last executing test programs: 1.604656809s ago: executing program 3 (id=2710): mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x2200c42, &(0x7f00000000c0)=ANY=[], 0x1, 0x9fe, &(0x7f0000000400)="$eJzs3c1vXOV+B/Dv8UtiDEoCpJRGQCahCQZcx3ZK0ohFm9iTxNQvle1IRF0QSpwqilta0kqAKjVIVVdFrdSqi3aHuuoKiU3ZVOzu3d27uosrXfEvoLvK4kq+OmfG8dgee+zgN8LnY83Mefmd5/md10czPjNP+GFZOrpqbGmpejzm+I3/3YOMOcCujH/7xZefl4/PHuRQuvNW8X9JX5Ja0pPkxaR3bHx2ZqpDQfeSW0m+SYokh9N43ZJbKf41z6yMf5Piv8t6N3RoqyXTyRI/avt9/AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEFUjI0PD48UhzIxfePdWkNSW2dsfHamyNLS+jnLyzR8XfX6XXzdsd6kKB/p61vu6vvF4yuzX0hSO52XGmMvVR2Spy+fPv3Csbef7+laXn6jbL6Xw1sv9v4nn957f3Fx4aNdSeTgu1afnpibmZi6fK1em5ibqV26cGH43PWrc7WrE5P1uZtz8/Wp2ths/fL8zGxtYOz12silS+dr9aGbMzemr40PTdaXJ178g9Hh4Qu1d4b+rH55dm5m+tw7Q3Nj1ycmJyemr1Ux5ewy5mJ5IP7pxHxtvn55qla7c3dx4fyanLqro6tlQhk00mlNyqDRTkGjw6OjIyOjoyOfNXvPfjThwluX3ro4PNwzvEbWRezSQcvB8tTGu3nnL+LwmLoa7X8ymYlM50bezaHU2vyNZTyzmclU27nr2v8z5+qb1tva/jdb+Z6W2SfKp9N5pTnat0H7v0EuO/bXW1a7WcT9fJJPcy/vZzGLWchHu51R69/S0ebm2cM61/xdSz3TmchcZjKRqVyuptSaU2q5lAu5kOG8l+s5mbnUcjUTmUw9c7mZucynXh1RY5lNPZczn5nMppaBjOX11DKSS7mU86mlnqHczExuZDrXMp7LVSl3crfa7uc3yfFR0MhWgkY3CVrXmG+7/S9Pij1thzhwdvT6Dd/HUrP9P9Q5dGBsLxICAAAAdtzv/TRHjj/3k18lRV6uPpe/OjFZH97vtAAAAIAdVN2u91L5Ut3r9nIK7/8BAADgSVNU37ErkvTnZGNo+ZtQPgQAAACAJ0T1//9XUpxcmeD9PwAAADxhOv/GfseIYnD5539rtxuvt5sRjbGi/+rEZH1obGby7ZGcrX5loPqmwbrSupOit/r6wRs51Yg61d947V8psayzr4waGXp7JG/kdHNFBl4tX14daBM52oh8rRH5Wmtkd1ZFni8jAeBJd3qT9nir7f8bGWxEDJ6omvyeE23a4GEtKwAcFKdzvznU7NKsTfvf7IXnlY3a/z/c5P1/GfFc7pxs3FIwlA/yYRZzO4Np3nFwsl2py70RNG5DGOzwaUB/85aFn1/syuC6zwP6Hq1ra+xCRjPY9hOBlnKL9K3aWN07vPEBYJ+c3rQd3lr7P9jh/f9Km3t4n9YSAGj1qAf7XRzY73UEAFbTSgMAAAAAAAAAAAAAAAAAAAAAAAAAAMDO29IP+P/sbLK4uJDsQWcBjwb6tpPh5gNd2STmN3uzOnsz0J1kv2r/42x7qXIfH5RNZ2D1wD5fmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgTRdLdbnpXcjjJcJJze5/V7nmw3wnslNrjLVY8zMN8nCM7nQ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAwI9d8/f/u9J4fboxKT1dyZkkt5L8+X7nuJMe7ncC++avqueW3//vSnqzVKSnsdtT9I6Nz85Mlbu/OFzO//aLLz8vH53LXt+rQllAWcOqziWaNbRM6V291LPVUv3jC/fv/d2Hf1Mbv1IdmFfmr06OT12b/ZOVwBeKrxpdILR2g7Cc7z+c+f9/a5l8qFn5V+Watre23qtVvePr6/3ddktvUO8W3F1cGC1rmq+/O//3f33345ZZz+VU8upAMrC6pr8sHxvUdGrt9lyt+K745+JI/jO3qv1fbo1iqSh30dFq/Z+6c3dxYeiDDxdvP8rpH1fldCwnk9xO+rae08nqetJWddR19Za1DldB5dPxDuVtqqXEkQ2267PVIdO/rXWobbwOlQ7bvZnR+bYZ/fvfPp+z297TZzvU2FbxXfHL4np+kX9q6f+jq9z/Z9L27GxTRBXZcqS0zlt1enU1Iqs1H22d8d7aMjc8K9kF/5K/yB892v9dLdf/5r7am+tRS43tz4tk++fF/xxd16KsqFqk42tapObVZ6Nlmnkeb0RtkOfv5M2k58S2rihvdrii7Nb5/1/FQH6dB/r/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr4i6W43vSs5k+RYkqPleC1ZWhvz4DHq6+ovHifNHfM4Of/wFBuuaPEwD/Nxjux1RgAAAAAAAADsjivj337x5eflo/p/fHd+v6s5p5b0JDlW/Efv2PjszFSHgnqTW8v/0u/bXg63yqdnVsa/Kcde7LDQ/t4+AAA/aL8NAAD//3QdbZI=") perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$nfs(0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2) openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x88a02, 0x0) fstat(0xffffffffffffffff, 0x0) socket(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x81ffffff}, 0x90) 1.423775593s ago: executing program 3 (id=2712): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r1, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000640)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a119b54c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c76d7756bf4fcaff0c23374ec7c4aadbb8b985f14893a91d750e168350685e0f4f079d2d8e79be174ef9355b70719c712c5d15d2e7505a8696b50738ece15ee5", 0xbe}, {&(0x7f0000000180)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20d7f7f7343067fd40cdd4b16742e94b62f4eb1c5d9f56ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7", 0x5c}, {&(0x7f0000000700)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fc", 0x31}], 0x3}}], 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendmsg$inet(r1, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000000)="14fafa37bf25f04bda99eefbbdd8d76b8136ee6cfdee25bdb2d1873ce347c7b623dd3140cfb2326fa1bf9f1dc2375eeba25df45aefdb3c49a4e7ffab4ed7181180bde98af644d11f", 0x48}, {&(0x7f0000000240)="16a6fca1943502d7ac24a672321690c0215b73b201e67576ef51abd7cb2bcd21ebc41893e255eea9bba2", 0x2a}, {&(0x7f0000000b80)="dfc56286b56ecc486c04bc14504d983be1f4ef618879be74e47bb41ea0ec8db85da5cfdb43e07b8cc7860bc152943651075c35a9e715afc516b3c84a77236602539578c21fa41ba1a52740bba9669431751337c09fb0f778ede72a047afffffffffffff0995db9a4c6b369", 0x6b}], 0x3}, 0x0) r2 = memfd_create(&(0x7f0000000080)='\b\x9dF\xd8\b\xb3~u\xa5\x81\xb1\x8aSpA\xd4\x98\x85D\x89>N\x8ar\x17\x00\x00\x00\x00\xe2{mn\xcc\xbf2\xc0\x90kn\xe8\xfe/\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97\xe7\xe6\x97\xf9\xb3\xf6\xb9\v\xb5$\xee\x84\x1cn,Bd8\x13<\xf0E\x86\xc0v\xd5?\xe5E:+Pm\x1d\xb4\xb8k\x11\x00', 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) splice(r3, 0x0, r2, 0x0, 0x4, 0x0) sendto$inet(r1, &(0x7f00000012c0)="08268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000001c0)=0x3, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000180)=0xe0, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x6, 0x0, r3, 0x0, '\x00', 0x0, r3}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x6dc, 0xfffff636, 0x4, 0x1ec2, 0xffffffffffffffff, 0x10001, '\x00', 0x0, r3, 0x3, 0x2, 0x4}, 0x48) r4 = socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x80000000, 0x2, 0xe, 0x20, 0x1, 0x10001, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x7, 0x4}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = dup(r4) r7 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r7, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{0x6}]}, 0x10) dup3(r6, r7, 0x0) 1.289719974s ago: executing program 4 (id=2719): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) unshare(0x22020600) r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/stat\x00') setns(r0, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x80, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f00000000c0)=0x13) poll(&(0x7f0000000100)=[{r2, 0xcf9aa395655278ef}], 0x1, 0xe7f1) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f00000006c0)=0x3) 1.202946881s ago: executing program 2 (id=2724): socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002ac0)=@delchain={0x34, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_CHAIN={0x8, 0xb, 0x9}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r0 = socket(0x10, 0x803, 0x0) r1 = gettid() rt_sigprocmask(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f000049efa0)={0x0, 0x14, 0x0, @tid=r1}, 0x0) tkill(0x0, 0x12) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x1b0}, {&(0x7f00000007c0)=""/154, 0x84}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) socket$nl_generic(0x10, 0x3, 0x10) preadv2(r0, &(0x7f0000000540)=[{&(0x7f0000000000)=""/41, 0x29}, {&(0x7f0000000040)=""/53, 0x35}, {&(0x7f0000000080)=""/159, 0x9f}, {&(0x7f0000000300)=""/61, 0x3d}, {&(0x7f0000000880)=""/222, 0xde}, {&(0x7f0000000a00)=""/208, 0xd0}, {&(0x7f0000000340)=""/3, 0x3}], 0x7, 0x7, 0xffff0760, 0x2) 1.197104872s ago: executing program 2 (id=2725): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b00000000001b000000180100002020702000000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000001080)=ANY=[@ANYBLOB="180200000000000000000000000000008500000028000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095000000000000002f81c461b3fea834ceb0e17d9838c2830ca7ce46e581a192326a3698c79205e02f1561b0a3c595448e9b7024b45fb2006c9917fe2a42fcd2ce278009682dc8f7c867b177ec5bd50b92aedef35b6cd87b56690b4c96f63ab021ee1cf616d8af74911d5e51b76d2c31b8bece7b0f1e715a899c71e4e05b3d340292075ac4f13d51664febfc2748d0dbd7ddd4274c3aee0d"], &(0x7f0000000080)='GPL\x00'}, 0x65) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x3ffffffffffffda, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r4 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) io_setup(0xa, &(0x7f0000000240)=0x0) io_submit(r6, 0x1, &(0x7f0000001980)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r5, &(0x7f00000001c0)='4', 0x1, 0x100000000000000}]) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008004000b703000000000000850000002d0000009500000000000000d3419916ff0100008091c8bd521db3596c6183009113973e8dead7e6498e359657c5f8685a56af5bac7322265bda6672697c56f8bb80f1937d48b5dbcc3dc36b51f5b366bd2bdc18da18aac9d1787e4d375d7ea2d5fafad8369a5dedbd667702706cc39e657ddfd2ab79553473f5f68134a3f568406ff8c94be63d1710e753dd406e428d8bbeca754f6a9c2e5e350fe5d3e6bdac67d5ea1e51785cc79ab9d377f361fbb25d1188196647b612e1f95d371637"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r7}, 0x10) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x49}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff) r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000200)=ANY=[@ANYBLOB="14d8df00", @ANYRES16=r8, @ANYBLOB="070600000000000000002d000000"], 0x14}}, 0x0) 630.985958ms ago: executing program 0 (id=2735): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000007b000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) r4 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r4, &(0x7f0000000680)={0x1d, r3}, 0x18) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000140)={0x1d, r5}, 0x18) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000280), 0xffffffffffffffff) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$packet(0x11, 0x3, 0x300) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r10, 0x8933, &(0x7f00000001c0)={'wg1\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x1, 0x0, 0x2, {0x0, 0x0, 0x0, r3, 0x21116}}, 0x20}}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000000100000008000100", @ANYRES32=r11, @ANYBLOB="3800088034000080060005000400000024000100010000000400000000000000000000000000000000000000000000000000000004000980"], 0x54}}, 0x0) r12 = syz_open_dev$sg(&(0x7f0000000100), 0x200, 0x20000) ioctl$SG_GET_VERSION_NUM(r12, 0x2282, &(0x7f0000000240)) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x8c, 0xc, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x60, 0x3, 0x0, 0x1, [{0x5c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x50, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}, {0x18, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @void}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x108}}, 0x0) 604.54885ms ago: executing program 0 (id=2738): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="280000000d1401000000000000000000080001000000040608003e00"], 0x28}}, 0x0) 566.711803ms ago: executing program 3 (id=2739): r0 = io_uring_setup(0x1840, &(0x7f0000000100)={0x0, 0x6980, 0x800, 0x0, 0x27c}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x42, 0x4, 0x360, 0xffffffff, 0x1d8, 0x0, 0xb0, 0xffffffff, 0xffffffff, 0x2c8, 0x2c8, 0x2c8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xb0, 0x0, {0x88000000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x9}}}, {{@ip={@private, @rand_addr, 0x0, 0x0, 'bridge_slave_0\x00'}, 0x0, 0x100, 0x128, 0x0, {0x122}, [@common=@inet=@dscp={{0x28}}, @common=@unspec=@rateest={{0x68}, {'wlan1\x00', 'team_slave_1\x00', 0x32, 0x1}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x90, 0xf0, 0x0, {}, [@common=@socket0={{0x20}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @local, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xd801]}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c0) r2 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000200)={0x5, 0x0, &(0x7f00000001c0)=[0xffffffffffffffff, r1, 0xffffffffffffffff, 0xffffffffffffffff, r2]}, 0x5) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x3e649116, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x4}, 0x48) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r3}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SG_EMULATED_HOST(r4, 0x2283, &(0x7f0000000000)) socket$nl_route(0x10, 0x3, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000009c0)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) 565.944153ms ago: executing program 0 (id=2740): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x14b240, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0) r1 = syz_open_pts(r0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) dup3(r1, r0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x11) syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0xa0c4cc, &(0x7f0000000dc0)=ANY=[@ANYRES8=0x0, @ANYBLOB="5791125b581ec623b551f43ec955d0dbef069139f5ec97ee6ef69c24b1e932ba2a7a833132939328b6c04151be37d42900946a6027a2d7f4445ff4ccf3345b966c1ee45ad37a4254c8470ffa11dbcfabb1310f4829b94279e0feef13ca6e0f6f8380e89415e8d646e684d3f6d82cc3db11b4a01c00b25211cb21bcbac38f794e1b6b46d537f4b44a9fd3357d1448738905d0f78b73e1183a4094d8f7f4f1914e675772eb01788aba5af05f97600080c83fe100870fc15e9af34b5f71280c52843e3bad4f90f50b41842502e39393cde38b38f2baa70bc7acf5513478b10c1ec082f2581ea287451e1949408cabf3ed8ec30c8d76f2ddd7189a2ebff8e5df88d8d78991e3f028b4739fa7ace66e04772a8d1fd07b460220db897e86558949c3c6b2fedef1168fe1a7778bc1275eeb570d64143fd1786bd3a57b4b0acedd26e64db91483d11936f4d537fda02f145ee5268266ab4e7e1eebca0e41050000005856fdc4c0aee8fe373c84c3c506b1625da40080204d5e13b8528a2be4d9b9be7fb18c6d76df5fd33b1342ed0658b0c8acaef44aea0f0c6484dea22ceda68f0a587ede87d1", @ANYRESHEX, @ANYRES16], 0x1, 0x5a9, &(0x7f0000000540)="$eJzs3V9v0+odwPGfS8vaToJpmxCqCn1oN6lIJTgJBEXc4DlPUkNiR7aD2qutoimqSGGiTFp7A73ZhrQ3we1exKS9k70BtNtdnKMc2Y5p0uZPT//lnOr7iU79xP7F/j1u5N9xsR8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQwy6ZZtaQquM21tRgdsn3aklTJvssT9d3v2cyZLsiRvSfTE/L7WTW7d8eLr4V/ViU+eTdvExHk2nZ/+WtXz39zeRE+vkhCV+K3b39NxutVvP9ycKnx57wOato1wk8p2ZVppQTeKpYKJgPV8uBKjtVHawHoa4p29dW6Plq2b6vssViXunMutdwKyWrqtOZTx7kTLOgnmfq2vIDz334PBPYq0616riVOCZaHMU8ib6IL5xQhdpq3xTZbjXzo5Lc2m41sycJyo0Kypm5XDaby2ULj4uPn5jm5LEZ5hFyLGL8X1qM1zkfwYHTm7BL6RfSEVcaIvIpfqeOvGwpiS+e1I4tSV4daf3//UM9dLuGyIR06n9a5W8fLp6TuP7fTd7d/Vb/F6Sn/g/I5aJehsin3jm7sif78kY2pCUtacr7eO7CJec1vldFtLjiSCCeOFITK56jOnOUFKUgBTHlj7IqZQlESVkcqYqWQNYlkFC01GRGbPFFiyWheOKLkmWx5b4oyUpRipIXJVoysi6eNMSVipTEitYysyXb8X7PD8lR0qDsSYJyQ4Ko/zi78zx8A2fS7pz/AwAAAACAq8uI//oenf9PyZ24VXaq2hx3WgAAAAAA4BzF//I/H02motYdMTj/BwAAAADgqjHie+yS6/8XklZ6JxR/BAAAAAAA4IqIz/zvXk/fLojB+T8AAAAAAFfNP9LRd/+UjgF4dIz9oP4L49//E9+fMg7qa78zdqwoytq5loRfO7rGsDxn3OisJJ4UJjvvbD1vdEa/PBwEcyL++XVr1Fj/Rt8EjPbNY10anID8U+4lMfc2k+lmuiTZymzZqeqM7VWfZsWybkyEei38y9vtv0rc/c9u7YYhW9utZubVu9ZmnMtBtJaDnc7OOzaO4sBcvmt/iMdbiO+56NvjqXK6az+7tdlku2Z3/ye6d+DJ+v83WUxiFmeT6Wxv/6ej/mczg3rfySJ7pp5HWSwlHV5ajhtLy32yyI3KItedxan2xVISMyyLfJTFf6IVDcgif8YsAGBctkZUIeN44e8+ynUfwIYc5Y5W94mTVfeh/3vxrM8RfTmJWZ6L85qc63NEN0fVFfOM1e1fXc9AasfpH2bR/pgsimpsO/Gxt6p+iRZ/GbjdoJozol147cPOn+XW7t7+g+2djdfN1823uVy+YD4yzcc5mYq70ZlQewAAffR5xs5hZf4+qv9DI+La/ejwrDq5kODIWfWvv11SkJFX8k5asikr8d0G8RUHfdc623UZwsqIs9bZrie8rAw/q/vU/aCXvrFG8vijb+uNe5S/8N8DAACXaXFEHT5J/V8Zcd7dW8uPPiF4cC0HAAAXQ/tfjdnw74bvGyJSLGatcFUr37NfKN8pVbRy3FD79qrlVrSq+17o2V41arx0SjpQQaNe9/xQlT1f1b3AWYuf/K46j34PdM1yQ8cO6lVtBVrZnhtadqhKTmCreuMPVSdY1X784aCubafs2FboeK4KvIZv64xSgdZdgU5Ju6FTdqKmq+q+U7P8dfXSqzZqWpV0YPtOPfSSFabbctyy59fi1WbGvbMBAPiJ2N3bf7PRajXfX2Bj3H0EAAC9uqv0zLiTAQAAAAAAAAAAAAAAAAAAAAAAfZ373X5TcvE3FP5sGukYu505M0ODD067LYnHNRQZGpwOpHzK7vz3bB/v33h2wb8CQ370p/7fPs22VM+c63KKnCcv6WbcEzfGczwCcHl+CAAA//9Ba0vg") syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x480, &(0x7f0000000000), 0x1, 0x76c, &(0x7f0000000800)="$eJzs3c1rHOUfAPDvbDdJf2l/NoKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBLSJ4EVQ8CHrp2Zd68+rLVf8LD9JSNS1WPEhkNrPtttlNN22SbdjPB572eWZm8zzffWbmeXZn2Amgb42m/+QiDkbER0nEgWx5EhEDjVw+4vjadjdXlktpSmJ19Y0/ksY2N1aWS9HymtS+rPBERPz4fsSh3Pp6a4tLM8VKpTyflcfrs+fGa4tLh8/OFqfL0+W5oxOTk0eOPX/s6NbF+tcvS/uvfvzqM98c/+e9xy9/+FMSx2N/tq41jq0yGqPZezKQvoV3eCXe2erqeirpdQO4L+mhuWftKI+DSZrP97pJAMA2S2ehqwBAn0mM/wDQZ5rfA9xYWS41U2+/kdhZ116OiL1r8Tevb66tyWfX7PY2roMO30juuDKSRMTIFtQ/GhFffPfWV2mKbboOCdDOuxcj4vTI6Przf7LunoXNeraLbUbvKjv/wc75Pp3/vNBu/pe7Nf+JNvOfoTbH7v249/Gfu7IF1XSUzv9earm37WZL/JmRPVnp/40530By5mylnJ7bHomIsRgYSssTG9Qxdv3f653Wtc7//vzk7S/T+tP/b2+Ru5IfuvM1U8V68UFibnXtYsST+XbxJ7f6P+kw/z3ZZR2vvfjB553WpfGn8TbT+vi31+qliKfb9v/tO9qSDe9PHG/sDuPNnaKNb3/9bLhT/a39n6a0/uZngZ2Q9v/wxvGPJK33a9Y2X8fPlw780GndveNvv/8PJm828oPZsgvFen1+ImIweX398iO3X9ssN7dP4x97qv3xv9H+n34mPN1l/Pmrv399//FvrzT+qU31/+Yzl2/O7OlUf3f9P9nIjWVLujn/ddvAB3nvAAAAAAAAAAAAAAAAAAAAAAAAAKBbuYjYH0mucCufyxUKa8/wfiyGc5VqrX7oTHVhbioaz8oeiYFc86cuD7T8HupE9nv4zfKRu8rPRcSjEfHp0P8a5UKpWpnqdfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkNnX4fn/qd+Get06AGDb7O11AwCAHWf8B4D+Y/wHgP5j/AeA/mP8B4D+Y/wHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgm508cSJNq3+vLJfS8tT5xYWZ6vnDU+XaTGF2oVQoVefPFaar1elKuVCqzt7r71Wq1XOTMbdwYbxertXHa4tLp2arC3P1U2dni9PlU+WBHYkKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADantrg0U6xUyvMyuyCTz3rtYWnP7sgMPhzN2GWZHp+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHaJ/wIAAP//78Imuw==") bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x0, 0x2}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="580000001000010400004009959e40c16c39e100", @ANYRES32=0x0, @ANYBLOB="01020400000000002800128008000100736974001c00028008000200c6120001060008001900000005000a00fd00000008000400010001000800"], 0x58}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280), 0x80402, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000180)='cgroup.kill\x00', 0x275a, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r5, 0x4004662b, &(0x7f00000001c0)) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) getpid() ioprio_get$uid(0x0, 0xffffffffffffffff) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000013c0)={&(0x7f0000000100)={0xa, 0x4e23, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2}, 0x1c, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000029000000370000000000000000000000300000000000000029000000360000000002000000000000c910fc0200000000003e8957ddca1e717eb13a89aa000000000000000000000100000000"], 0x48}, 0x24008000) r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000002c0)={'ip6erspan0\x00'}) 565.873253ms ago: executing program 1 (id=2741): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, 0x0, 0x4044) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x4, 0x800, 0x14, 0x20, 0xffffffffffffffff, 0x900, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) 565.652724ms ago: executing program 3 (id=2742): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f0000000100), 0x48) syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x35d, &(0x7f0000000f00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPNiDurJvyeatLzFpfr/2+4GSycw8u7OZSXk27WYv3/3yo0rJ0kp6Q6JJJRERkSuRrEQlEPEfo245IWGH8srMnz+/uL5ZTHoVaiW/8WpOKTU3/8PHn6X8bmfTcpF9//KP3O8Xz148f/nvxodlS5UtVa01lK62a7829G3TULtlq6IptWoaumWoctUy6l77d/52zNreXlPp1d3Z9F7dsCylV5uqYjRVo6Ya9abSP9DLVaVpmppNC25SPF5b0/NDBu+MeDAYk3o9r0+JSKqnpXg8kQEBAICJ6s7/o05KP0z+vyVzhcLymnI6t/P/k5fOGzPvnM75+f9Zol/+/9ov3rY68n/ndKKd/9e884PSzfn/13KH/L83I3pchs7/s2MYDIYzn+ipinQ8c/L/tP/+dR29d7LoFsj/AQAAAAAAAAAAAAAAAAAAAAB4GlzZdsa27UzwGPy0LyHwn+NBGjT/0yKSdGbfZv4fsvXNLUm6F+45c2x+sV/cL3qPfodzETHF+Mfu5qyN4Moj5cjKj+aBH3+wX5xyW/IlKTvxsiQZybrrKRRv2ytvFZaXlMePb12mlA7H5yQjz4Tjv3dXpxOf64z395+QlxdC8Zpk5KcdqYkpu25ke/+fLyn15tuFrviU209Efrv3SQEAAAAAYMQ01dL3/F3TBrV73zKSL7kfExmyKBn5u//5/WLf8/NY5oXYpI8eAAAAAIDHwWp+WtElatTdgmn2K6RkYNMICrGOmriI9O2c6KqJX7flqdAR3nY8CfHuYPJ/j+ub4FW9S1TwjxTOwFtN/h1VZLjxBMfv1kRiw09T5FDcBXAYborKLcJj3YOfdypU384LA7dz5B9Iqyb42Cgx4HWW1d7tRK9ZCfGeGjsy3AJ47qtv/xrdG+T1U38FfHJz5yPTsA/kNpPSVXB20dsUH/svHgAAAAD3rp30BzVvhJvDNxIJ3yyHv9wDAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBCY/lKv67CpI8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFL8FwAA//8GuPOT") creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = creat(&(0x7f0000000380)='./file2\x00', 