last executing test programs: 2.194005449s ago: executing program 2 (id=476): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x2000000000000079, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 2.12947631s ago: executing program 2 (id=477): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xb76e}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200a}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2f}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x106}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb8}}, 0x20050800) 2.09201611s ago: executing program 2 (id=479): r0 = perf_event_open(&(0x7f0000000c40)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x100, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x7fff, 0x401}, 0x100b28, 0x6, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x20280, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open$cgroup(&(0x7f0000000380)={0x2, 0x80, 0x2, 0x1, 0x3, 0x10, 0x0, 0x7f, 0x201, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, @perf_config_ext={0x1000, 0x4}, 0x14006, 0xe, 0x3, 0x9, 0x0, 0x2c, 0x1, 0x0, 0x3, 0x0, 0x3}, r1, 0xc, r0, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="190000000400000004000000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005001201", 0x2e}], 0x1}, 0x48000) 1.773965256s ago: executing program 3 (id=486): bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x6c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0xf5, 0xfff5, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000001}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x68}}, 0x0) 1.758260537s ago: executing program 3 (id=488): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r1}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b7040000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) unshare(0x2c040000) unshare(0x2c020400) 1.711633917s ago: executing program 3 (id=489): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xffffdffffffffffe}, 0x18) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x58e, &(0x7f0000000180), 0x1, 0x451, &(0x7f0000000780)="$eJzs289vFFUcAPDvTFug/LAV8Qc/1CoaG3+0tKBy8KLRxIMmJl7wWNtCkIUaWhMhRNEYPBoS78ajiX+BJ70Y9WTiVe+GhBguoqc1szvD/mC3tMu2g+znkwx9b+YN7333zdt9M283gIE1kf2TROyMiN8jYqyebS0wUf9z/dqF+X+uXZhPolp9+6+kVu7vaxfmi6LFeTvyzGQakX6WxP4O9S6fO39qrlJZPJvnp1dOvz+9fO78cydPz51YPLF4Zvbo0SOHZ158Yfb5vsR5b9bWfR8tHdj7+juX35w/dvndn78dKuJvi6NPJlY7+GS12ufqyrWrKZ0Ml9gQ1iUbA1l3jdTG/1gMRaPzxuK1T0ttHLChqrkuhy9WgbtYEmW3AChH8UGf3f8W2+bNPsp39eX6DVAW9/V8qx8ZjjQvM9J2f9tPExFx7OK/X2VbbMxzCACAFt9n859nO83/0nigqdw9+drQeL6Wsjsi7ouIPRFxf0St7IMR8dA6629fJLl5/pNe6SmwNcrmfy/la1ut879i9hfjQ3luVy3+keT4ycriofw1mYyRrVl+ZpU6fnj1ty+6HWue/2VbVn8xF8zbcWV4a+s5C3Mrc7cTc7Orn0TsG+4Uf3JjJSCJiL0Rsa/HOk4+/c2BbsduHf8q+rDOVP064ql6/1+MtvgLyerrk9PborJ4aLq4Km72y6+X3upW/23F3wdZ/2/veP3fiH88aV6vXV5/HZf++LzrPc1UT9d/Y8eW/O+HcysrZ2citiRv1BvdvH+2cW6RL8pn8U8e7Dz+d0fjldgfEdlF/HBEPBIRj+Z991hEPB4RB9viar6//umVJ97rFv+d0P8Lbf0/3lqkrf8biS3RvqdzYujUj9+1/o+N5Nre/47UUpP5nrW8/62lXb1dzQAAAPD/k0bEzkjSqRvp0XRqqv4d/j2xPa0sLa88c3zpgzML9d8IjMdIWjzpGmt6HjqT39YX+dm2/OH8ufGXQ6O1/NT8UmWh7OBhwO24afyntfGf+XOo7NYBG87vtWBwNY3/pMx2AJvP5z8MLuMfBleH8T9aRjuAzdfp8//jEtoBbL628W/ZDwaI+38YXMY/DK7m8e8LADAwlkfj1j+S75TYFr2cJXHXJCK9I5rRn0TS4yhYa2Jn2QGuP1H2OxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB//BcAAP//pgHvrg==") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000080)=""/109, 0x6d) lseek(r2, 0xb72f1b6, 0x1) getdents64(r2, 0x0, 0x0) 1.528365921s ago: executing program 3 (id=490): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r0, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9}) fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x5}) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 1.268907796s ago: executing program 4 (id=494): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000006c0)='netlink_extack\x00', r0}, 0x18) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffd}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2a, 0x8000002, {0x0, 0x0, 0x0, r4, {0xfff2, 0x1}, {}, {0x9, 0xa}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x80001000}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24008004}, 0x0) 1.170616418s ago: executing program 0 (id=495): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020047b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000020000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r2}, 0x18) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0x20) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x4, 0x0, 0x7, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 1.074838209s ago: executing program 4 (id=496): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014fa0000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffc}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "f300", "1e00040000000100"}, 0x28) write$binfmt_script(r0, &(0x7f0000000500)={'#! ', './file0'}, 0xb) 1.04727898s ago: executing program 2 (id=497): perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x104, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) 764.353375ms ago: executing program 0 (id=498): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x41, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd2b, 0x10000, {0x0, 0x0, 0x0, r4, {0xc, 0xffff}, {0x0, 0x4}, {0xfff3, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8014}, 