last executing test programs: 39.897349436s ago: executing program 3 (id=722): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) syz_emit_ethernet(0x2b2, &(0x7f00000009c0)=ANY=[@ANYBLOB="ffffffffffff00000000000086"], 0x0) 39.829158378s ago: executing program 3 (id=724): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x4}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001880), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="a1832abd7000ffffffff0500"], 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x4040004) 39.812211838s ago: executing program 3 (id=726): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001640)='kfree\x00', r1}, 0x10) r2 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) write$selinux_validatetrans(r2, 0x0, 0x79) 39.733017559s ago: executing program 3 (id=727): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000180)={[{@delalloc}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x799, &(0x7f0000000a00)="$eJzs3c9rXNUeAPDvnSTNj/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9swmYaaSaZkJqUJWbSI4EZQcSHopmt/1J1bf2z1vxCUlqppseJCIndyJ502M+kkTWaq+XzgZs6590zO+c65P87MucwEsG+Npn9yEYcj4t0kYjhbn0REXy3VG3Fyvdyd1ZVCuiSxtvbqL0mtzO3VlUI0PCd1MMv8PyK+eSviSG5zvZWl5dmpUqm4kOXHq3MXxitLy0fPz03NFGeK88cnJiePnXjmxPHdi/W375cP3XjvpSc/P/nHm/+79s63SZyMQ9m2xjh2y2iMZq9JX/oS3uPF3a6sy5JuN4AdSQ/NnvWjPA7HcPTUUi0MdrJlAMBeWQMA9qHEGAAA9pn65wC3V1cK9aW7n0h01s0XImJgPf76/Ob6lt5szm6gNg86dDu5Z2YkiYiRXah/NCI+/vL1T9Mlsn4wlwZ0wuUrEXF2ZHTz+T/ZdM/Cdj211ca1/trD6H2r99v1B7rpq3T882yz8V9uY/wTTcY//U2O3Z148PGfu74L1bSUjv+eb7i37U5D/JmRniz3r9qYry85d75UTM9t/46IsejrT/MTtaLNR25jt/681ar+xvHfr++/8Ulaf/p4t0Tuem//vc+ZnqpOPWzcdTevRDzW2yz+ZKP/kxbj39Nt1vHyc29/1GpbGn8ab33ZHP/eWrsa8UTT/r/bl8mW9yeO13aH8fpO0cQXP3w41Kr+xv5Pl7T++nuBTkj7f2jr+EeSxvs1K9uv47urw1+32vbg+Jvv/weS12rpA9m6S1PV6sJExIHklYj4caNsbf2x2JSvl0/jH3u8+fG/Xm3z/T99T3i2zfh7b/z82c7j31IScbnNos2l8U9vq/+3n7h2Z7Zn5/Gn/T9ZS41la9o5/7XbwId57QAAAAAAAAAAAAAAAAAAAAAAAACgXbmIOBRJLr+RzuXy+fXf8P5vDOVK5Ur1yLny4vx01H4reyT6cvWvuhxu+D7Uiez78Ov5Y/fln46I/0TEB/2DtXy+UC5Ndzt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMgcbPH7/6mf+rvdOgBgzwx0uwEAQMe5/gPA/rO96//gnrUDAOicbV3/Xf4B4B+h7ev/2b1tBwDQOeb/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2GOnT51Kl7XfV1cKaX764tLibPni0eliZTY/t1jIF8oLF/Iz5fJMqZgvlOda/qPL6w+lcvnCZMwvXhqvFivV8crS8pm58uJ89cz5uamZ4pliX8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID2VZaWZ6dKpeKCxJaJwUejGY9Mojc6WulAtrs+ErHvj0TjWWKwOycnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL+BvwIAAP//708sGw==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x8004587d, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4}) r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x181) r2 = open_tree(r1, &(0x7f0000000280)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 39.63308979s ago: executing program 3 (id=732): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000020000000000000000000095"], &(0x7f0000000340)='GPL\x00', 0x1}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x406, 0x0, 0xfffffffffffffcd9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000000c0)="a0", 0x0, 0x0, 0x0, 0x1000000}, 0x31) 39.046816418s ago: executing program 3 (id=745): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000005c0), 0x10) recvmmsg(r0, &(0x7f0000006a40)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0x5736}], 0x2, 0x600101a2, 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r1}, 0x10, &(0x7f0000000480)={&(0x7f0000000140)=@can={{0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, "5b7ba3698f28aaf0"}, 0x10}}, 0x4040) 39.046184438s ago: executing program 32 (id=745): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000005c0), 0x10) recvmmsg(r0, &(0x7f0000006a40)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0x5736}], 0x2, 0x600101a2, 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r1}, 0x10, &(0x7f0000000480)={&(0x7f0000000140)=@can={{0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, "5b7ba3698f28aaf0"}, 0x10}}, 0x4040) 3.166587234s ago: executing program 0 (id=2189): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r0}, &(0x7f0000000580), &(0x7f0000000380)}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000980)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x1010040, &(0x7f00000003c0)={[{@noquota}, {@debug}, {@jqfmt_vfsv0}, {@noauto_da_alloc}, {@resgid}]}, 0x3, 0x4d7, &(0x7f0000001480)="$eJzs3d9rW9cdAPDvle3YSZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX/AYOwX61Of+lLocymU/AmlEGjfSyktoU3Shz60VZF01aSO/AtbVmJ9PnB8z/2h+/0em3uso3PRDaBjnY2I8YjoiogLETGQbs+kJdbrpXrc40d3p6oliUrl5qdJJOm2xrmSdHk8fVlfRPzpDxF/TZ6PW1pdm58sFPLL6XquvLCUK62uXZxbmJzNz+YXx0dHroxdHbs8Nrxvbb32u4/+84/Xfn/t7V/e/mDik/N/q6bVn+57th07sb7D4+pN76n9Lhq6I2J5N8FeYF1pe3ranQgAADtSfY///Yj4aUQ8+X+7swEAAABaofKb/vgyiagAAAAAh1amdg9sksmm9wL0RyaTzdbv4f1hHMsUiqXyL2aKK4vT9XtlB6MnMzNXyA+n9woPRk9SXR+p1Z+uX9qwPhoRJyPiXwNHa+vZqWJhut0ffgAAAECHOL5h/P/5QH38DwAAABwyg+1OAAAAAGg5438AAAA4/DYd/yfdB5sIAAAA0Ap/vH69WiqN519P31pdmS/eujidL81nF1amslPF5aXsbLE4W/vOvoXtzlcoFpd+FYsrd3LlfKmcK62uTSwUVxbLE7Xnek/kPScaAAAADt7Jn9x/P4mI9V8frZWqI+m+HYzVx1ubHdBKmd0dnrQqD+DgdbU7AaBt3OALnct8PLDNwP7fG9Z3+bEBAADwIhj60Z7m/80HwkvMQB46l/l/6Fzm/6Fzmf+HDte7/SF9m+14Z59zAQAAWqa/VpJMNp0L7I9MJpuNOFF7LEBPMjNXyA9HxPci4r2Bnt7q+ki7kwYAAAAAAAAAAAAAAAAAAAAAAACAl0ylkkQFAAAAONQiMh8n6YP8hwbO9W/8fOBI8sVAbRkRt1+5+d87k+Xy8kh1+2ffbi//L91+qbEFAAAAaKfGOL0xjgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/fT40d2pRjnIuA9/GxGDzeJ3R19t2ffmQEQce5JE9zOvSyKiax/ir9+LiFPN4ifVtGIwzWJj/ExEHG1z/OP7EB862f1q/zNevf56Nlx/mThbWza//rrTslcPz27W/2Ua/V+tn2vW/53Y+tR9jcrpB2/kNo1/L+J0d/P+pxE/2WP/+5c/r61ttq/yasTQNv9/qrFy5YWlXGl17eLcwuRsfja/ODo6cmXs6tjlseHczFwhn/5sGuOfP37r663af6xp/Hr/u1X7zz1/ut5mMb56cOfRD7aIf/5nzf/+p7aIX/3d/zz9P1DdP9Sor9frzzrz+rtntmr/9Cbt3+7vf36zk25w4cbfP9zhoQDAASitrs1PFgr55ZejElF/V/6i5KOispdKV8tD3Egv9F2/vL39EgAAsP+evulvdyYAAAAAAAAAAAAAAAAAAADQuVr+PWe93/1mgb72NRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYEvfBAAA///DTM7p") renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x2) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) 3.105089435s ago: executing program 0 (id=2190): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c) 2.272818967s ago: executing program 0 (id=2211): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) msgget$private(0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000016c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x4000000, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0x0, 0x6}, {0xff, 0x0, 0x1ff}, 0x0, 0xfffffffd}}, @TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x1ff, 0x0, 0xfffffc80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, 0x3f, 0x0, 0x0, 0x0, 0xffffffff, 0x2, 0xc00, 0x0, 0x0, 0x0, 0x1ff, 0x8000000, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffd, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0xfffffffd, 0x0, 0x2, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x0, 0x10, 0x0, 0x9, 0x4, 0x0, 0x0, 0x4, 0x0, 0x40, 0x9, 0x0, 0x4, 0x2, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xa97, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0xfffffffd, 0x404000, 0x3, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, 0xb484, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x1, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x2dfd, 0x0, 0x0, 0x0, 0x0, 0x7, 0x72, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x402, 0x0, 0x0, 0x0, 0x400, 0x9, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x100, 0x0, 0x4, 0xfffffffd, 0x0, 0x0, 0x3ff, 0xfffffffe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffd]}]}}]}, 0x45c}}, 0x0) 2.271982217s ago: executing program 0 (id=2213): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f00000039c0)=ANY=[@ANYBLOB="180000000300000000000000a012544f95002b000000000093adffa82255f674412d020000000000005ab527ee3697f1ed4436dd1164b1b3f427f6ba6b34f98125f30e631d273683626e00dc254d570d4a6b78a5833488cfe410090000004aa900003d3cd62f00158e6eee8501000000520a0000151d016e6cafbe9309aba218812868a51d129e78f6ae170bf5a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b000024b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e8b701d2d17ebc406e89dcbb7677e6528b0856e31eb9474c0106fc48e1f8c1a5f6945ac24cf609068f6ff21e88b3cfc22df01d51e242443618c02e0a428da651366e4bac9d97328fa2a82b5e8741e02056d933bedf59ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e148bf56497e5d56d06c7551b870b2851c3f0a1aab7158edeeccd92e3a88dc0f432187ce92d7b17a21c8f1b3369ebfcb4cb2946601b0f04edb256c604f068773f6db9d661bd7f0e2536f00000000000000005521458b7d1e341c6f864f983d745f5865aad41d29158ae7602a2d6cd415e8351ebc283df54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121a96eb373845255012e028cb2654d493afb4b35faae176f99b745eda2967199cc93685bb444f9bc50713061385537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d0007ae4e1e347c0cff28235a6bb7aa3804b907a8f2880c5cb1cb385e6add14652003c7cdd3324f07d1ff07000000000000000009dd872ec64fa6c718bbd1aa591140cff0be4c6f8df084c5e9734ae30aa9afdc7125f01ab03a9b1074407136b4506000f0916aada035df2e0452a9b39e73aeeb6eaf14652dda689e2051d9b7eb85f3f2d5ab2c51944da8d7391d5b6b97419a3b76600cd1aa0afe5f8f46df4c5124ca425d374b371867a79b31f3f514573f1e30d1fd2d763f3ee9210b15c1d60be2168fffcd599a2cb77f124e22f87673675805494db821f39b50d5fd8c6b2a3a324c257bc97def5f07f2b77f05a4f81a9cf8110971b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c4407eca22debc99335583b00013c3130978fa069af8223b38ced735c2d90c6d84c30a0d87d42647489b39601be5c27696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f240080000534187738655d7a6240412c8f283cc0c1eba2866dc9580000000000000007fffffffff554b82d9c162f3556076b80552d961ca74d1ffdaccf0ea5f02e0163a9ccb9087e6c3b3917bb74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb01f7ada800e50000000000fdaf2f7b3b79a433e08074ea2462974ab2cbd2190780fa39c43ea647eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433d866665b98ca2002c836e89feef904c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc8d0834fb8d124638fec58faeb4c16abb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a68d2bb2dd163e863314e8449801b52bb93f6c9084659ce777dda8563c859656a357770289a61faa95a82bf1cfb7f2f97252e9322abe282c3344fc6738b4467893b9bf0000000000000001062a35376413c29f7c6f7bde29b9f4bddd5e328661f4615e627a6f608ad53a4168fe8e5d7d934aa289b4bd2b870000000000000000000000000000fc4b4ff50000009b777883a02ffd92dfc4cb4114b9f9cf4ad155110cd3ace2b322ae31bfa27847c799c8869a1ea5018e525e6383ad7fd9795170e7b11e247603000000001459c7f606d721d3979676bffb3049166ab84ac1061991bd57c2566c10c296352a5105b6164e3f2491e4793e2b70590dcc71f110da96366c40dd44a2c9882d3aa0f8a797b8fea6efcfb5276b7679f15559cdaabf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5002adef9546abb7a2d9c085b189b5ff30e4e0c13f60870fde1f88d830b11002135e8e7262f29b6d7923bfbe0bd2a8be179e56b41ff3792cee2fc37eee739c3008ce740d8804f8e705f0dc59d000021363e8df94ff175b48dc8c12def681a11647946595445bf1cb7d2778cd27a6b3b2966b08be600000020a8a711d193bae0ab2db9ed9c6cb3c3de42ab89524414cae922141f7baf17ebb790ad60bd0387837e63f9880fd70259e35590afb4843cd4e9989398eaa89cefb3aa13cab8d015cbaf1561d95362decd73b8f8cbf8269cac091cfaaa3c7e46d6e79145fc0f1d1b383752ccb40515a772356d746914540216adf4c0f44f1cff3760afa252720ec6dad3a98671ecdaff46cddffb1f05a0c0976070d603a442d014822369fa3eacbb69bd1b0a074357acd5d02161fed146ad3aa15d2b8101b7bd1e091ada78ecd50181f4b35cae1b29aff91494c916323b61f815c4e0701657087ad11eef97952921365bc898ba2c76a9b6e0052f43b1ad2dfdf3f958fc1d32e692bc8846c78a956ada453c67c1c2cdc4f8b1c94e9adc106e85b31e030d955c5578e107a6e8ca0d4dd05344c3e2af25d9a3b0f7805624016aeab271a75f0bacb101a156ef8948064569154a7de08f80e4df4c339b69431b0a5671097d89212b465b0b32275deae10a77e334c9fc074d181bdeb5be80a6249d472e78e6be57a5ccd354cf181e099605a644ecade221a2be926210b2690d09e4b7a3dea25403397439979c27d5613262de10bacecfff2d58437f012df4252c018795310c25e8fce18ed366ac2caade564ca869727a7d63c26271e17d7aba48971835530311545273d3caadeb5d2017dc816126b6f2068f68a4111ddd587b5df4b5d8f1ce00231a2092eb2e797c491a1e66f73606fd95bb01b53a2d862b6262f0259da51ff7517ace7361460a4669a97f7d0bf095c2787f00bdbfee19670d1e0ec5e6c3cb09972fa4d94986157b96d6695177c99d83716651129320924352cda7b8ead91c3301af620c1e8d7004d29ad77f54836779600bb0b247139d429df96362db3ecfbd36fa8164fabdcf2e58b720e8e1c03a74daf593f92a8ecc03f8c8e3af9ae07dc03780cc0d69da9e3528c1693fb51998731992ceb27dcc0be5be4decefe41b78bc1847bf54b087e095172f06cfa6d4bf958b1d4544947ff1230655199db4f475006047fe83caca97758dffa53cee764f85932eb20d54241b2d515c0826dfe1f0f40ae920455a4548fb35e2a345c05b1c252b7877bb3d834b0b3579a36249146f832ef258df5127318c7017ac1a996c4f902f82deb60fd113ccf812d55ffd625057bd4ff3960992b85bc8d32edfca386be16b1c549aec52e31e1405f86c7760282901750b732ec06b0db735222a56f3ebb16fad3e9269495230cd88b0ea2e3affa196a2f0adf733bc6afd37a659ecc933d636c1b27d3a16c5ea25301f9b5789e4aa8e7228e3002f146aa5e575bb74b1ebb82147edf8161d362704377058e887c608be8719ea1b6c490f79e0832e2ddd7e217c7adddd4731e032d7eb35bdc38160c676d840e2e8be9033a686cf7061f5f55e2851736aa8c2f3bad8ac05c048e20d8c03b68008a70b8f80c93ebd2ababb5c65fe9abc4642d7b58d8c93efd7b6b39c68a16d75a7852dfc37a6a50cb28a9b6f685a465d08fc603d81d8ddd5296fae97be1401a8be7748a71fcdc85ba2049e96c4e6dce59b88cd5472726bc237fbcf3ffcbf32e2aac9b2f9d6013b59780ded723b08c767fa091e2fa4d51863500fcd5041bcc98a685504835743194113ea0b97b4f9ddc395b9ac4defefadd37a8871fd91f31a56eb96ecf90000000000000000000000000000000000000000000c447ea475c236c3b7f24079fe375f3f861fc54d9d8a04a6cb8c0dbf9e9cc53a84a5795ae5ebcbd825e3572df16fbdcd395e995fa4fcbbf31583d9e1d3ff537f401a3139200a8bd2122157887199cd54075a4d5b29935dda5c6aa0f3ac6895eb73c7abbd4603abdaa8629dedb2cab0fa80f9514ad310491a9a300015c18cdfd9342cff50d849d7516134d45d1a8cf157abe0c79de543993cf689f8a7113508fbf8a610417045e6c38a5d4ff4656dbd9656ad6ce625e1674ab57944ebb834743a248a2be304ba1e037cb63a169d340be8befc1b238aa26e24"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48) r2 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1}) sendmsg$rds(r2, &(0x7f0000002940)={0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000002980)=""/4112, 0xfffffe09}], 0x1}, 0x0) write(r2, 0x0, 0x0) 1.415438679s ago: executing program 0 (id=2252): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2649baca85309be96d5a45bbbdb5ff7ffffffd075b3eee14473f51be98db7efbb059842badcfc81364470e8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c11071adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eb47efb7b3f19046c6f1bd1bf56e5853ed96137f95b3a11954ed1c8a8676468cf2405e48723d4b1ff"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x18) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x3}, @IFLA_XDP_FD={0x8, 0x1, r3}]}, @IFLA_GROUP={0x8}]}, 0x3c}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0) 566.584271ms ago: executing program 5 (id=2273): get_mempolicy(0x0, 0x0, 0x82c, &(0x7f0000fff000/0x1000)=nil, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r1) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r2, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000019140)={[&(0x7f0000000380)=' T\xfc\x81\x8e\x9f5\x0e \x043[B\xad\x13\x9f\xae\x8f\xbb\x9a\x0f\x9f\x03\xa5\xfc9\xbb\xa4.