0x65) io_setup(0x206, &(0x7f0000000200)=0x0) mount(&(0x7f00000003c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, 0x1718, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6d1ce5d29c3ee5e5ca900177c41499dc2bac63a4b78c660e677df701908b9aaa3f6a00400", "036c47c6a9ad1cd3d10e88b9a0c8cf335263bdbcbd9501ce721b6ae9b49600002a00000000000000000000f2d8526a18c900000000000000000100", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00"}) fchdir(0xffffffffffffffff) r4 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000340), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x13, 0xffffffffffffffff, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd) sendmsg$nl_route(r4, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000100)=@setlink={0x44, 0x13, 0x5, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_MASTER={0x8}, @IFLA_MTU={0x8}]}, 0x44}}, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x15, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x1a00001a}]) r6 = socket$inet6(0xa, 0x3, 0x8) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000080)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0xfffffffffffff708}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@private2, 0x0, 0x4, 0x2}}, 0xe8) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 565.395834ms ago: executing program 1 (id=2743): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20) sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="6000000000000000290000000b0000000008000000000000c910fc020000000000004800000000000000c9100000000000000000000000000000000107200000000006000000000000000000000000000000000000000000000000000000000028000000000000002900000004"], 0x90}, 0x0) 514.193268ms ago: executing program 1 (id=2744): r0 = perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="20000000110001000000", @ANYRES32], 0x20}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="480000001000010400000000000000ffffffffff", @ANYRES32=r5, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=r5, @ANYBLOB="0000809b00000000057c8d50a9a0af62ee6a982ba7c1e010a803ceb2a1cfe83ea88fa588c8afeac95152fcb6eb76c0203b58e4a2463d1c045dbba0d1c29afb7f107e733fbbc4f3c6159e971b674712bbb2f31c7e30625de160107c699af5686427f123049e7a7c2ffd843bb4ea074c27aa3092f957b4816ea4635d9ac5c02588fe59aaca36c37ca425bdc1281287cde5957aef6a6503c9bb05816a35c7824343b41396a88ae4585a984c9940373c8b3194d94be82e64848845aaa3126edf8ec3831e46fc99be864c4907656972cfd5"], 0x48}}, 0x0) 478.665131ms ago: executing program 1 (id=2745): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, &(0x7f0000000600)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='ext4_sync_fs\x00', r2}, 0x10) sync() 452.538313ms ago: executing program 3 (id=2746): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="00000088a8ffff0008000a00", @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) 409.820146ms ago: executing program 4 (id=2747): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000b00)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x30, 0x30, 0x12, @in6={0x1b, 0x0, 0x0, @empty}, @ib}}, 0x118) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0x20000000, 0x8}}, @TCA_CT_MARK={0x8, 0x10, 0x1000000}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) 409.699956ms ago: executing program 3 (id=2748): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0x405, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa}]}, 0x40}, 0x1, 0x6558000000000000}, 0x0) 409.298176ms ago: executing program 4 (id=2749): socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x357, &(0x7f0000000180)="$eJzs3c9rI2UYwPEnaTa/lm1yEEVB+qAXvQxt9KwG2QUx4NLdiLuCMLudaMiYlJlQiYitJ6/izX9AcNljbwX1H+jFW7148dZLQdAi4shMZtr8mCRNmpLWfj9Q8kze95mZNzOE5w3M28MPvvm0UXONmtmWZFYlISJyLFKUpEQS4WsyiNPSa0devfnHwYv3Hjx8t1yp3F5XvVO+/1pJVZdXfvzsi1zYbS8j+8WPDo9Kv+8/u//84b/3P6m7Wne12WqrqY9av7XNR7alG3W3YajetS3TtbTedC2n297qttfs1uZmR83mxq38pmO5rprNjjasjrZb2nY6an5s1ptqGIbeysv1kh3Y9hKTc6pP1tfN8owHfDxjHubtb8/zxjQ7TtlcEjFyQy3VJxd6XgAA4FIaqP+/i2qEoiRPCspE31xguP6P4qD+96vO0/r/6Us/t2++v7sc1v976bj6//Vfu/l99b9/9LnX/z8MbA9XRFfe9jSdz1X/43JYSQ+91T/18+v/fDh/D3z14dPVIKD+BwAAAAAAAAAAAAAAAAAAAADgKjj2vILneYXoNfo7fYQg3I62xj1ojCtn1PXPhCsKnNwP+F+69+ChZIMH91LLIvbXW9Wtavc1bI86rkpB/gnuh1B3wYmdoFF9RfnJ3g7zt7eqS0FLWUTFFkvWpCDFvvwgvvNO5faadvXnJ1J5P78m9SC/JAV5Jj6/FJufllde7sk3pCC/PJaW2LIRfo9F+V+uqb79XmUgPxf0i/PmxV8WAAAAAADmylDNhtPn2Pm7YajGtftzeemdnw//PnAyv16NnZ+nCi+kFjt2AAAAAACuCzf9ecO0bctxOyODnEzqkwn3Nn4/8UFqms5+cBAEN8b1WeoZ4Vn3nA7/g8YUJy/TjdS07T8zEvthRku49jVlz/GpmnY0/jN0zk57CRw3Of3YLcdd8c9HZxpOTxD9bDSqj9yddc+jgmjl3Emdn/v2+79mO0QiXLW3t+mN3eyEkQZBYuCdnQk37ZHnTTyfGxf5nQMAAABgMaKiP+dG77y12BMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAamusyaSOCRY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCz+CwAA//+9m/li") creat(&(0x7f0000000280)='./file0\x00', 0x0) (async) r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000002000000000000000002000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70300000000000085000000ad000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000002c0)={r2, 0xffffffffffffffff, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x1}}, 0x3c) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000f3ffffb0150000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000005c0)={&(0x7f0000000840)={0x100, 0x1403, 0x8, 0x70bd27, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth0_to_batadv\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'gre0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wg1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan0\x00'}}]}, 0x100}, 0x1, 0x0, 0x0, 0x811}, 0x4000884) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socket$unix(0x1, 0x1, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000013002108000000000000000008000000", @ANYRES32=r5, @ANYBLOB="0b3e132b21a500000c0001000000200000002000"], 0x2c}], 0x1}, 0x0) (async) sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000013002108000000000000000008000000", @ANYRES32=r5, @ANYBLOB="0b3e132b21a500000c0001000000200000002000"], 0x2c}], 0x1}, 0x0) 351.844661ms ago: executing program 4 (id=2751): socket$packet(0x11, 0x0, 0x300) ioctl$FIOCLEX(0xffffffffffffffff, 0x5451) bpf$MAP_CREATE(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3}, 0x0, 0x20000000, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010200000000000300020000000900010073797a300000000040000000030a01010000000000000000020000000900010073797a30000000000900030073797a320000000014000480080001400000000008000240000000002c000000030a03000000000000000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0xb4}}, 0x0) 337.699102ms ago: executing program 1 (id=2752): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2}, 0x18) sendmsg$can_j1939(r1, &(0x7f0000000000)={&(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x0, 0x1ee}}, 0x18, &(0x7f00000004c0)={&(0x7f0000000140)='\x00', 0x1}}, 0x0) mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) removexattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=@random={'btrfs.', '}.\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$igmp6(0xa, 0x3, 0x2) accept$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast2}, &(0x7f00000001c0)=0x1c) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r4, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x5f}, './file0\x00'}) r5 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r5) r6 = syz_open_procfs(0x0, &(0x7f00000009c0)='io\x00') mount$9p_fd(0x0, &(0x7f00000006c0)='./file1\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) 323.498863ms ago: executing program 4 (id=2753): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x90) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) socket(0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="50000000100001040000000000006c0000000000", @ANYRES32=0x0, @ANYBLOB="fffe000000000000280012800a00010076786c616e00000018000280140010"], 0x50}}, 0x0) 239.80447ms ago: executing program 1 (id=2754): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff3ae644850000000e000000650000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4e00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0xc}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$link(0x9, r0, 0xfffffffffffffffb) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r2, 0x80045440, 0xfffffffffffffffc) memfd_create(&(0x7f0000000200)='\f\x8b\x8a\xa9\x16\x11O\xdd\xdfk(F\x99\xdf\x9a\xd5>oJ\x02u\x9b\x94a\xac\xfe6A\xc4\a\x9e\xbd\xa2\xfb\rD\xefq\x1f!\x01\xc3\xa5U\x98\xee\xcd;A\xe8\x00~V\xbf\xd4\x00\xd2,7\xa0\xfd7\xe8\xf9M\x02\xec\f3\xd4\xb8\xc3\x85\xda\xeb\xce7y%S\x1e\xa9\xe9\x92!\x95\xf1Ek\x95\x9bQ\x1d\xa4\xc2\xbb\xfa\x96\x14\x7f\xb9\x90\x9cn\xb5\x10\xd2\x84\xe9\x9e1\x9a\x9e\xa7\x9e\xcd\x1a\x86\x14%\xbaS\x90\xb1j\xf9\x00\xd7@D\x04\xaa\xb55\xd8x?z\xff\x85j3\xbe\axo\x05)\xcc\xcd\x9b\xb3\xe7w\x0e\x9f\xd3\aU\xf0M\xc1\xad\x17t\xeb\x1b\x11m\xec\x00\x00\x00\x00R\xb6v\x88\a\x82\x9e\x00\x00\x00\x10\x00\x00\x00\xa6!\xb3\xa8\xe7[&\x165\x84\xce\xa5\xc4wT\xf2E\tj\x92G\x14\x04\x93\xa4\xba\xcb\xce\"Y\xd68\xeb\x01\xc9/\x19\x85\xc6\x8do\xcb\x17\xb5\xffW\xe6\x8a\xfb\a\xf6', 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r3, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x300, 0x0, 0x18, {[@window={0x9, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000003a80)=ANY=[@ANYBLOB="1400000010000100000000000cca00000000000700000000000000010000000000000000050000000900010073797a300000000050000000030a01030000000000000000050000000900010073797a3000000000100008800c00014000000000000000000900030073797a320000000014000480080002400000000008000140000000001400000011000800000000000000000b0000000a"], 0x98}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000800)=ANY=[@ANYBLOB="b0020000", @ANYRES16=r6, @ANYBLOB="000000000000000000000c000000dc0103800c00038008000180040003000800020008000000080002007f000000bc0103800c00018007000200212800006801018004000300040002000c000200657468746f6f6c002e010200697036678bea9ac2d1ee3acd46b205000000000000005b10ea15e0a1cce56c7456170ec17d192b1f1fa9246ec7b752c6e821c85504aa0f79cf5511aae1cf000edab8dc0c39796dc95f697d5e61a8844282af41e8bc7f4e33f3227c2ce396aad8d8e2392ac2d4c498df7fd4d3f1946aadb72152abf55a4c2dad1743891e37f6e88c38cf6bcc4198197fe783622cee4fe46ec084815d274015dcb64bc16a7f090cde5d503bf109bba097536d70dc7d3c927095c41177f4660a5beb186f4125e4e368a055cbadb86d6f9666947261c1a1f468a87bb1cc346d938bb993b30322a9fcc2ffd494000019d0ac67b1fae0f0893c848fb19c4765256ab4cf16b041629805254cad1b74d0ab737afa1984f8059ce2c96a8514d968cd0a96a30ad4349d92f7cc567edf00000000000000000900020073797a300000000004000300090002002f3a23230000000004000300200001800900020073797a3200000000040003000900020073797a30000000002000018004000300090002002f3a232300000000080001003c0000000400030004000180c000038004000100b000050053ac36653e31422782b42e5c0000d7516f69404c1812149688c17061d0c26ce74ee380831cdf809aa97bb9c8e4c32c676f9599631900ece8d9a01547bcb5ff4287288f94bf30eea48ed96a9f37be45902526807de1a2bf9a27105767d46b7606ce0a27ca1f06a3cea0acd4dcea5f143f64c1eb443fd70b698d0491f6a9040eb3a88fba6e6a664109e1735e5055c1b5235192335df91801cc440cdc2a36e105000400b9000000"], 0x2b0}}, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) dup2(0xffffffffffffffff, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000100)={[0x1010000000000]}, 0x8) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) creat(&(0x7f0000000080)='./file0\x00', 0x1de) execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) 216.176242ms ago: executing program 2 (id=2755): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000000010000104000000000000000000040000", @ANYRES32=0x0, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000080003000a"], 0x50}}, 0x0) 164.059056ms ago: executing program 4 (id=2756): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = gettid() tkill(r1, 0x7) kcmp(0x0, r1, 0x3, r0, r0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000006050004"], 0x58}}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f00000004c0)=ANY=[], &(0x7f0000000380)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='rss_stat\x00', r2}, 0x10) socket$pppl2tp(0x18, 0x1, 0x1) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x0, 0xfffffffd, 0x8000, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x200004}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x36, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SWAP(r4, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000580)=ANY=[], 0x14}}, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f00000003c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xbc}}, {@nobh}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0x0, @remote}, @in={0x2, 0x4e20, @remote}}}, 0x118) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r5, 0x1, 0x26, &(0x7f0000000240), 0x4) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000180)={0x1, 0x2, 0x1000, 0x9}) 75.994154ms ago: executing program 2 (id=2757): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001600)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x3a}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x400300) 75.823863ms ago: executing program 0 (id=2758): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000003b0009000000000000000000010000000c0003800800000000000000487a359d5ec3a5a25b40173fde3ba468a2d56d93ad86ad8853fd52ddca124251d8ebee2b5ef577a031e1e01ba747f83cc9d66e14bab817cf6a5fc904c9a8947628a1827787f57a8dd65682003d78afbc5e7bc288683b1c6088fb4b8b8a6c763bcaa01b9733562815e2fa0d8a3816e55b8ec614d29570f3e5ad22b23328454044b3b64e125d98e32c74bdc2b16437a3ef108331b9c0e36ef658521f62becb581d5a8b87b3a8946305b049f58d8bf20e7af5966fd3544119f4e71b6c04ebf6cfa92db40553f32334ffb2f55f30d6b04e02b1c47ad4f0d0fd6a1bae5059919145442f1bf5ba5c906511f2b1ec6ebae26a92357f63605d7b95f079fb7479573cd9d868f20bddf8f512ed7fbe4e64b8955c2432381253671fe0113aec40a687aee4969d7819394fd23f48039cbc7a3bf4c1b8345a7cf468fb12c3f3e02adc095156a7e9b5bfa12b122fb7c8c3b411f019aed11164c159d2e7ac"], 0x20}}, 0x0) 75.728173ms ago: executing program 2 (id=2759): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GTP_LOCAL={0x8, 0x7, @multicast2}, @IFLA_GTP_FD0={0x8}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0x1000}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x50}, 0x1, 0x0, 0x0, 0xeaffffff}, 0x0) 74.600984ms ago: executing program 0 (id=2760): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="2c00000011000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000000c001a800800048004000a80"], 0x2c}}, 0x0) 8.982889ms ago: executing program 0 (id=2761): r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000380)="39000000130003475fae7cdac5254130060000000100000045000000250000001900190004000200020000000000000604000000ffffffffff", 0x39}], 0x1) 0s ago: executing program 2 (id=2762): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./bus\x00', 0x0, &(0x7f0000000400)={[{@data_err_abort}, {@noblock_validity}]}, 0x9, 0x5f2, &(0x7f0000002540)="$eJzs3c9vVNUeAPDvmf6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0kKQAg2t0aIJJcGNiXFjjIkrF+J/oUS2rHTlwo0rQ0LUsDRxzJ3eKZ32Tkt/TKf2fj7J0HvPmTvn3JbvnHPPnHMngNIazP6pRByMiOkU0Z/mF/M6I88cXHjeoz8+PJ89UlSrr/2WIuVp9een/GdffnBPRPzwfYoDHSvLnZm7cXl8amryer4/PHtlenhm7sbRS1fGL05enLw6+sLoqZMnTp4aObah87pZkHb29jvv9X889ubXX/6ZRr75eSzF6Xg5f+LS89gqgzFY+52klVl9p7a6sDbqXLafliewY3Xkf7+uiPhf9EfHkr9mf3z0SlsrB7RUNUVUgZJK64j/rLfQyroA26neD6hf2y+/Dq60pVcCbIeHZxYGAFbGf+fC2GD01MYG9j5KDeM8KSI2NjLXaF9E3L83dvvCvbHb0aJxOKDY/K2I+H9R/Kda/A9ETwzU4r/SEP9Zv+Bc/jNLf3WDPYXlQ8XiH7bPQvz3rBr/0ST+31oS/29vog75pcjN3ob4793EKwIAAAAAAEA53T0TEc8Xff5fWZz/EwXzf/oi4vQWlD+4bH/l5/+VB1tQDFDg4ZmIlwrn/1bqs38HOvKtf9XmA3SlC5emJo9FxL8j4kh07cn2R1Yp4+gnB75oljeYz/+rP7Ly7+dzAfN6POjc03jMxPjg+GbPG4h4eCviqcL5v2mx/U8F7X/2fjD9hGUcePbOuWZ5a8c/0CrVryIOF7b/j+9akVa/P8dwrT8wXO8VrPT0B59+26z8jca/W0zA5mXt/97V438gLb1fz8z6yzg+11ltlrex/v/seHd6vXZXoe487f3x2dnrIxHd6WxHltqQPrr+OsNuVI+Herxk8X/kmdXH/4r6/70RMb/stdPvjWuK6/77V98vzeqj/w/tk8X/xLra//VvjN4Z+K5Z+U/W/p+otfVH8pSs/W/dbwT+OT6vh2l3Y3pBOHYWZW13fQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgN6hExL5IlaHF7UplaCiiLyL+E3srU9dmZp+7cO3dqxNZXu37/yv1b/rtX9hPte//r2Tbj/dHo3H/eETsj4jPOnpr+0Pnr01NtPvkAQAAAAAAAAAAAAAAAAAAYIfoa7L+P/NrR7trB7RcZ7srALRNQfz/2I56ANtP+w/ltaH4T/NbXxFg22n/obzEP5SX+IfyEv9QXuIfyso4PgAAAAAA7DL7D939KUXE/Iu9tUemO8/ramvNgFartLsCQNu4xQ+Ul6l/UF6u8YG0Rn5P04PWOnI10+c3cTAAAAAAAAAAAAAAlM7hg9b/Q1lZ/w/lZf0/lFd9/f+hNtcD2H6u8YFYYyV/4fr/NY8CAAAAAAAAAAAAALbSzNyNy+NTU5PXbbyxM6pRtNHboleuVqs3s/8FbT/B3bFRnwq/U+qzbKO+1u/JjmrfexIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDo7wAAAP//sg0n+g==") r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r1, 0x29, 0xd1, &(0x7f0000000140)=0x9, 0x4) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r3) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000180)='ro\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): [ 92.727368][ T8256] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.749969][ T8256] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.761357][ T8256] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.779103][ T8256] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.862457][ T8256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.892942][ T8256] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.941087][ T6325] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.948337][ T6325] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.962189][ T6325] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.969297][ T6325] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.011972][ T8414] vlan3: entered promiscuous mode [ 93.017113][ T8414] team0: entered promiscuous mode [ 93.022278][ T8414] team_slave_0: entered promiscuous mode [ 93.028101][ T8414] team_slave_1: entered promiscuous mode [ 93.035311][ T8414] team0: left promiscuous mode [ 93.040210][ T8414] team_slave_0: left promiscuous mode [ 93.045856][ T8414] team_slave_1: left promiscuous mode [ 93.069998][ T8256] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.170023][ T8256] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.194010][ T8449] loop3: detected capacity change from 0 to 1024 [ 93.207437][ T8449] netlink: 'syz.3.1731': attribute type 1 has an invalid length. [ 93.265800][ T8463] loop3: detected capacity change from 0 to 1024 [ 93.285627][ T8463] EXT4-fs: Ignoring removed orlov option [ 93.286713][ T8256] veth0_vlan: entered promiscuous mode [ 93.291382][ T8463] EXT4-fs: Ignoring removed nomblk_io_submit option [ 93.302433][ T8256] veth1_vlan: entered promiscuous mode [ 93.326478][ T8256] veth0_macvtap: entered promiscuous mode [ 93.334347][ T8256] veth1_macvtap: entered promiscuous mode [ 93.336481][ T8476] loop4: detected capacity change from 0 to 512 [ 93.344598][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.356895][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.364933][ T8476] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.1739: attempt to clear invalid blocks 1 len 1 [ 93.366746][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.380660][ T8476] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1739: bg 0: block 343: padding at end of block bitmap is not set [ 93.390589][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.406021][ T8476] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 93.414581][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.433894][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.446950][ T8256] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.447545][ T8476] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.1739: invalid indirect mapped block 1819239214 (level 0) [ 93.467985][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.468018][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.468028][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.468039][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.468048][ T8256] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.468082][ T8256] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.469573][ T8256] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.494338][ T8476] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.1739: invalid indirect mapped block 1819239214 (level 1) [ 93.539157][ T8256] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.559934][ T8256] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.568763][ T8256] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.577498][ T8256] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.594943][ T8476] EXT4-fs (loop4): 1 truncate cleaned up [ 93.634564][ T8500] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.644262][ T8500] batadv_slave_0: entered allmulticast mode [ 93.663680][ T8506] __nla_validate_parse: 16 callbacks suppressed [ 93.663696][ T8506] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1749'. [ 93.679113][ T8506] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1749'. [ 93.740071][ T29] kauditd_printk_skb: 63 callbacks suppressed [ 93.740099][ T29] audit: type=1400 audit(1721550861.389:1410): avc: denied { connect } for pid=8516 comm="syz.3.1754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 93.767814][ T8517] loop3: detected capacity change from 0 to 512 [ 93.787955][ T8523] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1756'. [ 93.801589][ T8526] geneve2: entered promiscuous mode [ 93.807535][ T8526] geneve2: entered allmulticast mode [ 93.846556][ T8533] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1761'. [ 93.860470][ T8533] batman_adv: batadv1: Adding interface: netdevsim0 [ 93.867110][ T8533] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.898637][ T8533] batman_adv: batadv1: Interface activated: netdevsim0 [ 93.933801][ T8542] loop3: detected capacity change from 0 to 512 [ 93.949296][ T8546] loop0: detected capacity change from 0 to 512 [ 93.949770][ T8542] EXT4-fs: Ignoring removed nobh option [ 93.991191][ T8546] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 94.054443][ T8563] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1769'. [ 94.214110][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 94.295953][ T8581] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1776'. [ 94.640853][ T29] audit: type=1400 audit(1721550862.289:1411): avc: denied { read } for pid=8599 comm="syz.4.1784" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 94.670732][ T8600] loop4: detected capacity change from 0 to 1024 [ 94.689744][ T8605] loop1: detected capacity change from 0 to 512 [ 94.697532][ T8605] EXT4-fs: Ignoring removed i_version option [ 94.703538][ T8605] EXT4-fs: Ignoring removed nobh option [ 94.713336][ T8605] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 94.714471][ T8607] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1787'. [ 94.755411][ T8613] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1791'. [ 94.771807][ T8613] loop4: detected capacity change from 0 to 512 [ 94.781633][ T8613] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 94.791428][ T8611] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1789'. [ 94.801817][ T8613] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 94.807972][ T8618] netlink: 45 bytes leftover after parsing attributes in process `syz.1.1792'. [ 94.809987][ T8613] System zones: 0-2, 18-18, 34-35 [ 94.839611][ T8621] loop3: detected capacity change from 0 to 512 [ 94.847753][ T8621] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 94.854840][ T8622] loop2: detected capacity change from 0 to 2048 [ 94.858554][ T8621] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 not in group (block 2)! [ 94.875180][ T8621] EXT4-fs (loop3): group descriptors corrupted! [ 94.890858][ T8622] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.1793: bad orphan inode 8192 [ 94.948226][ T8630] loop1: detected capacity change from 0 to 512 [ 95.008173][ T8647] wireguard0: entered promiscuous mode [ 95.013670][ T8647] wireguard0: entered allmulticast mode [ 95.079951][ T8655] x_tables: ip_tables: udp match: only valid for protocol 17 [ 95.147017][ T8657] loop1: detected capacity change from 0 to 1764 [ 95.153663][ T8657] iso9660: Unknown parameter 'Ü' [ 95.161820][ T8657] openvswitch: netlink: VXLAN extension 3 out of range max 1 [ 95.190018][ T8663] loop2: detected capacity change from 0 to 1764 [ 95.354584][ T8692] loop2: detected capacity change from 0 to 136 [ 95.511544][ T8719] loop2: detected capacity change from 0 to 256 [ 95.541698][ T8725] loop2: detected capacity change from 0 to 1024 [ 95.548672][ T8725] EXT4-fs: dax option not supported [ 95.601452][ T8735] SET target dimension over the limit! [ 95.718726][ T8751] loop3: detected capacity change from 0 to 512 [ 95.725770][ T8751] EXT4-fs (loop3): invalid inodes per group: 8323104 [ 95.725770][ T8751] [ 95.746298][ T8751] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 50330 - 0 [ 95.755301][ T8751] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 50330 - 0 [ 95.764127][ T8751] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 50330 - 0 [ 95.773014][ T8751] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 50330 - 0 [ 95.781996][ T8751] netdevsim netdevsim3 netdevsim0: set [1, 2] type 2 family 0 port 39213 - 0 [ 95.790898][ T8751] netdevsim netdevsim3 netdevsim1: set [1, 2] type 2 family 0 port 39213 - 0 [ 95.799941][ T8751] netdevsim netdevsim3 netdevsim2: set [1, 2] type 2 family 0 port 39213 - 0 [ 95.808846][ T8751] netdevsim netdevsim3 netdevsim3: set [1, 2] type 2 family 0 port 39213 - 0 [ 95.817788][ T8751] geneve2: entered promiscuous mode [ 95.825346][ T8751] netdevsim netdevsim3 netdevsim0: unset [1, 2] type 2 family 0 port 39213 - 0 [ 95.834438][ T8751] netdevsim netdevsim3 netdevsim1: unset [1, 2] type 2 family 0 port 39213 - 0 [ 95.843429][ T8751] netdevsim netdevsim3 netdevsim2: unset [1, 2] type 2 family 0 port 39213 - 0 [ 95.852421][ T8751] netdevsim netdevsim3 netdevsim3: unset [1, 2] type 2 family 0 port 39213 - 0 [ 95.861645][ T8751] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 50330 - 0 [ 95.870608][ T8751] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 50330 - 0 [ 95.879561][ T8751] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 50330 - 0 [ 95.888648][ T8751] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 50330 - 0 [ 95.919505][ T8758] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 95.969420][ T8762] loop1: detected capacity change from 0 to 256 [ 95.989898][ T8770] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=8770 comm=syz.1.1844 [ 96.096498][ T8790] loop4: detected capacity change from 0 to 512 [ 96.103835][ T8790] EXT4-fs: Ignoring removed nomblk_io_submit option [ 96.119522][ T8790] EXT4-fs mount: 18 callbacks suppressed [ 96.119542][ T8790] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.138567][ T8790] ext4 filesystem being mounted at /345/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 96.186645][ T4024] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.204525][ T8800] loop1: detected capacity change from 0 to 1024 [ 96.230184][ T8800] loop1: detected capacity change from 0 to 512 [ 96.236339][ T8805] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 96.245227][ T8805] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 96.254027][ T8805] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 96.256742][ T29] audit: type=1326 audit(1721550863.899:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3422c45b59 code=0x7ffc0000 [ 96.272495][ T8805] vxlan0: entered allmulticast mode [ 96.294278][ T8809] syzkaller1: left promiscuous mode [ 96.299827][ T8809] syzkaller1: left allmulticast mode [ 96.303923][ T29] audit: type=1326 audit(1721550863.939:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3422c45b59 code=0x7ffc0000 [ 96.323581][ T8801] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 96.328500][ T29] audit: type=1326 audit(1721550863.939:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3422c45b59 code=0x7ffc0000 [ 96.358796][ T29] audit: type=1326 audit(1721550863.939:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3422c45b59 code=0x7ffc0000 [ 96.382824][ T29] audit: type=1326 audit(1721550863.939:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3422c45b59 code=0x7ffc0000 [ 96.406878][ T29] audit: type=1326 audit(1721550863.939:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3422c45b59 code=0x7ffc0000 [ 96.430405][ T29] audit: type=1326 audit(1721550863.939:1418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3422c45b59 code=0x7ffc0000 [ 96.454271][ T29] audit: type=1326 audit(1721550863.939:1419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8799 comm="syz.1.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=195 compat=0 ip=0x7f3422c45b59 code=0x7ffc0000 [ 96.490994][ T8809] geneve2: entered promiscuous mode [ 96.496319][ T8809] geneve2: entered allmulticast mode [ 96.525323][ T8820] loop1: detected capacity change from 0 to 1024 [ 96.546764][ T8822] netlink: get zone limit has 8 unknown bytes [ 96.577872][ T8830] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=8830 comm=syz.1.1869 [ 96.649110][ T8850] netlink: 'syz.1.1878': attribute type 30 has an invalid length. [ 96.668807][ T8855] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0) [ 96.678292][ T8855] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535 [ 96.806768][ T8895] loop1: detected capacity change from 0 to 512 [ 96.838993][ T8896] geneve0: entered allmulticast mode [ 97.058105][ T8921] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=8921 comm=syz.0.1905 [ 97.121949][ T8922] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=8922 comm=syz.0.1905 [ 97.228123][ T8940] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 97.378321][ T8944] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8944 comm=syz.4.1913 [ 97.404800][ T8947] loop4: detected capacity change from 0 to 128 [ 97.411963][ T8947] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 97.443076][ T8949] wireguard0: entered promiscuous mode [ 97.448807][ T8949] wireguard0: entered allmulticast mode [ 97.586025][ T8959] loop2: detected capacity change from 0 to 1024 [ 97.595169][ T8959] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.622733][ T8974] loop3: detected capacity change from 0 to 512 [ 97.635003][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.743788][ T8988] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=8988 comm=syz.1.1927 [ 97.768245][ T8990] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=8990 comm=syz.1.1928 [ 97.858896][ T9001] loop1: detected capacity change from 0 to 764 [ 97.882919][ T9004] loop2: detected capacity change from 0 to 128 [ 97.891027][ T9001] Symlink component flag not implemented [ 97.897115][ T9001] Symlink component flag not implemented (101) [ 98.000934][ T9008] loop2: detected capacity change from 0 to 1024 [ 98.009986][ T9008] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.053804][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.158652][ T9032] ip6gretap0: entered promiscuous mode [ 98.165738][ T9032] ip6gretap0: left promiscuous mode [ 98.187881][ T9026] loop2: detected capacity change from 0 to 256 [ 98.194312][ T9026] msdos: Unknown parameter 'Xots' [ 98.200467][ T9026] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280 [ 98.417612][ T9063] loop0: detected capacity change from 0 to 512 [ 98.430785][ T9063] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.444006][ T9063] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.471015][ T9063] hub 9-0:1.0: USB hub found [ 98.478864][ T9077] xt_hashlimit: invalid interval [ 98.484100][ T9063] hub 9-0:1.0: 8 ports detected [ 98.579860][ T9087] loop4: detected capacity change from 0 to 1024 [ 98.588999][ T9087] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.632918][ T4024] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.701123][ T9100] __nla_validate_parse: 35 callbacks suppressed [ 98.701138][ T9100] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1967'. [ 98.716715][ T9100] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1967'. [ 98.765483][ T9115] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=9115 comm=syz.4.1972 [ 98.780907][ T9115] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1972'. [ 98.804599][ T9121] netlink: get zone limit has 8 unknown bytes [ 98.822228][ T9123] netlink: 'syz.4.1974': attribute type 13 has an invalid length. [ 98.830272][ T9123] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1974'. [ 98.834021][ T9114] loop1: detected capacity change from 0 to 8192 [ 98.850913][ T9125] loop4: detected capacity change from 0 to 512 [ 98.857924][ T9125] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 98.868164][ T9114] loop1: p1 p2 p4 [ 98.868987][ T9125] EXT4-fs (loop4): 1 truncate cleaned up [ 98.872019][ T9114] loop1: p1 start 83821824 is beyond EOD, truncated [ 98.879003][ T9125] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.884373][ T9114] loop1: p2 start 4293394690 is beyond EOD, truncated [ 98.903195][ T9114] loop1: p4 size 50331904 extends beyond EOD, truncated [ 98.908693][ T9125] EXT4-fs error (device loop4): ext4_find_dest_de:2067: inode #2: block 13: comm syz.4.1975: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 98.937801][ T4024] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.938803][ T9114] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1971'. [ 98.956203][ T9114] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1971'. [ 98.965232][ T9114] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1971'. [ 99.010462][ T9134] loop2: detected capacity change from 0 to 256 [ 99.045972][ T9142] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1981'. [ 99.055226][ T6325] IPVS: starting estimator thread 0... [ 99.089526][ T9157] loop1: detected capacity change from 0 to 512 [ 99.098029][ T29] kauditd_printk_skb: 32 callbacks suppressed [ 99.098045][ T29] audit: type=1400 audit(1721550866.749:1452): avc: denied { mounton } for pid=9156 comm="syz.1.1985" path=2F3430372F66696C6530202864656C6574656429 dev="proc" ino=4026532928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=dir permissive=1 [ 99.135596][ T29] audit: type=1400 audit(1721550866.779:1453): avc: denied { lock } for pid=9158 comm="syz.2.1986" path="socket:[28152]" dev="sockfs" ino=28152 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 99.158502][ T9163] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1988'. [ 99.168339][ T9150] IPVS: using max 2928 ests per chain, 146400 per kthread [ 99.204948][ T29] audit: type=1400 audit(1721550866.849:1454): avc: denied { setattr } for pid=9158 comm="syz.2.1986" name="tty1" dev="devtmpfs" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1 [ 99.263127][ T29] audit: type=1400 audit(1721550866.909:1455): avc: denied { read } for pid=9170 comm="syz.1.1991" name="autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 99.287971][ T29] audit: type=1400 audit(1721550866.909:1456): avc: denied { open } for pid=9170 comm="syz.1.1991" path="/dev/autofs" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 99.324844][ T9174] loop1: detected capacity change from 0 to 256 [ 99.388876][ T8256] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.473837][ T9179] loop1: detected capacity change from 0 to 1024 [ 99.495315][ T9169] loop2: detected capacity change from 0 to 2048 [ 99.557175][ T9169] loop2: p1 p2 < > p3 p4 < p5 > [ 99.562143][ T9169] loop2: partition table partially beyond EOD, truncated [ 99.595400][ T9169] loop2: p1 start 2305 is beyond EOD, truncated [ 99.601761][ T9169] loop2: p2 start 4294902784 is beyond EOD, truncated [ 99.608568][ T9169] loop2: p3 start 4278191616 is beyond EOD, truncated [ 99.631320][ T9169] loop2: p5 start 2305 is beyond EOD, truncated [ 99.642229][ T9187] netlink: 'syz.3.1998': attribute type 13 has an invalid length. [ 99.657718][ T9191] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1999'. [ 99.687857][ T9198] loop1: detected capacity change from 0 to 256 [ 99.711574][ T9202] loop3: detected capacity change from 0 to 256 [ 99.742533][ T9209] loop3: detected capacity change from 0 to 512 [ 99.751085][ T9209] EXT4-fs: Ignoring removed i_version option [ 99.757944][ T9213] xt_hashlimit: size too large, truncated to 1048576 [ 99.764643][ T9213] xt_hashlimit: max too large, truncated to 1048576 [ 99.771448][ T9213] xt_hashlimit: overflow, try lower: 0/0 [ 100.056722][ T9236] loop3: detected capacity change from 0 to 256 [ 100.089673][ T3195] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 100.161673][ T3195] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 100.277862][ T3195] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 100.305495][ T9237] chnl_net:caif_netlink_parms(): no params data found [ 100.483522][ T9237] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.490666][ T9237] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.497889][ T9237] bridge_slave_0: entered allmulticast mode [ 100.504465][ T9237] bridge_slave_0: entered promiscuous mode [ 100.511325][ T9237] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.512839][ T9258] FAULT_INJECTION: forcing a failure. [ 100.512839][ T9258] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 100.518419][ T9237] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.531470][ T9258] CPU: 0 PID: 9258 Comm: syz.0.2019 Not tainted 6.10.0-syzkaller-10729-g3c3ff7be9729 #0 [ 100.538827][ T9237] bridge_slave_1: entered allmulticast mode [ 100.548280][ T9258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 100.548293][ T9258] Call Trace: [ 100.548300][ T9258] [ 100.548307][ T9258] dump_stack_lvl+0xf2/0x150 [ 100.554726][ T9237] bridge_slave_1: entered promiscuous mode [ 100.564197][ T9258] dump_stack+0x15/0x20 [ 100.564220][ T9258] should_fail_ex+0x229/0x230 [ 100.589614][ T9258] should_fail+0xb/0x10 [ 100.593851][ T9258] should_fail_usercopy+0x1a/0x20 [ 100.598873][ T9258] _copy_to_user+0x1e/0xa0 [ 100.603350][ T9258] simple_read_from_buffer+0xa0/0x110 [ 100.608788][ T9258] proc_fail_nth_read+0xfc/0x140 [ 100.613904][ T9258] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 100.619570][ T9258] vfs_read+0x1a2/0x6e0 [ 