0x0) 764.092305ms ago: executing program 4 (id=499): r0 = socket$key(0xf, 0x3, 0x2) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xc, 0x0, 0x700, 0x0, [@sadb_key={0x2, 0x9, 0x8, 0x0, "01"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x2, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x60}, 0x1, 0x7}, 0x0) 699.762776ms ago: executing program 4 (id=500): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x885) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = socket$netlink(0x10, 0x3, 0x4) write(r3, &(0x7f00000002c0)="29000000140005b7ff00000004eabdeb0101b6ff02159f7e5520756b1933b49db96ad24d12595fbea5", 0x29) 651.106588ms ago: executing program 1 (id=502): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xfffffffffffffffe, 0x0, 0x1) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000000180), 0x4) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast1}}}}) 617.936978ms ago: executing program 4 (id=503): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port1\x00', 0x72, 0x0, 0x0, 0x8000008, 0x4, 0x2, 0x1, 0x0, 0x7cce8c743ee810df}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x40505330, &(0x7f00000000c0)={0x800080, 0x80, 0xffffffbc, 0x7, 0x0, 0x55a}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x40505330, &(0x7f0000000200)={0x800080, 0x858, 0x8, 0x7, 0x43, 0x558}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 527.99518ms ago: executing program 4 (id=504): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb8000) syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000160000"], 0x0, 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000066"], 0x0, 0x7ff}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xfffffdd6}], 0x1, 0x9c00, 0x0, 0x3) 380.301403ms ago: executing program 0 (id=505): r0 = socket(0x1e, 0x4, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x10) r2 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x4}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r3, 0xffffffffffffffff, 0x0) 380.106423ms ago: executing program 1 (id=506): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e02800850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast}) 324.294823ms ago: executing program 2 (id=507): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000100)=0x404, 0x4) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000080)={0xa, 0x14e22, 0xfffffff9, @ipv4}, 0x1c) close_range(r0, 0xffffffffffffffff, 0x0) 298.637314ms ago: executing program 2 (id=508): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r4, 0x0, r3, 0x0, 0x1, 0x0) fcntl$setpipe(r2, 0x407, 0x10003ff) 265.176685ms ago: executing program 0 (id=509): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0}, 0x50) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='kfree\x00', r4, 0x0, 0x10000001}, 0x18) ptrace$getregset(0x4204, r1, 0x2, &(0x7f0000000740)={0x0}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r0, 0x0, 0x0}, 0x20) 211.604295ms ago: executing program 1 (id=510): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) r2 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000140), 0x12) 133.474597ms ago: executing program 0 (id=511): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) r2 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r2}) keyctl$link(0x8, r2, r3) 75.640248ms ago: executing program 1 (id=512): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) sendto$inet6(r0, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c) 75.306298ms ago: executing program 3 (id=513): r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4, 0x8], 0x0, 0x0, 0x12, 0x1}}, 0x40) 53.869129ms ago: executing program 0 (id=514): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x10) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 5.2944ms ago: executing program 1 (id=515): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x5, 0xfffffffc, 0xb95b5ec032cc8e84, 0x0, 0xe6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2, 0x0, 0xfffffffffffffffe}, 0x18) get_mempolicy(0x0, 0x0, 0x2, &(0x7f00002fe000/0x1000)=nil, 0x6) 4.98706ms ago: executing program 3 (id=516): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") socket$inet_mptcp(0x2, 0x1, 0x106) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x1cc) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000008c0)="3bf5", 0x2) perf_event_open(0x0, 0x0, 0xffffbfffffffffff, 0xffffffffffffffff, 0x2) quotactl$Q_GETQUOTA(0xffffffff80000702, &(0x7f0000000100)=@sr0, 0x0, 0x0) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 0s ago: executing program 1 (id=517): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000000)='kmem_cache_free\x00', r4, 0x0, 0xd4}, 0x18) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_MASTER={0x8, 0xa, r2}, @IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x6}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts. [ 34.864730][ T29] audit: type=1400 audit(1758234762.959:62): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 34.865941][ T3294] cgroup: Unknown subsys name 'net' [ 34.887528][ T29] audit: type=1400 audit(1758234762.959:63): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 34.914989][ T29] audit: type=1400 audit(1758234762.989:64): avc: denied { unmount } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 35.068759][ T3294] cgroup: Unknown subsys name 'cpuset' [ 35.075160][ T3294] cgroup: Unknown subsys name 'rlimit' [ 35.226120][ T29] audit: type=1400 audit(1758234763.319:65): avc: denied { setattr } for pid=3294 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.249450][ T29] audit: type=1400 audit(1758234763.319:66): avc: denied { create } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.269951][ T29] audit: type=1400 audit(1758234763.319:67): avc: denied { write } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.287712][ T3298] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 35.290398][ T29] audit: type=1400 audit(1758234763.329:68): avc: denied { read } for pid=3294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 35.319168][ T29] audit: type=1400 audit(1758234763.339:69): avc: denied { mounton } for pid=3294 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 35.344114][ T29] audit: type=1400 audit(1758234763.339:70): avc: denied { mount } for pid=3294 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 35.362441][ T3294] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 35.367584][ T29] audit: type=1400 audit(1758234763.399:71): avc: denied { relabelto } for pid=3298 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 36.542134][ T3304] chnl_net:caif_netlink_parms(): no params data found [ 36.583935][ T3306] chnl_net:caif_netlink_parms(): no params data found [ 36.618566][ T3308] chnl_net:caif_netlink_parms(): no params data found [ 36.627597][ T3310] chnl_net:caif_netlink_parms(): no params data found [ 36.685673][ T3304] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.692818][ T3304] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.700235][ T3304] bridge_slave_0: entered allmulticast mode [ 36.706615][ T3304] bridge_slave_0: entered promiscuous mode [ 36.723422][ T3313] chnl_net:caif_netlink_parms(): no params data found [ 36.739376][ T3304] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.746454][ T3304] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.753677][ T3304] bridge_slave_1: entered allmulticast mode [ 36.760267][ T3304] bridge_slave_1: entered promiscuous mode [ 36.799155][ T3308] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.806244][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.813422][ T3308] bridge_slave_0: entered allmulticast mode [ 36.820032][ T3308] bridge_slave_0: entered promiscuous mode [ 36.831748][ T3306] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.838958][ T3306] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.846075][ T3306] bridge_slave_0: entered allmulticast mode [ 36.852603][ T3306] bridge_slave_0: entered promiscuous mode [ 36.871165][ T3308] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.878261][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.885516][ T3308] bridge_slave_1: entered allmulticast mode [ 36.892115][ T3308] bridge_slave_1: entered promiscuous mode [ 36.899477][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.914057][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.921239][ T3306] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.928418][ T3306] bridge_slave_1: entered allmulticast mode [ 36.934924][ T3306] bridge_slave_1: entered promiscuous mode [ 36.955110][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.964256][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.971426][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.978577][ T3310] bridge_slave_0: entered allmulticast mode [ 36.985122][ T3310] bridge_slave_0: entered promiscuous mode [ 37.014256][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.021379][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.028765][ T3310] bridge_slave_1: entered allmulticast mode [ 37.035149][ T3310] bridge_slave_1: entered promiscuous mode [ 37.042504][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.052801][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.063283][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.083580][ T3304] team0: Port device team_slave_0 added [ 37.100964][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.114742][ T3313] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.121916][ T3313] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.129058][ T3313] bridge_slave_0: entered allmulticast mode [ 37.135462][ T3313] bridge_slave_0: entered promiscuous mode [ 37.142548][ T3304] team0: Port device team_slave_1 added [ 37.163465][ T3308] team0: Port device team_slave_0 added [ 37.170179][ T3308] team0: Port device team_slave_1 added [ 37.175888][ T3313] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.183022][ T3313] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.190329][ T3313] bridge_slave_1: entered allmulticast mode [ 37.196953][ T3313] bridge_slave_1: entered promiscuous mode [ 37.208685][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.215700][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.241652][ T3304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.253706][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.269217][ T3306] team0: Port device team_slave_0 added [ 37.290048][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.297078][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.323188][ T3304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.337604][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.352747][ T3306] team0: Port device team_slave_1 added [ 37.358923][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.365877][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.392005][ T3308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.404570][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.411591][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.437549][ T3308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.455149][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.483851][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.498677][ T3310] team0: Port device team_slave_0 added [ 37.505722][ T3310] team0: Port device team_slave_1 added [ 37.511987][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.518962][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.545003][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.583239][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.590249][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.616323][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.629206][ T3304] hsr_slave_0: entered promiscuous mode [ 37.635192][ T3304] hsr_slave_1: entered promiscuous mode [ 37.648122][ T3313] team0: Port device team_slave_0 added [ 37.659274][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.666290][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.692347][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.714213][ T3308] hsr_slave_0: entered promiscuous mode [ 37.720319][ T3308] hsr_slave_1: entered promiscuous mode [ 37.726163][ T3308] debugfs: 'hsr0' already exists in 'hsr' [ 37.732035][ T3308] Cannot create hsr debugfs directory [ 37.738300][ T3313] team0: Port device team_slave_1 added [ 37.744415][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.751447][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.777453][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.826384][ T3306] hsr_slave_0: entered promiscuous mode [ 37.832432][ T3306] hsr_slave_1: entered promiscuous mode [ 37.838436][ T3306] debugfs: 'hsr0' already exists in 'hsr' [ 37.844169][ T3306] Cannot create hsr debugfs directory [ 37.854836][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.861874][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.887831][ T3313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.906494][ T3310] hsr_slave_0: entered promiscuous mode [ 37.912600][ T3310] hsr_slave_1: entered promiscuous mode [ 37.918541][ T3310] debugfs: 'hsr0' already exists in 'hsr' [ 37.924269][ T3310] Cannot create hsr debugfs directory [ 37.947576][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.954611][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.980745][ T3313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.066710][ T3313] hsr_slave_0: entered promiscuous mode [ 38.072815][ T3313] hsr_slave_1: entered promiscuous mode [ 38.078722][ T3313] debugfs: 'hsr0' already exists in 'hsr' [ 38.084479][ T3313] Cannot create hsr debugfs directory [ 38.209582][ T3304] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 38.218702][ T3304] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 38.241924][ T3304] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 38.256023][ T3304] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 38.267473][ T3306] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 38.276336][ T3306] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 38.289935][ T3306] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 38.300011][ T3306] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 38.326737][ T3308] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 38.341538][ T3308] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 38.354848][ T3308] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 38.364503][ T3308] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 38.383950][ T3310] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.392955][ T3310] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.403860][ T3310] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.417652][ T3310] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.452361][ T3313] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 38.462060][ T3313] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 38.471824][ T3313] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 38.481698][ T3313] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 38.520111][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.559675][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.578865][ T3304] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.589823][ T110] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.597026][ T110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.618586][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.628350][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.635434][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.649883][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.660194][ T3306] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.673374][ T3308] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.685581][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.696285][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.703370][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.712345][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.719419][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.732105][ T2658] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.739203][ T2658] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.749086][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.767304][ T3306] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 38.777833][ T3306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.791477][ T2658] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.798578][ T2658] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.827709][ T2658] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.834868][ T2658] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.863717][ T2658] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.870837][ T2658] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.895366][ T3304] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.913441][ T3313] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.926250][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.933471][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.959524][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.966702][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.985710][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.999561][ T3310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.026761][ T3313] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 39.037257][ T3313] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.061269][ T3304] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.101878][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.162850][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.222153][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.252422][ T3306] veth0_vlan: entered promiscuous mode [ 39.263600][ T3308] veth0_vlan: entered promiscuous mode [ 39.289199][ T3308] veth1_vlan: entered promiscuous mode [ 39.314933][ T3306] veth1_vlan: entered promiscuous mode [ 39.342668][ T3306] veth0_macvtap: entered promiscuous mode [ 39.374058][ T3306] veth1_macvtap: entered promiscuous mode [ 39.390097][ T3310] veth0_vlan: entered promiscuous mode [ 39.399468][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.411360][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.426714][ T3308] veth0_macvtap: entered promiscuous mode [ 39.434256][ T3310] veth1_vlan: entered promiscuous mode [ 39.444998][ T2658] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.457712][ T3308] veth1_macvtap: entered promiscuous mode [ 39.464887][ T2658] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.479895][ T2658] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.489728][ T2658] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.511253][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.522991][ T3304] veth0_vlan: entered promiscuous mode [ 39.531174][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.540586][ T3313] veth0_vlan: entered promiscuous mode [ 39.550398][ T3304] veth1_vlan: entered promiscuous mode [ 39.563205][ T3313] veth1_vlan: entered promiscuous mode [ 39.572210][ T2658] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.582643][ T2658] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.602705][ T2658] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.615331][ T3310] veth0_macvtap: entered promiscuous mode [ 39.622304][ T3306] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 39.630833][ T3310] veth1_macvtap: entered promiscuous mode [ 39.646914][ T2658] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.668199][ T3304] veth0_macvtap: entered promiscuous mode [ 39.688125][ T3304] veth1_macvtap: entered promiscuous mode [ 39.703493][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.717264][ T3313] veth0_macvtap: entered promiscuous mode [ 39.727255][ T3313] veth1_macvtap: entered promiscuous mode [ 39.742860][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.753352][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.773376][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.785967][ T2658] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.796786][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.805950][ C0] hrtimer: interrupt took 67721 ns [ 39.812998][ T2658] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.823972][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.846146][ T2658] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.875216][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.884141][ T29] kauditd_printk_skb: 32 callbacks suppressed [ 39.884157][ T29] audit: type=1400 audit(1758234767.969:104): avc: denied { prog_run } for pid=3474 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 39.928099][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.940960][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.961782][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.993735][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.027394][ T29] audit: type=1326 audit(1758234768.119:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3483 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ee34ceba9 code=0x7ffc0000 [ 