last executing test programs: 38.193399133s ago: executing program 0 (id=412): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000010080)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x7, 0x0, 0x0, 0xc2f00, 0xd, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18) syz_mount_image$iso9660(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0016150b3f000000000000f0d4354b5a255ada7999001fc8f9e982365349739b3c7c9b5e8deb88405cc272b3be8ccfb503a2273297f601e86c6be6fb632414e1d0e9b21ce82dbf007799fe5492a936da23ab3b6539199a736055c647615f7cac5c45e94860a05844b846a6f8254252a17f35c8f5355bfdd3f62dd2f30f129a"], 0x1, 0x521, &(0x7f00000013c0)="$eJzs3MFu3MYZAGBSlmBBBYQCQWJF8YFxelAP2XBXtQwhJ5bLlZjsLhckFcinIqilQKiUFk0LNL754rZA+xC+9gl66msUfQijj9CCy1Ut25Ll2q7WNb4PkGZ2+XPmH2I1g6UwDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAIEz7cdwNg2E+3tuPLpb2y2L0guOn7f31qeIF/QZB2PwEy8vBWvvW2ntPDr/f/LoV3Ghf3QiWm2I5uP+DD374+XuLC6fnvyChK/Hd9/d/8fXx8cGv553InOxk47wq8lGyk0V5VUTbW1vxZ7uDKhrkw6y6W9XZKErLLKmLMtpIfxx1t7c3o6xzt9gb7/STYXb65p1Pe3G8FX3RmWRJWRXjz77oVOluPhzm451pTHO4ibnTfBC/zOuozpJRFB0eHR9sXpZkE9R9maDeZUG9uNfrdnu97tbt7dt34njxuTfiZwS9uPf+ahA8iZj/h5b5esMzOLy6f83WfwAAAODdFU7vsTff/5em9+HDYJAPs3jeaQEAAABv0PQ//zeaYqmprQWh7/8AAADwrvnD2T1218/bY1dNrod/+2dQlkvhg8n+j8KTpAlPTq615117tsV6sB6uzhqZFluLs1dpdjP8sA368DT68aw4vGyvX/gGEgj+FKy3Mev32vLe6ZG2l5VBPsw6aTH8vBskyepCne3Xv/326HfBdPh/HI9Ww+Dw6Pig8/NfHt+b5vKgaeXByWwDxXP7KJpcNq639bO5/P0f05stU2vnj3hpeiNm1u9K2298dvwL7ekL/8X4HwYftTEfrbTlytPjX2767HYuGv0si+7LjvzCLG62MTc3PmmKTzbOyaJ3WRa9s1m80rV4iSw2L8ti8zWzAJiXw0tWofD5hf8VZrmrWd0fBh+3MR+vTyfWxfVzZvT4shk9fs3V7S/BrTbm1mnwRWts0++fn1lVHzUnPLqw32rYC5tLeO03J78KPvju+/ufHp18/c3BNwff9nqbW/FP4vh2L1iaDmNWWHsAOEdWPg5X6t+HZZlPftbd3u4m9W4WlUX6ZVTm/Z0sysd1Vqa7yXgniyZlURdpMWwqX+X9rIqqvcmkKOtoUJTRpKjy/emTX6LZo1+qbJSM6zytJsMsqbIoLcZ1ktZRP6/SaLL302Fe7Wbl9ORqkqX5IE+TOi/GUVXslWnWiaIqy84E5v1sXOeDvKmOo0mZj5LybvRVMdwbZVE/q9Iyn9RF2+BpX/l4UJSjabOdeV9sAHhL/OcJdv/DyrzHCAA8zSoNAAAAAAAAAAAAAABvv6vY/6fyllUWgnmnEQRzvwhXXVn+P/uLm/PEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn+HcAAAD//6wfn3A=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001500)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) 38.176033653s ago: executing program 0 (id=415): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000220000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='mm_page_free\x00', r1}, 0x18) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) 38.118279615s ago: executing program 0 (id=418): socket(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$bt_hci(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000320100f1"], 0x138) 38.058298156s ago: executing program 0 (id=422): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r0, &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000080)={0x2, 0xf8, 0x40000, {r0}}, 0x20) 38.047729436s ago: executing program 0 (id=426): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000005000000020000000700000041"], 0x2a) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 37.789378841s ago: executing program 0 (id=436): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000540)="1a", 0x1, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x100, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="89", 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) sendmmsg$inet6(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="acedd1b0880f", 0x33b40}], 0x1}}], 0x1, 0x4040004) 37.789136351s ago: executing program 32 (id=436): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000540)="1a", 0x1, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x100, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="89", 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) sendmmsg$inet6(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="acedd1b0880f", 0x33b40}], 0x1}}], 0x1, 0x4040004) 1.488427461s ago: executing program 4 (id=1795): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r2, 0x13) 1.342044564s ago: executing program 4 (id=1806): pause() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) r0 = gettid() rt_sigaction(0x16, &(0x7f0000000080)={0x0, 0x90000003, 0x0}, 0x0, 0x8, &(0x7f0000000200)) tkill(r0, 0x16) 1.308021855s ago: executing program 2 (id=1797): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x9, 0x4, 0x8, 0x10}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2c, r3, 0x301, 0x0, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}]}, 0x2c}}, 0x40006) 1.222133656s ago: executing program 2 (id=1799): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x18) io_setup(0x9, &(0x7f0000000080)=0x0) io_pgetevents(r3, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], &(0x7f0000000180)={0x0, 0x3938700}, 0x0) 1.04148471s ago: executing program 2 (id=1807): symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000003640)='kfree\x00', r1, 0x0, 0x400}, 0x18) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdn:Dd', 0x0) 1.008667721s ago: executing program 2 (id=1811): dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = io_uring_setup(0x1694, &(0x7f0000000080)={0x0, 0x94d7, 0x0, 0x0, 0x97}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x0, 0x0, 0x2) 777.176755ms ago: executing program 2 (id=1813): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r1, 0x0, 0x8}, 0x18) mremap(&(0x7f0000000000/0x9000)=nil, 0x200003, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) 775.460895ms ago: executing program 5 (id=1824): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) kexec_load(0xf5, 0x1, &(0x7f0000000b80)=[{&(0x7f00000004c0)=')', 0x1, 0x0, 0x1000}], 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef) 774.945176ms ago: executing program 1 (id=1825): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x2, 0x2, 0x3, 0x2, {0xa, 0x4e20, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x9}}}, 0x32) getsockopt(r2, 0x111, 0x4, 0x0, &(0x7f0000000080)) 671.819577ms ago: executing program 5 (id=1815): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='mountinfo\x00') r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xd83d, 0x10000, 0x1, 0x384}, &(0x7f0000000480)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0xc, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x842a}}) io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) 656.005048ms ago: executing program 5 (id=1816): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000001280)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = getpid() sched_getattr(r2, &(0x7f0000000040)={0x38}, 0x38, 0x0) 655.816448ms ago: executing program 1 (id=1817): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000240)=@generic={&(0x7f0000000200)='./file1\x00', 0x0, 0x10}, 0x18) 618.231439ms ago: executing program 1 (id=1819): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x18) io_setup(0x9, &(0x7f0000000080)=0x0) io_pgetevents(r3, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], &(0x7f0000000180)={0x0, 0x3938700}, 0x0) 564.987849ms ago: executing program 5 (id=1820): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1, 0x0, 0x80000}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x5, &(0x7f0000000700)=ANY=[@ANYBLOB="18020000fffdffff0000000000000000850000004100000085000000d000000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 466.056301ms ago: executing program 2 (id=1821): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) close(r0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r1, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x20086}], 0x1}}], 0x1, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c) 451.684291ms ago: executing program 4 (id=1823): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r2, 0x0, 0x5}, 0x18) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f00000009c0)={[{@errors_remount}, {@debug}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@jqfmt_vfsv1}, {@abort}, {@data_err_ignore}]}, 0x2, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=") ioctl$USBDEVFS_CONTROL(r0, 0x8008551c, &(0x7f0000000180)={0x1, 0x18, 0x0, 0x1, 0x0, 0x0, 0x0}) 370.549693ms ago: executing program 1 (id=1826): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xc, 0x0, 0x0, 0x0, [@sadb_key={0x1, 0x9}, @sadb_address={0x3, 0x6, 0x6c}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x2, 0x6, 0xb}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}, @sadb_x_sec_ctx={0x1, 0x18, 0x3, 0x6}]}, 0x60}, 0x1, 0x7}, 0x0) 343.450614ms ago: executing program 4 (id=1827): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0xa}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x8000000, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 342.774804ms ago: executing program 3 (id=1838): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) r1 = syz_open_dev$vcsa(0x0, 0x1, 0x1) fchownat(r1, 0x0, 0x0, 0x0, 0x1000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0x8}, 0x18) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff02000000000000000000000000000102000003"], 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[], 0x0) 328.680714ms ago: executing program 5 (id=1828): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_bp={0x0, 0x1e}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000008}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 273.045725ms ago: executing program 1 (id=1829): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18) ioctl$sock_bt_hci(r0, 0x400448dd, 0x0) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) 272.663265ms ago: executing program 3 (id=1831): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000900)='Z', 0xffaa}, {&(0x7f0000000040)="a3d7f3e8a9cf9e3887a6f6eca30e90d85fcfa281378973ab916b0e1d03bd28bca55c552da8cfecb0fbccbfb18ef20fe9541e0e1e8fa214cb6bb0455c2386f5ebb4730be449beb72f481c1429d6eb835b76fd1fdcacd50b884c98caa871ec4e225b6036b6ad2638ab5b06828c10fc355b170075f37b748b8f466fe29f40ec981d1431132bca9884654780b3205ed61f49c3b3b6229593e61d13a8505de19a8a0f502d4f3148f9450ed35ef5950bb7fefcf299beed14", 0xb5}], 0x2}, 0x0) recvmmsg(r0, &(0x7f0000005680)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/120, 0x78}], 0x24}}], 0x1, 0x0, 0x0) 249.502325ms ago: executing program 3 (id=1832): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x5, &(0x7f0000000700)=ANY=[@ANYBLOB="18020000fffdffff0000000000000000850000004100000085000000d000000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 248.896646ms ago: executing program 1 (id=1833): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000a40)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@norecovery}, {@resuid}, {@quota}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000009c0)="3bf5", 0x2) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 241.527256ms ago: executing program 3 (id=1834): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000002b0900020073797a310000000008000a4014"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0x7}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 154.124028ms ago: executing program 3 (id=1835): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x129502, 0x148) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xfecc) fallocate(r0, 0x0, 0xbf5, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000300)={0xc, r0, 0x0, 0x0, 0x1, 0x7}) 879.24µs ago: executing program 3 (id=1836): pause() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) r0 = gettid() rt_sigaction(0x16, &(0x7f0000000080)={0x0, 0x90000003, 0x0}, 0x0, 0x8, &(0x7f0000000200)) tkill(r0, 0x16) 577.42µs ago: executing program 4 (id=1837): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9) r2 = open(&(0x7f0000000000)='./bus\x00', 0x1050c1, 0x170) fgetxattr(r2, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0) 369.56µs ago: executing program 5 (id=1839): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x763, 0x5, 0xc, 0x9}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 0s ago: executing program 4 (id=1848): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_opts(r2, 0x0, 0x4, 0x0, 0x0) kernel console output (not intermixed with test programs): 560 would solve the problem. [ 26.304830][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 26.331333][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.338715][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.345936][ T3310] bridge_slave_0: entered allmulticast mode [ 26.352485][ T3310] bridge_slave_0: entered promiscuous mode [ 26.359082][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 26.366253][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 26.392330][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 26.415953][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.423112][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.430231][ T3310] bridge_slave_1: entered allmulticast mode [ 26.436976][ T3310] bridge_slave_1: entered promiscuous mode [ 26.474978][ T3302] hsr_slave_0: entered promiscuous mode [ 26.480934][ T3302] hsr_slave_1: entered promiscuous mode [ 26.486919][ T3302] debugfs: 'hsr0' already exists in 'hsr' [ 26.492839][ T3302] Cannot create hsr debugfs directory [ 26.508228][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.520888][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.539827][ T3306] hsr_slave_0: entered promiscuous mode [ 26.546194][ T3306] hsr_slave_1: entered promiscuous mode [ 26.552284][ T3306] debugfs: 'hsr0' already exists in 'hsr' [ 26.558095][ T3306] Cannot create hsr debugfs directory [ 26.585722][ T3310] team0: Port device team_slave_0 added [ 26.602166][ T3310] team0: Port device team_slave_1 added [ 26.655353][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 26.662419][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 26.688857][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 26.714316][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 26.721289][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 26.748080][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 26.796238][ T3310] hsr_slave_0: entered promiscuous mode [ 26.802597][ T3310] hsr_slave_1: entered promiscuous mode [ 26.808443][ T3310] debugfs: 'hsr0' already exists in 'hsr' [ 26.814303][ T3310] Cannot create hsr debugfs directory [ 26.854956][ T3301] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 26.864057][ T3301] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 26.883159][ T3301] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 26.891421][ T3301] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 26.923739][ T3302] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 26.933054][ T3302] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 26.944771][ T3302] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 26.956054][ T3302] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 26.982774][ T3308] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 26.997382][ T3308] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 27.013757][ T3308] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 27.024618][ T3308] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 27.052679][ T3306] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 27.068065][ T3306] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 27.076518][ T3306] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 27.087036][ T3306] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 27.126179][ T3301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.140147][ T3310] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 27.148925][ T3310] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 27.159920][ T3310] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 27.170357][ T3302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.181741][ T3310] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 27.203470][ T3301] 8021q: adding VLAN 0 to HW filter on device team0 [ 27.216680][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.223807][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.237708][ T3302] 8021q: adding VLAN 0 to HW filter on device team0 [ 27.246277][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.253520][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.269640][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.276757][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.293557][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.300661][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.318762][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.331442][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.345188][ T3301] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 27.355641][ T3301] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 27.378602][ T3308] 8021q: adding VLAN 0 to HW filter on device team0 [ 27.392523][ T3302] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 27.402972][ T3302] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 27.430900][ T3306] 8021q: adding VLAN 0 to HW filter on device team0 [ 27.443256][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.450346][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.462672][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.469850][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.480991][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.488151][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.510735][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.529285][ T3306] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 27.539847][ T3306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 27.561573][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.569716][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.591088][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 27.610004][ T3302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 27.621519][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.628634][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.644122][ T3308] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 27.654700][ T3308] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 27.689806][ T3310] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 27.700480][ T3310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 27.717580][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.724865][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.743054][ T3301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 27.757733][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 27.789695][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 27.820527][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 27.944017][ T3301] veth0_vlan: entered promiscuous mode [ 27.966628][ T3310] veth0_vlan: entered promiscuous mode [ 27.977723][ T3301] veth1_vlan: entered promiscuous mode [ 27.988654][ T3302] veth0_vlan: entered promiscuous mode [ 28.007793][ T3308] veth0_vlan: entered promiscuous mode [ 28.014904][ T3310] veth1_vlan: entered promiscuous mode [ 28.024570][ T3302] veth1_vlan: entered promiscuous mode [ 28.037897][ T3302] veth0_macvtap: entered promiscuous mode [ 28.045849][ T3302] veth1_macvtap: entered promiscuous mode [ 28.059939][ T3308] veth1_vlan: entered promiscuous mode [ 28.066784][ T3301] veth0_macvtap: entered promiscuous mode [ 28.080040][ T3310] veth0_macvtap: entered promiscuous mode [ 28.089119][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.099209][ T3306] veth0_vlan: entered promiscuous mode [ 28.109825][ T3310] veth1_macvtap: entered promiscuous mode [ 28.116975][ T3301] veth1_macvtap: entered promiscuous mode [ 28.129653][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.138199][ T3306] veth1_vlan: entered promiscuous mode [ 28.148443][ T3302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.162770][ T155] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.171560][ T155] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.182105][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.191156][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.206691][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.214018][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.224682][ T3308] veth0_macvtap: entered promiscuous mode [ 28.242881][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.252762][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 28.252777][ T29] audit: type=1400 audit(1756850289.181:81): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/root/syzkaller.7yulHx/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 28.257725][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.259123][ T29] audit: type=1400 audit(1756850289.181:82): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 28.284494][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.292076][ T29] audit: type=1400 audit(1756850289.181:83): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/root/syzkaller.7yulHx/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 28.316544][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.323904][ T29] audit: type=1400 audit(1756850289.181:84): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 28.352286][ T3308] veth1_macvtap: entered promiscuous mode [ 28.358448][ T29] audit: type=1400 audit(1756850289.181:85): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/root/syzkaller.7yulHx/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 28.412820][ T29] audit: type=1400 audit(1756850289.181:86): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/root/syzkaller.7yulHx/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3559 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 28.440202][ T29] audit: type=1400 audit(1756850289.181:87): avc: denied { unmount } for pid=3302 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 28.463715][ T29] audit: type=1400 audit(1756850289.311:88): avc: denied { mounton } for pid=3302 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 28.464755][ T3306] veth0_macvtap: entered promiscuous mode [ 28.486987][ T29] audit: type=1400 audit(1756850289.311:89): avc: denied { mount } for pid=3302 comm="syz-executor" name="/" dev="gadgetfs" ino=3561 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 28.518738][ T3302] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 28.536548][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.546100][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.555065][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.567723][ T42] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.577594][ T3306] veth1_macvtap: entered promiscuous mode [ 28.587374][ T29] audit: type=1400 audit(1756850289.511:90): avc: denied { read write } for pid=3302 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 28.620059][ T42] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.631558][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.642838][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.656833][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.670826][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.686856][ T31] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.709835][ T3477] mmap: syz.3.4 (3477) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 28.733116][ T31] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.763939][ T42] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.787640][ T42] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.814888][ T42] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.824020][ T42] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.834943][ T42] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.863172][ T42] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.962229][ T3499] hub 2-0:1.0: USB hub found [ 28.979474][ T3499] hub 2-0:1.0: 8 ports detected [ 29.052854][ T3513] vhci_hcd: default hub control req: 2309 v0017 i0000 l0 [ 29.169930][ T3537] netlink: 8 bytes leftover after parsing attributes in process `syz.0.30'. [ 29.313617][ T3556] vhci_hcd: default hub control req: 2309 v0017 i0000 l0 [ 29.385113][ T3572] smc: net device bond0 applied user defined pnetid SYZ0 [ 29.393520][ T3572] smc: net device bond0 erased user defined pnetid SYZ0 [ 29.480579][ T3589] ref_ctr_offset mismatch. inode: 0x4a offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 29.490229][ T3591] syz.2.56 uses obsolete (PF_INET,SOCK_PACKET) [ 29.500863][ T3591] syzkaller1: entered promiscuous mode [ 29.506863][ T3591] syzkaller1: entered allmulticast mode [ 29.665876][ T3614] pim6reg: entered allmulticast mode [ 29.672306][ T3614] pim6reg: left allmulticast mode [ 29.750078][ T3622] loop3: detected capacity change from 0 to 512 [ 29.757137][ T3622] EXT4-fs: Ignoring removed orlov option [ 29.757880][ T3624] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 29.765482][ T3622] EXT4-fs error (device loop3): dx_probe:791: inode #2: comm syz.3.71: Attempting to read directory block (0) that is past i_size (256) [ 29.787766][ T3622] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 29.796483][ T3622] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 29.838763][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 29.838888][ T3630] serio: Serial port ptm0 [ 29.984751][ T3648] pim6reg: entered allmulticast mode [ 29.993076][ T3648] pim6reg: left allmulticast mode [ 30.009013][ T3655] process 'syz.1.83' launched './file0' with NULL argv: empty string added [ 30.038948][ T3662] netlink: 20 bytes leftover after parsing attributes in process `syz.3.85'. [ 30.150649][ T3681] atomic_op ffff88811a72ad28 conn xmit_atomic 0000000000000000 [ 30.202222][ T3689] netlink: 5 bytes leftover after parsing attributes in process `syz.1.98'. [ 30.211352][ T3689] 0{X: renamed from gretap0 (while UP) [ 30.224415][ T3689] 0{X: entered allmulticast mode [ 30.232620][ T3689] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 30.253536][ T3698] serio: Serial port ptm0 [ 30.319981][ T3713] syz.4.108 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 30.349624][ T3709] loop0: detected capacity change from 0 to 4096 [ 30.359903][ T3718] loop4: detected capacity change from 0 to 512 [ 30.372923][ T3709] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 30.387289][ T3718] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 30.400693][ T3718] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 30.424494][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.434739][ T3718] EXT4-fs (loop4): 1 truncate cleaned up [ 30.440876][ T3718] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 30.459224][ T3718] EXT4-fs error (device loop4): ext4_ext_precache:632: inode #15: comm syz.4.109: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 30.493798][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.519161][ T3732] netlink: 16 bytes leftover after parsing attributes in process `syz.4.115'. [ 30.695132][ T3752] netlink: 4 bytes leftover after parsing attributes in process `syz.4.123'. [ 30.755837][ T3755] loop2: detected capacity change from 0 to 164 [ 30.790230][ T3755] syz.2.124: attempt to access beyond end of device [ 30.790230][ T3755] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 30.831959][ T3755] syz.2.124: attempt to access beyond end of device [ 30.831959][ T3755] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 30.901959][ T3763] netlink: 8 bytes leftover after parsing attributes in process `syz.2.128'. [ 31.029932][ T3776] loop4: detected capacity change from 0 to 128 [ 31.044643][ T3776] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 31.057707][ T3776] SELinux: security_context_str_to_sid ($iqr埋A?U<{ט'5?