100.623771][ T9258] ? __rcu_read_unlock+0x4e/0x70 [ 100.628787][ T9258] ? __fget_files+0x1da/0x210 [ 100.633452][ T9258] ksys_read+0xeb/0x1b0 [ 100.637733][ T9258] __x64_sys_read+0x42/0x50 [ 100.642267][ T9258] x64_sys_call+0x2a36/0x2e00 [ 100.646948][ T9258] do_syscall_64+0xc9/0x1c0 [ 100.651487][ T9258] ? clear_bhb_loop+0x55/0xb0 [ 100.656188][ T9258] ? clear_bhb_loop+0x55/0xb0 [ 100.660851][ T9258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.666851][ T9258] RIP: 0033:0x7f8fcdc0463c [ 100.671259][ T9258] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 100.690861][ T9258] RSP: 002b:00007f8fcce87040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 100.699261][ T9258] RAX: ffffffffffffffda RBX: 00007f8fcdd95f60 RCX: 00007f8fcdc0463c [ 100.707249][ T9258] RDX: 000000000000000f RSI: 00007f8fcce870b0 RDI: 0000000000000004 [ 100.715211][ T9258] RBP: 00007f8fcce870a0 R08: 0000000000000000 R09: 0000000000000000 [ 100.723190][ T9258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.731213][ T9258] R13: 000000000000000b R14: 00007f8fcdd95f60 R15: 00007ffdcce828a8 [ 100.739177][ T9258] [ 100.769362][ T9263] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=9263 comm=syz.1.2022 [ 100.782431][ T3195] bridge_slave_1: left allmulticast mode [ 100.788241][ T3195] bridge_slave_1: left promiscuous mode [ 100.793991][ T3195] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.816225][ T3195] bridge_slave_0: left allmulticast mode [ 100.821921][ T3195] bridge_slave_0: left promiscuous mode [ 100.827561][ T3195] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.837550][ T29] audit: type=1326 audit(1721550868.489:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9272 comm="syz.1.2024" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3422c45b59 code=0x0 [ 100.909744][ T9282] loop0: detected capacity change from 0 to 2048 [ 100.947247][ T9282] loop0: p1 < > p4 [ 100.950389][ T9284] loop2: detected capacity change from 0 to 256 [ 100.951877][ T9282] loop0: p4 size 8388608 extends beyond EOD, truncated [ 100.983318][ T3195] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 100.992798][ T3195] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.002197][ T3195] bond0 (unregistering): Released all slaves [ 101.011247][ T3195] bond1 (unregistering): Released all slaves [ 101.029172][ T9237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.041553][ T9237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.069834][ T9237] team0: Port device team_slave_0 added [ 101.076484][ T9237] team0: Port device team_slave_1 added [ 101.114569][ T9237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.121666][ T9237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.147698][ T9237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.203453][ T9292] ebtables: ebtables: counters copy to user failed while replacing table [ 101.233308][ T9237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.240473][ T9237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.266421][ T9237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.293563][ T3195] hsr_slave_0: left promiscuous mode [ 101.310184][ T3195] hsr_slave_1: left promiscuous mode [ 101.333012][ T3195] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 101.356759][ T3195] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.397432][ T9297] loop2: detected capacity change from 0 to 128 [ 101.404272][ T9297] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 101.414036][ T3195] team0 (unregistering): Port device team_slave_1 removed [ 101.425550][ T3195] team0 (unregistering): Port device team_slave_0 removed [ 101.462629][ T9302] loop3: detected capacity change from 0 to 512 [ 101.469259][ T9302] EXT4-fs: Ignoring removed nobh option [ 101.501234][ T9237] hsr_slave_0: entered promiscuous mode [ 101.508318][ T9237] hsr_slave_1: entered promiscuous mode [ 101.514272][ T9237] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 101.521858][ T9237] Cannot create hsr debugfs directory [ 101.598533][ T29] audit: type=1326 audit(1721550869.249:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9301 comm="syz.3.2032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 101.602070][ T9307] loop3: detected capacity change from 0 to 512 [ 101.622069][ T29] audit: type=1326 audit(1721550869.249:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9301 comm="syz.3.2032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 101.651741][ T29] audit: type=1326 audit(1721550869.249:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9301 comm="syz.3.2032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 101.675923][ T29] audit: type=1326 audit(1721550869.249:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9301 comm="syz.3.2032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 101.797510][ T9325] netlink: 'syz.0.2040': attribute type 7 has an invalid length. [ 101.805396][ T9325] netlink: 'syz.0.2040': attribute type 39 has an invalid length. [ 101.947211][ T9334] xt_hashlimit: invalid interval [ 101.954396][ C0] eth0: bad gso: type: 1, size: 1408 [ 101.975810][ T9237] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 101.985470][ T9237] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 101.995548][ T9237] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 102.004965][ T9237] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 102.046021][ T9348] team_slave_0: entered promiscuous mode [ 102.051689][ T9348] team_slave_1: entered promiscuous mode [ 102.058202][ T9348] vlan2: entered promiscuous mode [ 102.063272][ T9348] team0: entered promiscuous mode [ 102.070326][ T9348] team0: left promiscuous mode [ 102.075316][ T9348] team_slave_0: left promiscuous mode [ 102.080744][ T9348] team_slave_1: left promiscuous mode [ 102.101059][ T9237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.115658][ T9237] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.125045][ T6314] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.132125][ T6314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.144047][ T6325] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.151209][ T6325] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.173047][ T9237] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 102.183462][ T9237] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 102.226062][ T9354] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 102.236609][ T9354] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 102.251843][ T9237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.375393][ T9382] loop0: detected capacity change from 0 to 1 [ 102.377845][ T9237] veth0_vlan: entered promiscuous mode [ 102.392115][ T9382] Buffer I/O error on dev loop0, logical block 0, async page read [ 102.392430][ T9237] veth1_vlan: entered promiscuous mode [ 102.407821][ T9382] Buffer I/O error on dev loop0, logical block 0, async page read [ 102.415744][ T9382] loop0: unable to read partition table [ 102.421709][ T9382] loop_reread_partitions: partition scan of loop0 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡p¨â·û [ 102.421709][ T9382] ) failed (rc=-5) [ 102.448273][ T9237] veth0_macvtap: entered promiscuous mode [ 102.460952][ T9237] veth1_macvtap: entered promiscuous mode [ 102.472252][ T9388] loop0: detected capacity change from 0 to 1024 [ 102.472809][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.489144][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.498998][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.509439][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.519347][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 102.529894][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.541975][ T9237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.553471][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.564144][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.574320][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.584883][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.595290][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.605817][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.615838][ T9237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 102.626271][ T9237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 102.637238][ T9237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.650450][ T9237] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.659248][ T9237] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.668054][ T9237] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.676721][ T9237] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.766406][ T9420] loop4: detected capacity change from 0 to 1024 [ 102.782749][ T9419] loop1: detected capacity change from 0 to 8192 [ 102.790395][ T9420] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.812527][ T9237] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.821836][ T9419] loop1: p2 p3 p4 [ 102.825798][ T9419] loop1: p2 start 452985600 is beyond EOD, truncated [ 102.832534][ T9419] loop1: p3 size 33554432 extends beyond EOD, truncated [ 102.836037][ T9433] loop2: detected capacity change from 0 to 512 [ 102.846558][ T9433] ext4: Bad value for 'stripe' [ 102.851842][ T9419] loop1: p4 start 8388607 is beyond EOD, truncated [ 102.861079][ T9435] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 102.948441][ T9445] veth0_vlan: entered allmulticast mode [ 103.067282][ T9436] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 103.074676][ T9436] vhci_hcd: invalid port number 20 [ 103.079930][ T9436] vhci_hcd: default hub control req: 0000 v14ac i0014 l96 [ 103.100616][ T9451] loop4: detected capacity change from 0 to 256 [ 103.277713][ T9459] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 103.411461][ C0] eth0: bad gso: type: 1, size: 1408 [ 103.417089][ C0] eth0: bad gso: type: 1, size: 1408 [ 103.429743][ T9481] loop4: detected capacity change from 0 to 256 [ 103.436930][ T9483] loop3: detected capacity change from 0 to 1024 [ 103.472265][ T9487] openvswitch: netlink: ufid size 368 bytes exceeds the range (1, 16) [ 103.480521][ T9487] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 103.499329][ T9489] netlink: 'syz.3.2094': attribute type 2 has an invalid length. [ 103.639386][ T9496] loop1: detected capacity change from 0 to 256 [ 103.701634][ T9507] 9pnet_fd: Insufficient options for proto=fd [ 103.708238][ T9507] 9pnet_fd: Insufficient options for proto=fd [ 103.749387][ T9513] loop3: detected capacity change from 0 to 512 [ 103.756110][ T9513] EXT4-fs: Ignoring removed nobh option [ 103.831966][ T9518] loop2: detected capacity change from 0 to 512 [ 103.867094][ T9518] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.2106: Failed to acquire dquot type 1 [ 103.879930][ T9518] EXT4-fs (loop2): 1 truncate cleaned up [ 103.886014][ T9518] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.917748][ T9518] ext4 filesystem being mounted at /196/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.930068][ T9518] EXT4-fs error (device loop2): ext4_acquire_dquot:6848: comm syz.2.2106: Failed to acquire dquot type 1 [ 103.949411][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.975466][ T9525] __nla_validate_parse: 19 callbacks suppressed [ 103.975496][ T9525] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2107'. [ 103.991313][ T9525] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2107'. [ 104.000284][ T9525] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2107'. [ 104.009885][ T9525] vlan0: entered allmulticast mode [ 104.035704][ T9528] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2108'. [ 104.074494][ T9530] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2109'. [ 104.083764][ T9530] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2109'. [ 104.201267][ T9538] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2112'. [ 104.224729][ T9540] netlink: 45 bytes leftover after parsing attributes in process `syz.2.2113'. [ 104.299939][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 104.299953][ T29] audit: type=1400 audit(1721550871.949:1518): avc: denied { write } for pid=9541 comm="syz.2.2114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 104.434656][ T9545] loop2: detected capacity change from 0 to 2048 [ 104.446101][ T9509] syz.3.2104 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 104.460276][ T9509] CPU: 1 PID: 9509 Comm: syz.3.2104 Not tainted 6.10.0-syzkaller-10729-g3c3ff7be9729 #0 [ 104.470123][ T9509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 104.480178][ T9509] Call Trace: [ 104.483452][ T9509] [ 104.486384][ T9509] dump_stack_lvl+0xf2/0x150 [ 104.491004][ T9509] dump_stack+0x15/0x20 [ 104.495156][ T9509] dump_header+0x83/0x2d0 [ 104.499573][ T9509] oom_kill_process+0x33e/0x4c0 [ 104.504476][ T9509] out_of_memory+0x9af/0xbe0 [ 104.509086][ T9509] ? try_to_free_mem_cgroup_pages+0x22a/0x4e0 [ 104.515235][ T9509] mem_cgroup_out_of_memory+0x13e/0x190 [ 104.520887][ T9509] try_charge_memcg+0x745/0xcd0 [ 104.525752][ T9509] ? get_page_from_freelist+0x1a30/0x1a70 [ 104.531577][ T9509] obj_cgroup_charge_pages+0xbd/0x1d0 [ 104.537005][ T9509] __memcg_kmem_charge_page+0x9d/0x170 [ 104.542465][ T9509] __alloc_pages_noprof+0x1bc/0x360 [ 104.547724][ T9509] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 104.553110][ T9509] alloc_pages_noprof+0xe1/0x100 [ 104.558119][ T9509] __vmalloc_node_range_noprof+0x719/0xef0 [ 104.564015][ T9509] __kvmalloc_node_noprof+0x121/0x170 [ 104.569424][ T9509] ? ip_set_alloc+0x1f/0x30 [ 104.573935][ T9509] ip_set_alloc+0x1f/0x30 [ 104.578268][ T9509] hash_netiface_create+0x273/0x730 [ 104.583526][ T9509] ? __nla_parse+0x40/0x60 [ 104.587932][ T9509] ? __pfx_hash_netiface_create+0x10/0x10 [ 104.593713][ T9509] ip_set_create+0x359/0x8a0 [ 104.598324][ T9509] ? strnstr+0xf1/0x100 [ 104.602634][ T9509] ? __nla_parse+0x40/0x60 [ 104.607043][ T9509] nfnetlink_rcv_msg+0x4a9/0x570 [ 104.611993][ T9509] netlink_rcv_skb+0x12c/0x230 [ 104.616769][ T9509] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 104.622273][ T9509] nfnetlink_rcv+0x16c/0x15b0 [ 104.626991][ T9509] ? kmem_cache_free+0xd8/0x280 [ 104.631839][ T9509] ? nlmon_xmit+0x51/0x60 [ 104.636160][ T9509] ? __kfree_skb+0x102/0x150 [ 104.640782][ T9509] ? consume_skb+0x57/0x180 [ 104.645411][ T9509] ? nlmon_xmit+0x51/0x60 [ 104.649781][ T9509] ? dev_hard_start_xmit+0x3c1/0x3f0 [ 104.655065][ T9509] ? __dev_queue_xmit+0xb86/0x1fe0 [ 104.660186][ T9509] ? ref_tracker_free+0x3a5/0x410 [ 104.665354][ T9509] ? __dev_queue_xmit+0x161/0x1fe0 [ 104.670464][ T9509] ? __netlink_deliver_tap+0x495/0x4c0 [ 104.675984][ T9509] netlink_unicast+0x593/0x670 [ 104.680746][ T9509] netlink_sendmsg+0x5cc/0x6e0 [ 104.685512][ T9509] ? __pfx_netlink_sendmsg+0x10/0x10 [ 104.690799][ T9509] __sock_sendmsg+0x140/0x180 [ 104.695557][ T9509] ____sys_sendmsg+0x312/0x410 [ 104.700315][ T9509] __sys_sendmsg+0x1e9/0x280 [ 104.704977][ T9509] ? futex_wait+0x18e/0x1c0 [ 104.709476][ T9509] __x64_sys_sendmsg+0x46/0x50 [ 104.714300][ T9509] x64_sys_call+0x26f8/0x2e00 [ 104.718995][ T9509] do_syscall_64+0xc9/0x1c0 [ 104.723596][ T9509] ? clear_bhb_loop+0x55/0xb0 [ 104.728296][ T9509] ? clear_bhb_loop+0x55/0xb0 [ 104.733006][ T9509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.738892][ T9509] RIP: 0033:0x7fb30ce55b59 [ 104.743329][ T9509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.763010][ T9509] RSP: 002b:00007fb30c0d7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 104.771409][ T9509] RAX: ffffffffffffffda RBX: 00007fb30cfe5f60 RCX: 00007fb30ce55b59 [ 104.779366][ T9509] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 104.787381][ T9509] RBP: 00007fb30cec4e5d R08: 0000000000000000 R09: 0000000000000000 [ 104.795386][ T9509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 104.803355][ T9509] R13: 000000000000000b R14: 00007fb30cfe5f60 R15: 00007ffce7e54558 [ 104.811360][ T9509] [ 104.814420][ T9509] memory: usage 307200kB, limit 307200kB, failcnt 2658 [ 104.821372][ T9509] memory+swap: usage 307512kB, limit 9007199254740988kB, failcnt 0 [ 104.829348][ T9509] kmem: usage 307176kB, limit 9007199254740988kB, failcnt 0 [ 104.836650][ T9509] Memory cgroup stats for /syz3: [ 104.838876][ T9509] cache 16384 [ 104.847139][ T9509] rss 0 [ 104.848994][ T9545] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.849880][ T9509] shmem 0 [ 104.849950][ T9509] mapped_file 16384 [ 104.868605][ T9509] dirty 16384 [ 104.872030][ T9509] writeback 0 [ 104.875303][ T9509] workingset_refault_anon 135 [ 104.880262][ T9509] workingset_refault_file 63 [ 104.884848][ T9509] swap 319488 [ 104.888165][ T9509] swapcached 4096 [ 104.891875][ T9509] pgpgin 67795 [ 104.895237][ T9509] pgpgout 67790 [ 104.898802][ T9509] pgfault 92967 [ 104.902245][ T9509] pgmajfault 100 [ 104.905866][ T9509] inactive_anon 0 [ 104.909596][ T9509] active_anon 4096 [ 104.913370][ T9509] inactive_file 0 [ 104.917009][ T9509] active_file 16384 [ 104.920797][ T9509] unevictable 0 [ 104.924246][ T9509] hierarchical_memory_limit 314572800 [ 104.929684][ T9509] hierarchical_memsw_limit 9223372036854771712 [ 104.935843][ T9509] total_cache 16384 [ 104.939734][ T9509] total_rss 0 [ 104.943006][ T9509] total_shmem 0 [ 104.946573][ T9509] total_mapped_file 16384 [ 104.950201][ T9545] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, [ 104.950921][ T9509] total_dirty 16384 [ 104.950922][ T9545] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 104.959177][ T9509] total_writeback 0 [ 104.959187][ T9509] total_workingset_refault_anon 135 [ 104.959195][ T9509] total_workingset_refault_file 63 [ 104.959235][ T9509] total_swap 319488 [ 104.990047][ T9509] total_swapcached 4096 [ 104.994262][ T9509] total_pgpgin 67795 [ 104.998148][ T9509] total_pgpgout 67790 [ 105.002111][ T9509] total_pgfault 92967 [ 105.006065][ T9509] total_pgmajfault 100 [ 105.010117][ T9509] total_inactive_anon 0 [ 105.014245][ T9509] total_active_anon 4096 [ 105.018483][ T9509] total_inactive_file 0 [ 105.022686][ T9509] total_active_file 16384 [ 105.027016][ T9509] total_unevictable 0 [ 105.030977][ T9509] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.2104,pid=9508,uid=0 [ 105.045829][ T9509] Memory cgroup out of memory: Killed process 9508 (syz.3.2104) total-vm:80884kB, anon-rss:452kB, file-rss:10172kB, shmem-rss:128kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 105.079766][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.119248][ T9551] loop2: detected capacity change from 0 to 512 [ 105.133679][ T9553] loop1: detected capacity change from 0 to 1024 [ 105.171811][ T9551] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.190198][ T9551] ext4 filesystem being mounted at /205/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.216912][ T9551] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz.2.2116: path /205/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 105.222075][ T9561] loop0: detected capacity change from 0 to 2048 [ 105.245051][ T9561] ext4: Unknown parameter 'uid>00000000000000000000' [ 105.255816][ T9551] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 12: comm syz.2.2116: path /205/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 105.280048][ T9551] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz.2.2116: path /205/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 105.322033][ T9567] loop1: detected capacity change from 0 to 2048 [ 105.330966][ T9551] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz.2.2116: path /205/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 105.359071][ T9551] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz.2.2116: path /205/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 105.380841][ T9551] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz.2.2116: path /205/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 105.403283][ T9551] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 17: comm syz.2.2116: path /205/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 105.425978][ T9572] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2122'. [ 105.438189][ T9509] syz.3.2104 (9509) used greatest stack depth: 7152 bytes left [ 105.439987][ T9551] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 18: comm syz.2.2116: lblock 23 mapped to illegal pblock 18 (length 1) [ 105.448763][ T9572] vlan2: entered promiscuous mode [ 105.460679][ T9551] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 19: comm syz.2.2116: path /205/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 105.464955][ T9572] erspan0: entered promiscuous mode [ 105.502028][ T9581] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2126'. [ 105.507104][ T9567] bond1: entered promiscuous mode [ 105.512938][ T9551] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 20: comm syz.2.2116: path /205/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 105.515916][ T9567] bond1: entered allmulticast mode [ 105.542483][ T9567] 8021q: adding VLAN 0 to HW filter on device bond1 [ 105.553713][ T9578] macvlan2: entered promiscuous mode [ 105.559118][ T9578] macvlan2: entered allmulticast mode [ 105.603781][ T29] audit: type=1400 audit(1721550873.249:1519): avc: denied { connect } for pid=9580 comm="syz.3.2126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 105.678233][ T9583] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.685597][ T9583] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.741157][ T9583] bridge_slave_0: left allmulticast mode [ 105.747103][ T9583] bridge_slave_0: left promiscuous mode [ 105.753207][ T9583] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.810915][ T9583] bridge_slave_1: left allmulticast mode [ 105.816604][ T9583] bridge_slave_1: left promiscuous mode [ 105.822403][ T9583] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.841322][ T9583] bond0: (slave bond_slave_0): Releasing backup interface [ 105.873162][ T9583] bond0: (slave bond_slave_1): Releasing backup interface [ 105.899854][ T9583] team0: Port device team_slave_0 removed [ 105.931544][ T9583] team0: Port device team_slave_1 removed [ 105.961426][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.976689][ T9583] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.990203][ T9583] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 106.006693][ T9583] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.022655][ T9583] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 106.031811][ T9610] loop3: detected capacity change from 0 to 256 [ 106.090504][ T9583] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.099507][ T9583] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.108412][ T9583] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.117270][ T9583] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.167538][ T9615] loop3: detected capacity change from 0 to 512 [ 106.180159][ T9615] EXT4-fs: Ignoring removed i_version option [ 106.198334][ T9618] loop4: detected capacity change from 0 to 2048 [ 106.218810][ T9621] loop1: detected capacity change from 0 to 512 [ 106.237365][ T9618] loop4: p1 < > p4 [ 106.243139][ T9618] loop4: p4 size 8388608 extends beyond EOD, truncated [ 106.284257][ T9615] loop3: detected capacity change from 0 to 2048 [ 106.293581][ T9615] EXT4-fs: Ignoring removed bh option [ 106.314612][ T9639] loop1: detected capacity change from 0 to 256 [ 106.341546][ T9636] loop2: detected capacity change from 0 to 1024 [ 106.345620][ T9642] loop4: detected capacity change from 0 to 512 [ 106.368703][ T9648] loop1: detected capacity change from 0 to 512 [ 106.376404][ T9645] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 106.399164][ T9636] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.411807][ T9642] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.418080][ T9636] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 106.424894][ T9642] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.454113][ T9636] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 65 with error 28 [ 106.454108][ T9658] netlink: 'syz.1.2150': attribute type 10 has an invalid length. [ 106.467118][ T3195] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 106.474449][ T9636] EXT4-fs (loop2): This should not happen!! Data will be lost [ 106.474449][ T9636] [ 106.486666][ T3195] EXT4-fs (loop2): This should not happen!! Data will be lost [ 106.486666][ T3195] [ 106.496245][ T9636] EXT4-fs (loop2): Total free blocks count 0 [ 106.505858][ T3195] EXT4-fs (loop2): Total free blocks count 0 [ 106.505871][ T3195] EXT4-fs (loop2): Free/Dirty block details [ 106.505881][ T3195] EXT4-fs (loop2): free_blocks=68451041280 [ 106.505893][ T3195] EXT4-fs (loop2): dirty_blocks=96 [ 106.530186][ T29] audit: type=1326 audit(1721550874.179:1520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9635 comm="syz.2.2145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467d1e5b59 code=0x7ffc0000 [ 106.530683][ T29] audit: type=1326 audit(1721550874.179:1521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9635 comm="syz.2.2145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467d1e5b59 code=0x7ffc0000 [ 106.583782][ T29] audit: type=1326 audit(1721550874.229:1522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9635 comm="syz.2.2145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f467d1e5b59 code=0x7ffc0000 [ 106.607615][ T29] audit: type=1326 audit(1721550874.229:1523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9635 comm="syz.2.2145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467d1e5b59 code=0x7ffc0000 [ 106.631259][ T29] audit: type=1326 audit(1721550874.229:1524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9635 comm="syz.2.2145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467d1e5b59 code=0x7ffc0000 [ 106.655887][ T9237] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.683221][ T9670] loop0: detected capacity change from 0 to 2048 [ 106.700697][ T9670] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.721584][ T9682] loop4: detected capacity change from 0 to 256 [ 106.768375][ T29] audit: type=1400 audit(1721550874.419:1525): avc: denied { map } for pid=9669 comm="syz.0.2157" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 106.880955][ T9692] loop4: detected capacity change from 0 to 1024 [ 106.908945][ C0] eth0: bad gso: type: 1, size: 1408 [ 107.011724][ T9712] loop2: detected capacity change from 0 to 128 [ 107.012267][ T3195] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 107.021267][ T9711] loop4: detected capacity change from 0 to 512 [ 107.034521][ T3195] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 107.051804][ T3195] EXT4-fs (loop0): This should not happen!! Data will be lost [ 107.051804][ T3195] [ 107.061534][ T3195] EXT4-fs (loop0): Total free blocks count 0 [ 107.067651][ T3195] EXT4-fs (loop0): Free/Dirty block details [ 107.073598][ T3195] EXT4-fs (loop0): free_blocks=2415919104 [ 107.079404][ T3195] EXT4-fs (loop0): dirty_blocks=16 [ 107.084540][ T3195] EXT4-fs (loop0): Block reservation details [ 107.090724][ T3195] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 107.098181][ T8256] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.098923][ T9712] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 107.107951][ C0] eth0: bad gso: type: 1, size: 1408 [ 107.120413][ T9712] ext4 filesystem being mounted at /210/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 107.127821][ T9711] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.173797][ T9711] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.216428][ T9237] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.229075][ T9724] loop1: detected capacity change from 0 to 512 [ 107.237725][ T9724] netlink: 'syz.1.2174': attribute type 4 has an invalid length. [ 107.246562][ T29] audit: type=1326 audit(1721550874.889:1526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9729 comm="syz.0.2176" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8fcdc05b59 code=0x0 [ 107.274375][ T5781] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 107.291129][ T9749] loop4: detected capacity change from 0 to 256 [ 107.318273][ T9757] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 107.343023][ T9761] loop2: detected capacity change from 0 to 1024 [ 107.349718][ T9761] EXT4-fs: Invalid want_extra_isize 1 [ 107.378408][ T9766] bridge0: port 1(vlan3) entered blocking state [ 107.384696][ T9766] bridge0: port 1(vlan3) entered disabled state [ 107.391274][ T9766] vlan3: entered allmulticast mode [ 107.398207][ T9766] vlan3: left allmulticast mode [ 107.428443][ T9777] netlink: 'syz.1.2182': attribute type 1 has an invalid length. [ 107.476408][ T29] audit: type=1400 audit(1721550875.119:1527): avc: denied { getopt } for pid=9768 comm="syz.3.2186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 107.550137][ T9767] vhci_hcd: default hub control req: 4000 v0000 i0000 l0 [ 107.706542][ T9809] netlink: 'syz.1.2199': attribute type 1 has an invalid length. [ 108.156645][ T9838] loop0: detected capacity change from 0 to 512 [ 108.178949][ T9838] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.203637][ T9838] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.252061][ T8256] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.282096][ T9845] xt_hashlimit: invalid interval [ 108.383346][ T9851] netlink: 'syz.0.2214': attribute type 13 has an invalid length. [ 108.396746][ T9853] loop2: detected capacity change from 0 to 512 [ 108.420275][ T9853] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.433789][ T9853] ext4 filesystem being mounted at /219/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.533408][ T9864] netlink: 'syz.4.2218': attribute type 5 has an invalid length. [ 108.598650][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.733644][ T9889] loop3: detected capacity change from 0 to 1024 [ 108.765745][ T9871] loop4: detected capacity change from 0 to 8192 [ 108.787199][ T9871] loop4: p1 p2 p4 [ 108.791057][ T9871] loop4: p1 start 83821824 is beyond EOD, truncated [ 108.797718][ T9871] loop4: p2 start 4293394690 is beyond EOD, truncated [ 108.804493][ T9871] loop4: p4 size 50331904 extends beyond EOD, truncated [ 108.825552][ T9899] loop3: detected capacity change from 0 to 256 [ 108.848131][ T9902] netlink: 'syz.0.2225': attribute type 2 has an invalid length. [ 108.874557][ T9904] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=9904 comm=syz.2.2229 [ 108.904331][ T9910] loop3: detected capacity change from 0 to 128 [ 108.915641][ T9910] netlink: 'syz.3.2231': attribute type 9 has an invalid length. [ 108.923623][ T9910] netlink: 'syz.3.2231': attribute type 6 has an invalid length. [ 108.987867][ T9922] loop1: detected capacity change from 0 to 512 [ 109.000635][ T9927] netlink: 'syz.4.2234': attribute type 4 has an invalid length. [ 109.009247][ T9926] __nla_validate_parse: 25 callbacks suppressed [ 109.009261][ T9926] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2238'. [ 109.068227][ T9939] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744073709551615) [ 109.078499][ T9939] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 109.102678][ T9945] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2247'. [ 109.122604][ T9952] loop4: detected capacity change from 0 to 164 [ 109.129969][ T9952] Unable to read rock-ridge attributes [ 109.149299][ T9952] Unable to read rock-ridge attributes [ 109.246545][ T9965] xt_hashlimit: max too large, truncated to 1048576 [ 109.275553][ T9983] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2256'. [ 109.293409][ T9985] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2257'. [ 109.313036][ T9987] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2258'. [ 109.323965][ T9987] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2258'. [ 109.336713][ T9987] loop1: detected capacity change from 0 to 512 [ 109.359216][ T9991] loop1: detected capacity change from 0 to 256 [ 109.379352][ T9996] loop1: detected capacity change from 0 to 512 [ 109.385343][ T9998] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2263'. [ 109.385882][ T9996] EXT4-fs: Ignoring removed i_version option [ 109.395076][ T9998] netlink: 103 bytes leftover after parsing attributes in process `syz.4.2263'. [ 109.418303][T10000] FAULT_INJECTION: forcing a failure. [ 109.418303][T10000] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.431463][T10000] CPU: 1 PID: 10000 Comm: syz.1.2264 Not tainted 6.10.0-syzkaller-10729-g3c3ff7be9729 #0 [ 109.441262][T10000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 109.451469][T10000] Call Trace: [ 109.454737][T10000] [ 109.457760][T10000] dump_stack_lvl+0xf2/0x150 [ 109.462351][T10000] dump_stack+0x15/0x20 [ 109.466653][T10000] should_fail_ex+0x229/0x230 [ 109.471325][T10000] should_fail+0xb/0x10 [ 109.475503][T10000] should_fail_usercopy+0x1a/0x20 [ 109.480511][T10000] _copy_from_user+0x1e/0xd0 [ 109.485115][T10000] copy_msghdr_from_user+0x54/0x2a0 [ 109.490493][T10000] __sys_sendmmsg+0x22a/0x500 [ 109.495263][T10000] __x64_sys_sendmmsg+0x57/0x70 [ 109.500139][T10000] x64_sys_call+0x2b4e/0x2e00 [ 109.504835][T10000] do_syscall_64+0xc9/0x1c0 [ 109.509430][T10000] ? clear_bhb_loop+0x55/0xb0 [ 109.514254][T10000] ? clear_bhb_loop+0x55/0xb0 [ 109.518963][T10000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.524886][T10000] RIP: 0033:0x7f3422c45b59 [ 109.529325][T10000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.549025][T10000] RSP: 002b:00007f3421ec7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 109.557423][T10000] RAX: ffffffffffffffda RBX: 00007f3422dd5f60 RCX: 00007f3422c45b59 [ 109.565481][T10000] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000005 [ 109.573542][T10000] RBP: 00007f3421ec70a0 R08: 0000000000000000 R09: 0000000000000000 [ 109.581559][T10000] R10: 1901000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.589524][T10000] R13: 000000000000004d R14: 00007f3422dd5f60 R15: 00007ffe2c6a46f8 [ 109.597489][T10000] [ 109.625830][T10024] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2270'. [ 109.634939][T10024] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2270'. [ 109.669235][T10030] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10030 comm=syz.0.2274 [ 109.687162][T10034] loop1: detected capacity change from 0 to 512 [ 109.693881][T10034] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.719969][T10040] loop1: detected capacity change from 0 to 1024 [ 109.720292][T10040] EXT4-fs: Ignoring removed orlov option [ 109.732413][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.744740][T10040] loop1: detected capacity change from 0 to 1024 [ 109.752704][T10040] EXT4-fs: Ignoring removed orlov option [ 109.758561][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.771075][T10040] loop1: detected capacity change from 0 to 1024 [ 109.778726][T10040] EXT4-fs: Ignoring removed orlov option [ 109.784456][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.798034][T10040] loop1: detected capacity change from 0 to 1024 [ 109.804628][T10040] EXT4-fs: Ignoring removed orlov option [ 109.805659][T10044] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.810356][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.815969][T10040] loop1: detected capacity change from 0 to 1024 [ 109.833361][T10040] EXT4-fs: Ignoring removed orlov option [ 109.839212][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.852093][T10040] loop1: detected capacity change from 0 to 1024 [ 109.858856][T10040] EXT4-fs: Ignoring removed orlov option [ 109.864539][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.877717][T10046] loop0: detected capacity change from 0 to 164 [ 109.877869][T10040] loop1: detected capacity change from 0 to 1024 [ 109.890826][T10040] EXT4-fs: Ignoring removed orlov option [ 109.891852][T10046] Unable to read rock-ridge attributes [ 109.896535][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.901976][T10046] isofs_fill_super: root inode is not a directory. Corrupted media? [ 109.914907][T10040] loop1: detected capacity change from 0 to 1024 [ 109.923429][T10040] EXT4-fs: Ignoring removed orlov option [ 109.929244][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.941525][T10040] loop1: detected capacity change from 0 to 1024 [ 109.948229][T10040] EXT4-fs: Ignoring removed orlov option [ 109.953929][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.965299][T10040] loop1: detected capacity change from 0 to 1024 [ 109.972063][T10040] EXT4-fs: Ignoring removed orlov option [ 109.977820][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.989932][T10040] loop1: detected capacity change from 0 to 1024 [ 109.996567][T10040] EXT4-fs: Ignoring removed orlov option [ 110.002324][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.013973][T10040] loop1: detected capacity change from 0 to 1024 [ 110.020565][T10040] EXT4-fs: Ignoring removed orlov option [ 110.026201][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.037721][T10040] loop1: detected capacity change from 0 to 1024 [ 110.044194][T10040] EXT4-fs: Ignoring removed orlov option [ 110.049939][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.063467][T10040] loop1: detected capacity change from 0 to 1024 [ 110.070035][T10040] EXT4-fs: Ignoring removed orlov option [ 110.075766][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.081760][T10040] loop1: detected capacity change from 0 to 1024 [ 110.088869][T10040] EXT4-fs: Ignoring removed orlov option [ 110.094521][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.100035][T10040] loop1: detected capacity change from 0 to 1024 [ 110.107757][T10040] EXT4-fs: Ignoring removed orlov option [ 110.113488][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.125526][T10040] loop1: detected capacity change from 0 to 1024 [ 110.134330][T10040] EXT4-fs: Ignoring removed orlov option [ 110.134362][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.140036][T10040] loop1: detected capacity change from 0 to 1024 [ 110.156602][T10040] EXT4-fs: Ignoring removed orlov option [ 110.156665][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.163937][T10040] loop1: detected capacity change from 0 to 1024 [ 110.164276][T10040] EXT4-fs: Ignoring removed orlov option [ 110.164356][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.170398][T10040] loop1: detected capacity change from 0 to 1024 [ 110.170602][T10040] EXT4-fs: Ignoring removed orlov option [ 110.170676][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.176478][T10040] loop1: detected capacity change from 0 to 1024 [ 110.176711][T10040] EXT4-fs: Ignoring removed orlov option [ 110.176743][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.185167][T10040] loop1: detected capacity change from 0 to 1024 [ 110.185404][T10040] EXT4-fs: Ignoring removed orlov option [ 110.185440][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.191390][T10040] loop1: detected capacity change from 0 to 1024 [ 110.191655][T10040] EXT4-fs: Ignoring removed orlov option [ 110.290300][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.297335][T10040] loop1: detected capacity change from 0 to 1024 [ 110.307220][T10040] EXT4-fs: Ignoring removed orlov option [ 110.307249][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.312747][T10040] loop1: detected capacity change from 0 to 1024 [ 110.326437][T10040] EXT4-fs: Ignoring removed orlov option [ 110.326487][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.343919][T10040] loop1: detected capacity change from 0 to 1024 [ 110.350524][T10040] EXT4-fs: Ignoring removed orlov option [ 110.356266][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.363445][T10056] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 110.368373][T10040] loop1: detected capacity change from 0 to 1024 [ 110.377173][T10040] EXT4-fs: Ignoring removed orlov option [ 110.382843][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.394890][T10058] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10058 comm=syz.3.2286 [ 110.395380][T10040] loop1: detected capacity change from 0 to 1024 [ 110.416497][T10040] EXT4-fs: Ignoring removed orlov option [ 110.422236][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.425268][T10063] loop3: detected capacity change from 0 to 128 [ 110.435666][T10040] loop1: detected capacity change from 0 to 1024 [ 110.442403][T10040] EXT4-fs: Ignoring removed orlov option [ 110.448093][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.461512][T10040] loop1: detected capacity change from 0 to 1024 [ 110.468193][T10040] EXT4-fs: Ignoring removed orlov option [ 110.473860][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.484376][T10070] macvtap0: entered promiscuous mode [ 110.486003][T10040] loop1: detected capacity change from 0 to 1024 [ 110.496369][T10040] EXT4-fs: Ignoring removed orlov option [ 110.498569][T10070] macvtap0: left promiscuous mode [ 110.502093][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.519682][T10040] loop1: detected capacity change from 0 to 1024 [ 110.526573][T10040] EXT4-fs: Ignoring removed orlov option [ 110.532349][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.539521][T10073] loop3: detected capacity change from 0 to 2048 [ 110.551697][T10040] loop1: detected capacity change from 0 to 1024 [ 110.558372][T10040] EXT4-fs: Ignoring removed orlov option [ 110.564272][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.576931][T10040] loop1: detected capacity change from 0 to 1024 [ 110.583663][T10040] EXT4-fs: Ignoring removed orlov option [ 110.589380][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.610718][T10040] loop1: detected capacity change from 0 to 1024 [ 110.627458][T10040] EXT4-fs: Ignoring removed orlov option [ 110.633228][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.652657][T10040] loop1: detected capacity change from 0 to 1024 [ 110.660608][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 110.660620][ T29] audit: type=1400 audit(1721550878.309:1531): avc: denied { getopt } for pid=10072 comm="syz.3.2291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 110.686591][T10040] EXT4-fs: Ignoring removed orlov option [ 110.692494][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.709181][T10040] loop1: detected capacity change from 0 to 1024 [ 110.723759][T10040] EXT4-fs: Ignoring removed orlov option [ 110.729597][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.787760][T10040] loop1: detected capacity change from 0 to 1024 [ 110.808574][T10040] EXT4-fs: Ignoring removed orlov option [ 110.814373][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.822223][T10093] loop0: detected capacity change from 0 to 128 [ 110.845550][T10040] loop1: detected capacity change from 0 to 1024 [ 110.854604][T10040] EXT4-fs: Ignoring removed orlov option [ 110.860465][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.873712][T10040] loop1: detected capacity change from 0 to 1024 [ 110.890144][T10040] EXT4-fs: Ignoring removed orlov option [ 110.895893][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.923230][T10040] loop1: detected capacity change from 0 to 1024 [ 110.937239][T10040] EXT4-fs: Ignoring removed orlov option [ 110.942997][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.959196][T10040] loop1: detected capacity change from 0 to 1024 [ 110.966141][T10040] EXT4-fs: Ignoring removed orlov option [ 110.971862][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 110.984476][T10040] loop1: detected capacity change from 0 to 1024 [ 110.993620][T10040] EXT4-fs: Ignoring removed orlov option [ 110.999366][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.017503][T10040] loop1: detected capacity change from 0 to 1024 [ 111.025493][T10040] EXT4-fs: Ignoring removed orlov option [ 111.031241][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.045733][T10040] loop1: detected capacity change from 0 to 1024 [ 111.052317][ T29] audit: type=1400 audit(1721550878.699:1532): avc: denied { connect } for pid=10120 comm="syz.0.2302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 111.072590][T10040] EXT4-fs: Ignoring removed orlov option [ 111.078412][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.091104][T10040] loop1: detected capacity change from 0 to 1024 [ 111.098050][T10040] EXT4-fs: Ignoring removed orlov option [ 111.103718][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.115845][T10040] loop1: detected capacity change from 0 to 1024 [ 111.128344][T10040] EXT4-fs: Ignoring removed orlov option [ 111.134122][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.146374][T10040] loop1: detected capacity change from 0 to 1024 [ 111.153040][T10040] EXT4-fs: Ignoring removed orlov option [ 111.158824][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.171113][T10040] loop1: detected capacity change from 0 to 1024 [ 111.171295][T10040] EXT4-fs: Ignoring removed orlov option [ 111.171321][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.176428][T10040] loop1: detected capacity change from 0 to 1024 [ 111.196655][T10040] EXT4-fs: Ignoring removed orlov option [ 111.196699][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.202629][T10040] loop1: detected capacity change from 0 to 1024 [ 111.217092][T10040] EXT4-fs: Ignoring removed orlov option [ 111.217123][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.222676][T10040] loop1: detected capacity change from 0 to 1024 [ 111.236576][T10040] EXT4-fs: Ignoring removed orlov option [ 111.236683][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.242497][T10040] loop1: detected capacity change from 0 to 1024 [ 111.242732][T10040] EXT4-fs: Ignoring removed orlov option [ 111.242758][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.248299][T10040] loop1: detected capacity change from 0 to 1024 [ 111.275208][T10040] EXT4-fs: Ignoring removed orlov option [ 111.275327][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.293283][T10040] loop1: detected capacity change from 0 to 1024 [ 111.293515][T10040] EXT4-fs: Ignoring removed orlov option [ 111.305354][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.311099][T10040] loop1: detected capacity change from 0 to 1024 [ 111.318604][T10040] EXT4-fs: Ignoring removed orlov option [ 111.318701][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.324050][T10040] loop1: detected capacity change from 0 to 1024 [ 111.338579][T10040] EXT4-fs: Ignoring removed orlov option [ 111.338675][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.356230][T10040] loop1: detected capacity change from 0 to 1024 [ 111.363022][T10040] EXT4-fs: Ignoring removed orlov option [ 111.368774][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.381169][T10040] loop1: detected capacity change from 0 to 1024 [ 111.387736][T10040] EXT4-fs: Ignoring removed orlov option [ 111.393466][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.406326][T10040] loop1: detected capacity change from 0 to 1024 [ 111.412858][T10040] EXT4-fs: Ignoring removed orlov option [ 111.418558][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.429804][T10040] loop1: detected capacity change from 0 to 1024 [ 111.436474][T10040] EXT4-fs: Ignoring removed orlov option [ 111.442153][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.453508][T10040] loop1: detected capacity change from 0 to 1024 [ 111.460066][T10040] EXT4-fs: Ignoring removed orlov option [ 111.465789][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.478925][T10040] loop1: detected capacity change from 0 to 1024 [ 111.485553][T10040] EXT4-fs: Ignoring removed orlov option [ 111.491419][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.505480][T10040] loop1: detected capacity change from 0 to 1024 [ 111.511894][T10132] xt_hashlimit: invalid interval [ 111.517617][T10040] EXT4-fs: Ignoring removed orlov option [ 111.523412][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.536513][T10040] loop1: detected capacity change from 0 to 1024 [ 111.543382][T10040] EXT4-fs: Ignoring removed orlov option [ 111.549109][T10040] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.567718][T10140] loop0: detected capacity change from 0 to 512 [ 111.574233][T10140] /dev/loop0: Can't open blockdev [ 111.622556][T10145] FAULT_INJECTION: forcing a failure. [ 111.622556][T10145] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.635652][T10145] CPU: 1 PID: 10145 Comm: syz.1.2309 Not tainted 6.10.0-syzkaller-10729-g3c3ff7be9729 #0 [ 111.645572][T10145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 111.655756][T10145] Call Trace: [ 111.659028][T10145] [ 111.661940][T10145] dump_stack_lvl+0xf2/0x150 [ 111.666551][T10145] dump_stack+0x15/0x20 [ 111.670691][T10145] should_fail_ex+0x229/0x230 [ 111.675377][T10145] should_fail+0xb/0x10 [ 111.679568][T10145] should_fail_usercopy+0x1a/0x20 [ 111.684624][T10145] _copy_from_user+0x1e/0xd0 [ 111.689199][T10145] ____sys_sendmsg+0x1a4/0x410 [ 111.693953][T10145] __sys_sendmsg_sock+0x29/0x40 [ 111.698779][T10145] io_sendmsg+0x153/0x490 [ 111.703092][T10145] io_issue_sqe+0x181/0xcc0 [ 111.707581][T10145] ? io_sendmsg_prep+0x359/0x360 [ 111.712575][T10145] io_submit_sqes+0x6c5/0x1080 [ 111.717391][T10145] ? __rcu_read_unlock+0x4e/0x70 [ 111.722315][T10145] ? xa_load+0xb9/0xe0 [ 111.726366][T10145] __se_sys_io_uring_enter+0x1c6/0x15a0 [ 111.731897][T10145] ? __fget_files+0x1da/0x210 [ 111.736604][T10145] ? fput+0x13b/0x180 [ 111.740674][T10145] ? ksys_write+0x178/0x1b0 [ 111.745206][T10145] __x64_sys_io_uring_enter+0x78/0x90 [ 111.750587][T10145] x64_sys_call+0x26d0/0x2e00 [ 111.755265][T10145] do_syscall_64+0xc9/0x1c0 [ 111.759757][T10145] ? clear_bhb_loop+0x55/0xb0 [ 111.764438][T10145] ? clear_bhb_loop+0x55/0xb0 [ 111.769242][T10145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.775218][T10145] RIP: 0033:0x7f3422c45b59 [ 111.779745][T10145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.799337][T10145] RSP: 002b:00007f3421ec7048 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 111.807755][T10145] RAX: ffffffffffffffda RBX: 00007f3422dd5f60 RCX: 00007f3422c45b59 [ 111.815816][T10145] RDX: 0000000000000000 RSI: 0000000000005113 RDI: 0000000000000006 [ 111.823772][T10145] RBP: 00007f3421ec70a0 R08: 0000000000000000 R09: 0000000000000000 [ 111.831729][T10145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.839685][T10145] R13: 000000000000004d R14: 00007f3422dd5f60 R15: 00007ffe2c6a46f8 [ 111.847667][T10145] [ 111.937660][T10184] loop0: detected capacity change from 0 to 512 [ 111.945532][T10184] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.2322: corrupted in-inode xattr: e_value size too large [ 111.960313][T10184] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2322: couldn't read orphan inode 15 (err -117) [ 111.975432][T10184] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.991093][T10192] EXT4-fs error (device loop0): ext4_add_entry:2435: inode #2: comm syz.0.2322: Directory hole found for htree leaf block 0 [ 111.994386][T10191] loop1: detected capacity change from 0 to 2048 [ 112.005302][T10192] EXT4-fs error (device loop0): ext4_add_entry:2435: inode #2: comm syz.0.2322: Directory hole found for htree leaf block 0 [ 112.023695][T10192] EXT4-fs error (device loop0): ext4_add_entry:2435: inode #2: comm syz.0.2322: Directory hole found for htree leaf block 0 [ 112.039055][T10192] EXT4-fs error (device loop0): ext4_add_entry:2435: inode #2: comm syz.0.2322: Directory hole found for htree leaf block 0 [ 112.070622][T10192] EXT4-fs error (device loop0): ext4_add_entry:2435: inode #2: comm syz.0.2322: Directory hole found for htree leaf block 0 [ 112.085885][ T29] audit: type=1400 audit(1721550879.729:1533): avc: denied { watch } for pid=10190 comm="syz.1.2324" path="/477/file0" dev="tmpfs" ino=2601 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 112.128829][ T8256] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.392280][T10213] validate_nla: 2 callbacks suppressed [ 112.392291][T10213] netlink: 'syz.0.2331': attribute type 4 has an invalid length. [ 112.770990][T10217] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 112.779387][T10217] batadv_slave_0: entered allmulticast mode [ 112.822795][T10219] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 112.836513][ T29] audit: type=1400 audit(1721550880.479:1534): avc: denied { ioctl } for pid=10222 comm="syz.2.2335" path="socket:[32429]" dev="sockfs" ino=32429 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 112.897893][T10231] loop4: detected capacity change from 0 to 512 [ 112.913079][T10231] EXT4-fs (loop4): Invalid log block size: 7 [ 113.005408][T10241] geneve2: entered promiscuous mode [ 113.010993][T10241] geneve2: entered allmulticast mode [ 113.025829][T10245] batman_adv: batadv1: Adding interface: netdevsim0 [ 113.032564][T10245] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.064213][T10245] batman_adv: batadv1: Interface activated: netdevsim0 [ 113.111318][ T29] audit: type=1400 audit(1721550880.759:1535): avc: denied { mount } for pid=10261 comm="syz.1.2347" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 113.188743][ T29] audit: type=1400 audit(1721550880.839:1536): avc: denied { write } for pid=10252 comm="syz.4.2344" path="socket:[32463]" dev="sockfs" ino=32463 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 113.248563][T10285] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 113.279347][T10282] loop4: detected capacity change from 0 to 128 [ 113.303926][T10282] vfat: Unknown parameter '·' [ 113.364812][T10303] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 113.406370][T10313] openvswitch: netlink: ufid size 368 bytes exceeds the range (1, 16) [ 113.414629][T10313] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 113.445828][ T29] audit: type=1400 audit(1721550881.089:1537): avc: denied { read } for pid=10312 comm="syz.3.2364" path="socket:[32531]" dev="sockfs" ino=32531 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 113.470606][T10319] loop1: detected capacity change from 0 to 1024 [ 113.491226][T10323] loop2: detected capacity change from 0 to 256 [ 113.593943][T10334] netlink: 'syz.2.2372': attribute type 4 has an invalid length. [ 113.634130][T10334] netlink: 'syz.2.2372': attribute type 4 has an invalid length. [ 113.694901][ T29] audit: type=1400 audit(1721550881.339:1538): avc: denied { bind } for pid=10324 comm="syz.3.2369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 113.724260][T10348] loop1: detected capacity change from 0 to 2048 [ 113.786143][T10355] loop2: detected capacity change from 0 to 2048 [ 113.797958][T10355] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.2379: bad orphan inode 8192 [ 113.810218][T10355] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.838782][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.847824][T10361] tmpfs: Bad value for 'mpol' [ 113.852777][ T29] audit: type=1400 audit(1721550881.499:1539): avc: denied { mounton } for pid=10360 comm="syz.3.2383" path="/129/file0" dev="tmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 113.979071][ T29] audit: type=1400 audit(1721550881.629:1540): avc: denied { ioctl } for pid=10371 comm="syz.2.2381" path="socket:[32642]" dev="sockfs" ino=32642 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 114.020145][T10370] loop3: detected capacity change from 0 to 1024 [ 114.026868][T10370] ext4: Unknown parameter 'fowner<00000000000000000000' [ 114.083909][T10381] loop2: detected capacity change from 0 to 512 [ 114.098553][T10381] EXT4-fs warning (device loop2): read_mmp_block:115: Error -117 while reading MMP block 12 [ 114.134097][T10382] loop3: detected capacity change from 0 to 2048 [ 114.158632][T10382] EXT4-fs: Ignoring removed nobh option [ 114.282358][T10384] loop0: detected capacity change from 0 to 128 [ 114.327338][ C0] eth0: bad gso: type: 1, size: 1408 [ 114.337739][T10384] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 114.347852][T10401] loop1: detected capacity change from 0 to 512 [ 114.351301][T10400] wireguard1: entered promiscuous mode [ 114.361630][T10400] wireguard1: entered allmulticast mode [ 114.369338][T10384] ext4 filesystem being mounted at /147/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 114.483244][ T8256] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 114.523960][T10411] netlink: 'syz.1.2398': attribute type 1 has an invalid length. [ 114.541583][T10413] loop2: detected capacity change from 0 to 1764 [ 114.568389][T10411] __nla_validate_parse: 21 callbacks suppressed [ 114.568405][T10411] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2398'. [ 114.585578][T10411] bond2: (slave vcan1): The slave device specified does not support setting the MAC address [ 114.595791][T10411] bond2: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 114.607040][T10411] bond2: (slave vcan1): making interface the new active one [ 114.615008][T10411] bond2: (slave vcan1): Enslaving as an active interface with an up link [ 114.646761][T10411] loop1: detected capacity change from 0 to 2048 [ 114.658801][T10426] vlan3: entered promiscuous mode [ 114.677241][T10411] loop1: p1 p2 p4 [ 114.681555][T10411] loop1: p4 start 4294967040 is beyond EOD, truncated [ 114.721422][T10431] loop1: detected capacity change from 0 to 512 [ 114.822023][T10440] loop4: detected capacity change from 0 to 256 [ 114.870052][T10448] netlink: 'syz.1.2413': attribute type 34 has an invalid length. [ 114.903760][T10451] loop4: detected capacity change from 0 to 512 [ 