\xf4\xeb\x03\xf1\xb6\x8c\xc4E\x93\n&k\xec\xc8\xdch\xd6\x1e\xcb\fA\\da/O\xdcn7\x1b@\xbf\xfb\x17J\xaaD\xe4\x01\xbc']}, &(0x7f0000019100)={[&(0x7f0000000200)=' ']}) 559.371442ms ago: executing program 0 (id=2274): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_io_uring_setup(0xe46, &(0x7f0000000380)={0x0, 0x5f39, 0x0, 0x4001, 0x2b7}, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) r1 = perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) close(r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x7fff}, 0x18) 523.001642ms ago: executing program 5 (id=2275): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) sendmsg$key(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[@ANYBLOB="0209fd020b00000028bd7000fbdbdf270900180009c33e"], 0x58}}, 0x44804) 478.761973ms ago: executing program 5 (id=2277): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r0}, 0x18) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) setsockopt$TIPC_GROUP_LEAVE(0xffffffffffffffff, 0x10f, 0x88) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1018e58, &(0x7f0000000440)={[{@bsdgroups}, {@noblock_validity}, {@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x6}}, {@debug}, {@jqfmt_vfsv1}]}, 0x1, 0x604, &(0x7f0000000c00)="$eJzs3c9rHFUcAPDvzCYxaWPTiogtigEPLUjTpBarXmzrwR4KFuxBxENDk9TQ7Q+aFGwtmIIHBQURryK9+A94l969iaDePAtVpKKg0pXZnW02yW4a0+xOmvl8YLPvvZnd9747eZk3M3k7AZTWaPYjjdgdcfd0EjHSsmw4GgtH8/Xu/H79TPZIolZ747ckBvKy5vpJ/rw9zwxGxHfHIh6rrKx37uq1c5PVWsP7EQfmz186MHf12v7Z85Nnp89OX5g4+OKhw+MvTRya2JA4t+fPx0+8/tQnH7zzwsz31f1JHIlT/e9NxbI4NspojMbdPMTW8r6IOJwl2nwuD5v7hLCjV+1gfSr572N/RDwRI1Gp5xpGYvbjQhsHdFWtElEDSirR/6GkmuOA5rH92o6DT3V5VNI7t482DoBWxt/XODcSg/Vjo213kpYjo8a5jZ0bUH9Wx7/X93yRPWLJeYi/7m2dvg2op5OFGxHxZLv4k3rbdtYjzeJPl7QjiYjxiPo5oKz81QdoQ9KS7sZ5mNWsN/40Io7kz1n5sXXWP7os3+v4ASinW0fzHflCllvc/2Vjj+b4J9qMf4bb7LvWo+j9X+fxX3N/P1g/R54ujsMGm6892f4t+5cX/PzR8c861d86/sseWf3NsWAv3L4RsWdZ/B9mwebjnyzcpM32z1Y5fWRtdbz2w6/HOy0rOv7azYi9bY9/FkelWWqV65MHZmar0+ONn23r+Obbt7/qVH/R8Wfbf1uH+Fu2f7r8ddlncmmNdXx98ub5TsuGV8SfJBGt8ae/DCSN482BvOTdyfn5yxMRA8mJfJWW8oOrt6W5TvM9svj3Pdu+/y/5/b+x9H2Gmn8y1+DSm+fudFq2nu3fcjH5bm2Nbegki3/q/tt/Rf/Pyj5dYx1/vnXl6U7LVot/6EECAwAAAAAAgBJK69dgk3TsXjpNx8Ya82Ufj21p9eLc/HMzF69cmIrYV/9/yP60eaV7pJFPsvxE/v+wzfzBZfnnI2JXRHxeGarnx85crE4VHTwAAAAAAAAAAAAAAAAAAABsEtvz+f/N+1T/UWnM/wdKops3mAM2N/0fyqve/1fc4gkoA/t/KC/9H8pL/4fy0v+hvPR/KC/9H8pL/4fy0v8BAAAAYEva9cytn5KIWHh5qP7IDOTLzAiCra2/6AYAhakU3QCgMPcu/RvsQ+msafz/d/7lgN1vDlCApF1hfXBQW73z32r7SgAAAAAAAAAAAACgC/bu7jz/39xg2NpM+4PyeoD5/746AB5yvvofyssxPnC/WfyDnRaY/w8AAAAAAAAAAAAAPTNcfyTpWD4XeDjSdGws4tGI2Bn9ycxsdXo8InZExI+V/key/ETRjQYAAAAAAAAAAAAAAAAAAIAtZu7qtXOT1er05dbEPytKtnaieRfUHtT1SvzPV0XS+49lKCIK3yhdS/S1lCQRC9mW3xQNuzwXm6MZ9UTBf5gAAAAAAAAAAAAAAAAAAKCEWuYet7fnyx63CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB6b/H+/91LFB0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBw+i8AAP//B/w98Q==") 478.516123ms ago: executing program 5 (id=2278): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0x6}, 0x18) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) ftruncate(r2, 0x1) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'}) 421.060964ms ago: executing program 5 (id=2280): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xb, 0x5, 0x10001, 0xa, 0x1, 0xffffffffffffffff, 0x3}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 420.780733ms ago: executing program 5 (id=2281): bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0100000004000000fd09"], 0x50) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0x80, 0x8000, 0x0, 0xb9ff, 0x15}) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x3}) r1 = syz_open_pts(r0, 0x101000) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17) 271.158375ms ago: executing program 1 (id=2291): perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10010, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x80000000}, 0x0, 0xc8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r3}, 0x10) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="8fedcb7910009875f37538e486dd6317ce8102032b00fe08000e40000200875a65969ff57b00ff0200000000000000000001ffaaaaaa"], 0xfdef) 226.790907ms ago: executing program 1 (id=2293): mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000040)=@v2={0x2000000, [{0x14d, 0x5}, {0x10000, 0x1}]}, 0x14, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) 226.418187ms ago: executing program 1 (id=2294): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000002400)={0x18, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000001e40)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18) ioctl$USBDEVFS_CONNECTINFO(0xffffffffffffffff, 0x8004550f, &(0x7f0000002a40)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]}) getrusage(0x1, 0x0) 200.782906ms ago: executing program 1 (id=2298): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x3, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0xfffff801}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r2}, &(0x7f00000002c0), &(0x7f0000000440)=r0}, 0x20) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000700)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) 145.402108ms ago: executing program 1 (id=2301): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) prctl$PR_SET_NAME(0xf, &(0x7f00000002c0)='+}[@\x00G5\v\x89n\xb2\x0e\xb7\xb4\x9a\xb3\xb9\xe1\xff@`\x87\xefy\xb7\xe0\xe6c\x91\x81ND\t3\xc4\xca\xf0\xd0Zp\xadbdY\xdcz\xc6lo\xd0\xc7\'CT') unshare(0x2c020400) r1 = syz_io_uring_setup(0x1725, &(0x7f0000000100)={0x0, 0x1452, 0x800, 0x80400002, 0x2d4}, &(0x7f0000000300)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000240)=0xfffffc04, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_MKDIRAT={0x25, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000280)='./file0\x00', 0x84, 0x0, 0x1}) io_uring_enter(r1, 0x8ba, 0x696d, 0x20, 0x0, 0x0) 145.130678ms ago: executing program 2 (id=2302): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0xcc, 0x2c, 0xd27, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0xa0, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x7, 0xef, 0x8, 0x8, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x8, 0x7, 0x1009, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x5}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x1, 0x42}, {0x6, 0x4, 0x0, 0x8}, {0x8001, 0x0, 0x0, 0x8001}, {0x1, 0x1800000, 0xa525}]}}, @TCA_U32_LINK={0x8, 0x3, 0x80000000}]}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x80}, 0x40) 144.806848ms ago: executing program 1 (id=2303): r0 = open(&(0x7f0000000300)='./bus\x00', 0x169042, 0x0) ftruncate(r0, 0x88801) r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20040008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0x140) sendfile(r2, r3, 0x0, 0x8000fbffc001) 130.156638ms ago: executing program 4 (id=2304): setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000480)={'wg2\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000000)=0xf3e, 0x4) sendto$packet(r2, &(0x7f0000000240)='V', 0x1, 0x0, &(0x7f0000000b40)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2}}, 0x14) 72.917959ms ago: executing program 4 (id=2305): r0 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x8000021e}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1}) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3, 0xffffffffffffffff}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) io_uring_enter(r0, 0x47fa, 0x0, 0x0, 0x0, 0x0) 72.653139ms ago: executing program 4 (id=2306): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8e7}, 0x94) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) socket$nl_rdma(0x10, 0x3, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 72.304349ms ago: executing program 2 (id=2307): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000280), 0x10) close_range(r2, 0xffffffffffffffff, 0x0) 72.090949ms ago: executing program 4 (id=2308): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x1080f2, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x1, 0x0, 0x0, 0x41000, 0x37, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) symlinkat(0x0, 0xffffffffffffff9c, 0x0) 70.355179ms ago: executing program 2 (id=2309): bind$inet(0xffffffffffffffff, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40800) setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000040)=0x3, 0x4) syz_emit_ethernet(0x82, &(0x7f0000000040)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x40}, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @ipv4={'\x00', '\xff\xff', @remote}, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8}]}]}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0) 63.592719ms ago: executing program 4 (id=2310): bpf$MAP_CREATE(0x0, 0x0, 0x48) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x4007, 0x510, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x4, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004"], 0x34}}, 0x84) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08001400fc000000080011000700000008000e008000000008"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 54.131809ms ago: executing program 2 (id=2311): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040), 0x4) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f00000004c0)=[@in={0x2, 0x4e23, @private=0xa010102}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=0x4) utimes(0x0, 0x0) listen(r0, 0xfff) ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000000000)) accept$inet6(r0, &(0x7f00000006c0)={0xa, 0x0, 0x0, @initdev}, 0x0) 1.01272ms ago: executing program 4 (id=2312): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x80809a, &(0x7f0000000f40)=ANY=[], 0x5, 0x2c6, &(0x7f0000000380)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3M2AlSvvX5Ji2sk47Yjj77fp4d577j0vr00WJed9+dp0fPNOFicPH0SeZ9E5iIN4lMVudKL1XXQDAHh+PEopfk9VmKXahpndzpUWBgBcmfrz/4k++AGA/7iPP/3sw8Hh4Y2PiiKPV/r3Z8MsIqb3Z8N6fnA7vo5J3Irr0Y/TiLRQx+9/cHgjukVpN96czmfDMnP6xc/N/oPfIqr8/ejH7vr8/aK2+JdD+XO4HS9GEYPb222p/Xh5ff7bbf7y/HkMe/HWGyv170U/fvkq7sQkbkaZu8z/dr8o3kvfP/zm8/KYMj/rxHCnWldJKfJnelcAAAAAAAAAAAAAAAAAAAAAAHje7RVFVrfvqfr3lENV/5zZcOu0mt8rWqv9feZtf6Cs3ajuD5SiadEzT/FD21/nelEUqVm4zO/Gq10PFgAAAAAAAAAAAAAAAAAAAIDS0b0H10aTya27R/eOx08dtN0A2q/1/9N9DlZGXo/j8Wjr/A13Nj9rtdtAWeuFi6PbjUt6WdYHJ4uRF8p6Lv2InViMfBJ10N6YSz3rpXfrTY/Ho6KZal/k8Sh73Fl5e+N+XJ3qxWLNH6n2hIWl6lfiNJ29p/mi1LNZvQ12LnMft6Z3be3UnymlzYp/59f6HjUjWdViY7NL3m6CtRdYBnk0V1H/4ZdTP52/4blvGVtP/aYDAAAAAAAAAAAAAAAAAACstfzS75rJkwtTO1dWFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Y8vn/7dBHhFnR/4WzJvki9Y0QS/uHv3LlwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/wF8BAAD//4oXU2s=") r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x130) r1 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x51) write$9p(r0, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff5295e8cd6f55ce071b304aa0a588b3b7a2efa2f167dd9c1b8b016268d37d9a30983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402c76caf85d4569a75dde2f64", 0x200) syz_genetlink_get_family_id$nl80211(0x0, r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendfile(r0, r1, 0x0, 0xe065) 500.87µs ago: executing program 2 (id=2313): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r0}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000ff41fd01020400000a00120002002800000019002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0) 0s ago: executing program 2 (id=2314): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) kernel console output (not intermixed with test programs): 4-fs (loop4): This should not happen!! Data will be lost [ 52.943406][ T4589] [ 53.091895][ T4603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 53.105089][ T4603] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 53.132590][ T4608] loop0: detected capacity change from 0 to 2048 [ 53.143257][ T4517] syz.3.439 (4517) used greatest stack depth: 6952 bytes left [ 53.167180][ T12] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm kworker/u8:0: bg 0: block 234: padding at end of block bitmap is not set [ 53.182637][ T12] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 3 with error 117 [ 53.195153][ T12] EXT4-fs (loop0): This should not happen!! Data will be lost [ 53.195153][ T12] [ 53.248692][ T29] kauditd_printk_skb: 341 callbacks suppressed [ 53.248717][ T29] audit: type=1400 audit(1750883336.746:1216): avc: denied { execute } for pid=4619 comm="syz.1.481" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=7429 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 53.330635][ T4630] loop1: detected capacity change from 0 to 128 [ 53.344915][ T4634] netlink: '+}[@': attribute type 3 has an invalid length. [ 53.355615][ T4630] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.389494][ T29] audit: type=1400 audit(1750883336.896:1217): avc: denied { setattr } for pid=4629 comm="syz.1.485" path="/107/file1/file1" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 53.538954][ T29] audit: type=1326 audit(1750883337.036:1218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4645 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee74d2e929 code=0x7ffc0000 [ 53.562591][ T29] audit: type=1326 audit(1750883337.036:1219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4645 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fee74d2e929 code=0x7ffc0000 [ 53.586123][ T29] audit: type=1326 audit(1750883337.036:1220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4645 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee74d2e929 code=0x7ffc0000 [ 53.609577][ T29] audit: type=1326 audit(1750883337.036:1221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4645 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7fee74d2e929 code=0x7ffc0000 [ 53.633186][ T29] audit: type=1326 audit(1750883337.036:1222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4645 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee74d2e929 code=0x7ffc0000 [ 53.648337][ T4651] loop1: detected capacity change from 0 to 764 [ 53.687002][ T4651] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 53.728541][ T4656] loop0: detected capacity change from 0 to 1024 [ 53.797219][ T29] audit: type=1400 audit(1750883337.166:1223): avc: denied { create } for pid=4647 comm="syz.0.493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.817493][ T29] audit: type=1400 audit(1750883337.166:1224): avc: denied { write } for pid=4647 comm="syz.0.493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.837798][ T29] audit: type=1400 audit(1750883337.166:1225): avc: denied { nlmsg_write } for pid=4647 comm="syz.0.493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.886381][ T4669] __nla_validate_parse: 2 callbacks suppressed [ 53.886400][ T4669] netlink: 8 bytes leftover after parsing attributes in process `syz.1.502'. [ 54.018699][ T4674] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 54.135787][ T4671] syzkaller1: entered promiscuous mode [ 54.141458][ T4671] syzkaller1: entered allmulticast mode [ 54.209312][ T4681] Illegal XDP return value 4294967262 on prog (id 300) dev N/A, expect packet loss! [ 54.281143][ T4683] loop0: detected capacity change from 0 to 128 [ 54.288714][ T4683] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 54.300840][ T4683] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 54.328109][ T12] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 54.335193][ T4689] loop2: detected capacity change from 0 to 1024 [ 54.351767][ T4692] loop0: detected capacity change from 0 to 128 [ 54.358734][ T4692] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 54.374336][ T4689] ext4 filesystem being mounted at /91/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.406530][ T4689] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 2: comm syz.2.511: lblock 2 mapped to illegal pblock 2 (length 2) [ 54.421590][ T4689] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2 with max blocks 2 with error 117 [ 54.433957][ T4689] EXT4-fs (loop2): This should not happen!! Data will be lost [ 54.433957][ T4689] [ 54.452533][ T4700] loop0: detected capacity change from 0 to 1024 [ 54.521175][ T4711] loop1: detected capacity change from 0 to 128 [ 54.532079][ T4711] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.552339][ T4716] loop2: detected capacity change from 0 to 1024 [ 54.726146][ T4727] loop1: detected capacity change from 0 to 256 [ 54.855772][ T4737] loop2: detected capacity change from 0 to 764 [ 54.867631][ T4739] loop4: detected capacity change from 0 to 1024 [ 54.878144][ T4737] Symlink component flag not implemented [ 54.884508][ T4737] Symlink component flag not implemented (7) [ 54.925864][ T4741] loop2: detected capacity change from 0 to 128 [ 54.939910][ T4741] ext4 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.012149][ T4748] loop2: detected capacity change from 0 to 512 [ 55.035606][ T4748] EXT4-fs (loop2): 1 orphan inode deleted [ 55.048883][ T4748] ext4 filesystem being mounted at /101/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.063042][ T37] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 1 [ 55.078483][ T4753] loop1: detected capacity change from 0 to 512 [ 55.097359][ T4753] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 55.152714][ T4753] EXT4-fs (loop1): 1 truncate cleaned up [ 55.181666][ T4760] loop2: detected capacity change from 0 to 512 [ 55.200569][ T4760] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 55.225383][ T4760] EXT4-fs (loop2): mount failed [ 55.295457][ T4714] syz.0.519 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 55.309743][ T4714] CPU: 0 UID: 0 PID: 4714 Comm: syz.0.519 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(voluntary) [ 55.309792][ T4714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 55.309809][ T4714] Call Trace: [ 55.309817][ T4714] [ 55.309824][ T4714] __dump_stack+0x1d/0x30 [ 55.309860][ T4714] dump_stack_lvl+0xe8/0x140 [ 55.309935][ T4714] dump_stack+0x15/0x1b [ 55.309954][ T4714] dump_header+0x81/0x220 [ 55.309993][ T4714] oom_kill_process+0x334/0x3f0 [ 55.310069][ T4714] out_of_memory+0x979/0xb80 [ 55.310101][ T4714] try_charge_memcg+0x5e6/0x9e0 [ 55.310129][ T4714] obj_cgroup_charge_pages+0xa6/0x150 [ 55.310178][ T4714] __memcg_kmem_charge_page+0x9f/0x170 [ 55.310250][ T4714] __alloc_frozen_pages_noprof+0x188/0x360 [ 55.310294][ T4714] alloc_pages_mpol+0xb3/0x250 [ 55.310330][ T4714] alloc_pages_noprof+0x90/0x130 [ 55.310437][ T4714] __vmalloc_node_range_noprof+0x6f2/0xe00 [ 55.310480][ T4714] __kvmalloc_node_noprof+0x30f/0x4e0 [ 55.310550][ T4714] ? ip_set_alloc+0x1f/0x30 [ 55.310594][ T4714] ? ip_set_alloc+0x1f/0x30 [ 55.310626][ T4714] ? __kmalloc_cache_noprof+0x189/0x320 [ 55.310725][ T4714] ip_set_alloc+0x1f/0x30 [ 55.310754][ T4714] hash_netiface_create+0x282/0x740 [ 55.310855][ T4714] ? __pfx_hash_netiface_create+0x10/0x10 [ 55.310897][ T4714] ip_set_create+0x3c9/0x960 [ 55.310981][ T4714] ? __nla_parse+0x40/0x60 [ 55.311020][ T4714] nfnetlink_rcv_msg+0x4c3/0x590 [ 55.311146][ T4714] ? selinux_capable+0x1f9/0x270 [ 55.311182][ T4714] netlink_rcv_skb+0x120/0x220 [ 55.311225][ T4714] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 55.311287][ T4714] nfnetlink_rcv+0x16b/0x1690 [ 55.311321][ T4714] ? __kfree_skb+0x109/0x150 [ 55.311361][ T4714] ? nlmon_xmit+0x4f/0x60 [ 55.311386][ T4714] ? consume_skb+0x49/0x150 [ 55.311477][ T4714] ? nlmon_xmit+0x4f/0x60 [ 55.311497][ T4714] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 55.311540][ T4714] ? __dev_queue_xmit+0x11c0/0x1fb0 [ 55.311581][ T4714] ? __dev_queue_xmit+0x182/0x1fb0 [ 55.311629][ T4714] ? ref_tracker_free+0x37d/0x3e0 [ 55.311714][ T4714] ? __netlink_deliver_tap+0x4dc/0x500 [ 55.311751][ T4714] netlink_unicast+0x59e/0x670 [ 55.311797][ T4714] netlink_sendmsg+0x58b/0x6b0 [ 55.311872][ T4714] ? __pfx_netlink_sendmsg+0x10/0x10 [ 55.311891][ T4714] __sock_sendmsg+0x142/0x180 [ 55.311918][ T4714] ____sys_sendmsg+0x31e/0x4e0 [ 55.312038][ T4714] ___sys_sendmsg+0x17b/0x1d0 [ 55.312074][ T4714] ? _raw_spin_unlock_irqrestore+0x2b/0x60 [ 55.312127][ T4714] __x64_sys_sendmsg+0xd4/0x160 [ 55.312198][ T4714] x64_sys_call+0x2999/0x2fb0 [ 55.312228][ T4714] do_syscall_64+0xd2/0x200 [ 55.312251][ T4714] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 55.312286][ T4714] ? clear_bhb_loop+0x40/0x90 [ 55.312314][ T4714] ? clear_bhb_loop+0x40/0x90 [ 55.312416][ T4714] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.312441][ T4714] RIP: 0033:0x7f66809ce929 [ 55.312456][ T4714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.312474][ T4714] RSP: 002b:00007f667f037038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.312497][ T4714] RAX: ffffffffffffffda RBX: 00007f6680bf5fa0 RCX: 00007f66809ce929 [ 55.312509][ T4714] RDX: 0000000000000810 RSI: 0000200000000040 RDI: 000000000000000a [ 55.312522][ T4714] RBP: 00007f6680a50b39 R08: 0000000000000000 R09: 0000000000000000 [ 55.312565][ T4714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.312579][ T4714] R13: 0000000000000000 R14: 00007f6680bf5fa0 R15: 00007ffdba628fe8 [ 55.312603][ T4714] [ 55.312612][ T4714] memory: usage 307200kB, limit 307200kB, failcnt 188 [ 55.468107][ T4770] loop3: detected capacity change from 0 to 1024 [ 55.470667][ T4714] memory+swap: usage 311996kB, limit 9007199254740988kB, failcnt 0 [ 55.470685][ T4714] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 55.694662][ T4714] Memory cgroup stats for /syz0: [ 55.695038][ T4714] cache 0 [ 55.703158][ T4714] rss 0 [ 55.706017][ T4714] shmem 0 [ 55.708998][ T4714] mapped_file 0 [ 55.712472][ T4714] dirty 0 [ 55.715437][ T4714] writeback 0 [ 55.718827][ T4714] workingset_refault_anon 24 [ 55.723489][ T4714] workingset_refault_file 111 [ 55.728233][ T4714] swap 4911104 [ 55.731629][ T4714] swapcached 4096 [ 55.735269][ T4714] pgpgin 49815 [ 55.738642][ T4714] pgpgout 49814 [ 55.742116][ T4714] pgfault 28920 [ 55.745648][ T4714] pgmajfault 40 [ 55.749123][ T4714] inactive_anon 0 [ 55.752751][ T4714] active_anon 0 [ 55.756242][ T4714] inactive_file 0 [ 55.760026][ T4714] active_file 0 [ 55.763498][ T4714] unevictable 0 [ 55.767108][ T4714] hierarchical_memory_limit 314572800 [ 55.772511][ T4714] hierarchical_memsw_limit 9223372036854771712 [ 55.778669][ T4714] total_cache 0 [ 55.782148][ T4714] total_rss 0 [ 55.785432][ T4714] total_shmem 0 [ 55.788931][ T4714] total_mapped_file 0 [ 55.793012][ T4714] total_dirty 0 [ 55.796487][ T4714] total_writeback 0 [ 55.800345][ T4714] total_workingset_refault_anon 24 [ 55.805644][ T4714] total_workingset_refault_file 111 [ 55.810895][ T4714] total_swap 4911104 [ 55.814824][ T4714] total_swapcached 4096 [ 55.819119][ T4714] total_pgpgin 49815 [ 55.823015][ T4714] total_pgpgout 49814 [ 55.826991][ T4714] total_pgfault 28920 [ 55.831015][ T4714] total_pgmajfault 40 [ 55.835065][ T4714] total_inactive_anon 0 [ 55.839238][ T4714] total_active_anon 0 [ 55.843370][ T4714] total_inactive_file 0 [ 55.847561][ T4714] total_active_file 0 [ 55.851555][ T4714] total_unevictable 0 [ 55.855583][ T4714] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.519,pid=4713,uid=0 [ 55.870159][ T4714] Memory cgroup out of memory: Killed process 4713 (syz.0.519) total-vm:93752kB, anon-rss:936kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 55.935396][ T4776] loop2: detected capacity change from 0 to 128 [ 55.943112][ T4777] loop1: detected capacity change from 0 to 128 [ 55.965938][ T4776] EXT4-fs: Ignoring removed nobh option [ 55.968306][ T4777] ext4 filesystem being mounted at /121/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 56.032869][ T4776] ext4 filesystem being mounted at /103/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 56.056033][ T4785] loop3: detected capacity change from 0 to 128 [ 56.107572][ T4787] loop3: detected capacity change from 0 to 1024 [ 56.164420][ T4796] loop2: detected capacity change from 0 to 164 [ 56.186986][ T4800] loop1: detected capacity change from 0 to 1024 [ 56.197487][ T4799] netlink: 12 bytes leftover after parsing attributes in process `syz.3.551'. [ 56.247161][ T4714] syz.0.519 (4714) used greatest stack depth: 6784 bytes left [ 56.287260][ T4800] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.552: Allocating blocks 385-513 which overlap fs metadata [ 56.328102][ T4798] EXT4-fs (loop1): pa ffff888106eb0150: logic 16, phys. 129, len 24 [ 56.336267][ T4798] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 56.344718][ T4873] loop0: detected capacity change from 0 to 1024 [ 56.394514][ T4876] loop4: detected capacity change from 0 to 2048 [ 56.464602][ T4885] loop3: detected capacity change from 0 to 512 [ 56.515093][ T4838] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm kworker/u8:41: bg 0: block 234: padding at end of block bitmap is not set [ 56.542853][ T4885] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.556865][ T4891] loop1: detected capacity change from 0 to 512 [ 56.564160][ T4838] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 3 with error 117 [ 56.576810][ T4838] EXT4-fs (loop4): This should not happen!! Data will be lost [ 56.576810][ T4838] [ 56.588685][ T4891] EXT4-fs: Ignoring removed i_version option [ 56.594830][ T4891] EXT4-fs: Ignoring removed mblk_io_submit option [ 56.620215][ T4891] journal_path: Lookup failure for './file2' [ 56.626287][ T4891] EXT4-fs: error: could not find journal device path [ 56.675399][ T4891] loop1: detected capacity change from 0 to 512 [ 56.689459][ T4891] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 56.722907][ T4891] EXT4-fs (loop1): 1 truncate cleaned up [ 56.787121][ T4906] loop4: detected capacity change from 0 to 512 [ 56.813986][ T4908] loop1: detected capacity change from 0 to 128 [ 56.831280][ T4908] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 56.850574][ T4906] ext4 filesystem being mounted at /111/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 56.861281][ T4908] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 56.891179][ T4906] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.566: corrupted inode contents [ 56.910138][ T4807] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 56.928164][ T4906] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.566: mark_inode_dirty error [ 56.966771][ T4906] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.566: corrupted inode contents [ 56.984733][ T4912] loop1: detected capacity change from 0 to 512 [ 56.998690][ T4913] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm +}[@: corrupted inode contents [ 57.020270][ T4912] ext4 filesystem being mounted at /128/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 57.032617][ T4913] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm +}[@: mark_inode_dirty error [ 57.051995][ T4913] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm +}[@: corrupted inode contents [ 57.082224][ T4912] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.568: corrupted inode contents [ 57.094685][ T4913] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm +}[@: mark_inode_dirty error [ 57.124266][ T4913] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm +}[@: corrupted inode contents [ 57.148856][ T4913] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm +}[@: mark_inode_dirty error [ 57.163935][ T4912] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.568: mark_inode_dirty error [ 57.183374][ T4912] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.568: corrupted inode contents [ 57.238732][ T4912] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.568: mark_inode_dirty error [ 57.278458][ T4912] SELinux: Context system_u:object_r:hald_log_t:s0 is not valid (left unmapped). [ 57.343336][ T4929] loop1: detected capacity change from 0 to 1024 [ 57.414357][ T4931] loop1: detected capacity change from 0 to 512 [ 57.421543][ T4931] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 57.434232][ T4931] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 57.449100][ T4931] EXT4-fs (loop1): 1 truncate cleaned up [ 57.524565][ T4936] netlink: 96 bytes leftover after parsing attributes in process `syz.2.576'. [ 57.578338][ T4942] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.579'. [ 57.594822][ T4942] netlink: zone id is out of range [ 57.601346][ T4942] netlink: zone id is out of range [ 57.606783][ T4942] netlink: del zone limit has 8 unknown bytes [ 57.622190][ T4949] netlink: 24 bytes leftover after parsing attributes in process `syz.1.581'. [ 57.653140][ T4951] loop2: detected capacity change from 0 to 128 [ 57.670124][ T4949] loop1: detected capacity change from 0 to 512 [ 57.679183][ T4949] EXT4-fs: Ignoring removed i_version option [ 57.685538][ T4949] ext4: Bad value for 'auto_da_alloc' [ 57.705186][ T4953] netlink: 48 bytes leftover after parsing attributes in process `syz.2.583'. [ 57.756645][ T4957] loop2: detected capacity change from 0 to 1024 [ 57.785439][ T4957] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.585: Allocating blocks 385-513 which overlap fs metadata [ 57.787012][ T4955] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 57.807566][ T4955] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 57.807710][ T4963] loop1: detected capacity change from 0 to 1024 [ 57.823263][ T4963] EXT4-fs: Ignoring removed nobh option [ 57.827094][ T4956] EXT4-fs (loop2): pa ffff888106eb00e0: logic 16, phys. 129, len 24 [ 57.828967][ T4963] EXT4-fs: Ignoring removed bh option [ 57.836876][ T4956] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 57.892954][ T4969] loop1: detected capacity change from 0 to 512 [ 57.913669][ T4969] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 57.930574][ T4969] EXT4-fs (loop1): mount failed [ 57.948161][ T4975] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.592'. [ 57.963182][ T4975] netlink: zone id is out of range [ 57.968706][ T4975] netlink: zone id is out of range [ 57.974427][ T4975] netlink: del zone limit has 8 unknown bytes [ 57.974474][ T4979] loop2: detected capacity change from 0 to 512 [ 57.994320][ T4981] loop1: detected capacity change from 0 to 1024 [ 58.001794][ T4981] EXT4-fs: Ignoring removed bh option [ 58.007869][ T4981] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 58.022566][ T4983] loop3: detected capacity change from 0 to 128 [ 58.029626][ T4983] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 58.031854][ T4979] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.044330][ T4983] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 58.058481][ T4981] EXT4-fs error (device loop1): ext4_check_all_de:659: inode #12: block 7: comm syz.1.594: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0 [ 58.089401][ T4981] EXT4-fs (loop1): Remounting filesystem read-only [ 58.107120][ T4989] loop3: detected capacity change from 0 to 512 [ 58.114266][ T4989] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 58.127651][ T4989] EXT4-fs (loop3): 1 truncate cleaned up [ 58.179318][ T4996] netlink: 12 bytes leftover after parsing attributes in process `syz.1.600'. [ 58.205402][ T5001] loop2: detected capacity change from 0 to 1024 [ 58.245116][ T5007] loop4: detected capacity change from 0 to 512 [ 58.277045][ T5011] loop1: detected capacity change from 0 to 512 [ 58.286843][ T5012] loop0: detected capacity change from 0 to 512 [ 58.298456][ T5011] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 58.308516][ T5011] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.614: invalid indirect mapped block 2683928664 (level 1) [ 58.326532][ T5015] netlink: 132 bytes leftover after parsing attributes in process `syz.2.607'. [ 58.336526][ T5011] EXT4-fs (loop1): Remounting filesystem read-only [ 58.343641][ T5011] EXT4-fs (loop1): 1 truncate cleaned up [ 58.356858][ T5017] loop4: detected capacity change from 0 to 1024 [ 58.364244][ T5017] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 58.375199][ T5017] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 58.387162][ T5017] JBD2: no valid journal superblock found [ 58.392990][ T5017] EXT4-fs (loop4): Could not load journal inode [ 58.404221][ T5012] ext4 filesystem being mounted at /98/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 58.435433][ T29] kauditd_printk_skb: 154 callbacks suppressed [ 58.435451][ T29] audit: type=1326 audit(1750883341.936:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 58.444827][ T5012] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.605: corrupted inode contents [ 58.472210][ T5023] netlink: 24 bytes leftover after parsing attributes in process `syz.4.609'. [ 58.487321][ T5012] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.605: mark_inode_dirty error [ 58.498998][ T29] audit: type=1326 audit(1750883341.966:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 58.522397][ T29] audit: type=1326 audit(1750883341.966:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 58.545775][ T29] audit: type=1326 audit(1750883341.966:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 58.569203][ T29] audit: type=1326 audit(1750883341.966:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 58.592610][ T29] audit: type=1326 audit(1750883341.966:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 58.616019][ T29] audit: type=1326 audit(1750883341.966:1383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 58.639433][ T29] audit: type=1326 audit(1750883341.966:1384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 58.662697][ T29] audit: type=1326 audit(1750883341.966:1385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 58.686116][ T29] audit: type=1326 audit(1750883341.966:1386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5022 comm="syz.4.609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 58.709618][ T5012] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.605: corrupted inode contents [ 58.724458][ T5027] loop1: detected capacity change from 0 to 512 [ 58.732006][ T5012] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.605: mark_inode_dirty error [ 58.746899][ T5027] ext4 filesystem being mounted at /140/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.765219][ T5023] loop4: detected capacity change from 0 to 512 [ 58.772598][ T5023] EXT4-fs: Ignoring removed i_version option [ 58.778940][ T5023] ext4: Bad value for 'auto_da_alloc' [ 58.793360][ T5037] loop1: detected capacity change from 0 to 128 [ 58.804107][ T5036] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 58.812094][ T5036] FAT-fs (loop1): Filesystem has been set read-only [ 58.838559][ T5036] syz.1.613: attempt to access beyond end of device [ 58.838559][ T5036] loop1: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 58.862136][ T5040] netlink: 'syz.3.616': attribute type 13 has an invalid length. [ 58.863983][ T5036] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 58.877849][ T5036] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 58.886354][ T5040] gretap0: refused to change device tx_queue_len [ 58.893600][ T5040] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 58.914119][ T5045] netlink: 24 bytes leftover after parsing attributes in process `syz.4.618'. [ 59.013613][ T5063] loop0: detected capacity change from 0 to 512 [ 59.031745][ T5063] EXT4-fs: Ignoring removed i_version option [ 59.033142][ T5065] netlink: 24 bytes leftover after parsing attributes in process `syz.4.628'. [ 59.037861][ T5063] EXT4-fs: Ignoring removed mblk_io_submit option [ 59.066819][ T5063] journal_path: Lookup failure for './file2' [ 59.072921][ T5063] EXT4-fs: error: could not find journal device path [ 59.088272][ T5070] loop3: detected capacity change from 0 to 512 [ 59.090336][ T5065] loop4: detected capacity change from 0 to 512 [ 59.112121][ T5063] loop0: detected capacity change from 0 to 512 [ 59.115396][ T5065] EXT4-fs: Ignoring removed i_version option [ 59.125125][ T5063] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 59.126765][ T5065] ext4: Bad value for 'auto_da_alloc' [ 59.142915][ T5070] ext4 filesystem being mounted at /138/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 59.157735][ T5063] EXT4-fs (loop0): 1 truncate cleaned up [ 59.166787][ T5070] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.629: corrupted inode contents [ 59.180060][ T5070] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #2: comm syz.3.629: mark_inode_dirty error [ 59.193181][ T5070] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #2: comm syz.3.629: corrupted inode contents [ 59.206113][ T5070] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.629: mark_inode_dirty error [ 59.236554][ T5080] netlink: 96 bytes leftover after parsing attributes in process `syz.4.633'. [ 59.279277][ T5086] capability: warning: `syz.3.634' uses deprecated v2 capabilities in a way that may be insecure [ 59.296142][ T5090] netlink: 256 bytes leftover after parsing attributes in process `syz.1.635'. [ 59.305255][ T5090] netlink: 72 bytes leftover after parsing attributes in process `syz.1.635'. [ 59.321151][ T5093] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 59.400166][ T5105] netlink: 24 bytes leftover after parsing attributes in process `syz.0.644'. [ 59.446497][ T5105] loop0: detected capacity change from 0 to 512 [ 59.453837][ T5105] EXT4-fs: Ignoring removed i_version option [ 59.460535][ T5105] ext4: Bad value for 'auto_da_alloc' [ 59.521455][ T5124] loop2: detected capacity change from 0 to 512 [ 59.540939][ T5124] EXT4-fs: Ignoring removed bh option [ 59.560292][ T5124] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 59.582445][ T5133] bridge0: entered promiscuous mode [ 59.588122][ T5133] macsec1: entered allmulticast mode [ 59.593532][ T5133] bridge0: entered allmulticast mode [ 59.610612][ T5124] EXT4-fs (loop2): 1 truncate cleaned up [ 59.621044][ T5140] loop4: detected capacity change from 0 to 512 [ 59.628035][ T5133] bridge0: port 3(macsec1) entered blocking state [ 59.634702][ T5133] bridge0: port 3(macsec1) entered disabled state [ 59.666724][ T5140] ext4 filesystem being mounted at /127/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 59.682871][ T5133] bridge0: left allmulticast mode [ 59.687966][ T5133] bridge0: left promiscuous mode [ 59.701749][ T5140] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.661: bg 0: block 217: padding at end of block bitmap is not set [ 59.726736][ T5148] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1346 [ 59.791789][ T5151] loop4: detected capacity change from 0 to 1024 [ 59.801521][ T5151] EXT4-fs: Ignoring removed nobh option [ 59.807178][ T5151] EXT4-fs: Ignoring removed bh option [ 59.865984][ T5159] ip6tnl1: entered promiscuous mode [ 59.871345][ T5159] ip6tnl1: entered allmulticast mode [ 59.913227][ T5163] loop4: detected capacity change from 0 to 128 [ 59.926509][ T5159] team0: Device ip6tnl1 is of different type [ 59.943311][ T5163] syz.4.670: attempt to access beyond end of device [ 59.943311][ T5163] loop4: rw=2049, sector=140, nr_sectors = 8 limit=128 [ 59.956958][ T5163] syz.4.670: attempt to access beyond end of device [ 59.956958][ T5163] loop4: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 59.970411][ T5163] Buffer I/O error on dev loop4, logical block 156, lost async page write [ 60.000079][ T5163] syz.4.670: attempt to access beyond end of device [ 60.000079][ T5163] loop4: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 60.013601][ T5163] Buffer I/O error on dev loop4, logical block 157, lost async page write [ 60.031501][ T5163] syz.4.670: attempt to access beyond end of device [ 60.031501][ T5163] loop4: rw=2049, sector=158, nr_sectors = 1 limit=128 [ 60.044962][ T5163] Buffer I/O error on dev loop4, logical block 158, lost async page write [ 60.059999][ T5163] syz.4.670: attempt to access beyond end of device [ 60.059999][ T5163] loop4: rw=2049, sector=159, nr_sectors = 1 limit=128 [ 60.073604][ T5163] Buffer I/O error on dev loop4, logical block 159, lost async page write [ 60.083678][ T5163] syz.4.670: attempt to access beyond end of device [ 60.083678][ T5163] loop4: rw=2049, sector=160, nr_sectors = 1 limit=128 [ 60.097201][ T5163] Buffer I/O error on dev loop4, logical block 160, lost async page write [ 60.111402][ T5166] loop1: detected capacity change from 0 to 512 [ 60.117985][ T5166] EXT4-fs: Ignoring removed mblk_io_submit option [ 60.124767][ T5163] syz.4.670: attempt to access beyond end of device [ 60.124767][ T5163] loop4: rw=2049, sector=161, nr_sectors = 1 limit=128 [ 60.138246][ T5163] Buffer I/O error on dev loop4, logical block 161, lost async page write [ 60.149613][ T5166] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 60.159805][ T5163] syz.4.670: attempt to access beyond end of device [ 60.159805][ T5163] loop4: rw=2049, sector=132, nr_sectors = 1 limit=128 [ 60.173231][ T5163] Buffer I/O error on dev loop4, logical block 132, lost async page write [ 60.182170][ T5163] syz.4.670: attempt to access beyond end of device [ 60.182170][ T5163] loop4: rw=2049, sector=133, nr_sectors = 1 limit=128 [ 60.195577][ T5163] Buffer I/O error on dev loop4, logical block 133, lost async page write [ 60.204782][ T5163] Buffer I/O error on dev loop4, logical block 150, lost async page write [ 60.205631][ T5166] EXT4-fs (loop1): 1 truncate cleaned up [ 60.213915][ T5163] Buffer I/O error on dev loop4, logical block 151, lost async page write [ 60.317444][ T5179] netlink: 24 bytes leftover after parsing attributes in process `syz.3.677'. [ 60.411277][ T5189] netlink: 24 bytes leftover after parsing attributes in process `syz.4.681'. [ 60.494665][ T5189] loop4: detected capacity change from 0 to 512 [ 60.524677][ T5189] EXT4-fs: Ignoring removed i_version option [ 60.539208][ T5189] ext4: Bad value for 'auto_da_alloc' [ 60.589045][ T5207] loop0: detected capacity change from 0 to 2048 [ 60.683280][ T5207] EXT4-fs (loop0): failed to initialize system zone (-117) [ 60.701739][ T5207] EXT4-fs (loop0): mount failed [ 60.752750][ T5229] loop0: detected capacity change from 0 to 512 [ 60.776945][ T5233] netlink: 'syz.4.702': attribute type 13 has an invalid length. [ 60.788608][ T5229] ext4 filesystem being mounted at /115/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 60.799118][ T5233] gretap0: refused to change device tx_queue_len [ 60.805629][ T5235] loop3: detected capacity change from 0 to 2048 [ 60.806065][ T5233] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 60.812609][ T5235] EXT4-fs: Ignoring removed nobh option [ 60.840035][ T5229] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.700: corrupted inode contents [ 60.854877][ T5229] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.700: mark_inode_dirty error [ 60.867879][ T5229] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.700: corrupted inode contents [ 60.894609][ T5229] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm +}[@: corrupted inode contents [ 60.908484][ T5229] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm +}[@: mark_inode_dirty error [ 60.923878][ T5229] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm +}[@: corrupted inode contents [ 60.935573][ T5229] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm +}[@: mark_inode_dirty error [ 60.953460][ T5248] netlink: 24 bytes leftover after parsing attributes in process `syz.4.705'. [ 60.956825][ T5229] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm +}[@: corrupted inode contents [ 60.994717][ T5229] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm +}[@: mark_inode_dirty error [ 61.008185][ T5248] loop4: detected capacity change from 0 to 512 [ 61.015294][ T5248] EXT4-fs: Ignoring removed i_version option [ 61.025726][ T5248] ext4: Bad value for 'auto_da_alloc' [ 61.102338][ T5262] loop0: detected capacity change from 0 to 128 [ 61.113898][ T5262] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 61.121967][ T5262] FAT-fs (loop0): Filesystem has been set read-only [ 61.135243][ T5262] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 61.143364][ T5262] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 61.171336][ T5268] smc: net device bond0 applied user defined pnetid SYZ0 [ 61.179418][ T5268] smc: net device bond0 erased user defined pnetid SYZ0 [ 61.231482][ T5274] loop1: detected capacity change from 0 to 164 [ 61.254130][ T5274] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 61.346079][ T5282] loop1: detected capacity change from 0 to 512 [ 61.393586][ T5282] ext4 filesystem being mounted at /171/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 61.446321][ T5282] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.720: corrupted inode contents [ 61.490039][ T5296] loop3: detected capacity change from 0 to 2048 [ 61.494444][ T5282] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.720: mark_inode_dirty error [ 61.530108][ T5282] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.720: corrupted inode contents [ 61.544464][ T5296] EXT4-fs (loop3): shut down requested (0) [ 61.544636][ T5299] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm +}[@: corrupted inode contents [ 61.589109][ T5305] IPv6: Can't replace route, no match found [ 61.595201][ T5299] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm +}[@: mark_inode_dirty error [ 61.617806][ T3314] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=11 [ 61.645106][ T3314] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=11 [ 61.662891][ T5299] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm +}[@: corrupted inode contents [ 61.680077][ T3314] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=11 [ 61.699078][ T5299] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm +}[@: mark_inode_dirty error [ 61.718509][ T3314] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=11 [ 61.730624][ T3314] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=11 [ 61.754005][ T5299] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm +}[@: corrupted inode contents [ 61.758953][ T3314] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=11 [ 61.785252][ T3314] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=11 [ 61.785913][ T5299] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm +}[@: mark_inode_dirty error [ 61.798926][ T3314] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop3 ino=11 [ 61.818216][ T5314] loop2: detected capacity change from 0 to 512 [ 61.871584][ T5314] ext4 filesystem being mounted at /130/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 61.935128][ T5320] bridge0: port 3(netdevsim3) entered blocking state [ 61.942126][ T5320] bridge0: port 3(netdevsim3) entered disabled state [ 61.960177][ T5314] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.734: bg 0: block 217: padding at end of block bitmap is not set [ 61.975513][ T5320] netdevsim netdevsim1 netdevsim3: entered allmulticast mode [ 61.984035][ T5320] netdevsim netdevsim1 netdevsim3: entered promiscuous mode [ 61.991795][ T5320] bridge0: port 3(netdevsim3) entered blocking state [ 61.998550][ T5320] bridge0: port 3(netdevsim3) entered forwarding state [ 62.056557][ T5326] loop1: detected capacity change from 0 to 512 [ 62.107293][ T5333] bridge0: entered promiscuous mode [ 62.173305][ T5333] macsec1: entered allmulticast mode [ 62.178682][ T5333] bridge0: entered allmulticast mode [ 62.197355][ T5333] bridge0: port 4(macsec1) entered blocking state [ 62.204137][ T5333] bridge0: port 4(macsec1) entered disabled state [ 62.216409][ T5333] bridge0: left allmulticast mode [ 62.221575][ T5333] bridge0: left promiscuous mode [ 62.256981][ T4843] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.322000][ T4843] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.350559][ T5348] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 62.410496][ T4843] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.458559][ T5361] loop1: detected capacity change from 0 to 1024 [ 62.473650][ T5361] EXT4-fs: Ignoring removed nobh option [ 62.479792][ T5361] EXT4-fs: Ignoring removed bh option [ 62.494642][ T4843] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.604173][ T5369] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 62.656502][ T5371] bridge0: port 3(netdevsim3) entered disabled state [ 62.663403][ T5371] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.670753][ T5371] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.701509][ T4843] bridge_slave_1: left allmulticast mode [ 62.707226][ T4843] bridge_slave_1: left promiscuous mode [ 62.712950][ T4843] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.729419][ T4843] bridge_slave_0: left allmulticast mode [ 62.735153][ T4843] bridge_slave_0: left promiscuous mode [ 62.741066][ T4843] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.871897][ T4843] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 62.882077][ T4843] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 62.894243][ T4843] bond0 (unregistering): Released all slaves [ 62.907286][ T5369] syzkaller1: entered promiscuous mode [ 62.912968][ T5369] syzkaller1: entered allmulticast mode [ 62.940500][ T4843] hsr_slave_0: left promiscuous mode [ 62.946170][ T4843] hsr_slave_1: left promiscuous mode [ 62.953514][ T4843] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 62.961082][ T4843] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 62.968740][ T4843] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 62.976226][ T4843] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 62.988096][ T4843] veth1_macvtap: left promiscuous mode [ 62.993728][ T4843] veth0_macvtap: left promiscuous mode [ 63.000713][ T4843] veth1_vlan: left promiscuous mode [ 63.006090][ T4843] veth0_vlan: left promiscuous mode [ 63.078374][ T5378] loop1: detected capacity change from 0 to 2048 [ 63.104090][ T4843] team0 (unregistering): Port device team_slave_1 removed [ 63.114010][ T4843] team0 (unregistering): Port device team_slave_0 removed [ 63.124177][ T5378] Alternate GPT is invalid, using primary GPT. [ 63.130681][ T5378] loop1: p1 p2 p3 [ 63.171836][ T5380] bridge0: port 3(netdevsim3) entered blocking state [ 63.178661][ T5380] bridge0: port 3(netdevsim3) entered disabled state [ 63.186766][ T5380] netdevsim netdevsim0 netdevsim3: entered allmulticast mode [ 63.195823][ T5380] netdevsim netdevsim0 netdevsim3: entered promiscuous mode [ 63.203667][ T5380] bridge0: port 3(netdevsim3) entered blocking state [ 63.210524][ T5380] bridge0: port 3(netdevsim3) entered forwarding state [ 63.254307][ T5386] netdevsim netdevsim1 netdevsim3: left allmulticast mode [ 63.261576][ T5386] netdevsim netdevsim1 netdevsim3: left promiscuous mode [ 63.269044][ T5386] bridge0: port 3(netdevsim3) entered disabled state [ 63.290151][ T5386] bridge_slave_1: left allmulticast mode [ 63.296036][ T5386] bridge_slave_1: left promiscuous mode [ 63.301930][ T5386] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.312862][ T5395] loop0: detected capacity change from 0 to 164 [ 63.320406][ T5386] bridge_slave_0: left allmulticast mode [ 63.326390][ T5386] bridge_slave_0: left promiscuous mode [ 63.332429][ T5386] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.385058][ T5342] chnl_net:caif_netlink_parms(): no params data found [ 63.429755][ T5409] loop0: detected capacity change from 0 to 512 [ 63.439250][ T5409] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 63.468056][ T5342] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.475348][ T5342] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.476701][ T5414] GUP no longer grows the stack in syz.1.775 (5414): 200000004000-20000000a000 (200000002000) [ 63.492797][ T5414] CPU: 1 UID: 0 PID: 5414 Comm: syz.1.775 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(voluntary) [ 63.492831][ T5414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 63.492846][ T5414] Call Trace: [ 63.492854][ T5414] [ 63.492890][ T5414] __dump_stack+0x1d/0x30 [ 63.492915][ T5414] dump_stack_lvl+0xe8/0x140 [ 63.492944][ T5414] dump_stack+0x15/0x1b [ 63.492962][ T5414] __get_user_pages+0x199d/0x1fb0 [ 63.492993][ T5414] ? __rcu_read_unlock+0x4f/0x70 [ 63.493018][ T5414] get_user_pages_remote+0x1dc/0x7a0 [ 63.493078][ T5414] __access_remote_vm+0x156/0x560 [ 63.493105][ T5414] access_remote_vm+0x32/0x40 [ 63.493128][ T5414] proc_pid_cmdline_read+0x30f/0x6a0 [ 63.493233][ T5414] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 63.493267][ T5414] vfs_readv+0x3f8/0x690 [ 63.493301][ T5414] __x64_sys_preadv+0xfd/0x1c0 [ 63.493375][ T5414] x64_sys_call+0x1503/0x2fb0 [ 63.493398][ T5414] do_syscall_64+0xd2/0x200 [ 63.493475][ T5414] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 63.493535][ T5414] ? clear_bhb_loop+0x40/0x90 [ 63.493578][ T5414] ? clear_bhb_loop+0x40/0x90 [ 63.493607][ T5414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.493630][ T5414] RIP: 0033:0x7fee74d2e929 [ 63.493674][ T5414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.493695][ T5414] RSP: 002b:00007fee73397038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 63.493715][ T5414] RAX: ffffffffffffffda RBX: 00007fee74f55fa0 RCX: 00007fee74d2e929 [ 63.493729][ T5414] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 63.493743][ T5414] RBP: 00007fee74db0b39 R08: 0000000000000000 R09: 0000000000000000 [ 63.493827][ T5414] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 63.493840][ T5414] R13: 0000000000000000 R14: 00007fee74f55fa0 R15: 00007ffeb73a6dc8 [ 63.493863][ T5414] [ 63.495710][ T5409] EXT4-fs (loop0): 1 truncate cleaned up [ 63.563695][ T5342] bridge_slave_0: entered allmulticast mode [ 63.704052][ T5342] bridge_slave_0: entered promiscuous mode [ 63.714748][ T5425] sch_tbf: burst 19872 is lower than device lo mtu (39799) ! [ 63.742875][ T5342] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.750145][ T5342] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.764451][ T5342] bridge_slave_1: entered allmulticast mode [ 63.771174][ T5342] bridge_slave_1: entered promiscuous mode [ 63.819407][ T5425] syzkaller1: entered promiscuous mode [ 63.825037][ T5425] syzkaller1: entered allmulticast mode [ 63.859611][ T5342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.881382][ T29] kauditd_printk_skb: 472 callbacks suppressed [ 63.881417][ T29] audit: type=1400 audit(1750883347.386:1859): avc: denied { write } for pid=5436 comm="syz.4.783" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 63.883305][ T5342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.972045][ T5342] team0: Port device team_slave_0 added [ 63.986846][ T5342] team0: Port device team_slave_1 added [ 63.995047][ T5440] loop4: detected capacity change from 0 to 1024 [ 64.011067][ T5342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.018285][ T5342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.044585][ T5342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.117446][ T5342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.124521][ T5342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.150775][ T5342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.196664][ T5342] hsr_slave_0: entered promiscuous mode [ 64.209879][ T5342] hsr_slave_1: entered promiscuous mode [ 64.216273][ T5342] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.225375][ T5342] Cannot create hsr debugfs directory [ 64.337122][ T5451] loop2: detected capacity change from 0 to 164 [ 64.344518][ T29] audit: type=1400 audit(1750883347.846:1860): avc: denied { bind } for pid=5452 comm="syz.4.788" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 64.398927][ T5451] ISOFS: unable to read i-node block [ 64.404311][ T5451] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 64.423003][ T5455] loop1: detected capacity change from 0 to 512 [ 64.431617][ T5455] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 64.463310][ T5455] EXT4-fs (loop1): 1 truncate cleaned up [ 64.522071][ T5342] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 64.551220][ T5342] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 64.570034][ T29] audit: type=1400 audit(1750883348.076:1861): avc: denied { name_bind } for pid=5459 comm="syz.2.792" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 64.592062][ T5342] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 64.617925][ T5462] loop1: detected capacity change from 0 to 512 [ 64.632578][ T5342] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 64.642501][ T5462] EXT4-fs: Ignoring removed bh option [ 64.651307][ T5462] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 64.665531][ T5469] unsupported nla_type 52263 [ 64.681880][ T5462] EXT4-fs (loop1): 1 truncate cleaned up [ 64.801555][ T5435] syz.0.781 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 64.815674][ T5435] CPU: 0 UID: 0 PID: 5435 Comm: syz.0.781 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(voluntary) [ 64.815712][ T5435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 64.815799][ T5435] Call Trace: [ 64.815807][ T5435] [ 64.815817][ T5435] __dump_stack+0x1d/0x30 [ 64.815975][ T5435] dump_stack_lvl+0xe8/0x140 [ 64.815995][ T5435] dump_stack+0x15/0x1b [ 64.816013][ T5435] dump_header+0x81/0x220 [ 64.816145][ T5435] oom_kill_process+0x334/0x3f0 [ 64.816220][ T5435] out_of_memory+0x979/0xb80 [ 64.816256][ T5435] try_charge_memcg+0x5e6/0x9e0 [ 64.816288][ T5435] obj_cgroup_charge_pages+0xa6/0x150 [ 64.816329][ T5435] __memcg_kmem_charge_page+0x9f/0x170 [ 64.816443][ T5435] __alloc_frozen_pages_noprof+0x188/0x360 [ 64.816503][ T5435] alloc_pages_mpol+0xb3/0x250 [ 64.816545][ T5435] alloc_pages_noprof+0x90/0x130 [ 64.816586][ T5435] __vmalloc_node_range_noprof+0x6f2/0xe00 [ 64.816698][ T5435] __kvmalloc_node_noprof+0x30f/0x4e0 [ 64.816732][ T5435] ? ip_set_alloc+0x1f/0x30 [ 64.816759][ T5435] ? ip_set_alloc+0x1f/0x30 [ 64.816846][ T5435] ? __kmalloc_cache_noprof+0x189/0x320 [ 64.816883][ T5435] ip_set_alloc+0x1f/0x30 [ 64.816948][ T5435] hash_netiface_create+0x282/0x740 [ 64.817028][ T5435] ? __pfx_hash_netiface_create+0x10/0x10 [ 64.817147][ T5435] ip_set_create+0x3c9/0x960 [ 64.817205][ T5435] ? __nla_parse+0x40/0x60 [ 64.817224][ T5435] nfnetlink_rcv_msg+0x4c3/0x590 [ 64.817272][ T5435] ? selinux_capable+0x1f9/0x270 [ 64.817306][ T5435] netlink_rcv_skb+0x120/0x220 [ 64.817457][ T5435] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 64.817493][ T5435] nfnetlink_rcv+0x16b/0x1690 [ 64.817524][ T5435] ? __kfree_skb+0x109/0x150 [ 64.817553][ T5435] ? nlmon_xmit+0x4f/0x60 [ 64.817578][ T5435] ? consume_skb+0x49/0x150 [ 64.817613][ T5435] ? nlmon_xmit+0x4f/0x60 [ 64.817633][ T5435] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 64.817673][ T5435] ? __dev_queue_xmit+0x11c0/0x1fb0 [ 64.817716][ T5435] ? __dev_queue_xmit+0x182/0x1fb0 [ 64.817753][ T5435] ? ref_tracker_free+0x37d/0x3e0 [ 64.817799][ T5435] ? __netlink_deliver_tap+0x4dc/0x500 [ 64.817960][ T5435] netlink_unicast+0x59e/0x670 [ 64.817991][ T5435] netlink_sendmsg+0x58b/0x6b0 [ 64.818062][ T5435] ? __pfx_netlink_sendmsg+0x10/0x10 [ 64.818084][ T5435] __sock_sendmsg+0x142/0x180 [ 64.818112][ T5435] ____sys_sendmsg+0x31e/0x4e0 [ 64.818211][ T5435] ___sys_sendmsg+0x17b/0x1d0 [ 64.818267][ T5435] __x64_sys_sendmsg+0xd4/0x160 [ 64.818303][ T5435] x64_sys_call+0x2999/0x2fb0 [ 64.818385][ T5435] do_syscall_64+0xd2/0x200 [ 64.818409][ T5435] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 64.818435][ T5435] ? clear_bhb_loop+0x40/0x90 [ 64.818455][ T5435] ? clear_bhb_loop+0x40/0x90 [ 64.818481][ T5435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.818528][ T5435] RIP: 0033:0x7f66809ce929 [ 64.818543][ T5435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.818562][ T5435] RSP: 002b:00007f667f037038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.818639][ T5435] RAX: ffffffffffffffda RBX: 00007f6680bf5fa0 RCX: 00007f66809ce929 [ 64.818656][ T5435] RDX: 0000000000000810 RSI: 0000200000000040 RDI: 0000000000000009 [ 64.818672][ T5435] RBP: 00007f6680a50b39 R08: 0000000000000000 R09: 0000000000000000 [ 64.818685][ T5435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 64.818696][ T5435] R13: 0000000000000000 R14: 00007f6680bf5fa0 R15: 00007ffdba628fe8 [ 64.818715][ T5435] [ 64.818721][ T5435] memory: usage 307200kB, limit 307200kB, failcnt 838 [ 64.843740][ T5342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.844588][ T5435] memory+swap: usage 307816kB, limit 9007199254740988kB, failcnt 0 [ 64.883167][ T5342] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.884922][ T5435] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 64.932659][ T4805] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.936456][ T5435] Memory cgroup stats for [ 64.941734][ T4805] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.945905][ T4805] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.947479][ T5435] /syz0 [ 64.952105][ T4805] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.956507][ T5435] : [ 64.967062][ T5435] cache 0 [ 65.006697][ T5342] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.010193][ T5435] rss 0 [ 65.134788][ T5342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.140101][ T5435] shmem 0 [ 65.140111][ T5435] mapped_file 0 [ 65.140119][ T5435] dirty 0 [ 65.140127][ T5435] writeback 0 [ 65.161307][ T5488] syzkaller0: tun_chr_ioctl cmd 35108 [ 65.164171][ T5435] workingset_refault_anon 141 [ 65.287049][ T5435] workingset_refault_file 545 [ 65.291783][ T5435] swap 630784 [ 65.295092][ T5435] swapcached 0 [ 65.298461][ T5435] pgpgin 53094 [ 65.301924][ T5435] pgpgout 53094 [ 65.305462][ T5435] pgfault 34456 [ 65.309026][ T5435] pgmajfault 135 [ 65.312641][ T5435] inactive_anon 0 [ 65.316271][ T5435] active_anon 0 [ 65.319798][ T5435] inactive_file 0 [ 65.323432][ T5435] active_file 0 [ 65.326889][ T5435] unevictable 0 [ 65.330386][ T5435] hierarchical_memory_limit 314572800 [ 65.335768][ T5435] hierarchical_memsw_limit 9223372036854771712 [ 65.341959][ T5435] total_cache 0 [ 65.345496][ T5435] total_rss 0 [ 65.348812][ T5435] total_shmem 0 [ 65.352352][ T5435] total_mapped_file 0 [ 65.356331][ T5435] total_dirty 0 [ 65.359811][ T5435] total_writeback 0 [ 65.363620][ T5435] total_workingset_refault_anon 141 [ 65.368885][ T5435] total_workingset_refault_file 545 [ 65.374080][ T5435] total_swap 630784 [ 65.377933][ T5435] total_swapcached 0 [ 65.381904][ T5435] total_pgpgin 53094 [ 65.385801][ T5435] total_pgpgout 53094 [ 65.389817][ T5435] total_pgfault 34456 [ 65.393841][ T5435] total_pgmajfault 135 [ 65.397936][ T5435] total_inactive_anon 0 [ 65.402248][ T5435] total_active_anon 0 [ 65.406335][ T5435] total_inactive_file 0 [ 65.410534][ T5435] total_active_file 0 [ 65.414531][ T5435] total_unevictable 0 [ 65.418513][ T5435] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.781,pid=5434,uid=0 [ 65.433097][ T5435] Memory cgroup out of memory: Killed process 5434 (syz.0.781) total-vm:93488kB, anon-rss:936kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 65.593730][ T5509] loop4: detected capacity change from 0 to 512 [ 65.602359][ T5513] loop1: detected capacity change from 0 to 128 [ 65.610045][ T5509] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 65.622332][ T5513] ext4 filesystem being mounted at /192/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.639903][ T5509] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.805: invalid block [ 65.665810][ T5342] veth0_vlan: entered promiscuous mode [ 65.680574][ T5509] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.805: invalid indirect mapped block 4294967295 (level 1) [ 65.694924][ T5342] veth1_vlan: entered promiscuous mode [ 65.695475][ T5509] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.805: invalid indirect mapped block 4294967295 (level 1) [ 65.711024][ T5342] veth0_macvtap: entered promiscuous mode [ 65.726450][ T5509] EXT4-fs (loop4): 2 truncates cleaned up [ 65.737670][ T5342] veth1_macvtap: entered promiscuous mode [ 65.752391][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.761582][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.771072][ T5342] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.779839][ T5342] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.788572][ T5342] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.797386][ T5342] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.855473][ T29] audit: type=1400 audit(1750883349.356:1862): avc: denied { mounton } for pid=5342 comm="syz-executor" path="/root/syzkaller.Dzcpuc/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 65.946802][ T29] audit: type=1400 audit(1750883349.446:1863): avc: denied { mount } for pid=5533 comm="syz.1.815" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 65.977305][ T29] audit: type=1400 audit(1750883349.456:1864): avc: denied { mounton } for pid=5533 comm="syz.1.815" path="/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 66.013654][ T5540] loop0: detected capacity change from 0 to 128 [ 66.023932][ T5542] __nla_validate_parse: 4 callbacks suppressed [ 66.023950][ T5542] netlink: 87 bytes leftover after parsing attributes in process `syz.2.817'. [ 66.039047][ T29] audit: type=1400 audit(1750883349.506:1865): avc: denied { unmount } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 66.151549][ T5559] loop2: detected capacity change from 0 to 128 [ 66.194513][ T5559] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 66.202637][ T5559] FAT-fs (loop2): Filesystem has been set read-only [ 66.210793][ T5559] bio_check_eod: 17537 callbacks suppressed [ 66.210807][ T5559] syz.2.825: attempt to access beyond end of device [ 66.210807][ T5559] loop2: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 66.216768][ T29] audit: type=1400 audit(1750883349.716:1866): avc: denied { cpu } for pid=5568 comm="syz.5.828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 66.249994][ T5559] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 66.257943][ T5559] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 66.265915][ T5559] syz.2.825: attempt to access beyond end of device [ 66.265915][ T5559] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 66.297158][ T5559] syz.2.825: attempt to access beyond end of device [ 66.297158][ T5559] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 66.310538][ T5559] syz.2.825: attempt to access beyond end of device [ 66.310538][ T5559] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 66.323899][ T5559] syz.2.825: attempt to access beyond end of device [ 66.323899][ T5559] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 66.348914][ T5575] loop4: detected capacity change from 0 to 128 [ 66.361531][ T5575] ext4 filesystem being mounted at /177/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 66.411427][ T5584] netlink: 16 bytes leftover after parsing attributes in process `syz.0.836'. [ 66.420601][ T5584] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 66.428074][ T5584] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 66.436116][ T29] audit: type=1326 audit(1750883349.936:1867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5583 comm="syz.5.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24fb70e929 code=0x7ffc0000 [ 66.459557][ T29] audit: type=1326 audit(1750883349.936:1868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5583 comm="syz.5.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24fb70e929 code=0x7ffc0000 [ 66.483573][ T5584] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 66.491111][ T5584] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 66.496354][ T5588] loop2: detected capacity change from 0 to 512 [ 66.499786][ T5589] netlink: 24 bytes leftover after parsing attributes in process `syz.5.837'. [ 66.523296][ T5588] ext4 filesystem being mounted at /148/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.553653][ T5585] loop5: detected capacity change from 0 to 512 [ 66.560725][ T5585] EXT4-fs: Ignoring removed i_version option [ 66.566852][ T5585] ext4: Bad value for 'auto_da_alloc' [ 66.707196][ T5611] loop4: detected capacity change from 0 to 1024 [ 66.714046][ T5611] EXT4-fs: Ignoring removed orlov option [ 66.718841][ T5613] loop2: detected capacity change from 0 to 128 [ 66.719836][ T5611] EXT4-fs: Ignoring removed bh option [ 66.728456][ T5613] ext4 filesystem being mounted at /150/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.743716][ T5611] EXT4-fs: Ignoring removed bh option [ 66.792613][ T3316] EXT4-fs error (device loop4): ext4_readdir:264: inode #11: block 36: comm syz-executor: path /181/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=1459617792, rec_len=1024, size=1024 fake=0 [ 66.820197][ T3316] EXT4-fs (loop4): Remounting filesystem read-only [ 66.912492][ T5634] netlink: 16 bytes leftover after parsing attributes in process `syz.2.853'. [ 66.922327][ T5634] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 66.931072][ T5634] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 66.939245][ T5634] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 66.946693][ T5634] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.406323][ T5661] SELinux: syz.1.865 (5661) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 67.463088][ T5667] loop5: detected capacity change from 0 to 512 [ 67.471400][ T5667] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 67.472592][ T5669] netlink: 16 bytes leftover after parsing attributes in process `syz.1.869'. [ 67.483339][ T5667] EXT4-fs (loop5): 1 truncate cleaned up [ 67.492950][ T5669] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.503684][ T5669] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 67.504366][ T5667] EXT4-fs error (device loop5): ext4_read_inline_dir:1502: inode #12: block 7: comm syz.5.868: path /7/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=2085390, rec_len=0, size=80 fake=0 [ 67.533163][ T5669] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 67.540710][ T5669] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 67.663363][ T5679] netlink: 24 bytes leftover after parsing attributes in process `syz.1.882'. [ 67.696718][ T5679] loop1: detected capacity change from 0 to 512 [ 67.704223][ T5679] EXT4-fs: Ignoring removed i_version option [ 67.711073][ T5679] ext4: Bad value for 'auto_da_alloc' [ 67.776403][ T5697] netlink: 'syz.5.876': attribute type 1 has an invalid length. [ 67.830334][ T5705] 9pnet: Could not find request transport: f [ 67.858663][ T5708] loop1: detected capacity change from 0 to 1024 [ 67.988386][ T5711] SELinux: policydb version 1574574793 does not match my version range 15-34 [ 67.997967][ T5711] SELinux: failed to load policy [ 68.053550][ T5722] netlink: 24 bytes leftover after parsing attributes in process `syz.2.887'. [ 68.104135][ T5731] loop5: detected capacity change from 0 to 512 [ 68.128624][ T5731] EXT4-fs (loop5): too many log groups per flexible block group [ 68.136531][ T5731] EXT4-fs (loop5): failed to initialize mballoc (-12) [ 68.144220][ T5722] loop2: detected capacity change from 0 to 512 [ 68.150852][ T5731] EXT4-fs (loop5): mount failed [ 68.153119][ T5722] EXT4-fs: Ignoring removed i_version option [ 68.162189][ T5722] ext4: Bad value for 'auto_da_alloc' [ 68.189009][ T5729] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 68.217929][ T5739] SELinux: failed to load policy [ 68.234732][ T5743] loop1: detected capacity change from 0 to 512 [ 68.247047][ C1] vcan0: j1939_tp_rxtimer: 0xffff88811a436000: rx timeout, send abort [ 68.255429][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811a436000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 68.279007][ T5743] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 68.297913][ T5743] EXT4-fs (loop1): 1 truncate cleaned up [ 68.307060][ T5743] EXT4-fs error (device loop1): ext4_read_inline_dir:1502: inode #12: block 7: comm syz.1.896: path /219/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=2085390, rec_len=0, size=80 fake=0 [ 68.465066][ T5767] program syz.1.906 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 68.497077][ T5770] loop1: detected capacity change from 0 to 1024 [ 68.510740][ T5770] EXT4-fs mount: 125 callbacks suppressed [ 68.510760][ T5770] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 68.513940][ T5775] loop2: detected capacity change from 0 to 128 [ 68.540227][ T5775] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 68.558915][ T5775] ext4 filesystem being mounted at /163/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 68.594848][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.616763][ T5780] loop1: detected capacity change from 0 to 128 [ 68.629484][ T3307] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 68.653626][ T5783] loop2: detected capacity change from 0 to 512 [ 68.661260][ T5783] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 68.674086][ T5780] syz.1.911: attempt to access beyond end of device [ 68.674086][ T5780] loop1: rw=2049, sector=140, nr_sectors = 8 limit=128 [ 68.688598][ T5780] syz.1.911: attempt to access beyond end of device [ 68.688598][ T5780] loop1: rw=2049, sector=156, nr_sectors = 1 limit=128 [ 68.702128][ T5780] buffer_io_error: 8 callbacks suppressed [ 68.702164][ T5780] Buffer I/O error on dev loop1, logical block 156, lost async page write [ 68.718400][ T5783] EXT4-fs (loop2): 1 truncate cleaned up [ 68.724738][ T5783] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 68.738012][ T5780] syz.1.911: attempt to access beyond end of device [ 68.738012][ T5780] loop1: rw=2049, sector=157, nr_sectors = 1 limit=128 [ 68.751459][ T5780] Buffer I/O error on dev loop1, logical block 157, lost async page write [ 68.762944][ T5780] syz.1.911: attempt to access beyond end of device [ 68.762944][ T5780] loop1: rw=2049, sector=158, nr_sectors = 1 limit=128 [ 68.776468][ T5780] Buffer I/O error on dev loop1, logical block 158, lost async page write [ 68.786103][ T5783] EXT4-fs error (device loop2): ext4_read_inline_dir:1502: inode #12: block 7: comm syz.2.912: path /164/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=2085390, rec_len=0, size=80 fake=0 [ 68.809671][ T5780] syz.1.911: attempt to access beyond end of device [ 68.809671][ T5780] loop1: rw=2049, sector=159, nr_sectors = 1 limit=128 [ 68.823035][ T5780] Buffer I/O error on dev loop1, logical block 159, lost async page write [ 68.833044][ T5780] Buffer I/O error on dev loop1, logical block 160, lost async page write [ 68.844147][ T5780] Buffer I/O error on dev loop1, logical block 161, lost async page write [ 68.855601][ T5780] Buffer I/O error on dev loop1, logical block 132, lost async page write [ 68.864352][ T5780] Buffer I/O error on dev loop1, logical block 133, lost async page write [ 68.873132][ T5780] Buffer I/O error on dev loop1, logical block 150, lost async page write [ 68.882643][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.889030][ T5780] Buffer I/O error on dev loop1, logical block 151, lost async page write [ 68.920931][ T29] kauditd_printk_skb: 271 callbacks suppressed [ 68.920984][ T29] audit: type=1326 audit(1750883352.426:2140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5793 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4eaefee929 code=0x7ffc0000 [ 68.950742][ T29] audit: type=1326 audit(1750883352.426:2141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5793 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4eaefee929 code=0x7ffc0000 [ 68.974369][ T29] audit: type=1326 audit(1750883352.426:2142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5793 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7f4eaefee929 code=0x7ffc0000 [ 68.997954][ T29] audit: type=1326 audit(1750883352.426:2143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5793 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4eaefee929 code=0x7ffc0000 [ 69.021382][ T29] audit: type=1326 audit(1750883352.426:2144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5793 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4eaefee929 code=0x7ffc0000 [ 69.065650][ T5799] SELinux: syz.2.918 (5799) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 69.132668][ T29] audit: type=1400 audit(1750883352.636:2145): avc: denied { read write } for pid=3305 comm="syz-executor" name="loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 69.157061][ T29] audit: type=1400 audit(1750883352.636:2146): avc: denied { open } for pid=3305 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 69.190332][ T29] audit: type=1400 audit(1750883352.656:2147): avc: denied { map_create } for pid=5807 comm="syz.0.922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 69.197264][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4 [ 69.209464][ T29] audit: type=1400 audit(1750883352.656:2148): avc: denied { bpf } for pid=5807 comm="syz.0.922" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 69.217051][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2 [ 69.237451][ T29] audit: type=1400 audit(1750883352.656:2149): avc: denied { map_read map_write } for pid=5807 comm="syz.0.922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 69.245825][ T5812] loop5: detected capacity change from 0 to 1024 [ 69.266067][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.279323][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.282541][ T5812] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.286979][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.306801][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.314547][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.322315][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.330029][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.337719][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.345407][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.353093][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.360899][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.368583][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.376285][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.384027][ T3394] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0 [ 69.413384][ T3394] hid-generic 0000:3000000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 69.435675][ T5819] loop0: detected capacity change from 0 to 1024 [ 69.445312][ T5342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.529741][ T5827] loop5: detected capacity change from 0 to 8192 [ 69.539139][ T5827] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 69.554532][ T5829] IPv6: Can't replace route, no match found [ 69.558973][ T5831] netlink: 24 bytes leftover after parsing attributes in process `syz.1.932'. [ 69.612217][ T5831] loop1: detected capacity change from 0 to 512 [ 69.619766][ T5831] EXT4-fs: Ignoring removed i_version option [ 69.626144][ T5831] ext4: Bad value for 'auto_da_alloc' [ 69.731904][ T5842] loop1: detected capacity change from 0 to 8192 [ 69.758650][ T5842] FAT-fs (loop1): error, clusters badly computed (2 != 1) [ 69.765903][ T5842] FAT-fs (loop1): Filesystem has been set read-only [ 69.843875][ T5854] loop1: detected capacity change from 0 to 1024 [ 69.850989][ T5854] ext4: Unknown parameter 'uid<00000000000000000000' [ 69.893390][ T5858] bond0: (slave bond_slave_0): Releasing backup interface [ 69.909364][ T5858] bond0: (slave bond_slave_1): Releasing backup interface [ 69.924509][ T5858] team0: Port device team_slave_0 removed [ 69.941333][ T5858] team0: Port device team_slave_1 removed [ 70.000223][ T5870] SELinux: syz.0.951 (5870) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 70.045528][ T5874] netlink: 'syz.2.953': attribute type 11 has an invalid length. [ 70.054138][ T5874] netlink: 448 bytes leftover after parsing attributes in process `syz.2.953'. [ 70.179235][ T5886] SELinux: ebitmap: truncated map [ 70.185090][ T5886] SELinux: failed to load policy [ 70.234522][ T5898] loop5: detected capacity change from 0 to 512 [ 70.241454][ T5898] EXT4-fs: Ignoring removed i_version option [ 70.250342][ T5898] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 70.275481][ T5898] EXT4-fs (loop5): orphan cleanup on readonly fs [ 70.282806][ T5898] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.963: bg 0: block 248: padding at end of block bitmap is not set [ 70.297672][ T5898] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.963: Failed to acquire dquot type 1 [ 70.315962][ T5898] EXT4-fs (loop5): 1 truncate cleaned up [ 70.330051][ T5898] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 70.370654][ T5898] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 70.389278][ T5915] smc: net device bond0 applied user defined pnetid SYZ0 [ 70.389291][ T5898] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 70.396877][ T5915] smc: net device bond0 erased user defined pnetid SYZ0 [ 70.422600][ T5898] ext4 filesystem being remounted at /40/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 70.461518][ T5342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.491428][ T5928] loop1: detected capacity change from 0 to 128 [ 70.499804][ T5928] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 70.513247][ T5928] ext4 filesystem being mounted at /242/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 70.549623][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 70.599342][ T5945] loop1: detected capacity change from 0 to 128 [ 70.693103][ T5956] loop2: detected capacity change from 0 to 2048 [ 70.701092][ T5956] EXT4-fs: Ignoring removed mblk_io_submit option [ 70.710183][ T5956] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.781973][ T5959] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.990: bg 0: block 234: padding at end of block bitmap is not set [ 70.796448][ T5959] EXT4-fs (loop2): Remounting filesystem read-only [ 70.857598][ T5956] EXT4-fs: Ignoring removed orlov option [ 70.864008][ T5956] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 70.893287][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.974501][ T5975] syzkaller1: entered promiscuous mode [ 70.980304][ T5975] syzkaller1: entered allmulticast mode [ 71.000451][ T5969] loop2: detected capacity change from 0 to 8192 [ 71.041855][ T5980] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5980 comm=syz.2.1000 [ 71.054367][ T5980] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5980 comm=syz.2.1000 [ 71.088100][ T5983] netlink: 'syz.2.1002': attribute type 3 has an invalid length. [ 71.233082][ T6004] loop1: detected capacity change from 0 to 1024 [ 71.250339][ T6004] EXT4-fs: Ignoring removed nobh option [ 71.256047][ T6004] EXT4-fs: Ignoring removed bh option [ 71.272137][ T6004] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.351532][ T6014] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1014'. [ 71.362823][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.392008][ T6018] loop2: detected capacity change from 0 to 7 [ 71.432774][ T6016] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1016'. [ 71.519919][ T6035] netlink: 'syz.4.1023': attribute type 29 has an invalid length. [ 71.537145][ T6035] netlink: 'syz.4.1023': attribute type 29 has an invalid length. [ 71.558608][ T6035] netlink: 500 bytes leftover after parsing attributes in process `syz.4.1023'. [ 71.617263][ T6050] loop2: detected capacity change from 0 to 512 [ 71.628189][ T6043] bridge_slave_0: left allmulticast mode [ 71.634022][ T6043] bridge_slave_0: left promiscuous mode [ 71.639827][ T6043] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.649696][ T6043] bridge_slave_1: left allmulticast mode [ 71.649719][ T6043] bridge_slave_1: left promiscuous mode [ 71.649894][ T6043] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.657857][ T6043] bond0: (slave bond_slave_0): Releasing backup interface [ 71.683470][ T6050] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.697085][ T6043] bond0: (slave bond_slave_1): Releasing backup interface [ 71.704876][ T6050] ext4 filesystem being mounted at /197/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 71.727649][ T6043] team0: Port device team_slave_0 removed [ 71.754877][ T6043] team0: Port device team_slave_1 removed [ 71.773095][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.780919][ T6043] netdevsim netdevsim0 netdevsim3: left allmulticast mode [ 71.790065][ T6043] netdevsim netdevsim0 netdevsim3: left promiscuous mode [ 71.791553][ T6064] loop5: detected capacity change from 0 to 128 [ 71.797363][ T6043] bridge0: port 3(netdevsim3) entered disabled state [ 71.823882][ T6062] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1035'. [ 72.028216][ T6088] loop4: detected capacity change from 0 to 1024 [ 72.088301][ T6090] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1047'. [ 72.102059][ T6090] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1047'. [ 72.174506][ T6101] netlink: 'syz.0.1051': attribute type 29 has an invalid length. [ 72.185228][ T6101] netlink: 'syz.0.1051': attribute type 29 has an invalid length. [ 72.185443][ T6099] SELinux: Context system_u:object_r:gpg_exec_t:s0 is not valid (left unmapped). [ 72.203410][ T6101] netlink: 500 bytes leftover after parsing attributes in process `syz.0.1051'. [ 72.232811][ T6104] atomic_op ffff88811a082928 conn xmit_atomic 0000000000000000 [ 72.326978][ T6115] program syz.0.1060 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 72.352059][ T6122] loop2: detected capacity change from 0 to 1024 [ 72.465824][ T6131] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1066'. [ 72.595550][ T6140] loop2: detected capacity change from 0 to 256 [ 72.760435][ T6154] vhci_hcd: invalid port number 0 [ 72.768695][ T6160] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1080'. [ 72.794094][ T6160] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1080'. [ 72.901898][ T6177] loop1: detected capacity change from 0 to 2048 [ 72.913541][ T6178] loop4: detected capacity change from 0 to 1024 [ 72.919671][ T6177] EXT4-fs: Ignoring removed mblk_io_submit option [ 72.937212][ T6177] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.956104][ T6178] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1088: Failed to acquire dquot type 0 [ 73.036997][ T6178] EXT4-fs (loop4): 1 truncate cleaned up [ 73.041263][ T6188] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1089: bg 0: block 234: padding at end of block bitmap is not set [ 73.057874][ T6178] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.069466][ T6188] EXT4-fs (loop1): Remounting filesystem read-only [ 73.160701][ T6177] EXT4-fs: Ignoring removed orlov option [ 73.167267][ T6177] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 73.204104][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.217447][ T6200] loop2: detected capacity change from 0 to 8192 [ 73.445285][ T6218] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 73.490106][ T6217] syzkaller1: entered promiscuous mode [ 73.495644][ T6217] syzkaller1: entered allmulticast mode [ 73.604537][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.672801][ T6220] program syz.4.1102 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 73.815870][ T6233] loop4: detected capacity change from 0 to 1024 [ 73.851235][ T6233] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.855234][ T6242] netlink: 'syz.0.1112': attribute type 1 has an invalid length. [ 73.931730][ T6233] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.1109: Allocating blocks 449-513 which overlap fs metadata [ 73.948283][ T6246] program syz.1.1114 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 74.036176][ T6232] EXT4-fs (loop4): pa ffff888106eb0230: logic 48, phys. 177, len 21 [ 74.044273][ T6232] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4 [ 74.054325][ T29] kauditd_printk_skb: 393 callbacks suppressed [ 74.054402][ T29] audit: type=1400 audit(1750883357.546:2539): avc: denied { write } for pid=6257 comm="syz.1.1120" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 74.083553][ T29] audit: type=1400 audit(1750883357.546:2540): avc: denied { open } for pid=6257 comm="syz.1.1120" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 74.107271][ T29] audit: type=1400 audit(1750883357.546:2541): avc: denied { ioctl } for pid=6257 comm="syz.1.1120" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 74.195380][ T29] audit: type=1400 audit(1750883357.696:2542): avc: denied { read } for pid=6266 comm="syz.0.1124" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 74.225686][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.289032][ T29] audit: type=1400 audit(1750883357.786:2543): avc: denied { execmem } for pid=6268 comm="syz.4.1125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 74.358886][ T29] audit: type=1326 audit(1750883357.826:2544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6272 comm="syz.2.