}}wz-&ד\kOwv7c?5'QoٝsmSz=gʯc) failed with errno=-22 [ 31.103175][ T3778] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3778 comm=syz.4.135 [ 31.115636][ T3778] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=3778 comm=syz.4.135 [ 31.282951][ C0] hrtimer: interrupt took 50327 ns [ 31.387023][ T3811] netlink: 12 bytes leftover after parsing attributes in process `syz.1.150'. [ 31.419843][ T3747] syz.3.119 (3747) used greatest stack depth: 10696 bytes left [ 31.556294][ T3829] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 31.565432][ T3829] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 31.585908][ T3829] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 31.654738][ T3847] loop3: detected capacity change from 0 to 512 [ 31.660742][ T3845] loop4: detected capacity change from 0 to 512 [ 31.673593][ T3847] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 31.687389][ T3847] ext4 filesystem being mounted at /31/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.698204][ T3845] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 31.713080][ T3845] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.164: invalid indirect mapped block 2683928664 (level 1) [ 31.727737][ T3845] EXT4-fs (loop4): Remounting filesystem read-only [ 31.736772][ T3845] EXT4-fs (loop4): 1 truncate cleaned up [ 31.742702][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.752085][ T3845] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 31.774788][ T3857] loop1: detected capacity change from 0 to 512 [ 31.775587][ T3845] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.814434][ T3857] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 31.832334][ T3857] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.856728][ T3857] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 31.899405][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.291470][ T3923] loop4: detected capacity change from 0 to 512 [ 32.312904][ T3923] ======================================================= [ 32.312904][ T3923] WARNING: The mand mount option has been deprecated and [ 32.312904][ T3923] and is ignored by this kernel. Remove the mand [ 32.312904][ T3923] option from the mount to silence this warning. [ 32.312904][ T3923] ======================================================= [ 32.366362][ T3923] EXT4-fs: Ignoring removed bh option [ 32.389883][ T3923] EXT4-fs: Ignoring removed i_version option [ 32.412413][ T3923] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 32.414525][ T3929] SELinux: ebitmap: empty map [ 32.423686][ T3923] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 2)! [ 32.438482][ T3923] EXT4-fs (loop4): group descriptors corrupted! [ 32.439738][ T3929] SELinux: failed to load policy [ 32.520485][ T3923] loop4: detected capacity change from 0 to 4096 [ 32.538715][ T3923] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 32.556616][ T3938] program syz.1.204 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 32.567344][ T3938] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 32.621001][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.668778][ T3944] vhci_hcd: invalid port number 96 [ 32.674143][ T3944] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 33.080480][ T3984] af_packet: tpacket_rcv: packet too big, clamped from 24 to 4294967272. macoff=96 [ 33.214751][ T3994] IPVS: stopping master sync thread 3998 ... [ 33.220803][ T3998] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 33.439111][ T4039] 9pnet_fd: Insufficient options for proto=fd [ 33.496187][ T29] kauditd_printk_skb: 295 callbacks suppressed [ 33.496203][ T29] audit: type=1326 audit(1756850294.421:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4075 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9723bd5ba7 code=0x7ffc0000 [ 33.548592][ T29] audit: type=1326 audit(1756850294.421:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4075 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9723b7adb9 code=0x7ffc0000 [ 33.572562][ T29] audit: type=1326 audit(1756850294.421:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4075 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9723bd5ba7 code=0x7ffc0000 [ 33.596119][ T29] audit: type=1326 audit(1756850294.421:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4075 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9723b7adb9 code=0x7ffc0000 [ 33.619460][ T29] audit: type=1326 audit(1756850294.421:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4075 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9723bdebe9 code=0x7ffc0000 [ 33.643373][ T29] audit: type=1326 audit(1756850294.421:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4075 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f9723bdebe9 code=0x7ffc0000 [ 33.666906][ T29] audit: type=1326 audit(1756850294.421:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4075 comm="syz.0.241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9723bdebe9 code=0x7ffc0000 [ 33.692476][ T29] audit: type=1326 audit(1756850294.551:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4077 comm="syz.0.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9723bd5ba7 code=0x7ffc0000 [ 33.715955][ T29] audit: type=1326 audit(1756850294.551:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4077 comm="syz.0.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9723b7adb9 code=0x7ffc0000 [ 33.741301][ T29] audit: type=1326 audit(1756850294.551:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4077 comm="syz.0.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9723bd5ba7 code=0x7ffc0000 [ 33.858632][ T4098] loop4: detected capacity change from 0 to 1024 [ 33.890631][ T4098] EXT4-fs: Ignoring removed bh option [ 33.904606][ T4106] loop2: detected capacity change from 0 to 1024 [ 33.910873][ T4098] EXT4-fs: Ignoring removed orlov option [ 33.916885][ T4098] EXT4-fs: Ignoring removed nomblk_io_submit option [ 33.921359][ T4106] EXT4-fs: Ignoring removed orlov option [ 33.954270][ T4111] loop0: detected capacity change from 0 to 512 [ 33.962478][ T4111] EXT4-fs: Ignoring removed nomblk_io_submit option [ 33.973173][ T4098] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.987300][ T4106] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.009963][ T4111] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 34.018056][ T4111] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 34.068109][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.077185][ T4111] EXT4-fs (loop0): orphan cleanup on readonly fs [ 34.084277][ T4111] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 34.097178][ T4121] netlink: 'syz.1.258': attribute type 10 has an invalid length. [ 34.099353][ T4111] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 34.117135][ T4111] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.256: bg 0: block 40: padding at end of block bitmap is not set [ 34.143120][ T4121] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.149989][ T4111] EXT4-fs (loop0): Remounting filesystem read-only [ 34.151233][ T4121] team0: Port device bond0 added [ 34.163459][ T4111] EXT4-fs (loop0): 1 truncate cleaned up [ 34.169529][ T4111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 34.207738][ T4111] EXT4-fs (loop0): shut down requested (2) [ 34.215836][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.215986][ T4111] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 34.241055][ T4130] loop2: detected capacity change from 0 to 512 [ 34.248186][ T4111] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 34.274544][ T4130] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 34.284620][ T3306] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.306392][ T3363] IPVS: starting estimator thread 0... [ 34.313630][ T4130] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.330940][ T4144] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 34.346374][ T4126] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 3: comm syz.2.259: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 34.390861][ T4126] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 12: comm syz.2.259: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 34.412347][ T4137] IPVS: using max 2832 ests per chain, 141600 per kthread [ 34.463129][ T4144] netlink: 'syz.0.263': attribute type 12 has an invalid length. [ 34.470919][ T4144] netlink: 'syz.0.263': attribute type 29 has an invalid length. [ 34.478905][ T4144] __nla_validate_parse: 13 callbacks suppressed [ 34.478924][ T4144] netlink: 148 bytes leftover after parsing attributes in process `syz.0.263'. [ 34.494321][ T4144] netlink: 'syz.0.263': attribute type 2 has an invalid length. [ 34.502259][ T4144] netlink: 'syz.0.263': attribute type 3 has an invalid length. [ 34.522197][ T4126] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 13: comm syz.2.259: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 34.554125][ T4126] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 14: comm syz.2.259: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 34.602949][ T4126] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 15: comm syz.2.259: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 34.635296][ T4126] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 16: comm syz.2.259: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 34.674212][ T4126] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 17: comm syz.2.259: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 34.745078][ T4126] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #2: block 18: comm syz.2.259: lblock 23 mapped to illegal pblock 18 (length 1) [ 34.761608][ T4126] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 19: comm syz.2.259: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 34.797712][ T4126] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 20: comm syz.2.259: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 34.834202][ T4172] netlink: 'syz.3.279': attribute type 6 has an invalid length. [ 34.868385][ T4174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.280'. [ 34.905400][ T4174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.280'. [ 35.065273][ T3308] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 35.100599][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.114420][ T4184] loop3: detected capacity change from 0 to 512 [ 35.135383][ T4184] EXT4-fs error (device loop3): ext4_xattr_inode_iget:442: comm syz.3.284: error while reading EA inode 32 err=-116 [ 35.169638][ T4184] EXT4-fs (loop3): Remounting filesystem read-only [ 35.176417][ T4184] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 35.189839][ T4184] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 35.200231][ T4184] EXT4-fs (loop3): 1 orphan inode deleted [ 35.208289][ T4184] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.224684][ T4184] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.551266][ T4234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.307'. [ 35.560777][ T4234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.307'. [ 35.595436][ T4241] loop3: detected capacity change from 0 to 2048 [ 35.615685][ T4241] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.652491][ T42] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 35.678113][ T4241] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 35.695870][ T4241] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 33 with error 28 [ 35.708532][ T4241] EXT4-fs (loop3): This should not happen!! Data will be lost [ 35.708532][ T4241] [ 35.718416][ T4241] EXT4-fs (loop3): Total free blocks count 0 [ 35.724536][ T4241] EXT4-fs (loop3): Free/Dirty block details [ 35.730490][ T4241] EXT4-fs (loop3): free_blocks=2415919104 [ 35.736252][ T4241] EXT4-fs (loop3): dirty_blocks=48 [ 35.741368][ T4241] EXT4-fs (loop3): Block reservation details [ 35.747439][ T4241] EXT4-fs (loop3): i_reserved_data_blocks=3 [ 35.758892][ T4241] syz.3.308 (4241) used greatest stack depth: 10424 bytes left [ 35.779252][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.784232][ T4251] syz.1.312 (4251) used greatest stack depth: 9384 bytes left [ 36.514623][ T4304] netlink: 12 bytes leftover after parsing attributes in process `syz.0.334'. [ 36.523658][ T4304] netlink: 'syz.0.334': attribute type 15 has an invalid length. [ 36.536282][ T4304] vxlan0: entered promiscuous mode [ 36.546017][ T4016] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 36.585556][ T4306] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 36.603666][ T4016] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 36.616047][ T4016] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 36.625042][ T4016] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 36.646408][ T4314] netlink: 8 bytes leftover after parsing attributes in process `syz.1.341'. [ 36.655397][ T4314] netlink: 12 bytes leftover after parsing attributes in process `syz.1.341'. [ 36.684483][ T4314] Zero length message leads to an empty skb [ 36.702350][ T4319] netlink: 51563 bytes leftover after parsing attributes in process `syz.3.344'. [ 36.768294][ T4333] netlink: 'syz.1.352': attribute type 3 has an invalid length. [ 36.829975][ T4346] tipc: Started in network mode [ 36.834934][ T4346] tipc: Node identity ac14140f, cluster identity 4711 [ 36.842279][ T4346] tipc: New replicast peer: 255.255.255.255 [ 36.848373][ T4346] tipc: Enabled bearer , priority 10 [ 37.486169][ T4421] Driver unsupported XDP return value 0 on prog (id 286) dev N/A, expect packet loss! [ 37.517601][ T4425] netlink: 16 bytes leftover after parsing attributes in process `syz.2.395'. [ 37.636011][ T4453] raw_sendmsg: syz.0.407 forgot to set AF_INET. Fix it! [ 37.721845][ T4468] SELinux: failed to load policy [ 37.792267][ T4474] vhci_hcd: invalid port number 96 [ 37.797538][ T4474] vhci_hcd: default hub control req: 0318 vf7fa i0060 l0 [ 37.848729][ T4485] SELinux: Context is not valid (left unmapped). [ 37.855619][ T3363] tipc: Node number set to 2886997007 [ 37.888848][ T4494] netlink: 'syz.1.424': attribute type 10 has an invalid length. [ 37.910456][ T4494] team0: Device hsr_slave_0 failed to register rx_handler [ 38.101254][ T4016] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 38.111885][ T4016] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 38.225154][ T4016] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 38.236073][ T4016] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 38.306344][ T4016] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 38.316899][ T4016] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 38.375817][ T4016] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 38.386254][ T4016] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 38.419088][ T4514] chnl_net:caif_netlink_parms(): no params data found [ 38.465553][ T4514] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.472774][ T4514] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.480120][ T4514] bridge_slave_0: entered allmulticast mode [ 38.486729][ T4514] bridge_slave_0: entered promiscuous mode [ 38.495131][ T4514] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.502242][ T4514] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.509707][ T4514] bridge_slave_1: entered allmulticast mode [ 38.517373][ T4514] bridge_slave_1: entered promiscuous mode [ 38.547834][ T4016] bridge_slave_1: left allmulticast mode [ 38.553628][ T4016] bridge_slave_1: left promiscuous mode [ 38.559476][ T4016] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.572397][ T4016] bridge_slave_0: left allmulticast mode [ 38.578143][ T4016] bridge_slave_0: left promiscuous mode [ 38.583972][ T4016] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.704938][ T29] kauditd_printk_skb: 279 callbacks suppressed [ 38.704956][ T29] audit: type=1400 audit(1756850299.631:674): avc: denied { connect } for pid=4558 comm="syz.2.450" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 38.755444][ T4561] netlink: 'syz.2.451': attribute type 3 has an invalid length. [ 38.776836][ T4016] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 38.795524][ T29] audit: type=1326 audit(1756850299.721:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4563 comm="+}[@S" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 38.820650][ T4016] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 38.829698][ T29] audit: type=1326 audit(1756850299.741:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4563 comm="+}[@S" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 38.852861][ T29] audit: type=1326 audit(1756850299.741:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4563 comm="+}[@S" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 38.876061][ T29] audit: type=1326 audit(1756850299.741:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4563 comm="+}[@S" exe="/root/syz-executor" sig=0 arch=c000003e syscall=224 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 38.903398][ T29] audit: type=1326 audit(1756850299.741:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4563 comm="+}[@S" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 38.926698][ T29] audit: type=1326 audit(1756850299.741:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4563 comm="+}[@S" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 38.982164][ T4016] bond0 (unregistering): Released all slaves [ 38.993543][ T4514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 39.004535][ T4514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 39.023419][ T4574] atomic_op ffff88811a1f3128 conn xmit_atomic 0000000000000000 [ 39.041354][ T4016] hsr_slave_0: left promiscuous mode [ 39.055479][ T4016] hsr_slave_1: left promiscuous mode [ 39.065863][ T4016] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 39.073644][ T4016] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 39.084909][ T4016] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 39.092414][ T4016] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 39.105957][ T4016] veth1_macvtap: left promiscuous mode [ 39.111656][ T4016] veth0_macvtap: left promiscuous mode [ 39.117448][ T4016] veth1_vlan: left promiscuous mode [ 39.123862][ T4016] veth0_vlan: left promiscuous mode [ 39.234745][ T4016] team0 (unregistering): Port device team_slave_1 removed [ 39.245814][ T29] audit: type=1326 audit(1756850300.171:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4586 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feac9ffebe9 code=0x7ffc0000 [ 39.272087][ T29] audit: type=1326 audit(1756850300.171:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4586 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feac9ffebe9 code=0x7ffc0000 [ 39.279779][ T4016] team0 (unregistering): Port device team_slave_0 removed [ 39.295582][ T29] audit: type=1326 audit(1756850300.171:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4586 comm="syz.4.463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7feac9ffebe9 code=0x7ffc0000 [ 39.368032][ T4514] team0: Port device team_slave_0 added [ 39.376391][ T4514] team0: Port device team_slave_1 added [ 39.419837][ T4514] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 39.427012][ T4514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.453165][ T4514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 39.490898][ T4514] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 39.498181][ T4514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.524555][ T4514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 39.540570][ T4599] netlink: 'syz.2.469': attribute type 21 has an invalid length. [ 39.548387][ T4599] __nla_validate_parse: 5 callbacks suppressed [ 39.548432][ T4599] netlink: 4 bytes leftover after parsing attributes in process `syz.2.469'. [ 39.585458][ T4612] random: crng reseeded on system resumption [ 39.597617][ T4612] Restarting kernel threads ... [ 39.603250][ T4612] Done restarting kernel threads. [ 39.609225][ T4599] netlink: 'syz.2.469': attribute type 21 has an invalid length. [ 39.617128][ T4599] netlink: 4 bytes leftover after parsing attributes in process `syz.2.469'. [ 39.628690][ T4514] hsr_slave_0: entered promiscuous mode [ 39.634729][ T4514] hsr_slave_1: entered promiscuous mode [ 39.640727][ T4514] debugfs: 'hsr0' already exists in 'hsr' [ 39.646543][ T4514] Cannot create hsr debugfs directory [ 39.652025][ T4061] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 39.681273][ T4061] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 39.733201][ T4624] loop2: detected capacity change from 0 to 164 [ 39.748231][ T4624] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet. [ 39.770100][ T4061] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 39.790821][ T4061] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 39.822715][ T4514] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 39.832438][ T4514] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 39.841870][ T4514] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 39.853447][ T4514] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 39.910803][ T4514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.933105][ T4514] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.954500][ T4016] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.961665][ T4016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.999382][ T4514] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 40.009841][ T4514] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 40.025819][ T4016] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.033027][ T4016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.045911][ T4653] sd 0:0:1:0: device reset [ 40.092830][ T4514] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.104743][ T4661] loop3: detected capacity change from 0 to 4096 [ 40.114428][ T4661] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.164714][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.236468][ T4514] veth0_vlan: entered promiscuous mode [ 40.245713][ T4514] veth1_vlan: entered promiscuous mode [ 40.261422][ T4514] veth0_macvtap: entered promiscuous mode [ 40.269016][ T4514] veth1_macvtap: entered promiscuous mode [ 40.279366][ T4514] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.290701][ T4514] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.301422][ T4070] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.311347][ T4070] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.320334][ T4070] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.332053][ T4070] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.465255][ T4700] loop5: detected capacity change from 0 to 1024 [ 40.484031][ T4700] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.499373][ T4700] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4183: comm syz.5.499: Allocating blocks 385-513 which overlap fs metadata [ 40.516215][ T4700] EXT4-fs (loop5): pa ffff888105929620: logic 16, phys. 129, len 24 [ 40.524415][ T4700] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 40.559878][ T4514] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.799036][ T4737] macvtap0: refused to change device tx_queue_len [ 40.824614][ T4741] netlink: 'syz.1.518': attribute type 10 has an invalid length. [ 40.832933][ T4741] team0: Device hsr_slave_0 failed to register rx_handler [ 40.862224][ T4747] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 40.869751][ T4747] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 40.870048][ T4748] loop4: detected capacity change from 0 to 512 [ 40.884290][ T4747] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 40.892215][ T4747] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 40.904538][ T4748] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.917195][ T4748] ext4 filesystem being mounted at /133/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 40.944769][ T4752] netlink: 4 bytes leftover after parsing attributes in process `syz.2.522'. [ 40.954160][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.023853][ T4765] netlink: 28 bytes leftover after parsing attributes in process `syz.2.528'. [ 41.675564][ T4830] syz_tun: refused to change device tx_queue_len [ 41.681999][ T4830] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 41.767717][ T4798] loop3: detected capacity change from 0 to 32768 [ 41.805021][ T4798] loop3: p1 p2 p3 < > [ 41.809312][ T4798] loop3: p1 size 242222080 extends beyond EOD, truncated [ 41.818420][ T4798] loop3: p2 start 4294967295 is beyond EOD, truncated [ 41.963061][ T4847] netlink: 8 bytes leftover after parsing attributes in process `syz.3.561'. [ 41.979320][ T4849] netlink: 8 bytes leftover after parsing attributes in process `syz.4.566'. [ 42.064599][ T4864] netlink: 8 bytes leftover after parsing attributes in process `syz.1.581'. [ 42.066103][ T4863] syz_tun: refused to change device tx_queue_len [ 42.080145][ T4863] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 42.321532][ T4887] pim6reg: entered allmulticast mode [ 42.333065][ T4887] pim6reg: left allmulticast mode [ 42.400956][ T4890] loop1: detected capacity change from 0 to 4096 [ 42.422171][ T4890] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.440593][ T4896] loop2: detected capacity change from 0 to 512 [ 42.449368][ T4896] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 42.483274][ T4896] EXT4-fs (loop2): 1 truncate cleaned up [ 42.483684][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.500554][ T4896] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.503668][ T4902] netlink: 4 bytes leftover after parsing attributes in process `syz.3.591'. [ 42.523219][ T4896] EXT4-fs error (device loop2): ext4_ext_precache:632: inode #15: comm syz.2.587: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 42.555479][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.557686][ T4904] syzkaller1: entered promiscuous mode [ 42.570059][ T4904] syzkaller1: entered allmulticast mode [ 42.632551][ T4916] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4916 comm=syz.2.596 [ 42.645224][ T4916] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4916 comm=syz.2.596 [ 42.754659][ T4934] loop2: detected capacity change from 0 to 512 [ 42.768401][ T4933] netlink: 28 bytes leftover after parsing attributes in process `syz.4.604'. [ 42.777692][ T4933] netlink: 108 bytes leftover after parsing attributes in process `syz.4.604'. [ 42.783725][ T4934] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 42.795966][ T4934] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.603: invalid indirect mapped block 2683928664 (level 1) [ 42.810649][ T4934] EXT4-fs (loop2): Remounting filesystem read-only [ 42.818346][ T4934] EXT4-fs (loop2): 1 truncate cleaned up [ 42.824750][ T4934] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.838883][ T4934] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.888393][ T4944] loop5: detected capacity change from 0 to 512 [ 42.889995][ T4946] loop1: detected capacity change from 0 to 512 [ 42.914077][ T4946] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.925106][ T4944] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.939271][ T4946] ext4 filesystem being mounted at /119/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.939328][ T4944] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.973604][ T4958] syz_tun: refused to change device tx_queue_len [ 42.979988][ T4958] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 43.032982][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.045754][ T4514] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.152896][ T4983] loop2: detected capacity change from 0 to 512 [ 43.187501][ T4983] EXT4-fs: Ignoring removed bh option [ 43.204093][ T4983] EXT4-fs: Ignoring removed i_version option [ 43.221266][ T4983] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 43.223705][ T4988] syz_tun: refused to change device tx_queue_len [ 43.232296][ T4983] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 2)! [ 43.238635][ T4988] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 43.248878][ T4983] EXT4-fs (loop2): group descriptors corrupted! [ 43.341255][ T4983] loop2: detected capacity change from 0 to 4096 [ 43.350165][ T4983] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 43.382184][ T5001] loop9: detected capacity change from 0 to 7 [ 43.383126][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.388668][ T5001] Buffer I/O error on dev loop9, logical block 0, async page read [ 43.406146][ T5001] Buffer I/O error on dev loop9, logical block 0, async page read [ 43.414216][ T5001] loop9: unable to read partition table [ 43.421632][ T5001] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 43.421632][ T5001] ) failed (rc=-5) [ 43.481823][ T5007] loop1: detected capacity change from 0 to 512 [ 43.539347][ T5007] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 43.569658][ T5007] EXT4-fs (loop1): mount failed [ 43.587484][ T5025] pim6reg: entered allmulticast mode [ 43.624413][ T5025] pim6reg: left allmulticast mode [ 43.715161][ T5040] serio: Serial port ptm0 [ 43.795943][ T29] kauditd_printk_skb: 133 callbacks suppressed [ 43.795960][ T29] audit: type=1400 audit(1756850304.721:816): avc: denied { create } for pid=5051 comm="syz.3.651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 43.823642][ T29] audit: type=1400 audit(1756850304.751:817): avc: denied { connect } for pid=5051 comm="syz.3.651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 43.843763][ T29] audit: type=1400 audit(1756850304.751:818): avc: denied { ioctl } for pid=5051 comm="syz.3.651" path="socket:[9682]" dev="sockfs" ino=9682 ioctlcmd=0x89ed scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 43.887161][ T5060] loop4: detected capacity change from 0 to 512 [ 43.908613][ T5057] loop1: detected capacity change from 0 to 512 [ 43.926837][ T5060] Quota error (device loop4): v2_read_file_info: Free block number 1 out of range (1, 6). [ 43.937725][ T5060] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 43.940011][ T5057] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 