114.922966][T10455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2416'. [ 114.927400][T10451] EXT4-fs: Ignoring removed nobh option [ 114.944846][T10457] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10457 comm=syz.1.2417 [ 114.958424][T10451] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 114.971487][T10451] EXT4-fs (loop4): 1 truncate cleaned up [ 114.979940][T10451] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.110685][T10469] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.117840][T10469] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.150700][T10469] bond0: (slave bridge0): Releasing backup interface [ 115.167668][T10469] bridge0: left promiscuous mode [ 115.184452][T10469] bond0: (slave dummy0): Releasing backup interface [ 115.197713][T10469] dummy0: left promiscuous mode [ 115.239433][T10469] bridge_slave_0: left allmulticast mode [ 115.245118][T10469] bridge_slave_0: left promiscuous mode [ 115.250828][T10469] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.266725][T10469] bridge_slave_1: left allmulticast mode [ 115.272741][T10469] bridge_slave_1: left promiscuous mode [ 115.278711][T10469] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.300258][T10469] bond0: (slave bond_slave_0): Releasing backup interface [ 115.330014][T10469] bond_slave_0: left promiscuous mode [ 115.367909][T10469] bond0: (slave bond_slave_1): Releasing backup interface [ 115.394065][T10469] bond_slave_1: left promiscuous mode [ 115.409213][T10469] team_slave_0: left promiscuous mode [ 115.414675][T10469] team_slave_0: left allmulticast mode [ 115.421952][T10469] team0: Port device team_slave_0 removed [ 115.440770][T10469] team_slave_1: left promiscuous mode [ 115.446393][T10469] team_slave_1: left allmulticast mode [ 115.454047][T10469] team0: Port device team_slave_1 removed [ 115.472737][T10469] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 115.488889][T10469] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 115.504570][T10469] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 115.523658][T10469] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 115.612939][T10469] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.622024][T10469] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.631185][T10469] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.640330][T10469] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.655573][T10469] batman_adv: batadv1: Interface deactivated: netdevsim0 [ 115.668981][T10469] batman_adv: batadv1: Removing interface: netdevsim0 [ 115.707923][T10469] team0: left allmulticast mode [ 115.712824][T10469] team0: left promiscuous mode [ 115.717714][T10469] macsec1: left promiscuous mode [ 115.722819][T10469] macsec1: left allmulticast mode [ 115.741023][T10469] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 115.750102][T10469] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 115.759108][T10469] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 115.768107][T10469] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 115.777941][T10469] vxlan0: left allmulticast mode [ 115.785938][T10469] bond0: left promiscuous mode [ 115.790879][T10469] vlan3: left promiscuous mode [ 115.796920][T10469] bond1: left promiscuous mode [ 115.801783][T10469] bond1: left allmulticast mode [ 115.845024][T10469] bond2: (slave vcan1): Releasing backup interface [ 115.857560][T10487] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2426'. [ 115.873306][T10487] vlan3: entered promiscuous mode [ 115.878493][T10487] erspan0: entered promiscuous mode [ 115.898936][T10489] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2427'. [ 115.958706][T10501] SELinux: Context system_u:object_r:ipmi_device_t:s0 is not valid (left unmapped). [ 115.968832][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 115.968845][ T29] audit: type=1400 audit(1721550883.619:1549): avc: denied { create } for pid=10500 comm="syz.0.2432" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 trawcon="system_u:object_r:ipmi_device_t:s0" [ 115.999898][ T29] audit: type=1400 audit(1721550883.619:1550): avc: denied { associate } for pid=10500 comm="syz.0.2432" name="file0" scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:ipmi_device_t:s0" [ 116.018061][T10442] syz.4.2410 (10442) used greatest stack depth: 6296 bytes left [ 116.041624][ T29] audit: type=1400 audit(1721550883.689:1551): avc: denied { unlink } for pid=8256 comm="syz-executor" name="file0" dev="tmpfs" ino=824 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 trawcon="system_u:object_r:ipmi_device_t:s0" [ 116.046189][T10503] SET target dimension over the limit! [ 116.080220][ T9237] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.087422][ T29] audit: type=1400 audit(1721550883.739:1552): avc: denied { read write } for pid=10504 comm="syz.0.2435" name="qrtr-tun" dev="devtmpfs" ino=231 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 116.112593][ T29] audit: type=1400 audit(1721550883.739:1553): avc: denied { open } for pid=10504 comm="syz.0.2435" path="/dev/qrtr-tun" dev="devtmpfs" ino=231 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 116.195100][T10519] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2439'. [ 116.197494][T10505] loop0: detected capacity change from 0 to 4096 [ 116.204196][T10519] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2439'. [ 116.219994][T10505] loop0: detected capacity change from 0 to 512 [ 116.223120][T10519] geneve2: entered allmulticast mode [ 116.226536][T10505] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 116.235846][T10518] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 116.249698][T10518] team0: Port device macvlan2 added [ 116.277990][T10524] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10524 comm=syz.3.2441 [ 116.292384][T10526] loop4: detected capacity change from 0 to 512 [ 116.300191][T10526] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 116.305494][T10528] loop3: detected capacity change from 0 to 1024 [ 116.311035][T10526] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c019, mo2=0002] [ 116.322118][T10528] loop3: detected capacity change from 0 to 512 [ 116.330055][T10526] System zones: 1-12 [ 116.337534][T10526] EXT4-fs (loop4): 1 truncate cleaned up [ 116.346141][ T29] audit: type=1326 audit(1721550883.989:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10527 comm="syz.3.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 116.369879][ T29] audit: type=1326 audit(1721550883.989:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10527 comm="syz.3.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 116.373262][T10531] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2444'. [ 116.393450][ T29] audit: type=1326 audit(1721550883.989:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10527 comm="syz.3.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 116.402445][T10531] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2444'. [ 116.425845][ T29] audit: type=1326 audit(1721550883.989:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10527 comm="syz.3.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 116.425866][ T29] audit: type=1326 audit(1721550883.989:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10527 comm="syz.3.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 116.437375][T10526] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.458487][T10528] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2443'. [ 116.505951][ T9237] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.540664][T10538] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 116.575838][T10541] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2449'. [ 116.634516][T10562] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10562 comm=syz.0.2455 [ 116.659962][T10567] loop2: detected capacity change from 0 to 128 [ 116.666415][T10567] vfat: Unknown parameter '' [ 116.735142][T10576] loop3: detected capacity change from 0 to 512 [ 116.757953][T10579] loop3: detected capacity change from 0 to 128 [ 116.785969][T10582] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.793285][T10582] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.800896][T10582] bridge0: entered promiscuous mode [ 116.815864][T10584] netlink: 'syz.0.2464': attribute type 10 has an invalid length. [ 116.837860][T10584] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.847072][T10584] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 116.896488][ C0] eth0: bad gso: type: 1, size: 1408 [ 116.902223][ C0] eth0: bad gso: type: 1, size: 1408 [ 116.923840][T10605] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10605 comm=syz.3.2472 [ 117.122263][T10624] loop0: detected capacity change from 0 to 512 [ 117.122694][T10626] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 117.139639][T10624] EXT4-fs (loop0): can't mount with journal_checksum, fs mounted w/o journal [ 117.347753][T10635] vhci_hcd: default hub control req: 4000 v0000 i0000 l0 [ 117.378296][T10659] netlink: 'syz.1.2491': attribute type 10 has an invalid length. [ 117.389598][T10659] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 117.418275][T10663] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 117.429959][T10663] SELinux: failed to load policy [ 117.436515][T10666] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap0 [ 117.470200][T10680] xt_hashlimit: invalid interval [ 117.504708][T10688] loop4: detected capacity change from 0 to 512 [ 117.520057][T10688] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #17: comm syz.4.2502: iget: bogus i_mode (0) [ 117.532826][T10688] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2502: couldn't read orphan inode 17 (err -117) [ 117.545542][T10688] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.564302][T10688] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.2502: bg 0: block 7: invalid block bitmap [ 117.590197][T10703] netlink: 'syz.3.2506': attribute type 13 has an invalid length. [ 117.656244][T10708] loop1: detected capacity change from 0 to 512 [ 117.665041][T10720] netlink: get zone limit has 8 unknown bytes [ 117.688601][ T9237] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.704269][T10726] loop1: detected capacity change from 0 to 512 [ 117.710148][T10728] loop3: detected capacity change from 0 to 512 [ 117.724720][T10726] loop1: detected capacity change from 0 to 256 [ 117.731810][T10726] msdos: Bad value for 'gid' [ 117.736514][T10726] msdos: Bad value for 'gid' [ 117.770144][T10736] loop2: detected capacity change from 0 to 1024 [ 117.785701][T10742] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10742 comm=syz.1.2520 [ 117.804180][T10736] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.836921][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.912542][T10744] loop3: detected capacity change from 0 to 8192 [ 117.913872][T10773] IPVS: Error connecting to the multicast addr [ 117.926099][T10765] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10765 comm=syz.2.2524 [ 117.947136][T10744] loop3: p1 p2 p4 [ 117.951020][T10744] loop3: p1 start 83821824 is beyond EOD, truncated [ 117.957703][T10744] loop3: p2 start 4293394690 is beyond EOD, truncated [ 117.964480][T10744] loop3: p4 size 50331904 extends beyond EOD, truncated [ 117.983049][T10785] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744073709551615) [ 117.993327][T10785] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 118.037073][T10801] loop4: detected capacity change from 0 to 512 [ 118.044693][T10801] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 118.054281][T10801] EXT4-fs (loop4): orphan cleanup on readonly fs [ 118.062867][T10801] EXT4-fs error (device loop4): ext4_acquire_dquot:6848: comm syz.4.2541: Failed to acquire dquot type 1 [ 118.085630][T10801] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2541: bg 0: block 40: padding at end of block bitmap is not set [ 118.110435][T10801] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 118.122762][T10801] EXT4-fs (loop4): 1 truncate cleaned up [ 118.128898][T10801] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 118.149587][T10813] loop0: detected capacity change from 0 to 512 [ 118.159863][ T9237] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.169244][T10813] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 118.184548][T10813] EXT4-fs (loop0): invalid journal inode [ 118.193571][T10813] EXT4-fs (loop0): can't get journal size [ 118.200821][T10826] loop4: detected capacity change from 0 to 128 [ 118.220234][T10813] EXT4-fs (loop0): 1 truncate cleaned up [ 118.228109][T10813] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.241126][T10813] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.257836][T10837] loop3: detected capacity change from 0 to 128 [ 118.283697][T10847] netlink: 'syz.0.2556': attribute type 13 has an invalid length. [ 118.311321][T10859] loop2: detected capacity change from 0 to 256 [ 118.319707][T10860] loop3: detected capacity change from 0 to 512 [ 118.343474][T10865] loop1: detected capacity change from 0 to 2048 [ 118.362071][T10860] 9pnet_fd: Insufficient options for proto=fd [ 118.373151][T10871] loop0: detected capacity change from 0 to 512 [ 118.380232][T10873] netlink: 'syz.4.2565': attribute type 4 has an invalid length. [ 118.389852][T10875] loop2: detected capacity change from 0 to 256 [ 118.396391][T10875] msdos: Bad value for 'time_offset' [ 118.398536][T10871] EXT4-fs: Ignoring removed i_version option [ 118.409777][T10871] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a016c018, mo2=0002] [ 118.418995][T10871] System zones: 1-12 [ 118.428557][T10871] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.2564: bg 0: block 131: padding at end of block bitmap is not set [ 118.446155][T10871] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 118.452541][T10883] loop2: detected capacity change from 0 to 1024 [ 118.461692][T10883] EXT4-fs: Ignoring removed orlov option [ 118.468078][T10883] EXT4-fs (loop2): Invalid log cluster size: 86 [ 118.489996][T10871] EXT4-fs (loop0): 1 truncate cleaned up [ 118.502586][T10871] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.507492][T10895] netlink: get zone limit has 8 unknown bytes [ 118.522538][T10896] loop2: detected capacity change from 0 to 1024 [ 118.540661][T10896] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended [ 118.551429][T10901] loop3: detected capacity change from 0 to 128 [ 118.563934][ T8256] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.577563][T10896] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.609566][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.687498][T10941] loop2: detected capacity change from 0 to 1024 [ 118.688350][T10938] loop3: detected capacity change from 0 to 512 [ 118.745459][T10950] loop2: detected capacity change from 0 to 2048 [ 118.771427][T10964] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10964 comm=syz.0.2598 [ 118.793504][T10950] bond2: entered promiscuous mode [ 118.798588][T10950] bond2: entered allmulticast mode [ 118.804201][T10950] 8021q: adding VLAN 0 to HW filter on device bond2 [ 118.816914][T10950] macvlan2: entered promiscuous mode [ 118.822413][T10950] macvlan2: entered allmulticast mode [ 118.871630][T10985] loop0: detected capacity change from 0 to 512 [ 118.882604][T10991] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10991 comm=syz.3.2605 [ 118.908317][T10985] EXT4-fs (loop0): too many log groups per flexible block group [ 118.916064][T10985] EXT4-fs (loop0): failed to initialize mballoc (-12) [ 118.924092][T10985] EXT4-fs (loop0): mount failed [ 118.958157][T11002] loop2: detected capacity change from 0 to 512 [ 118.965003][T11002] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 118.977689][T11002] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 118.994517][T11002] System zones: 1-12 [ 118.999262][T11002] EXT4-fs (loop2): 1 truncate cleaned up [ 119.005460][T11002] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.020236][T11009] sch_tbf: burst 0 is lower than device lo mtu (18) ! [ 119.041077][T11012] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 119.053479][T11012] loop0: detected capacity change from 0 to 512 [ 119.060599][T11012] EXT4-fs: Ignoring removed nomblk_io_submit option [ 119.078438][T11012] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.092990][T11012] ext4 filesystem being mounted at /192/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 119.240910][T11017] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11017 comm=syz.4.2614 [ 119.583953][T11041] netlink: 'syz.1.2621': attribute type 1 has an invalid length. [ 119.598365][T11041] netlink: 'syz.1.2621': attribute type 30 has an invalid length. [ 119.628246][T11043] delete_channel: no stack [ 119.645576][T11047] xt_socket: unknown flags 0x2 [ 119.651670][ T8256] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.688300][ T5781] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.711458][T11057] loop1: detected capacity change from 0 to 128 [ 119.720459][T11057] loop1: detected capacity change from 0 to 128 [ 119.727845][T11057] __nla_validate_parse: 28 callbacks suppressed [ 119.727858][T11057] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2628'. [ 119.731029][T11055] syzkaller1: entered promiscuous mode [ 119.747259][T11059] loop1: detected capacity change from 0 to 512 [ 119.748755][T11055] syzkaller1: entered allmulticast mode [ 119.755025][T11059] EXT4-fs: Ignoring removed nobh option [ 119.755058][T11059] ext4: Unknown parameter 'lazytime"audit' [ 119.819480][T11069] loop2: detected capacity change from 0 to 512 [ 119.827333][T11069] EXT4-fs warning (device loop2): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 119.838965][T11069] EXT4-fs warning (device loop2): dx_probe:881: Enable large directory feature to access it [ 119.849098][T11069] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.2633: Corrupt directory, running e2fsck is recommended [ 119.864543][T11065] bond0: option arp_interval: invalid value (18446744071562068037) [ 119.865063][T11069] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 119.872559][T11065] bond0: option arp_interval: allowed values 0 - 2147483647 [ 119.882309][T11069] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.2633: corrupted in-inode xattr: invalid ea_ino [ 119.913395][T11069] EXT4-fs (loop2): Remounting filesystem read-only [ 119.931789][T11069] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.951172][T11069] SELinux: (dev loop2, type ext4) getxattr errno 5 [ 119.962674][T11069] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.017078][T11069] netem: change failed [ 120.048967][T11091] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2641'. [ 120.060040][T11091] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2641'. [ 120.098752][T11099] netlink: 64985 bytes leftover after parsing attributes in process `syz.2.2644'. [ 120.118817][T11093] xt_hashlimit: invalid interval [ 120.141268][T11105] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2646'. [ 120.334690][T11132] FAULT_INJECTION: forcing a failure. [ 120.334690][T11132] name failslab, interval 