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4eaefee929 code=0x7ffc0000 [ 74.381286][ T6275] loop5: detected capacity change from 0 to 1024 [ 74.382357][ T29] audit: type=1326 audit(1750883357.826:2545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6272 comm="syz.2.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4eaefee929 code=0x7ffc0000 [ 74.412279][ T29] audit: type=1326 audit(1750883357.826:2546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6272 comm="syz.2.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7f4eaefee929 code=0x7ffc0000 [ 74.435637][ T29] audit: type=1326 audit(1750883357.826:2547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6272 comm="syz.2.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4eaefee929 code=0x7ffc0000 [ 74.523299][ T29] audit: type=1400 audit(1750883357.946:2548): avc: denied { create } for pid=6274 comm="syz.5.1128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 74.560293][ T6285] xt_hashlimit: size too large, truncated to 1048576 [ 74.637923][ T6293] loop9: detected capacity change from 0 to 7 [ 74.661816][ T6293] buffer_io_error: 9 callbacks suppressed [ 74.661831][ T6293] Buffer I/O error on dev loop9, logical block 0, async page read [ 74.697160][ T6293] Buffer I/O error on dev loop9, logical block 0, async page read [ 74.705130][ T6293] loop9: unable to read partition table [ 74.728920][ T6293] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 74.728920][ T6293] ) failed (rc=-5) [ 75.132624][ T6341] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 75.377647][ T6362] loop1: detected capacity change from 0 to 1024 [ 75.390364][ T6357] SELinux: ebitmap: truncated map [ 75.403959][ T6357] SELinux: failed to load policy [ 75.626431][ T6383] random: crng reseeded on system resumption [ 75.733843][ T6391] loop4: detected capacity change from 0 to 1024 [ 75.930390][ T6410] loop4: detected capacity change from 0 to 8192 [ 76.091749][ T6421] netlink: 'syz.2.1192': attribute type 1 has an invalid length. [ 76.131994][ T6428] netlink: 'syz.2.1195': attribute type 1 has an invalid length. [ 76.149873][ T6428] 8021q: adding VLAN 0 to HW filter on device bond1 [ 76.159426][ T6435] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 76.217129][ T6441] 9pnet: Could not find request transport: rdm7 [ 76.243564][ T6448] xt_hashlimit: size too large, truncated to 1048576 [ 76.273812][ T6450] SELinux: failed to load policy [ 76.423991][ T6461] loop2: detected capacity change from 0 to 512 [ 76.444668][ T6461] EXT4-fs (loop2): orphan cleanup on readonly fs [ 76.451713][ T6461] EXT4-fs error (device loop2): ext4_orphan_get:1419: comm syz.2.1208: bad orphan inode 13 [ 76.462106][ T6461] ext4_test_bit(bit=12, block=18) = 1 [ 76.467612][ T6461] is_bad_inode(inode)=0 [ 76.471927][ T6461] NEXT_ORPHAN(inode)=2130706432 [ 76.476809][ T6461] max_ino=32 [ 76.480068][ T6461] i_nlink=1 [ 76.483589][ T6461] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 76.547208][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.566695][ T6470] loop5: detected capacity change from 0 to 1024 [ 76.696983][ T6481] loop1: detected capacity change from 0 to 8192 [ 76.705201][ T6489] loop7: detected capacity change from 0 to 16384 [ 76.711969][ T6491] loop5: detected capacity change from 0 to 164 [ 77.022852][ T6513] __nla_validate_parse: 8 callbacks suppressed [ 77.022868][ T6513] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1233'. [ 77.097136][ T6515] hub 6-0:1.0: USB hub found [ 77.108337][ T6515] hub 6-0:1.0: 8 ports detected [ 77.226655][ T6527] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 77.521709][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1246'. [ 77.591252][ T6549] netlink: 'syz.0.1249': attribute type 21 has an invalid length. [ 77.609733][ T6549] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1249'. [ 77.618870][ T6549] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1249'. [ 77.672892][ T6553] SELinux: policydb table sizes (0,0) do not match mine (8,7) [ 77.700247][ T6553] SELinux: failed to load policy [ 77.740092][ T6555] vhci_hcd: invalid port number 96 [ 77.745302][ T6555] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 77.878083][ T6578] netlink: 'syz.5.1263': attribute type 1 has an invalid length. [ 77.892642][ T6578] 8021q: adding VLAN 0 to HW filter on device bond1 [ 77.954753][ T6584] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1262'. [ 78.488723][ T6615] ALSA: seq fatal error: cannot create timer (-22) [ 79.129967][ T29] kauditd_printk_skb: 108 callbacks suppressed [ 79.129985][ T29] audit: type=1400 audit(1750883362.636:2657): avc: denied { cpu } for pid=6643 comm="syz.5.1289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 79.156635][ T29] audit: type=1400 audit(1750883362.656:2658): avc: denied { read } for pid=6645 comm="syz.5.1290" laddr=ff02::1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 79.224744][ T29] audit: type=1400 audit(1750883362.726:2659): avc: denied { create } for pid=6653 comm="syz.5.1294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 79.246531][ T29] audit: type=1400 audit(1750883362.746:2660): avc: denied { connect } for pid=6653 comm="syz.5.1294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 79.267064][ T29] audit: type=1400 audit(1750883362.746:2661): avc: denied { write } for pid=6653 comm="syz.5.1294" path="socket:[14637]" dev="sockfs" ino=14637 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 79.312346][ T29] audit: type=1400 audit(1750883362.816:2662): avc: denied { read } for pid=6658 comm="syz.0.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 79.368015][ T6667] ipip0: entered promiscuous mode [ 79.420699][ T6665] geneve0: entered promiscuous mode [ 79.425992][ T6665] geneve0: entered allmulticast mode [ 79.449387][ T29] audit: type=1400 audit(1750883362.956:2663): avc: denied { sqpoll } for pid=6673 comm="syz.5.1303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 79.588318][ T6687] syzkaller0: entered promiscuous mode [ 79.593980][ T6687] syzkaller0: entered allmulticast mode [ 79.663716][ T6698] C: renamed from team_slave_0 (while UP) [ 79.671440][ T6698] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1314'. [ 79.717418][ T6704] loop5: detected capacity change from 0 to 512 [ 79.726091][ T6704] EXT4-fs error (device loop5): ext4_iget_extra_inode:5035: inode #15: comm syz.5.1317: corrupted in-inode xattr: invalid ea_ino [ 79.740397][ T6704] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.1317: couldn't read orphan inode 15 (err -117) [ 79.753950][ T6704] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.769324][ T29] audit: type=1400 audit(1750883363.276:2664): avc: denied { execute_no_trans } for pid=6703 comm="syz.5.1317" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 79.823055][ T5342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.837551][ T6708] ipip0: entered promiscuous mode [ 79.871569][ T29] audit: type=1400 audit(1750883363.376:2665): avc: denied { write } for pid=6715 comm="syz.1.1322" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 79.872701][ T6710] hub 6-0:1.0: USB hub found [ 79.898737][ T29] audit: type=1400 audit(1750883363.396:2666): avc: denied { write } for pid=6716 comm="syz.2.1323" name="file0" dev="tmpfs" ino=1402 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 79.911571][ T6710] hub 6-0:1.0: 8 ports detected [ 79.966197][ T6724] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1326'. [ 80.049147][ T6733] serio: Serial port ptm0 [ 80.087629][ T6739] ipip0: entered promiscuous mode [ 80.203750][ T6756] SELinux: failed to load policy [ 80.843025][ T6775] SELinux: ebitmap: truncated map [ 80.848882][ T6775] SELinux: failed to load policy [ 80.943359][ T6787] loop5: detected capacity change from 0 to 512 [ 80.951712][ T6787] EXT4-fs error (device loop5): ext4_orphan_get:1393: inode #15: comm syz.5.1353: casefold flag without casefold feature [ 80.964782][ T6787] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.1353: couldn't read orphan inode 15 (err -117) [ 80.982985][ T6787] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.001638][ T6787] random: crng reseeded on system resumption [ 81.023802][ T5342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.046265][ T6797] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1358'. [ 81.098131][ T6804] loop5: detected capacity change from 0 to 2048 [ 81.107372][ T6804] EXT4-fs: Ignoring removed mblk_io_submit option [ 81.123679][ T6804] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.230203][ T6825] sg_write: data in/out 124/1 bytes for SCSI command 0x75-- guessing data in; [ 81.230203][ T6825] program syz.4.1367 not setting count and/or reply_len properly [ 81.260389][ T6826] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1360: bg 0: block 234: padding at end of block bitmap is not set [ 81.296620][ T6826] EXT4-fs (loop5): Remounting filesystem read-only [ 81.475324][ T5342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.631192][ T6872] loop5: detected capacity change from 0 to 512 [ 81.639032][ T6872] EXT4-fs: Ignoring removed nomblk_io_submit option [ 81.647284][ T6872] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 81.676320][ T6872] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 81.693142][ T6872] EXT4-fs (loop5): 1 truncate cleaned up [ 81.699422][ T6872] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.730843][ T5342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.764871][ T6883] loop5: detected capacity change from 0 to 512 [ 81.778727][ T6883] EXT4-fs error (device loop5): ext4_xattr_inode_iget:433: comm syz.5.1396: Parent and EA inode have the same ino 15 [ 81.792303][ T6883] EXT4-fs (loop5): Remounting filesystem read-only [ 81.805971][ T6883] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 81.816465][ T6883] EXT4-fs (loop5): 1 orphan inode deleted [ 81.822707][ T6883] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.841413][ T6888] IPv6: Can't replace route, no match found [ 81.870326][ T5342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.933600][ T6904] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1407'. [ 82.052754][ T6921] policy can only be matched on NF_INET_PRE_ROUTING [ 82.052773][ T6921] unable to load match [ 82.180629][ T6941] loop4: detected capacity change from 0 to 2048 [ 82.196812][ T6941] EXT4-fs: Ignoring removed mblk_io_submit option [ 82.242274][ T6941] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.327857][ T6951] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1424: bg 0: block 234: padding at end of block bitmap is not set [ 82.342338][ T6951] EXT4-fs (loop4): Remounting filesystem read-only [ 82.378187][ T6957] loop2: detected capacity change from 0 to 512 [ 82.407999][ T6957] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.1428: Parent and EA inode have the same ino 15 [ 82.427930][ T6957] EXT4-fs (loop2): Remounting filesystem read-only [ 82.449845][ T6957] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 82.460116][ T6957] EXT4-fs (loop2): 1 orphan inode deleted [ 82.466287][ T6957] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.486609][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.501404][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.452811][ T7005] tipc: Started in network mode [ 83.452902][ T7005] tipc: Node identity ac1414aa, cluster identity 4711 [ 83.453136][ T7005] tipc: Enabled bearer , priority 10 [ 83.850363][ T7031] netlink: 'syz.1.1462': attribute type 10 has an invalid length. [ 83.939083][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4 [ 83.946972][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2 [ 83.947189][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947219][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947278][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947306][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947329][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947352][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947373][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947439][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947466][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947494][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947521][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947549][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947576][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.947648][ T3394] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0 [ 83.948340][ T3394] hid-generic 0000:3000000:0000.0003: hidraw0: HID v0.00 Device [sy] on syz0 [ 84.195459][ T7049] : renamed from vlan0 (while UP) [ 84.254848][ T29] kauditd_printk_skb: 53 callbacks suppressed [ 84.254865][ T29] audit: type=1400 audit(1750883367.756:2720): avc: denied { create } for pid=7055 comm="syz.5.1473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 84.290810][ T29] audit: type=1400 audit(1750883367.786:2721): avc: denied { bind } for pid=7055 comm="syz.5.1473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 84.395921][ T7065] loop9: detected capacity change from 0 to 7 [ 84.403903][ T7065] Buffer I/O error on dev loop9, logical block 0, async page read [ 84.413349][ T7065] Buffer I/O error on dev loop9, logical block 0, async page read [ 84.421263][ T7065] loop9: unable to read partition table [ 84.427171][ T7065] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 84.427171][ T7065] ) failed (rc=-5) [ 84.449117][ T3394] tipc: Node number set to 2886997162 [ 84.524213][ T7075] team0 (unregistering): Port device C removed [ 84.552126][ T7075] team0 (unregistering): Port device team_slave_1 removed [ 84.582850][ T7080] netlink: 304 bytes leftover after parsing attributes in process `syz.0.1484'. [ 84.593174][ T7080] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1484'. [ 84.628651][ T7082] syz_tun: entered allmulticast mode [ 84.634984][ T7082] syz_tun: left allmulticast mode [ 84.798268][ T7102] SELinux: failed to load policy [ 84.805846][ T29] audit: type=1400 audit(1750883368.306:2722): avc: denied { write } for pid=7103 comm="syz.0.1492" name="kcm" dev="proc" ino=4026532935 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 84.989171][ T7118] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1497'. [ 85.184745][ T7139] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1508'. [ 85.340134][ T7060] syz.1.1475 (7060) used greatest stack depth: 6064 bytes left [ 85.420997][ T7168] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1521'. [ 85.642119][ T29] audit: type=1400 audit(1750883369.146:2723): avc: denied { setopt } for pid=7184 comm="syz.2.1529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 85.675946][ T7180] vhci_hcd: invalid port number 224 [ 85.683723][ T29] audit: type=1400 audit(1750883369.166:2724): avc: denied { nlmsg_write } for pid=7184 comm="syz.2.1529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 85.743074][ T7196] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1534'. [ 85.918767][ T29] audit: type=1400 audit(1750883369.416:2725): avc: denied { read write } for pid=3312 comm="syz-executor" name="loop0" dev="devtmpfs" ino=606 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 85.941630][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.942389][ T29] audit: type=1400 audit(1750883369.416:2726): avc: denied { open } for pid=3312 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=606 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 85.949824][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 85.973255][ T29] audit: type=1400 audit(1750883369.426:2727): avc: denied { ioctl } for pid=3312 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=606 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 