43.953317][ T5060] EXT4-fs (loop4): mount failed [ 43.960971][ T5057] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.654: invalid indirect mapped block 2683928664 (level 1) [ 43.980515][ T5057] EXT4-fs (loop1): Remounting filesystem read-only [ 43.987240][ T5057] EXT4-fs (loop1): 1 truncate cleaned up [ 43.993533][ T5057] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.006826][ T5057] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.071353][ T5075] loop9: detected capacity change from 0 to 7 [ 44.083659][ T5075] Buffer I/O error on dev loop9, logical block 0, async page read [ 44.092042][ T5075] Buffer I/O error on dev loop9, logical block 0, async page read [ 44.099907][ T5075] loop9: unable to read partition table [ 44.105757][ T5075] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 44.105757][ T5075] ) failed (rc=-5) [ 44.248225][ T5097] loop3: detected capacity change from 0 to 512 [ 44.273236][ T5097] Quota error (device loop3): v2_read_file_info: Free block number 1 out of range (1, 6). [ 44.296302][ T5097] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 44.322729][ T5097] EXT4-fs (loop3): mount failed [ 44.338394][ T5105] loop5: detected capacity change from 0 to 512 [ 44.346944][ T5105] EXT4-fs: Ignoring removed nomblk_io_submit option [ 44.357066][ T5105] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 44.365078][ T5105] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 44.405282][ T29] audit: type=1326 audit(1756850305.331:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5107 comm="syz.3.675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 44.428842][ T29] audit: type=1326 audit(1756850305.331:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5107 comm="syz.3.675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 44.452456][ T29] audit: type=1326 audit(1756850305.331:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5107 comm="syz.3.675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 44.476020][ T29] audit: type=1326 audit(1756850305.331:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5107 comm="syz.3.675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 44.499396][ T29] audit: type=1326 audit(1756850305.331:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5107 comm="syz.3.675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 44.501816][ T5105] EXT4-fs (loop5): orphan cleanup on readonly fs [ 44.544847][ T5105] EXT4-fs warning (device loop5): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 44.559557][ T5105] EXT4-fs (loop5): Cannot turn on quotas: error -22 [ 44.592680][ T5105] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.674: bg 0: block 40: padding at end of block bitmap is not set [ 44.615703][ T5105] EXT4-fs (loop5): Remounting filesystem read-only [ 44.622597][ T5105] EXT4-fs (loop5): 1 truncate cleaned up [ 44.628934][ T5105] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 44.702299][ T5105] EXT4-fs (loop5): shut down requested (2) [ 44.713326][ T5105] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=12 [ 44.732479][ T5105] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=12 [ 44.772035][ T4514] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.172290][ T5127] __nla_validate_parse: 22 callbacks suppressed [ 45.172309][ T5127] netlink: 20 bytes leftover after parsing attributes in process `syz.2.692'. [ 45.191119][ T5130] serio: Serial port ptm0 [ 45.241589][ T3363] IPVS: starting estimator thread 0... [ 45.276241][ T5139] loop9: detected capacity change from 0 to 7 [ 45.287752][ T5139] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.295930][ T5139] Buffer I/O error on dev loop9, logical block 0, async page read [ 45.303924][ T5139] loop9: unable to read partition table [ 45.309780][ T5139] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 45.309780][ T5139] ) failed (rc=-5) [ 45.332058][ T5136] IPVS: using max 2976 ests per chain, 148800 per kthread [ 45.371196][ T5151] netlink: 5 bytes leftover after parsing attributes in process `syz.5.695'. [ 45.383356][ T5151] 0{X: renamed from gretap0 (while UP) [ 45.393697][ T5151] 0{X: entered allmulticast mode [ 45.399641][ T5151] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 45.400182][ T5153] serio: Serial port ptm0 [ 45.436158][ T5156] loop4: detected capacity change from 0 to 512 [ 45.471999][ T5160] netlink: 4 bytes leftover after parsing attributes in process `syz.1.709'. [ 45.482571][ T5160] netlink: 4 bytes leftover after parsing attributes in process `syz.1.709'. [ 45.484629][ T5156] EXT4-fs error (device loop4): ext4_xattr_inode_iget:442: comm syz.4.698: error while reading EA inode 32 err=-116 [ 45.504303][ T5156] EXT4-fs (loop4): Remounting filesystem read-only [ 45.510950][ T5156] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 45.521973][ T5162] serio: Serial port ptm1 [ 45.528381][ T5156] EXT4-fs (loop4): 1 orphan inode deleted [ 45.534774][ T5156] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.554305][ T5168] loop2: detected capacity change from 0 to 512 [ 45.558406][ T5156] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.561326][ T5168] EXT4-fs: Ignoring removed nomblk_io_submit option [ 45.578783][ T5168] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 45.586855][ T5168] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 45.595573][ T5168] EXT4-fs (loop2): orphan cleanup on readonly fs [ 45.602170][ T5168] EXT4-fs warning (device loop2): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 45.617394][ T5168] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 45.625071][ T5168] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.701: bg 0: block 40: padding at end of block bitmap is not set [ 45.640665][ T5168] EXT4-fs (loop2): Remounting filesystem read-only [ 45.650731][ T5168] EXT4-fs (loop2): 1 truncate cleaned up [ 45.657148][ T5168] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 45.683912][ T5168] EXT4-fs (loop2): shut down requested (2) [ 45.690491][ T5168] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 45.723782][ T5168] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 45.783762][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.905254][ T5197] loop3: detected capacity change from 0 to 512 [ 45.912409][ T5197] EXT4-fs: Ignoring removed nomblk_io_submit option [ 45.921634][ T5197] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 45.929787][ T5197] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 45.943342][ T5197] EXT4-fs (loop3): orphan cleanup on readonly fs [ 45.950045][ T5197] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 45.964922][ T5197] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 45.973200][ T5197] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.722: bg 0: block 40: padding at end of block bitmap is not set [ 45.988056][ T5197] EXT4-fs (loop3): Remounting filesystem read-only [ 45.994851][ T5197] EXT4-fs (loop3): 1 truncate cleaned up [ 46.002936][ T5197] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 46.018768][ T5203] loop5: detected capacity change from 0 to 512 [ 46.019682][ T5197] EXT4-fs (loop3): shut down requested (2) [ 46.038028][ T5197] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 46.048409][ T5197] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=12 [ 46.062144][ T5203] EXT4-fs error (device loop5): ext4_xattr_inode_iget:442: comm syz.5.714: error while reading EA inode 32 err=-116 [ 46.075277][ T5203] EXT4-fs (loop5): Remounting filesystem read-only [ 46.082075][ T5203] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 46.101748][ T5203] EXT4-fs (loop5): 1 orphan inode deleted [ 46.112117][ T5203] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.140883][ T5203] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.207791][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.219867][ T5210] serio: Serial port ptm0 [ 46.274427][ T5218] loop5: detected capacity change from 0 to 2048 [ 46.302932][ T5218] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.349087][ T5218] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 46.367337][ T5218] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 33 with error 28 [ 46.379777][ T5218] EXT4-fs (loop5): This should not happen!! Data will be lost [ 46.379777][ T5218] [ 46.389791][ T5218] EXT4-fs (loop5): Total free blocks count 0 [ 46.395949][ T5218] EXT4-fs (loop5): Free/Dirty block details [ 46.401914][ T5218] EXT4-fs (loop5): free_blocks=2415919104 [ 46.407785][ T5218] EXT4-fs (loop5): dirty_blocks=48 [ 46.412948][ T5218] EXT4-fs (loop5): Block reservation details [ 46.418943][ T5218] EXT4-fs (loop5): i_reserved_data_blocks=3 [ 46.441014][ T4514] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.463934][ T5242] loop2: detected capacity change from 0 to 512 [ 46.474991][ T5242] EXT4-fs error (device loop2): ext4_xattr_inode_iget:442: comm syz.2.731: error while reading EA inode 32 err=-116 [ 46.487718][ T5242] EXT4-fs (loop2): Remounting filesystem read-only [ 46.494503][ T5242] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 46.509747][ T5247] netlink: 60 bytes leftover after parsing attributes in process `syz.5.730'. [ 46.518965][ T5247] netlink: 60 bytes leftover after parsing attributes in process `syz.5.730'. [ 46.530021][ T5242] EXT4-fs (loop2): 1 orphan inode deleted [ 46.536416][ T5242] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.557946][ T5247] netlink: 60 bytes leftover after parsing attributes in process `syz.5.730'. [ 46.567028][ T5247] netlink: 60 bytes leftover after parsing attributes in process `syz.5.730'. [ 46.576858][ T5242] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.621107][ T5247] netlink: 60 bytes leftover after parsing attributes in process `syz.5.730'. [ 46.630119][ T5247] netlink: 60 bytes leftover after parsing attributes in process `syz.5.730'. [ 46.669641][ T5258] loop5: detected capacity change from 0 to 512 [ 46.703272][ T5258] EXT4-fs error (device loop5): ext4_xattr_inode_iget:442: comm syz.5.745: error while reading EA inode 32 err=-116 [ 46.722528][ T5258] EXT4-fs (loop5): Remounting filesystem read-only [ 46.729114][ T5258] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 46.766577][ T5258] EXT4-fs (loop5): 1 orphan inode deleted [ 46.773162][ T5258] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.789915][ T5258] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.834356][ T5268] serio: Serial port ptm0 [ 46.946144][ T5281] loop4: detected capacity change from 0 to 128 [ 47.046066][ T5290] 0{X: left allmulticast mode [ 47.072232][ T5290] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 47.092573][ T5296] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 47.101306][ T5296] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 47.474451][ T5334] loop3: detected capacity change from 0 to 2048 [ 47.613917][ T5334] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.630174][ T5334] ext4 filesystem being mounted at /145/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.723401][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.791277][ T23] kernel read not supported for file /344/oom_adj (pid: 23 comm: kworker/1:0) [ 47.800675][ T5361] loop2: detected capacity change from 0 to 8192 [ 47.860554][ T5374] loop3: detected capacity change from 0 to 1024 [ 47.882678][ T5374] ext2: Unknown parameter 'smackfsfloor' [ 47.900070][ T5374] loop3: detected capacity change from 0 to 512 [ 47.926415][ T5374] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.942390][ T5374] ext4 filesystem being mounted at /148/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 47.982070][ T5394] bond1: entered promiscuous mode [ 47.987354][ T5394] bond1: entered allmulticast mode [ 47.998106][ T5394] 8021q: adding VLAN 0 to HW filter on device bond1 [ 48.007544][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.017997][ T5394] bond1 (unregistering): Released all slaves [ 48.105877][ T5413] loop2: detected capacity change from 0 to 1024 [ 48.133533][ T5413] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.151652][ T5421] netlink: 'syz.3.808': attribute type 3 has an invalid length. [ 48.163203][ T5413] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.804: Allocating blocks 449-513 which overlap fs metadata [ 48.180111][ T5413] EXT4-fs (loop2): pa ffff88810721d070: logic 48, phys. 177, len 21 [ 48.188549][ T5413] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 48.215865][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.527139][ T5461] vhci_hcd: invalid port number 96 [ 48.532426][ T5461] vhci_hcd: default hub control req: 0318 vf7fa i0060 l0 [ 48.561570][ T5473] netlink: 'syz.2.831': attribute type 10 has an invalid length. [ 48.582324][ T5473] team0: Device hsr_slave_0 failed to register rx_handler [ 48.741997][ T5501] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 48.751867][ T5501] FAT-fs (loop7): unable to read boot sector [ 48.773795][ T5506] tun0: tun_chr_ioctl cmd 1074025675 [ 48.779151][ T5506] tun0: persist disabled [ 48.820210][ T29] kauditd_printk_skb: 221 callbacks suppressed [ 48.820291][ T29] audit: type=1400 audit(1756850565.742:1042): avc: denied { bind } for pid=5514 comm="syz.5.853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 48.880663][ T29] audit: type=1400 audit(1756850565.772:1043): avc: denied { shutdown } for pid=5516 comm="syz.5.854" lport=41035 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 48.902131][ T29] audit: type=1400 audit(1756850565.792:1044): avc: denied { ioctl } for pid=5523 comm="syz.1.857" path="socket:[12460]" dev="sockfs" ino=12460 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 48.928223][ T29] audit: type=1400 audit(1756850565.792:1045): avc: denied { bind } for pid=5523 comm="syz.1.857" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 48.976419][ T5528] loop3: detected capacity change from 0 to 1024 [ 49.006188][ T5528] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 49.019473][ T5528] ext4 filesystem being mounted at /169/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.032056][ T29] audit: type=1400 audit(1756850565.962:1046): avc: denied { watch watch_reads } for pid=5545 comm="syz.5.867" path="/proc/142" dev="proc" ino=11552 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 49.076205][ T29] audit: type=1400 audit(1756850566.002:1047): avc: denied { read } for pid=5550 comm="syz.5.869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 49.096559][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 49.118932][ T5553] smc: net device bond0 applied user defined pnetid SYZ0 [ 49.147973][ T5553] smc: net device bond0 erased user defined pnetid SYZ0 [ 49.162879][ T5562] loop3: detected capacity change from 0 to 512 [ 49.168113][ T29] audit: type=1326 audit(1756850566.082:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5560 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feac9ffebe9 code=0x7ffc0000 [ 49.171258][ T5562] $H: renamed from bond0 (while UP) [ 49.192785][ T29] audit: type=1326 audit(1756850566.082:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5560 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feac9ffebe9 code=0x7ffc0000 [ 49.221650][ T29] audit: type=1326 audit(1756850566.082:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5560 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feac9ffebe9 code=0x7ffc0000 [ 49.245202][ T29] audit: type=1326 audit(1756850566.082:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5560 comm="syz.4.