1, probability 0, space 0, times 0 [ 120.347463][T11132] CPU: 1 PID: 11132 Comm: syz.2.2654 Not tainted 6.10.0-syzkaller-10729-g3c3ff7be9729 #0 [ 120.357306][T11132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 120.367348][T11132] Call Trace: [ 120.370611][T11132] [ 120.373543][T11132] dump_stack_lvl+0xf2/0x150 [ 120.378125][T11132] dump_stack+0x15/0x20 [ 120.382301][T11132] should_fail_ex+0x229/0x230 [ 120.386974][T11132] ? io_cqring_event_overflow+0x5a/0x300 [ 120.392634][T11132] __should_failslab+0x92/0xa0 [ 120.397390][T11132] should_failslab+0x9/0x20 [ 120.401956][T11132] __kmalloc_noprof+0xa5/0x370 [ 120.406709][T11132] io_cqring_event_overflow+0x5a/0x300 [ 120.412167][T11132] io_req_cqe_overflow+0x89/0xb0 [ 120.417102][T11132] __io_submit_flush_completions+0x34e/0xa00 [ 120.423136][T11132] ? io_sendmsg_prep+0x359/0x360 [ 120.428111][T11132] io_submit_sqes+0xe91/0x1080 [ 120.432866][T11132] ? __rcu_read_unlock+0x4e/0x70 [ 120.437851][T11132] ? xa_load+0xb9/0xe0 [ 120.441993][T11132] __se_sys_io_uring_enter+0x1c6/0x15a0 [ 120.447529][T11132] ? __fget_files+0x1da/0x210 [ 120.452206][T11132] ? fput+0x13b/0x180 [ 120.456230][T11132] ? ksys_write+0x178/0x1b0 [ 120.460786][T11132] __x64_sys_io_uring_enter+0x78/0x90 [ 120.466203][T11132] x64_sys_call+0x26d0/0x2e00 [ 120.470910][T11132] do_syscall_64+0xc9/0x1c0 [ 120.475482][T11132] ? clear_bhb_loop+0x55/0xb0 [ 120.480148][T11132] ? clear_bhb_loop+0x55/0xb0 [ 120.484813][T11132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.490753][T11132] RIP: 0033:0x7f467d1e5b59 [ 120.495150][T11132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.514749][T11132] RSP: 002b:00007f467c467048 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 120.523270][T11132] RAX: ffffffffffffffda RBX: 00007f467d375f60 RCX: 00007f467d1e5b59 [ 120.531298][T11132] RDX: 0000000000000000 RSI: 0000000000005113 RDI: 0000000000000006 [ 120.539253][T11132] RBP: 00007f467c4670a0 R08: 0000000000000000 R09: 0000000000000000 [ 120.547208][T11132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.555166][T11132] R13: 000000000000004d R14: 00007f467d375f60 R15: 00007fff0895a0b8 [ 120.563126][T11132] [ 120.634864][T11148] netlink: 66 bytes leftover after parsing attributes in process `syz.2.2660'. [ 120.642217][T11141] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2658'. [ 120.653011][T11141] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2658'. [ 120.721771][T11158] loop4: detected capacity change from 0 to 256 [ 120.722040][T11159] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2667'. [ 120.737191][T11159] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2667'. [ 120.763807][T11159] loop0: detected capacity change from 0 to 512 [ 120.819073][T11159] EXT4-fs (loop0): orphan cleanup on readonly fs [ 120.834102][T11169] sctp: [Deprecated]: syz.2.2671 (pid 11169) Use of int in max_burst socket option. [ 120.834102][T11169] Use struct sctp_assoc_value instead [ 120.851320][T11159] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.2667: corrupted in-inode xattr: bad e_name length [ 120.866194][T11176] sctp: [Deprecated]: syz.2.2671 (pid 11176) Use of int in max_burst socket option. [ 120.866194][T11176] Use struct sctp_assoc_value instead [ 120.881973][T11173] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 120.914038][T11159] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.2667: couldn't read orphan inode 15 (err -117) [ 120.934855][T11159] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 120.953195][T11185] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 120.963409][T11185] netlink: 'syz.1.2676': attribute type 34 has an invalid length. [ 120.973773][ T8256] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.987351][T11193] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=11193 comm=syz.4.2674 [ 121.010560][T11184] loop2: detected capacity change from 0 to 512 [ 121.023919][T11184] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.2675: attempt to clear invalid blocks 1 len 1 [ 121.024681][T11201] loop3: detected capacity change from 0 to 256 [ 121.036923][T11203] openvswitch: netlink: ufid size 368 bytes exceeds the range (1, 16) [ 121.051213][T11203] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 121.058708][T11201] FAULT_INJECTION: forcing a failure. [ 121.058708][T11201] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 121.062338][T11184] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.2675: bg 0: block 343: padding at end of block bitmap is not set [ 121.073026][T11201] CPU: 1 PID: 11201 Comm: syz.3.2679 Not tainted 6.10.0-syzkaller-10729-g3c3ff7be9729 #0 [ 121.097050][T11201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 121.100925][T11209] loop1: detected capacity change from 0 to 128 [ 121.107137][T11201] Call Trace: [ 121.107149][T11201] [ 121.107157][T11201] dump_stack_lvl+0xf2/0x150 [ 121.107183][T11201] dump_stack+0x15/0x20 [ 121.128513][T11201] should_fail_ex+0x229/0x230 [ 121.133201][T11201] should_fail+0xb/0x10 [ 121.137385][T11201] should_fail_usercopy+0x1a/0x20 [ 121.142472][T11201] _copy_to_user+0x1e/0xa0 [ 121.146950][T11201] simple_read_from_buffer+0xa0/0x110 [ 121.152329][T11201] proc_fail_nth_read+0xfc/0x140 [ 121.157265][T11201] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 121.162816][T11201] vfs_read+0x1a2/0x6e0 [ 121.166977][T11201] ? __rcu_read_unlock+0x4e/0x70 [ 121.171899][T11201] ? __fget_files+0x1da/0x210 [ 121.176623][T11201] ksys_read+0xeb/0x1b0 [ 121.180849][T11201] __x64_sys_read+0x42/0x50 [ 121.185356][T11201] x64_sys_call+0x2a36/0x2e00 [ 121.190108][T11201] do_syscall_64+0xc9/0x1c0 [ 121.194775][T11201] ? clear_bhb_loop+0x55/0xb0 [ 121.199448][T11201] ? clear_bhb_loop+0x55/0xb0 [ 121.204128][T11201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.210087][T11201] RIP: 0033:0x7fb30ce5463c [ 121.214510][T11201] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 121.234112][T11201] RSP: 002b:00007fb30c0d7040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 121.242510][T11201] RAX: ffffffffffffffda RBX: 00007fb30cfe5f60 RCX: 00007fb30ce5463c [ 121.250468][T11201] RDX: 000000000000000f RSI: 00007fb30c0d70b0 RDI: 0000000000000008 [ 121.258425][T11201] RBP: 00007fb30c0d70a0 R08: 0000000000000000 R09: 0000000000000000 [ 121.266517][T11201] R10: 000000000000002a R11: 0000000000000246 R12: 0000000000000001 [ 121.274597][T11201] R13: 000000000000004d R14: 00007fb30cfe5f60 R15: 00007ffce7e54558 [ 121.282559][T11201] [ 121.289347][T11184] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 121.298794][T11184] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.2675: invalid indirect mapped block 1819239214 (level 0) [ 121.302610][T11213] loop3: detected capacity change from 0 to 512 [ 121.319555][T11213] ext2: Unknown parameter 'audit' [ 121.326734][T11184] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.2675: invalid indirect mapped block 1819239214 (level 1) [ 121.341039][T11184] EXT4-fs (loop2): 1 truncate cleaned up [ 121.346562][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 121.346640][ T29] audit: type=1326 audit(1721550888.989:1617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11212 comm="syz.3.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 121.347629][ T29] audit: type=1326 audit(1721550888.999:1618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11212 comm="syz.3.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 121.401170][T11217] loop0: detected capacity change from 0 to 256 [ 121.404066][ T29] audit: type=1326 audit(1721550889.029:1619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11212 comm="syz.3.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 121.404094][ T29] audit: type=1326 audit(1721550889.029:1620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11212 comm="syz.3.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 121.404117][ T29] audit: type=1326 audit(1721550889.029:1621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11212 comm="syz.3.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 121.404180][ T29] audit: type=1326 audit(1721550889.029:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11212 comm="syz.3.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 121.404203][ T29] audit: type=1326 audit(1721550889.029:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11212 comm="syz.3.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 121.404222][ T29] audit: type=1326 audit(1721550889.029:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11212 comm="syz.3.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 121.404267][ T29] audit: type=1326 audit(1721550889.029:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11212 comm="syz.3.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 121.404287][ T29] audit: type=1326 audit(1721550889.029:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11212 comm="syz.3.2686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7fb30ce55b59 code=0x7ffc0000 [ 121.485761][T11230] loop3: detected capacity change from 0 to 512 [ 121.825249][T11266] wireguard0: entered promiscuous mode [ 121.825267][T11266] wireguard0: entered allmulticast mode [ 121.860498][T11264] sg_write: data in/out 196/1787 bytes for SCSI command 0xb-- guessing data in; [ 121.860498][T11264] program syz.1.2705 not setting count and/or reply_len properly [ 121.899931][T11279] loop3: detected capacity change from 0 to 1764 [ 122.114652][T11296] loop2: detected capacity change from 0 to 512 [ 122.123666][T11296] EXT4-fs error (device loop2): ext4_map_blocks:609: inode #2: block 3: comm syz.2.2715: lblock 0 mapped to illegal pblock 3 (length 1) [ 122.139216][T11296] EXT4-fs (loop2): Remounting filesystem read-only [ 122.145821][T11296] EXT4-fs warning (device loop2): dx_probe:823: inode #2: lblock 0: comm syz.2.2715: error -117 reading directory block [ 122.159575][T11296] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 122.168236][T11296] SELinux: (dev loop2, type ext4) getxattr errno 5 [ 122.740921][T11323] loop0: detected capacity change from 0 to 256 [ 122.768594][T11330] loop1: detected capacity change from 0 to 128 [ 122.841257][T11343] vcan0: entered promiscuous mode [ 122.891524][T11362] loop3: detected capacity change from 0 to 128 [ 122.930338][T11368] loop0: detected capacity change from 0 to 164 [ 122.943592][T11357] loop0: detected capacity change from 0 to 2048 [ 122.950734][ C0] eth0: bad gso: type: 1, size: 1408 [ 122.962066][T11357] IPv6: sit1: Disabled Multicast RS [ 122.968012][T11357] sit1: entered allmulticast mode [ 123.071985][T11376] loop4: detected capacity change from 0 to 128 [ 123.220084][T11391] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.228930][T11391] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.237734][T11391] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.246481][T11391] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.248976][ C0] eth0: bad gso: type: 1, size: 1408 [ 123.261922][T11391] vxlan0: entered allmulticast mode [ 123.406771][T11416] loop4: detected capacity change from 0 to 512 [ 123.414646][T11416] EXT4-fs: Ignoring removed nobh option [ 123.430337][T11416] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 123.473189][T11404] ================================================================== [ 123.473456][T11416] EXT4-fs (loop4): 1 truncate cleaned up [ 123.481278][T11404] BUG: KCSAN: data-race in __delete_from_swap_cache / folio_mapping [ 123.494930][T11404] [ 123.497231][T11404] write to 0xffffea00045a83a8 of 8 bytes by task 9976 on cpu 1: [ 123.504922][T11404] __delete_from_swap_cache+0x1f2/0x290 [ 123.510476][T11404] delete_from_swap_cache+0x72/0xe0 [ 123.515652][T11404] shmem_swapin_folio+0x69e/0x760 [ 123.520653][T11404] shmem_get_folio_gfp+0x278/0xb70 [ 123.525743][T11404] shmem_file_read_iter+0x152/0x550 [ 123.530924][T11404] do_iter_readv_writev+0x3b0/0x470 [ 123.536097][T11404] vfs_iter_read+0x16e/0x3b0 [ 123.540662][T11404] loop_process_work+0x7a6/0x1230 [ 123.545670][T11404] loop_workfn+0x31/0x40 [ 123.549890][T11404] process_scheduled_works+0x483/0x9a0 [ 123.555418][T11404] worker_thread+0x526/0x700 [ 123.560422][T11404] kthread+0x1d1/0x210 [ 123.564469][T11404] ret_from_fork+0x4b/0x60 [ 123.568861][T11404] ret_from_fork_asm+0x1a/0x30 [ 123.573609][T11404] [ 123.575920][T11404] read to 0xffffea00045a83a8 of 8 bytes by task 11404 on cpu 0: [ 123.583523][T11404] folio_mapping+0xd2/0x110 [ 123.588004][T11404] evict_folios+0x817/0x3400 [ 123.592570][T11404] try_to_shrink_lruvec+0x719/0x8b0 [ 123.597744][T11404] shrink_lruvec+0x25c/0x1760 [ 123.602402][T11404] shrink_node+0x55e/0x1da0 [ 123.606882][T11404] do_try_to_free_pages+0x3cf/0xc20 [ 123.612062][T11404] try_to_free_mem_cgroup_pages+0x1ea/0x4e0 [ 123.617935][T11404] try_charge_memcg+0x27a/0xcd0 [ 123.622759][T11404] obj_cgroup_charge_pages+0xbd/0x1d0 [ 123.628107][T11404] __memcg_kmem_charge_page+0x9d/0x170 [ 123.633541][T11404] __alloc_pages_noprof+0x1bc/0x360 [ 123.638719][T11404] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 123.644069][T11404] alloc_pages_noprof+0xe1/0x100 [ 123.648988][T11404] __vmalloc_node_range_noprof+0x719/0xef0 [ 123.654872][T11404] __kvmalloc_node_noprof+0x121/0x170 [ 123.660224][T11404] ip_set_alloc+0x1f/0x30 [ 123.664620][T11404] hash_netiface_create+0x273/0x730 [ 123.669799][T11404] ip_set_create+0x359/0x8a0 [ 123.674367][T11404] nfnetlink_rcv_msg+0x4a9/0x570 [ 123.679308][T11404] netlink_rcv_skb+0x12c/0x230 [ 123.684051][T11404] nfnetlink_rcv+0x16c/0x15b0 [ 123.688707][T11404] netlink_unicast+0x593/0x670 [ 123.693446][T11404] netlink_sendmsg+0x5cc/0x6e0 [ 123.698193][T11404] __sock_sendmsg+0x140/0x180 [ 123.702847][T11404] ____sys_sendmsg+0x312/0x410 [ 123.707581][T11404] __sys_sendmsg+0x1e9/0x280 [ 123.712154][T11404] __x64_sys_sendmsg+0x46/0x50 [ 123.716903][T11404] x64_sys_call+0x26f8/0x2e00 [ 123.721557][T11404] do_syscall_64+0xc9/0x1c0 [ 123.726034][T11404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.731902][T11404] [ 123.734199][T11404] value changed: 0x00000000000006f8 -> 0x0000000000000000 [ 123.741277][T11404] [ 123.743573][T11404] Reported by Kernel Concurrency Sanitizer on: [ 123.749693][T11404] CPU: 0 PID: 11404 Comm: syz.4.2756 Not tainted 6.10.0-syzkaller-10729-g3c3ff7be9729 #0 [ 123.759556][T11404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 123.769584][T11404] ================================================================== [ 123.794780][T11425] loop2: detected capacity change from 0 to 1024 [ 123.826458][T11425] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 123.846222][T11387] chnl_net:caif_netlink_parms(): no params data found [ 123.992987][ T9977] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 124.003437][ T9977] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.170611][ T9977] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 124.180997][ T9977] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.250811][ T9977] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 124.261105][ T9977] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.347434][ T9977] bridge_slave_1: left allmulticast mode [ 124.353133][ T9977] bridge_slave_1: left promiscuous mode [ 124.358782][ T9977] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.409629][ T9977] erspan0 (unregistering): left promiscuous mode [ 124.539055][ T9977] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 124.548918][ T9977] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 124.559028][ T9977] bond0 (unregistering): Released all slaves [ 124.567369][ T9977] bond1 (unregistering): Released all slaves [ 124.575738][ T9977] bond2 (unregistering): Released all slaves [ 124.659074][ T9977] hsr_slave_0: left promiscuous mode [ 124.664672][ T9977] hsr_slave_1: left promiscuous mode [ 124.670333][ T9977] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 124.677901][ T9977] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.685279][ T9977] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 124.694152][ T9977] veth1_macvtap: left promiscuous mode [ 124.699778][ T9977] veth0_macvtap: left promiscuous mode [ 124.705329][ T9977] veth1_vlan: left promiscuous mode [ 124.773748][ T9977] team0 (unregistering): Port device team_slave_1 removed [ 124.783929][ T9977] team0 (unregistering): Port device team_slave_0 removed [ 125.165463][ T9977] IPVS: stop unused estimator thread 0... [ 125.229208][ T9977] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.278412][ T9977] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.318209][ T9977] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.368122][ T9977] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 125.449767][ T9977] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.489654][ T9977] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.549396][ T9977] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.878001][ T9977] bridge_slave_1: left allmulticast mode [ 125.883689][ T9977] bridge_slave_1: left promiscuous mode [ 125.889446][ T9977] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.899351][ T9977] bridge_slave_0: left allmulticast mode [ 125.905070][ T9977] bridge_slave_0: left promiscuous mode [ 125.910684][ T9977] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.989481][ T9977] erspan0 (unregistering): left promiscuous mode [ 126.388823][ T9977] bond0 (unregistering): Released all slaves [ 126.397594][ T9977] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 126.407712][ T9977] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 126.417804][ T9977] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 126.428666][ T9977] bond0 (unregistering): Released all slaves [ 126.437189][ T9977] bond0 (unregistering): Released all slaves [ 126.445943][ T9977] team0: Port device macvlan2 removed [ 126.454989][ T9977] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 126.464317][ T9977] bond0 (unregistering): Released all slaves [ 126.472439][ T9977] bond1 (unregistering): Released all slaves [ 126.480913][ T9977] bond2 (unregistering): Released all slaves [ 126.489252][ T9977] bond3 (unregistering): Released all slaves [ 126.609508][ T9977] hsr_slave_0: left promiscuous mode [ 126.615171][ T9977] hsr_slave_1: left promiscuous mode [ 126.622387][ T9977] hsr_slave_0: left promiscuous mode [ 126.627976][ T9977] hsr_slave_1: left promiscuous mode [ 126.633602][ T9977] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.641058][ T9977] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 126.648720][ T9977] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.656092][ T9977] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 126.665214][ T9977] hsr_slave_0: left promiscuous mode [ 126.670854][ T9977] hsr_slave_1: left promiscuous mode [ 126.677505][ T9977] veth1_macvtap: left promiscuous mode [ 126.682957][ T9977] veth0_macvtap: left promiscuous mode [ 126.688477][ T9977] veth1_vlan: left promiscuous mode [ 126.806723][ T9977] team0 (unregistering): Port device team_slave_1 removed [ 126.817584][ T9977] team0 (unregistering): Port device team_slave_0 removed [ 127.750378][ T9977] IPVS: stop unused estimator thread 0...