499571][ T5171] loop0: detected capacity change from 0 to 512 [ 46.506155][ T5171] EXT4-fs: Ignoring removed bh option [ 46.511902][ T5171] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 46.521038][ T5171] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 46.531543][ T5171] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 46.541008][ T5171] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 46.550441][ T5171] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.577694][ T3305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.679800][ T5186] loop0: detected capacity change from 0 to 128 [ 46.854299][ T5200] loop2: detected capacity change from 0 to 1024 [ 46.866680][ T5200] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.907465][ T3309] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.088346][ T5186] syz.0.740: attempt to access beyond end of device [ 47.088346][ T5186] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 47.101711][ T5186] Buffer I/O error on dev loop0, logical block 128, lost async page write [ 47.116353][ T5192] syz.0.740: attempt to access beyond end of device [ 47.116353][ T5192] loop0: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 47.129799][ T5192] Buffer I/O error on dev loop0, logical block 128, lost async page write [ 47.167768][ T5222] loop4: detected capacity change from 0 to 512 [ 47.181871][ T5224] loop3: detected capacity change from 0 to 512 [ 47.188643][ T5224] EXT4-fs: Ignoring removed oldalloc option [ 47.196294][ T5222] EXT4-fs (loop4): too many log groups per flexible block group [ 47.204017][ T5222] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 47.211041][ T5222] EXT4-fs (loop4): mount failed [ 47.211770][ T5224] EXT4-fs (loop3): 1 truncate cleaned up [ 47.223322][ T5224] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.242155][ T5224] EXT4-fs (loop3): shut down requested (2) [ 47.249381][ T5224] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 47.258564][ T5224] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 47.297991][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.463618][ T5262] loop2: detected capacity change from 0 to 128 [ 47.774260][ T5288] SELinux: policydb table sizes (2,655368) do not match mine (8,7) [ 47.782544][ T5288] SELinux: failed to load policy [ 47.873321][ T5296] loop1: detected capacity change from 0 to 128 [ 47.891966][ T5296] syz.1.790: attempt to access beyond end of device [ 47.891966][ T5296] loop1: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 47.911285][ T5298] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5298 comm=syz.3.791 [ 47.923702][ T5298] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5298 comm=syz.3.791 [ 47.946709][ T5271] syz.2.774: attempt to access beyond end of device [ 47.946709][ T5271] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 47.960050][ T5271] Buffer I/O error on dev loop2, logical block 128, lost async page write [ 47.968760][ T5262] syz.2.774: attempt to access beyond end of device [ 47.968760][ T5262] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 47.982181][ T5262] Buffer I/O error on dev loop2, logical block 128, lost async page write [ 47.991174][ T5262] syz.2.774: attempt to access beyond end of device [ 47.991174][ T5262] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 48.004571][ T5262] Buffer I/O error on dev loop2, logical block 128, lost async page write [ 48.031385][ T5303] loop4: detected capacity change from 0 to 1024 [ 48.045399][ T5303] EXT4-fs: Ignoring removed orlov option [ 48.051612][ T5303] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 48.062479][ T5306] loop3: detected capacity change from 0 to 1024 [ 48.069924][ T5306] EXT4-fs: Ignoring removed bh option [ 48.076755][ T5306] EXT4-fs: inline encryption not supported [ 48.083340][ T5306] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 48.095198][ T5306] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 48.104520][ T5303] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.106348][ T5306] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 2: comm syz.3.793: lblock 2 mapped to illegal pblock 2 (length 1) [ 48.137492][ T5306] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 48: comm syz.3.793: lblock 0 mapped to illegal pblock 48 (length 1) [ 48.152078][ T5306] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.793: Failed to acquire dquot type 0 [ 48.176051][ T5306] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 48.185776][ T5306] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.793: mark_inode_dirty error [ 48.198326][ T5306] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 48.209104][ T5306] EXT4-fs (loop3): 1 orphan inode deleted [ 48.209703][ T3303] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.216368][ T5306] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.237443][ T12] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 48.254843][ T12] EXT4-fs error (device loop3): ext4_release_dquot:6973: comm kworker/u8:0: Failed to release dquot type 0 [ 48.268336][ T5306] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 48.288062][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.306747][ T5320] loop1: detected capacity change from 0 to 4096 [ 48.313940][ T5320] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 48.325804][ T5320] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.354527][ T5320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.417889][ T5337] loop1: detected capacity change from 0 to 128 [ 48.424819][ T5337] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 48.439703][ T5337] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 48.453673][ T5342] loop4: detected capacity change from 0 to 128 [ 48.483819][ T5346] loop1: detected capacity change from 0 to 1024 [ 48.491754][ T5346] EXT4-fs: Ignoring removed orlov option [ 48.498784][ T5346] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 48.527212][ T5346] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.604417][ T5352] loop3: detected capacity change from 0 to 1024 [ 48.634148][ T5352] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 48.657353][ T5352] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.814: bg 0: block 88: padding at end of block bitmap is not set [ 48.769418][ T5368] SELinux: failed to load policy [ 48.770037][ T5366] __nla_validate_parse: 2 callbacks suppressed [ 48.770054][ T5366] netlink: 4 bytes leftover after parsing attributes in process `syz.1.819'. [ 48.832982][ T5376] netlink: 204 bytes leftover after parsing attributes in process `syz.0.823'. [ 48.843590][ T5375] netlink: 12 bytes leftover after parsing attributes in process `syz.3.824'. [ 48.849973][ T5366] netlink: 4 bytes leftover after parsing attributes in process `syz.1.819'. [ 48.852557][ T5375] netlink: 28 bytes leftover after parsing attributes in process `syz.3.824'. [ 48.870183][ T5375] netlink: 12 bytes leftover after parsing attributes in process `syz.3.824'. [ 48.879695][ T5375] netlink: 28 bytes leftover after parsing attributes in process `syz.3.824'. [ 48.888616][ T5375] netlink: 'syz.3.824': attribute type 6 has an invalid length. [ 49.004737][ T5349] syz.4.811: attempt to access beyond end of device [ 49.004737][ T5349] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 49.018117][ T5349] Buffer I/O error on dev loop4, logical block 128, lost async page write [ 49.027420][ T5342] syz.4.811: attempt to access beyond end of device [ 49.027420][ T5342] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 49.040808][ T5342] Buffer I/O error on dev loop4, logical block 128, lost async page write [ 49.055606][ T5349] syz.4.811: attempt to access beyond end of device [ 49.055606][ T5349] loop4: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 49.068940][ T5349] Buffer I/O error on dev loop4, logical block 128, lost async page write [ 49.145156][ T5399] SELinux: policydb table sizes (2,655368) do not match mine (8,7) [ 49.153632][ T5399] SELinux: failed to load policy [ 49.184115][ T5403] netlink: 4 bytes leftover after parsing attributes in process `syz.0.838'. [ 49.197583][ T5405] netlink: 204 bytes leftover after parsing attributes in process `syz.2.837'. [ 49.226420][ T5403] netlink: 4 bytes leftover after parsing attributes in process `syz.0.838'. [ 49.263937][ T5408] loop2: detected capacity change from 0 to 1024 [ 49.271855][ T5408] EXT4-fs: Ignoring removed orlov option [ 49.278786][ T5408] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 49.372908][ T5425] batman_adv: batadv0: Adding interface: ipvlan2 [ 49.379397][ T5425] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 49.400825][ T5427] loop2: detected capacity change from 0 to 256 [ 49.404775][ T5425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.421401][ T5425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.432675][ T5425] batman_adv: batadv0: Interface activated: ipvlan2 [ 49.459554][ T5431] loop0: detected capacity change from 0 to 512 [ 49.466441][ T5431] EXT4-fs: Ignoring removed mblk_io_submit option [ 49.473375][ T5431] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 49.486756][ T5431] EXT4-fs (loop0): 1 truncate cleaned up [ 49.512085][ T5438] netlink: 'syz.2.853': attribute type 6 has an invalid length. [ 49.581700][ T5448] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) ! [ 49.629752][ T5454] pimreg: entered allmulticast mode [ 49.635801][ T5454] pimreg: left allmulticast mode [ 49.703109][ T5462] loop0: detected capacity change from 0 to 512 [ 49.716926][ T5462] ext4 filesystem being mounted at /181/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.793581][ T51] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 49.811733][ T51] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 7 with error 28 [ 49.823953][ T51] EXT4-fs (loop0): This should not happen!! Data will be lost [ 49.823953][ T51] [ 49.833693][ T51] EXT4-fs (loop0): Total free blocks count 0 [ 49.839738][ T51] EXT4-fs (loop0): Free/Dirty block details [ 49.845726][ T51] EXT4-fs (loop0): free_blocks=65280 [ 49.851222][ T51] EXT4-fs (loop0): dirty_blocks=7 [ 49.856380][ T51] EXT4-fs (loop0): Block reservation details [ 49.862548][ T51] EXT4-fs (loop0): i_reserved_data_blocks=7 [ 49.869584][ T5475] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) ! [ 49.954565][ T5492] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5492 comm=syz.4.878 [ 49.998237][ T5503] SELinux: Context system_u:object_r:getty_exec_t:s0 is not valid (left unmapped). [ 50.121498][ T29] kauditd_printk_skb: 348 callbacks suppressed [ 50.121514][ T29] audit: type=1400 audit(1755980907.328:1338): avc: denied { read } for pid=5525 comm="syz.3.889" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 50.150885][ T29] audit: type=1400 audit(1755980907.328:1339): avc: denied { open } for pid=5525 comm="syz.3.889" path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 50.179151][ T29] audit: type=1326 audit(1755980907.388:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5529 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 50.202660][ T29] audit: type=1326 audit(1755980907.388:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5529 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 50.226106][ T29] audit: type=1326 audit(1755980907.388:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5529 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 50.249415][ T29] audit: type=1326 audit(1755980907.388:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5529 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 50.277470][ T29] audit: type=1326 audit(1755980907.418:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5529 comm="syz.1.891" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 50.316812][ T29] audit: type=1326 audit(1755980907.528:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5533 comm="syz.1.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 50.340308][ T29] audit: type=1326 audit(1755980907.528:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5533 comm="syz.1.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 50.363639][ T29] audit: type=1326 audit(1755980907.528:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5533 comm="syz.1.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f8ce05debe9 code=0x7ffc0000 [ 50.878587][ T5548] loop1: detected capacity change from 0 to 128 [ 51.025227][ T5570] netlink: 'syz.3.911': attribute type 1 has an invalid length. [ 51.052309][ T5572] netlink: 'syz.0.912': attribute type 1 has an invalid length. [ 51.097485][ T5577] loop4: detected capacity change from 0 to 512 [ 51.133028][ T5577] ext4 filesystem being mounted at /172/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.175016][ T5577] syz.4.915 (5577) used greatest stack depth: 9232 bytes left [ 51.245824][ T5597] random: crng reseeded on system resumption [ 51.333153][ T51] ================================================================== [ 51.341254][ T51] BUG: KCSAN: data-race in copy_folio_from_iter_atomic / copy_folio_from_iter_atomic [ 51.350725][ T51] [ 51.353045][ T51] write to 0xffff88811cf31adb of 26 bytes by task 5560 on cpu 1: [ 51.360758][ T51] copy_folio_from_iter_atomic+0x7fc/0x11b0 [ 51.366742][ T51] generic_perform_write+0x2c2/0x490 [ 51.372023][ T51] __generic_file_write_iter+0x9e/0x120 [ 51.377660][ T51] generic_file_write_iter+0x8d/0x2f0 [ 51.383030][ T51] iter_file_splice_write+0x663/0xa60 [ 51.388389][ T51] direct_splice_actor+0x153/0x2a0 [ 51.393490][ T51] splice_direct_to_actor+0x30f/0x680 [ 51.398852][ T51] do_splice_direct+0xda/0x150 [ 51.403610][ T51] do_sendfile+0x380/0x650 [ 51.408029][ T51] __x64_sys_sendfile64+0x105/0x150 [ 51.413225][ T51] x64_sys_call+0x2bb0/0x2ff0 [ 51.417896][ T51] do_syscall_64+0xd2/0x200 [ 51.422399][ T51] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.428297][ T51] [ 51.430608][ T51] read to 0xffff88811cf31a00 of 512 bytes by task 51 on cpu 0: [ 51.438137][ T51] copy_folio_from_iter_atomic+0x7fc/0x11b0 [ 51.444038][ T51] generic_perform_write+0x2c2/0x490 [ 51.449319][ T51] shmem_file_write_iter+0xc5/0xf0 [ 51.454434][ T51] lo_rw_aio+0x69d/0x760 [ 51.458693][ T51] loop_process_work+0x52d/0xa60 [ 51.463656][ T51] loop_workfn+0x31/0x40 [ 51.467896][ T51] process_scheduled_works+0x4ce/0x9d0 [ 51.473369][ T51] worker_thread+0x582/0x770 [ 51.477957][ T51] kthread+0x486/0x510 [ 51.482036][ T51] ret_from_fork+0xda/0x150 [ 51.486536][ T51] ret_from_fork_asm+0x1a/0x30 [ 51.491289][ T51] [ 51.493598][ T51] Reported by Kernel Concurrency Sanitizer on: [ 51.499741][ T51] CPU: 0 UID: 0 PID: 51 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(voluntary) [ 51.509458][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 51.519514][ T51] Workqueue: loop1 loop_workfn [ 51.524289][ T51] ================================================================== [ 51.547157][ T5560] syz.1.900: attempt to access beyond end of device [ 51.547157][ T5560] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 51.560535][ T5560] Buffer I/O error on dev loop1, logical block 128, lost async page write [ 51.569338][ T5548] Buffer I/O error on dev loop1, logical block 128, lost async page write