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feac9ffebe9 code=0x7ffc0000 [ 49.270713][ T5562] $H: entered promiscuous mode [ 49.275933][ T5562] bond_slave_0: entered promiscuous mode [ 49.281747][ T5562] bond_slave_1: entered promiscuous mode [ 49.359747][ T5576] loop4: detected capacity change from 0 to 2048 [ 49.372401][ T5582] vhci_hcd: invalid port number 23 [ 49.388631][ T5576] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.406022][ T5586] loop5: detected capacity change from 0 to 1024 [ 49.413166][ T5586] EXT4-fs: Ignoring removed orlov option [ 49.414526][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.444956][ T5586] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.517819][ T4514] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.632299][ T4646] Process accounting resumed [ 49.688703][ T5621] loop2: detected capacity change from 0 to 1024 [ 49.696045][ T5621] EXT4-fs: Ignoring removed nobh option [ 49.702287][ T5621] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 49.736007][ T5621] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #11: comm syz.2.897: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 49.760167][ T5621] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.897: couldn't read orphan inode 11 (err -117) [ 49.777421][ T5621] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.945330][ T5652] SELinux: failed to load policy [ 49.963355][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.076945][ T5676] ALSA: seq fatal error: cannot create timer (-22) [ 50.603746][ T5753] ref_ctr_offset mismatch. inode: 0x421 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 50.875848][ T5772] __nla_validate_parse: 7 callbacks suppressed [ 50.875867][ T5772] netlink: 180 bytes leftover after parsing attributes in process `syz.5.960'. [ 50.893545][ T5772] netlink: 180 bytes leftover after parsing attributes in process `syz.5.960'. [ 51.240853][ T5819] netlink: 96 bytes leftover after parsing attributes in process `syz.1.981'. [ 51.340959][ T5839] sd 0:0:1:0: device reset [ 51.377994][ T5847] netlink: 'syz.1.989': attribute type 10 has an invalid length. [ 51.419570][ T5847] team0: Port device dummy0 added [ 51.450247][ T5847] netlink: 'syz.1.989': attribute type 10 has an invalid length. [ 51.470267][ T5847] team0: Port device dummy0 removed [ 51.510337][ T5847] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 51.579177][ T5883] netlink: 16 bytes leftover after parsing attributes in process `syz.1.998'. [ 51.588320][ T5883] netlink: 4 bytes leftover after parsing attributes in process `syz.1.998'. [ 51.651467][ T5894] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1001'. [ 51.700244][ T5904] geneve0: entered allmulticast mode [ 51.916554][ T5948] loop4: detected capacity change from 0 to 128 [ 51.977969][ T5944] loop3: detected capacity change from 0 to 8192 [ 52.074089][ T5969] loop4: detected capacity change from 0 to 512 [ 52.103854][ T5969] EXT4-fs error (device loop4): ext4_init_orphan_info:585: comm syz.4.1021: inode #0: comm syz.4.1021: iget: illegal inode # [ 52.132541][ T5969] EXT4-fs (loop4): get orphan inode failed [ 52.172444][ T5969] EXT4-fs (loop4): mount failed [ 52.970974][ T6067] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 53.053206][ T6082] netlink: 268 bytes leftover after parsing attributes in process `+}[@'. [ 53.062199][ T6082] unsupported nla_type 65024 [ 53.314184][ T6107] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 53.494200][ T6124] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 53.494200][ T6124] program syz.4.1062 not setting count and/or reply_len properly [ 53.543504][ T6128] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1065'. [ 53.601864][ T6137] loop4: detected capacity change from 0 to 128 [ 53.812909][ T6169] loop2: detected capacity change from 0 to 512 [ 53.825898][ T6169] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 53.838638][ T29] kauditd_printk_skb: 277 callbacks suppressed [ 53.838732][ T29] audit: type=1326 audit(1756850570.762:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.4.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7feac9ff5ba7 code=0x7ffc0000 [ 53.888262][ T6169] EXT4-fs (loop2): 1 truncate cleaned up [ 53.899981][ T6169] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.915636][ T29] audit: type=1326 audit(1756850570.762:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.4.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feac9f9adb9 code=0x7ffc0000 [ 53.939128][ T29] audit: type=1326 audit(1756850570.762:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.4.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7feac9ff5ba7 code=0x7ffc0000 [ 53.962735][ T29] audit: type=1326 audit(1756850570.762:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.4.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feac9f9adb9 code=0x7ffc0000 [ 53.986473][ T29] audit: type=1326 audit(1756850570.762:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.4.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feac9ffebe9 code=0x7ffc0000 [ 54.010188][ T29] audit: type=1326 audit(1756850570.762:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.4.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feac9ffebe9 code=0x7ffc0000 [ 54.033962][ T29] audit: type=1326 audit(1756850570.802:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.4.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feac9ffebe9 code=0x7ffc0000 [ 54.058117][ T29] audit: type=1326 audit(1756850570.802:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.4.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7feac9ff5ba7 code=0x7ffc0000 [ 54.081871][ T29] audit: type=1326 audit(1756850570.802:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.4.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feac9f9adb9 code=0x7ffc0000 [ 54.105525][ T29] audit: type=1326 audit(1756850570.802:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6172 comm="syz.4.1086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feac9ffebe9 code=0x7ffc0000 [ 54.140206][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.171793][ T6185] program syz.4.1090 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 54.233245][ T6194] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1094'. [ 54.309871][ T6208] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1101'. [ 54.356721][ T6214] netlink: 'syz.4.1104': attribute type 13 has an invalid length. [ 54.370635][ T6214] gretap0: refused to change device tx_queue_len [ 54.379097][ T6214] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 54.415164][ T6218] atomic_op ffff888134174128 conn xmit_atomic 0000000000000000 [ 54.552774][ T6238] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6238 comm=syz.2.1115 [ 54.934189][ T6274] SELinux: failed to load policy [ 55.270469][ T6329] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 55.492635][ T6372] netlink: 'syz.1.1170': attribute type 1 has an invalid length. [ 55.551314][ T6380] tipc: Started in network mode [ 55.556520][ T6380] tipc: Node identity 7, cluster identity 4711 [ 55.562837][ T6380] tipc: Node number set to 7 [ 55.690458][ T6395] loop3: detected capacity change from 0 to 512 [ 55.698931][ T6395] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c02c, mo2=0102] [ 55.707593][ T6395] System zones: 1-12 [ 55.714135][ T6395] EXT4-fs error (device loop3): ext4_xattr_inode_iget:442: comm syz.3.1181: error while reading EA inode 32 err=-116 [ 55.727227][ T6395] EXT4-fs (loop3): Remounting filesystem read-only [ 55.734166][ T6395] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 55.745796][ T6395] EXT4-fs (loop3): 1 orphan inode deleted [ 55.752109][ T6395] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.776635][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.385686][ T6438] loop2: detected capacity change from 0 to 4096 [ 56.396037][ T6438] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.435955][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.465773][ T6450] ref_ctr_offset mismatch. inode: 0x4c3 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 56.730422][ T6474] __nla_validate_parse: 3 callbacks suppressed [ 56.730447][ T6474] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1212'. [ 56.943577][ T6488] syzkaller1: entered promiscuous mode [ 56.949103][ T6488] syzkaller1: entered allmulticast mode [ 57.024075][ T6493] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1221'. [ 57.033286][ T6493] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1221'. [ 57.111780][ T6493] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1221'. [ 57.120887][ T6493] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1221'. [ 57.129956][ T6493] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1221'. [ 57.215959][ T6501] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1224'. [ 57.230822][ T6500] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1234'. [ 57.364122][ T6501] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1224'. [ 57.365486][ T6509] SELinux: ebitmap: empty map [ 57.382347][ T6509] SELinux: failed to load policy [ 57.461247][ T6515] loop3: detected capacity change from 0 to 164 [ 57.489405][ T6515] syz.3.1232: attempt to access beyond end of device [ 57.489405][ T6515] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 57.519457][ T6515] syz.3.1232: attempt to access beyond end of device [ 57.519457][ T6515] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 57.632842][ T6530] loop2: detected capacity change from 0 to 128 [ 57.665030][ T6530] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 57.721744][ T6530] SELinux: security_context_str_to_sid ($iqr埋A?U<{ט'5?}}wz-&ד\kOwv7c?5'QoٝsmSz=gʯc) failed with errno=-22 [ 57.754597][ T6544] loop5: detected capacity change from 0 to 512 [ 57.781743][ T6544] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 57.822315][ T6544] EXT4-fs (loop5): 1 truncate cleaned up [ 57.838607][ T6548] loop3: detected capacity change from 0 to 512 [ 57.845447][ T6544] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.896047][ T6544] EXT4-fs error (device loop5): ext4_ext_precache:632: inode #15: comm syz.5.1244: pblk 0 bad header/extent: invalid magic - magic 7973, entries 27514, max 27745(0), depth 25964(25964) [ 57.944686][ T6548] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.003023][ T4514] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.013501][ T6548] ext4 filesystem being mounted at /246/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.134826][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.205809][ T6584] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 58.221273][ T6579] IPVS: stopping master sync thread 6584 ... [ 58.282352][ T963] IPVS: starting estimator thread 0... [ 58.289043][ T6599] netlink: 'syz.5.1270': attribute type 12 has an invalid length. [ 58.297094][ T6599] netlink: 'syz.5.1270': attribute type 29 has an invalid length. [ 58.305324][ T6599] netlink: 148 bytes leftover after parsing attributes in process `syz.5.1270'. [ 58.314646][ T6599] netlink: 'syz.5.1270': attribute type 2 has an invalid length. [ 58.322518][ T6599] netlink: 'syz.5.1270': attribute type 3 has an invalid length. [ 58.381875][ T6597] IPVS: using max 2976 ests per chain, 148800 per kthread [ 58.442568][ T6612] netlink: 'syz.2.1275': attribute type 6 has an invalid length. [ 58.562944][ T6625] loop4: detected capacity change from 0 to 512 [ 58.597704][ T6625] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 58.653415][ T6625] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.748011][ T6617] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 3: comm syz.4.1278: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 58.774705][ T6617] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 12: comm syz.4.1278: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 58.796129][ T6617] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 13: comm syz.4.1278: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 58.843127][ T6617] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 14: comm syz.4.1278: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 58.865216][ T6617] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 15: comm syz.4.1278: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 58.912081][ T6617] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 16: comm syz.4.1278: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 58.964683][ T6617] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 17: comm syz.4.1278: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 59.016267][ T6617] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #2: block 18: comm syz.4.1278: lblock 23 mapped to illegal pblock 18 (length 1) [ 59.052549][ T6617] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 19: comm syz.4.1278: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 59.075736][ T6617] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 20: comm syz.4.1278: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 59.442610][ T3302] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 59.495773][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.567712][ T6663] loop4: detected capacity change from 0 to 512 [ 59.616374][ T6663] EXT4-fs: Ignoring removed nomblk_io_submit option [ 59.670537][ T6663] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 59.678644][ T6663] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 59.703073][ T6663] EXT4-fs (loop4): orphan cleanup on readonly fs [ 59.713471][ T6663] __quota_error: 194 callbacks suppressed [ 59.713490][ T6663] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 59.737173][ T6663] EXT4-fs warning (device loop4): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 59.751873][ T6663] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 59.762022][ T6663] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1296: bg 0: block 40: padding at end of block bitmap is not set [ 59.786816][ T6663] EXT4-fs (loop4): Remounting filesystem read-only [ 59.803900][ T6663] EXT4-fs (loop4): 1 truncate cleaned up [ 59.820613][ T6681] SELinux: failed to load policy [ 59.860368][ T6663] EXT4-fs (loop4): shut down requested (2) [ 59.880848][ T6663] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 59.898554][ T6663] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=12 [ 59.966807][ T6693] loop2: detected capacity change from 0 to 4096 [ 60.055924][ T29] audit: type=1400 audit(1756850576.982:1533): avc: denied { append } for pid=6699 comm="syz.3.1316" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 60.079727][ T6700] random: crng reseeded on system resumption [ 60.108473][ T6700] Restarting kernel threads ... [ 60.113792][ T6700] Done restarting kernel threads. [ 60.381434][ T6733] netlink: 'syz.2.1330': attribute type 3 has an invalid length. [ 60.394908][ T29] audit: type=1326 audit(1756850577.312:1534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6734 comm="syz.3.1331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 60.418852][ T29] audit: type=1326 audit(1756850577.312:1535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6734 comm="syz.3.1331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 60.442653][ T29] audit: type=1326 audit(1756850577.322:1536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6734 comm="syz.3.1331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 60.466853][ T29] audit: type=1326 audit(1756850577.322:1537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6734 comm="syz.3.1331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 60.491282][ T29] audit: type=1326 audit(1756850577.322:1538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6734 comm="syz.3.1331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 60.515152][ T29] audit: type=1326 audit(1756850577.322:1539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6734 comm="syz.3.1331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 60.538671][ T29] audit: type=1326 audit(1756850577.322:1540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6734 comm="syz.3.1331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 60.562678][ T29] audit: type=1326 audit(1756850577.322:1541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6734 comm="syz.3.1331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8f344ebe9 code=0x7ffc0000 [ 60.601558][ T6741] netlink: 'syz.2.1344': attribute type 3 has an invalid length. [ 60.724074][ T6753] syz.2.1340 (6753) used greatest stack depth: 9320 bytes left [ 60.833339][ T6772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 60.851436][ T6772] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 61.006111][ T6802] loop3: detected capacity change from 0 to 256 [ 61.194015][ T6818] loop3: detected capacity change from 0 to 736 [ 61.203549][ T6818] rock: directory entry would overflow storage [ 61.210103][ T6818] rock: sig=0x4f50, size=4, remaining=3 [ 61.216180][ T6818] iso9660: Corrupted directory entry in block 2 of inode 1472 [ 61.379318][ T6840] loop3: detected capacity change from 0 to 1024 [ 61.386286][ T6840] EXT4-fs: Ignoring removed bh option [ 61.391804][ T6840] EXT4-fs: Ignoring removed orlov option [ 61.397611][ T6840] EXT4-fs: Ignoring removed nomblk_io_submit option [ 61.728822][ T6865] program syz.2.1391 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 61.738979][ T6865] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 62.195064][ T4062] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 63.040749][ T6915] loop2: detected capacity change from 0 to 1024 [ 63.045550][ T6918] __nla_validate_parse: 13 callbacks suppressed [ 63.045566][ T6918] netlink: 51563 bytes leftover after parsing attributes in process `syz.1.1412'. [ 63.055403][ T6915] EXT4-fs: Ignoring removed bh option [ 63.077188][ T6915] EXT4-fs: Ignoring removed orlov option [ 63.083268][ T6915] EXT4-fs: Ignoring removed nomblk_io_submit option [ 63.111652][ T6929] loop4: detected capacity change from 0 to 512 [ 63.130283][ T6929] ext4 filesystem being mounted at /318/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.158750][ T6937] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=6937 comm=syz.5.1423 [ 63.171527][ T6937] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=6937 comm=syz.5.1423 [ 63.338762][ T6955] SELinux: ebitmap: empty map [ 63.347942][ T6955] SELinux: failed to load policy [ 63.426516][ T6966] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1434'. [ 63.435661][ T6966] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1434'. [ 63.453190][ T58] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 63.497573][ T6966] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1434'. [ 63.506661][ T6966] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1434'. [ 63.529832][ T6974] loop3: detected capacity change from 0 to 512 [ 63.550351][ T6974] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 63.560581][ T6966] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1434'. [ 63.569795][ T6966] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1434'. [ 63.600750][ T6974] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 3: comm syz.3.1433: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 63.632778][ T6974] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 12: comm syz.3.1433: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 63.672364][ T6974] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 13: comm syz.3.1433: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 63.694244][ T6974] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 14: comm syz.3.1433: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 63.742618][ T6974] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 15: comm syz.3.1433: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 63.811899][ T6974] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 16: comm syz.3.1433: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 63.838877][ T6974] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 17: comm syz.3.1433: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 63.860674][ T6974] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #2: block 18: comm syz.3.1433: lblock 23 mapped to illegal pblock 18 (length 1) [ 63.876175][ T6974] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 19: comm syz.3.1433: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 63.899819][ T6974] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 20: comm syz.3.1433: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 64.079547][ T6989] loop4: detected capacity change from 0 to 512 [ 64.108356][ T6989] ext4 filesystem being mounted at /325/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.269366][ T7000] SELinux: ebitmap: empty map [ 64.276629][ T7000] SELinux: failed to load policy [ 64.310029][ T3310] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 64.371566][ T7012] netlink: 'syz.1.1448': attribute type 5 has an invalid length. [ 64.449030][ T7021] ALSA: seq fatal error: cannot create timer (-22) [ 64.632936][ T7053] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1477'. [ 64.754932][ T29] kauditd_printk_skb: 92 callbacks suppressed [ 64.754950][ T29] audit: type=1326 audit(1756850581.682:1634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7072 comm="syz.2.1489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 64.802816][ T29] audit: type=1326 audit(1756850581.682:1635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7072 comm="syz.2.1489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 64.826602][ T29] audit: type=1326 audit(1756850581.682:1636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7072 comm="syz.2.1489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 64.850248][ T29] audit: type=1326 audit(1756850581.682:1637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7072 comm="syz.2.1489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 64.873826][ T29] audit: type=1326 audit(1756850581.682:1638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7072 comm="syz.2.1489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 64.898536][ T29] audit: type=1326 audit(1756850581.782:1639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7072 comm="syz.2.1489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 64.922962][ T29] audit: type=1326 audit(1756850581.782:1640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7072 comm="syz.2.1489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cb13debe9 code=0x7ffc0000 [ 65.013694][ T7095] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1487'. [ 65.022804][ T7095] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1487'. [ 65.114220][ T29] audit: type=1400 audit(1756850582.042:1641): avc: denied { listen } for pid=7110 comm="syz.5.1494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 65.134112][ T29] audit: type=1400 audit(1756850582.042:1642): avc: denied { accept } for pid=7110 comm="syz.5.1494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 65.350856][ T29] audit: type=1400 audit(1756850582.272:1643): avc: denied { read } for pid=7123 comm="syz.2.1496" path="socket:[16798]" dev="sockfs" ino=16798 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 65.429214][ T7127] loop4: detected capacity change from 0 to 164 [ 65.437844][ T7127] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet. [ 65.528301][ T7138] sd 0:0:1:0: device reset [ 65.571104][ T7148] netlink: 'syz.2.1508': attribute type 10 has an invalid length. [ 65.579478][ T7148] team0: Device hsr_slave_0 failed to register rx_handler [ 65.975951][ T7158] loop3: detected capacity change from 0 to 512 [ 65.994652][ T7158] EXT4-fs mount: 14 callbacks suppressed [ 65.994669][ T7158] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.994753][ T7158] ext4 filesystem being mounted at /308/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 66.110974][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.190556][ T7174] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 66.198160][ T7174] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 66.211640][ T7174] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 66.219120][ T7174] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 66.473216][ T7203] loop5: detected capacity change from 0 to 512 [ 66.480583][ T7203] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 66.541915][ T7203] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.559081][ T7203] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 3: comm syz.5.1524: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 66.614889][ T7203] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 12: comm syz.5.1524: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 66.688044][ T7203] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 13: comm syz.5.1524: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 66.689908][ T7213] loop2: detected capacity change from 0 to 32768 [ 66.716102][ T7203] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 14: comm syz.5.1524: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 66.736692][ T7203] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 15: comm syz.5.1524: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 66.760870][ T7203] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 16: comm syz.5.1524: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 66.782979][ T7203] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 17: comm syz.5.1524: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 66.787722][ T7213] loop2: p1 p2 p3 < > [ 66.804620][ T7203] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #2: block 18: comm syz.5.1524: lblock 23 mapped to illegal pblock 18 (length 1) [ 66.823104][ T7213] loop2: p1 size 242222080 extends beyond EOD, truncated [ 66.832534][ T7213] loop2: p2 start 4294967295 is beyond EOD, truncated [ 66.832986][ T7203] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 19: comm syz.5.1524: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 66.861427][ T7203] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 20: comm syz.5.1524: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 67.318685][ T4514] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1128: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 67.343729][ T4514] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.345162][ T7236] loop2: detected capacity change from 0 to 512 [ 67.420514][ T7236] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 67.436657][ T7236] ext4 filesystem being mounted at /311/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 67.493991][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.430541][ T7271] loop5: detected capacity change from 0 to 1024 [ 68.460369][ T7279] __nla_validate_parse: 8 callbacks suppressed [ 68.460413][ T7279] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1558'. [ 68.490710][ T7271] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 68.508327][ T7271] ext4 filesystem being mounted at /178/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.550987][ T4514] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 68.560978][ T7289] loop4: detected capacity change from 0 to 1024 [ 68.571648][ T7289] ext2: Unknown parameter 'smackfsfloor' [ 68.600874][ T7295] loop3: detected capacity change from 0 to 1024 [ 68.625166][ T7289] loop4: detected capacity change from 0 to 512 [ 68.633066][ T7295] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 68.653920][ T7289] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.669635][ T7289] ext4 filesystem being mounted at /357/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 