85.980634][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.014237][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.021715][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.029245][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.036777][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.044254][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.051831][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.059316][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.066829][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.074425][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.081980][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.089938][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.097532][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.105053][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.112586][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.120116][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.127548][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.133643][ T7224] pim6reg1: entered promiscuous mode [ 86.135021][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.140338][ T7224] pim6reg1: entered allmulticast mode [ 86.147694][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.147723][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.147748][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.175588][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.183066][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.190522][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.197982][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.205461][ T3394] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 86.215974][ T3394] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz1 [ 86.290352][ T7230] SELinux: failed to load policy [ 86.348152][ T7243] loop5: detected capacity change from 0 to 512 [ 86.361376][ T7243] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.374949][ T7243] ext4 filesystem being mounted at /153/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.389342][ T29] audit: type=1326 audit(1750883369.886:2728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7249 comm="syz.1.1556" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fee74d2e929 code=0x0 [ 86.389975][ T7243] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.1554: corrupted xattr block 32: bad e_name length [ 86.426028][ T7243] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop5 ino=15 [ 86.435365][ T7243] EXT4-fs error (device loop5): ext4_xattr_block_get:593: inode #15: comm syz.5.1554: corrupted xattr block 32: bad e_name length [ 86.449580][ T7251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.449718][ T7243] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop5 ino=15 [ 86.458006][ T7251] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.475889][ T29] audit: type=1400 audit(1750883369.976:2729): avc: denied { remove_name } for pid=7242 comm="syz.5.1554" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 86.515148][ T5342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.578278][ T7257] ALSA: seq fatal error: cannot create timer (-22) [ 86.655527][ T7263] SELinux: failed to load policy [ 86.821687][ T7287] netlink: 'syz.0.1574': attribute type 1 has an invalid length. [ 86.868490][ T7295] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1578'. [ 87.204745][ T7346] pim6reg1: entered promiscuous mode [ 87.210202][ T7346] pim6reg1: entered allmulticast mode [ 87.603426][ T7377] loop5: detected capacity change from 0 to 1024 [ 87.618277][ T7377] EXT4-fs: Ignoring removed orlov option [ 87.637152][ T7377] EXT4-fs (loop5): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 87.685493][ T7377] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 87.708147][ T7384] loop4: detected capacity change from 0 to 512 [ 87.718628][ T7377] EXT4-fs error (device loop5): ext4_check_all_de:659: inode #12: block 7: comm syz.5.1616: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=108 fake=0 [ 87.752699][ T5342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.842721][ T7384] EXT4-fs: Ignoring removed i_version option [ 87.856447][ T7384] EXT4-fs (loop4): orphan cleanup on readonly fs [ 87.863646][ T7384] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1615: bg 0: block 131: padding at end of block bitmap is not set [ 87.877639][ T7393] SELinux: failed to load policy [ 87.878301][ T7384] EXT4-fs (loop4): Remounting filesystem read-only [ 87.890086][ T7384] EXT4-fs (loop4): 1 truncate cleaned up [ 87.899401][ T7384] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 87.986930][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.009339][ T7405] serio: Serial port ptm0 [ 88.014617][ T7404] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 88.086686][ T7415] loop5: detected capacity change from 0 to 1024 [ 88.113923][ T7415] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.135052][ T7421] loop0: detected capacity change from 0 to 512 [ 88.142392][ T7415] ext4 filesystem being mounted at /177/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.155931][ T7423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.165656][ T7421] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.1633: casefold flag without casefold feature [ 88.182703][ T7415] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 88.196828][ T7423] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.198276][ T7415] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 48 with error 28 [ 88.218324][ T7415] EXT4-fs (loop5): This should not happen!! Data will be lost [ 88.218324][ T7415] [ 88.228085][ T7415] EXT4-fs (loop5): Total free blocks count 0 [ 88.234278][ T7415] EXT4-fs (loop5): Free/Dirty block details [ 88.240327][ T7415] EXT4-fs (loop5): free_blocks=4293918720 [ 88.246263][ T7415] EXT4-fs (loop5): dirty_blocks=48 [ 88.251489][ T7415] EXT4-fs (loop5): Block reservation details [ 88.257676][ T7415] EXT4-fs (loop5): i_reserved_data_blocks=3 [ 88.278043][ T7421] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.1633: couldn't read orphan inode 15 (err -117) [ 88.290754][ T7421] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.305870][ T5342] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.335560][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.485299][ T7457] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1650'. [ 88.494435][ T7459] netem: change failed [ 88.543171][ T7467] can0: slcan on ttyS3. [ 88.619022][ T7464] can0 (unregistered): slcan off ttyS3. [ 89.261323][ T29] kauditd_printk_skb: 189 callbacks suppressed [ 89.261340][ T29] audit: type=1400 audit(1750883372.766:2919): avc: denied { read write } for pid=3316 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 89.292293][ T29] audit: type=1400 audit(1750883372.796:2920): avc: denied { prog_load } for pid=7542 comm="syz.5.1690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 89.313970][ T29] audit: type=1400 audit(1750883372.796:2921): avc: denied { read } for pid=7542 comm="syz.5.1690" dev="nsfs" ino=4026532390 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=0 [ 89.335495][ T29] audit: type=1400 audit(1750883372.796:2922): avc: denied { read } for pid=7542 comm="syz.5.1690" dev="nsfs" ino=4026532390 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=0 [ 89.356724][ T29] audit: type=1400 audit(1750883372.816:2923): avc: denied { prog_load } for pid=7544 comm="syz.4.1691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 89.375997][ T29] audit: type=1400 audit(1750883372.816:2924): avc: denied { read } for pid=7544 comm="syz.4.1691" dev="nsfs" ino=4026532513 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=0 [ 89.419058][ T29] audit: type=1400 audit(1750883372.846:2925): avc: denied { read write } for pid=5342 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 89.443362][ T29] audit: type=1400 audit(1750883372.846:2926): avc: denied { map_create } for pid=7546 comm="syz.5.1692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 89.462576][ T29] audit: type=1400 audit(1750883372.846:2927): avc: denied { read } for pid=7546 comm="syz.5.1692" dev="nsfs" ino=4026532390 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=0 [ 89.484120][ T29] audit: type=1400 audit(1750883372.846:2928): avc: denied { prog_load } for pid=7546 comm="syz.5.1692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 90.236375][ T7686] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1755'. [ 90.248184][ T7677] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1755'. [ 90.711507][ T7740] sch_tbf: burst 25 is lower than device lo mtu (65550) ! [ 91.190461][ T7793] pim6reg1: entered promiscuous mode [ 91.195858][ T7793] pim6reg1: entered allmulticast mode [ 91.215420][ T7796] sit0: entered allmulticast mode [ 91.266633][ T7802] sit0: entered promiscuous mode [ 91.446411][ T7818] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1820'. [ 91.465586][ T7818] geneve2: entered promiscuous mode [ 91.478649][ T7823] netem: change failed [ 92.612309][ T7973] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1896'. [ 92.634038][ T7973] hsr_slave_0: left promiscuous mode [ 92.644027][ T7973] hsr_slave_1: left promiscuous mode [ 92.768607][ T7998] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1908'. [ 94.235566][ T8167] pim6reg1: entered promiscuous mode [ 94.241073][ T8167] pim6reg1: entered allmulticast mode [ 94.308471][ T29] kauditd_printk_skb: 1148 callbacks suppressed [ 94.308485][ T29] audit: type=1400 audit(1750883377.806:4077): avc: denied { read write } for pid=5342 comm="syz-executor" name="loop5" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 94.388965][ T29] audit: type=1400 audit(1750883377.886:4078): avc: denied { read write } for pid=3316 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 94.430786][ T29] audit: type=1400 audit(1750883377.906:4079): avc: denied { read write } for pid=3316 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 94.455608][ T29] audit: type=1400 audit(1750883377.916:4080): avc: denied { map_create } for pid=8180 comm="syz.4.1997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 94.475197][ T29] audit: type=1400 audit(1750883377.916:4081): avc: denied { prog_load } for pid=8180 comm="syz.4.1997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 94.494333][ T29] audit: type=1400 audit(1750883377.916:4082): avc: denied { prog_load } for pid=8180 comm="syz.4.1997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 94.513998][ T29] audit: type=1400 audit(1750883377.916:4083): avc: denied { prog_load } for pid=8180 comm="syz.4.1997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 94.533331][ T29] audit: type=1326 audit(1750883377.916:4084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8180 comm="syz.4.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 94.557053][ T29] audit: type=1326 audit(1750883377.916:4085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8180 comm="syz.4.1997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f4fa732e929 code=0x7ffc0000 [ 94.580480][ T29] audit: type=1400 audit(1750883377.916:4086): avc: denied { execmem } for pid=8180 comm="syz.4.1997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 94.610492][ T8194] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2003'. [ 94.755319][ T8210] IPv6: Can't replace route, no match found [ 94.772047][ T8216] netlink: 27 bytes leftover after parsing attributes in process `syz.2.2014'. [ 94.791764][ T8218] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 94.808102][ T8214] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2013'. [ 95.138116][ T8287] xt_bpf: check failed: parse error [ 95.182488][ T8298] netlink: 830 bytes leftover after parsing attributes in process `syz.1.2053'. [ 95.221522][ T8305] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2056'. [ 95.658483][ T8364] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2085'. [ 95.667530][ T8364] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2085'. [ 95.676552][ T8364] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2085'. [ 95.685799][ T8364] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2085'. [ 95.695016][ T8364] netlink: 'syz.4.2085': attribute type 6 has an invalid length. [ 96.534113][ T8421] netem: incorrect gi model size [ 96.539245][ T8421] netem: change failed [ 96.656220][ T8443] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2123'. [ 96.665520][ T8443] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2123'. [ 96.674572][ T8443] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2123'. [ 96.683878][ T8443] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2123'. [ 96.692971][ T8443] netlink: 'syz.0.2123': attribute type 6 has an invalid length. [ 96.746344][ T8450] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.2126'. [ 96.966690][ T8461] pim6reg1: entered promiscuous mode [ 96.972065][ T8461] pim6reg1: entered allmulticast mode [ 97.318258][ T8491] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2145'. [ 98.729975][ T8621] capability: warning: `syz.1.2205' uses 32-bit capabilities (legacy support in use) [ 98.955917][ T8634] sch_tbf: burst 25 is lower than device lo mtu (65550) ! [ 99.316517][ T29] kauditd_printk_skb: 912 callbacks suppressed [ 99.316535][ T29] audit: type=1400 audit(1750883382.816:4999): avc: denied { read write } for pid=3316 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 99.332947][ T8680] bridge_slave_0: left allmulticast mode [ 99.349030][ T29] audit: type=1400 audit(1750883382.826:5000): avc: denied { create } for pid=8679 comm="syz.4.2233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=0 [ 99.352819][ T8680] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.372264][ T29] audit: type=1400 audit(1750883382.826:5001): avc: denied { module_request } for pid=8679 comm="syz.4.2233" kmod="rtnl-link-bridge_slave" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=0 [ 99.421611][ T29] audit: type=1400 audit(1750883382.926:5002): avc: denied { read write } for pid=3316 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 99.447751][ T29] audit: type=1400 audit(1750883382.946:5003): avc: denied { map_create } for pid=8681 comm="syz.4.2234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 99.469197][ T29] audit: type=1400 audit(1750883382.966:5004): avc: denied { prog_load } for pid=8681 comm="syz.4.2234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 99.488577][ T29] audit: type=1400 audit(1750883382.966:5005): avc: denied { create } for pid=8681 comm="syz.4.2234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0 [ 99.509352][ T29] audit: type=1400 audit(1750883382.966:5006): avc: denied { create } for pid=8681 comm="syz.4.2234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0 [ 99.527626][ T8684] syzkaller0: entered promiscuous mode [ 99.530321][ T29] audit: type=1400 audit(1750883382.996:5007): avc: denied { read write } for pid=8669 comm="syz.5.2228" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 99.535445][ T8684] syzkaller0: entered allmulticast mode [ 99.559051][ T29] audit: type=1400 audit(1750883382.996:5008): avc: denied { read write } for pid=3316 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 99.617428][ T8691] ip6gre1: entered allmulticast mode [ 100.360731][ T8747] pim6reg1: entered promiscuous mode [ 100.366107][ T8747] pim6reg1: entered allmulticast mode [ 100.659604][ T8764] pim6reg1: entered promiscuous mode [ 100.665144][ T8764] pim6reg1: entered allmulticast mode [ 100.691359][ T8766] pim6reg1: entered promiscuous mode [ 100.696774][ T8766] pim6reg1: entered allmulticast mode [ 101.035430][ T8817] pim6reg1: entered promiscuous mode [ 101.041058][ T8817] pim6reg1: entered allmulticast mode [ 101.208827][ T8849] ================================================================== [ 101.216993][ T8849] BUG: KCSAN: data-race in memcpy_and_pad / release_task [ 101.224079][ T8849] [ 101.226428][ T8849] write to 0xffff88811a245608 of 8 bytes by task 3307 on cpu 0: [ 101.234087][ T8849] release_task+0x6f9/0xb60 [ 101.238638][ T8849] wait_consider_task+0x113f/0x1650 [ 101.243887][ T8849] __do_wait+0xfa/0x510 [ 101.248089][ T8849] do_wait+0xb7/0x260 [ 101.252117][ T8849] kernel_wait4+0x16b/0x1e0 [ 101.256669][ T8849] __x64_sys_wait4+0x91/0x120 [ 101.261388][ T8849] x64_sys_call+0x26c8/0x2fb0 [ 101.266101][ T8849] do_syscall_64+0xd2/0x200 [ 101.270619][ T8849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.276708][ T8849] [ 101.279048][ T8849] read to 0xffff88811a245140 of 3200 bytes by task 8849 on cpu 1: [ 101.286869][ T8849] memcpy_and_pad+0x48/0x80 [ 101.291400][ T8849] arch_dup_task_struct+0x2c/0x40 [ 101.296449][ T8849] dup_task_struct+0x83/0x6a0 [ 101.301160][ T8849] copy_process+0x399/0x1fe0 [ 101.305772][ T8849] kernel_clone+0x16c/0x5b0 [ 101.310330][ T8849] __se_sys_clone3+0x1c2/0x200 [ 101.315117][ T8849] __x64_sys_clone3+0x31/0x40 [ 101.319829][ T8849] x64_sys_call+0x10c9/0x2fb0 [ 101.324522][ T8849] do_syscall_64+0xd2/0x200 [ 101.329038][ T8849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.334951][ T8849] [ 101.337287][ T8849] Reported by Kernel Concurrency Sanitizer on: [ 101.343451][ T8849] CPU: 1 UID: 0 PID: 8849 Comm: syz.4.2312 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(voluntary) [ 101.355881][ T8849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 101.366144][ T8849] ==================================================================