68.699535][ T7303] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 68.707201][ T7303] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 68.730903][ T7295] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.1565: Allocating blocks 449-513 which overlap fs metadata [ 68.746133][ T7303] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 68.753759][ T7303] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 68.789046][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.862396][ T7311] vhci_hcd: invalid port number 23 [ 68.867875][ T7293] EXT4-fs (loop3): pa ffff88810721d0e0: logic 48, phys. 177, len 21 [ 68.876130][ T7293] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 68.932559][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.034277][ T7324] loop4: detected capacity change from 0 to 1024 [ 69.050630][ T7329] netlink: 268 bytes leftover after parsing attributes in process `+}[@'. [ 69.070559][ T7328] loop3: detected capacity change from 0 to 2048 [ 69.096828][ T7324] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 69.113335][ T7324] ext4 filesystem being mounted at /360/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.135569][ T7339] bond1: entered promiscuous mode [ 69.140633][ T7339] bond1: entered allmulticast mode [ 69.151599][ T7328] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.153589][ T7339] 8021q: adding VLAN 0 to HW filter on device bond1 [ 69.172129][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 69.213885][ T7339] bond1 (unregistering): Released all slaves [ 69.220813][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.300516][ T7359] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1589'. [ 69.350417][ T7364] SELinux: failed to load policy [ 69.614088][ T7383] loop2: detected capacity change from 0 to 1024 [ 69.653334][ T7383] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 69.668989][ T7383] ext4 filesystem being mounted at /325/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.769999][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 69.837353][ T7393] SELinux: failed to load policy [ 69.905323][ T29] kauditd_printk_skb: 145 callbacks suppressed [ 69.905343][ T29] audit: type=1326 audit(1756850586.832:1789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7412 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2d707ebe9 code=0x7ffc0000 [ 69.962973][ T7411] loop4: detected capacity change from 0 to 1024 [ 69.969775][ T29] audit: type=1326 audit(1756850586.832:1790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7412 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2d707ebe9 code=0x7ffc0000 [ 69.993547][ T29] audit: type=1326 audit(1756850586.832:1791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7412 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2d707ebe9 code=0x7ffc0000 [ 70.017443][ T29] audit: type=1326 audit(1756850586.832:1792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7412 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2d707ebe9 code=0x7ffc0000 [ 70.041300][ T29] audit: type=1326 audit(1756850586.832:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7412 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2d707ebe9 code=0x7ffc0000 [ 70.065348][ T29] audit: type=1326 audit(1756850586.832:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7412 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2d707ebe9 code=0x7ffc0000 [ 70.089250][ T29] audit: type=1326 audit(1756850586.832:1795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7412 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2d707ebe9 code=0x7ffc0000 [ 70.113305][ T29] audit: type=1326 audit(1756850586.832:1796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7412 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2d707ebe9 code=0x7ffc0000 [ 70.137025][ T29] audit: type=1326 audit(1756850586.832:1797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7412 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe2d707ebe9 code=0x7ffc0000 [ 70.160710][ T29] audit: type=1326 audit(1756850586.832:1798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7412 comm="syz.1.1616" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2d707ebe9 code=0x7ffc0000 [ 70.195610][ T7411] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.286001][ T7411] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.1615: Allocating blocks 449-513 which overlap fs metadata [ 70.392988][ T7410] EXT4-fs (loop4): pa ffff888105929700: logic 48, phys. 177, len 21 [ 70.401025][ T7410] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 70.459784][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.506177][ T7441] geneve0: entered allmulticast mode [ 70.578155][ T7452] loop3: detected capacity change from 0 to 128 [ 70.832455][ T7482] geneve0: entered allmulticast mode [ 70.966802][ T7500] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 70.976186][ T7502] netlink: 'syz.2.1653': attribute type 10 has an invalid length. [ 70.987910][ T7502] team0: Port device dummy0 added [ 71.001038][ T7502] netlink: 'syz.2.1653': attribute type 10 has an invalid length. [ 71.027302][ T7502] team0: Port device dummy0 removed [ 71.041273][ T7502] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 71.120820][ T7519] atomic_op ffff88811c19e928 conn xmit_atomic 0000000000000000 [ 71.226811][ T7517] loop4: detected capacity change from 0 to 8192 [ 71.292576][ T7537] netlink: 204 bytes leftover after parsing attributes in process `syz.2.1672'. [ 71.579665][ T7558] 8021q: adding VLAN 0 to HW filter on device $H [ 71.657653][ T7558] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 72.084537][ T7593] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1697'. [ 72.088840][ T7596] loop2: detected capacity change from 0 to 128 [ 72.261142][ T7617] loop5: detected capacity change from 0 to 512 [ 72.298200][ T7617] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 72.309614][ T7617] EXT4-fs (loop5): 1 truncate cleaned up [ 72.322141][ T7617] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.434207][ T4514] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.486990][ T7626] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1709'. [ 72.580487][ T7631] netlink: 'syz.2.1712': attribute type 13 has an invalid length. [ 72.610354][ T7631] gretap0: refused to change device tx_queue_len [ 72.623529][ T7631] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 72.729249][ T7642] loop5: detected capacity change from 0 to 128 [ 72.944919][ T7648] loop4: detected capacity change from 0 to 512 [ 72.952065][ T7648] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 72.975806][ T7648] EXT4-fs (loop4): 1 truncate cleaned up [ 72.982316][ T7648] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.020581][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.038570][ T7659] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1723'. [ 73.077525][ T7665] netlink: 'syz.5.1726': attribute type 13 has an invalid length. [ 73.090399][ T7665] 0{X: left allmulticast mode [ 73.101660][ T7665] 0{X: refused to change device tx_queue_len [ 73.109643][ T7665] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 73.197985][ T7673] SELinux: failed to load policy [ 73.271468][ T7690] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1740'. [ 73.401143][ T7703] netlink: 'syz.1.1747': attribute type 13 has an invalid length. [ 73.415981][ T7703] 0{X: refused to change device tx_queue_len [ 73.423365][ T7703] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 73.568337][ T7711] SELinux: failed to load policy [ 73.665587][ T7722] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1755'. [ 73.882835][ T7757] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 73.912837][ T7759] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1771'. [ 74.285360][ T7794] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 74.305657][ T7797] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1784'. [ 74.330361][ T7799] tipc: Started in network mode [ 74.335498][ T7799] tipc: Node identity 7, cluster identity 4711 [ 74.341837][ T7799] tipc: Node number set to 7 [ 74.738540][ T7838] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1800'. [ 74.769150][ T7845] tipc: Started in network mode [ 74.774170][ T7845] tipc: Node identity 7, cluster identity 4711 [ 74.780353][ T7845] tipc: Node number set to 7 [ 74.809459][ T7851] loop5: detected capacity change from 0 to 512 [ 74.817728][ T7851] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c02c, mo2=0102] [ 74.825969][ T7851] System zones: 1-12 [ 74.830494][ T7851] EXT4-fs error (device loop5): ext4_xattr_inode_iget:442: comm syz.5.1805: error while reading EA inode 32 err=-116 [ 74.843181][ T7851] EXT4-fs (loop5): Remounting filesystem read-only [ 74.849690][ T7851] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 74.860438][ T7851] EXT4-fs (loop5): 1 orphan inode deleted [ 74.866887][ T7851] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.913747][ T4514] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.945923][ T29] kauditd_printk_skb: 188 callbacks suppressed [ 74.945938][ T29] audit: type=1400 audit(1756850591.872:1987): avc: denied { create } for pid=7864 comm="syz.5.1810" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 74.974877][ T29] audit: type=1400 audit(1756850591.882:1988): avc: denied { connect } for pid=7864 comm="syz.5.1810" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 74.995192][ T29] audit: type=1400 audit(1756850591.882:1989): avc: denied { getopt } for pid=7864 comm="syz.5.1810" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 75.160289][ T29] audit: type=1400 audit(1756850592.082:1990): avc: denied { mounton } for pid=7866 comm="syz.3.1814" path="/363/file0" dev="tmpfs" ino=1886 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 75.300189][ T29] audit: type=1326 audit(1756850592.222:1991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.5.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981de0ebe9 code=0x7ffc0000 [ 75.323862][ T29] audit: type=1326 audit(1756850592.222:1992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.5.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981de0ebe9 code=0x7ffc0000 [ 75.362774][ T29] audit: type=1326 audit(1756850592.272:1993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.5.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f981de0ebe9 code=0x7ffc0000 [ 75.386755][ T29] audit: type=1326 audit(1756850592.272:1994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.5.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981de0ebe9 code=0x7ffc0000 [ 75.410415][ T29] audit: type=1326 audit(1756850592.272:1995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.5.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f981de0ebe9 code=0x7ffc0000 [ 75.434236][ T29] audit: type=1326 audit(1756850592.272:1996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7882 comm="syz.5.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f981de0ebe9 code=0x7ffc0000 [ 75.484931][ T7893] loop4: detected capacity change from 0 to 512 [ 75.493135][ T7893] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c02c, mo2=0102] [ 75.501240][ T7893] System zones: 1-12 [ 75.506130][ T7893] EXT4-fs error (device loop4): ext4_xattr_inode_iget:442: comm syz.4.1823: error while reading EA inode 32 err=-116 [ 75.519231][ T7893] EXT4-fs (loop4): Remounting filesystem read-only [ 75.525918][ T7893] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 75.536465][ T7893] EXT4-fs (loop4): 1 orphan inode deleted [ 75.552038][ T7893] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.585919][ T3302] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.620677][ T7909] ref_ctr_offset mismatch. inode: 0x807 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 75.687759][ T7922] netlink: 'syz.3.1834': attribute type 5 has an invalid length. [ 75.700050][ T7922] batman_adv: batadv0: Adding interface: vxlan0 [ 75.706502][ T7922] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.732191][ T7922] batman_adv: batadv0: Interface activated: vxlan0 [ 75.739115][ T4052] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 75.761753][ T4052] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 75.769480][ T7925] loop3: detected capacity change from 0 to 512 [ 75.770688][ T4052] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 75.793579][ T4052] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 75.823415][ T7925] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.836082][ T7925] ext4 filesystem being mounted at /370/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 75.889438][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.960990][ T7923] ================================================================== [ 75.969341][ T7923] BUG: KCSAN: data-race in shmem_file_splice_read / shmem_file_splice_read [ 75.977952][ T7923] [ 75.980306][ T7923] write to 0xffff8881302d5fa8 of 8 bytes by task 7920 on cpu 1: [ 75.987947][ T7923] shmem_file_splice_read+0x470/0x600 [ 75.993347][ T7923] splice_direct_to_actor+0x26c/0x680 [ 75.998758][ T7923] do_splice_direct+0xda/0x150 [ 76.003563][ T7923] do_sendfile+0x380/0x650 [ 76.008003][ T7923] __x64_sys_sendfile64+0x105/0x150 [ 76.013226][ T7923] x64_sys_call+0x2bb0/0x2ff0 [ 76.017926][ T7923] do_syscall_64+0xd2/0x200 [ 76.022458][ T7923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.028380][ T7923] [ 76.030720][ T7923] write to 0xffff8881302d5fa8 of 8 bytes by task 7923 on cpu 0: [ 76.038449][ T7923] shmem_file_splice_read+0x470/0x600 [ 76.043928][ T7923] splice_direct_to_actor+0x26c/0x680 [ 76.049315][ T7923] do_splice_direct+0xda/0x150 [ 76.054088][ T7923] do_sendfile+0x380/0x650 [ 76.058600][ T7923] __x64_sys_sendfile64+0x105/0x150 [ 76.063905][ T7923] x64_sys_call+0x2bb0/0x2ff0 [ 76.068612][ T7923] do_syscall_64+0xd2/0x200 [ 76.073134][ T7923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.079386][ T7923] [ 76.081719][ T7923] value changed: 0x0000000000006d00 -> 0x0000000000006d0a [ 76.088870][ T7923] [ 76.091203][ T7923] Reported by Kernel Concurrency Sanitizer on: [ 76.097454][ T7923] CPU: 0 UID: 0 PID: 7923 Comm: syz.1.1833 Not tainted syzkaller #0 PREEMPT(voluntary) [ 76.107276][ T7923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 76.117339][ T7923] ==================================================================