40.050645][ T29] audit: type=1326 audit(1758234768.119:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3483 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ee34ceba9 code=0x7ffc0000 [ 40.074080][ T29] audit: type=1326 audit(1758234768.119:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3483 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f3ee34ceba9 code=0x7ffc0000 [ 40.097653][ T29] audit: type=1326 audit(1758234768.119:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3483 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ee34ceba9 code=0x7ffc0000 [ 40.129061][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.132985][ T29] audit: type=1326 audit(1758234768.119:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3483 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f3ee34ceba9 code=0x7ffc0000 [ 40.155479][ T3480] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.161022][ T29] audit: type=1326 audit(1758234768.119:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3483 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ee34ceba9 code=0x7ffc0000 [ 40.192933][ T29] audit: type=1326 audit(1758234768.119:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3483 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3ee34ceba9 code=0x7ffc0000 [ 40.207014][ T3480] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.216249][ T29] audit: type=1326 audit(1758234768.119:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3483 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ee34ceba9 code=0x7ffc0000 [ 40.233873][ T3490] loop0: detected capacity change from 0 to 2048 [ 40.248017][ T29] audit: type=1326 audit(1758234768.119:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3483 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f3ee34ceba9 code=0x7ffc0000 [ 40.293590][ T3480] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.342455][ T3495] process 'syz.1.8' launched '/dev/fd/3' with NULL argv: empty string added [ 40.353382][ T3490] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.423465][ T3490] EXT4-fs error (device loop0): ext4_free_inode:354: comm syz.0.7: bit already cleared for inode 15 [ 40.428506][ T3500] EXT4-fs error (device loop0): __ext4_new_inode:1073: comm syz.0.7: reserved inode found cleared - inode=1 [ 40.535382][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.547687][ T3510] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13'. [ 40.556649][ T3510] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13'. [ 40.567104][ T3510] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13'. [ 40.575983][ T3510] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13'. [ 40.641584][ T3516] Zero length message leads to an empty skb [ 40.648698][ T3519] netlink: 96 bytes leftover after parsing attributes in process `syz.1.17'. [ 40.704299][ T3528] syz_tun: entered allmulticast mode [ 40.722391][ T3531] capability: warning: `syz.1.20' uses deprecated v2 capabilities in a way that may be insecure [ 40.739327][ T3527] syz_tun: left allmulticast mode [ 40.831728][ T3538] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 40.924891][ T3550] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3550 comm=syz.1.29 [ 41.026195][ T3556] netlink: 96 bytes leftover after parsing attributes in process `syz.1.32'. [ 41.310142][ T3568] netlink: 12 bytes leftover after parsing attributes in process `syz.2.37'. [ 41.319031][ T3568] netlink: 28 bytes leftover after parsing attributes in process `syz.2.37'. [ 41.327832][ T3568] netlink: 12 bytes leftover after parsing attributes in process `syz.2.37'. [ 41.348787][ T3568] netlink: 28 bytes leftover after parsing attributes in process `syz.2.37'. [ 41.357731][ T3568] netlink: 'syz.2.37': attribute type 6 has an invalid length. [ 41.481872][ T3576] loop2: detected capacity change from 0 to 7 [ 41.507205][ T3580] loop2: detected capacity change from 0 to 512 [ 41.542671][ T3582] loop1: detected capacity change from 0 to 1024 [ 41.551297][ T3580] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 41.564446][ T3580] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 41.596007][ T3582] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.644194][ T3580] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.41: invalid indirect mapped block 4294967295 (level 0) [ 41.710478][ T3580] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.41: invalid indirect mapped block 4294967295 (level 1) [ 41.738581][ T3580] EXT4-fs (loop2): 1 orphan inode deleted [ 41.744396][ T3580] EXT4-fs (loop2): 1 truncate cleaned up [ 41.751483][ T3589] loop0: detected capacity change from 0 to 764 [ 41.798575][ T3580] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.855944][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.905615][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.030554][ T3606] netlink: 'syz.1.50': attribute type 1 has an invalid length. [ 42.197253][ T3609] loop1: detected capacity change from 0 to 512 [ 42.210994][ T3613] loop2: detected capacity change from 0 to 128 [ 42.234578][ T3613] syz.2.53: attempt to access beyond end of device [ 42.234578][ T3613] loop2: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 42.277039][ T3609] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.295659][ T3615] loop4: detected capacity change from 0 to 2048 [ 42.304356][ T3609] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.341691][ T3295] loop4: p4 < > [ 42.351880][ T3621] netlink: 'syz.0.56': attribute type 1 has an invalid length. [ 42.360596][ T3615] loop4: p4 < > [ 42.417492][ T3609] syz.1.51 (3609) used greatest stack depth: 10872 bytes left [ 42.439724][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.468224][ T3629] netlink: 'syz.2.61': attribute type 1 has an invalid length. [ 42.506702][ T3633] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 42.547714][ T3635] loop4: detected capacity change from 0 to 1024 [ 42.562026][ T3637] loop8: detected capacity change from 0 to 16384 [ 42.569351][ T3635] EXT4-fs: Ignoring removed bh option [ 42.574796][ T3635] EXT4-fs: inline encryption not supported [ 42.608390][ T3639] loop2: detected capacity change from 0 to 2048 [ 42.614982][ T3635] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 42.672938][ T3635] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 42.700788][ T3635] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 2: comm syz.4.63: lblock 2 mapped to illegal pblock 2 (length 1) [ 42.718072][ T3641] loop8: detected capacity change from 16384 to 16383 [ 42.721408][ T3635] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 48: comm syz.4.63: lblock 0 mapped to illegal pblock 48 (length 1) [ 42.739676][ T3635] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.63: Failed to acquire dquot type 0 [ 42.758011][ T3635] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 42.784452][ T3635] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.63: mark_inode_dirty error [ 42.814156][ T3635] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 42.836619][ T3635] EXT4-fs (loop4): 1 orphan inode deleted [ 42.843407][ T3635] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.860131][ T2658] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 42.883893][ T2658] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:6: Failed to release dquot type 0 [ 43.010019][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.033085][ T3304] EXT4-fs error (device loop4): __ext4_get_inode_loc:4861: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 43.051964][ T3304] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 43.061529][ T3664] loop2: detected capacity change from 0 to 1024 [ 43.061762][ T3304] EXT4-fs error (device loop4): ext4_quota_off:7221: inode #3: comm syz-executor: mark_inode_dirty error [ 43.089762][ T3664] ======================================================= [ 43.089762][ T3664] WARNING: The mand mount option has been deprecated and [ 43.089762][ T3664] and is ignored by this kernel. Remove the mand [ 43.089762][ T3664] option from the mount to silence this warning. [ 43.089762][ T3664] ======================================================= [ 43.147586][ T3664] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 43.159594][ T3664] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #11: comm syz.2.72: iget: bogus i_mode (1) [ 43.171723][ T3664] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.72: couldn't read orphan inode 11 (err -117) [ 43.184018][ T3664] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.222707][ T3669] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.230013][ T3669] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.271344][ T3669] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 43.281472][ T3669] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 43.322660][ T2658] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.340032][ T2658] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.351697][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.361641][ T2658] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.406571][ T2658] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.444876][ T3681] ref_ctr increment failed for inode: 0x55 offset: 0xb ref_ctr_offset: 0x82 of mm: 0xffff888109dcd640 [ 43.472780][ T3680] uprobe: syz.0.78:3680 failed to unregister, leaking uprobe [ 43.521285][ T3693] all: renamed from bridge_slave_0 (while UP) [ 43.619767][ T3703] loop0: detected capacity change from 0 to 1024 [ 43.653081][ T3703] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.690266][ T3703] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.88: bg 0: block 494: padding at end of block bitmap is not set [ 43.712321][ T3703] EXT4-fs (loop0): Remounting filesystem read-only [ 43.721279][ T3703] EXT4-fs (loop0): error restoring inline_data for inode -- potential data loss! (inode 15, error -30) [ 43.746061][ T3711] syz.4.91 uses obsolete (PF_INET,SOCK_PACKET) [ 43.858214][ T3703] syz.0.88 (3703) used greatest stack depth: 9864 bytes left [ 43.869690][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.912540][ T3724] syz_tun: entered allmulticast mode [ 43.930352][ T3726] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3726 comm=syz.2.98 [ 43.943294][ T3723] syz_tun: left allmulticast mode [ 43.959807][ T3726] netlink: 'syz.2.98': attribute type 1 has an invalid length. [ 44.067348][ T3734] loop4: detected capacity change from 0 to 128 [ 44.246300][ T3734] syz.4.96: attempt to access beyond end of device [ 44.246300][ T3734] loop4: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 44.322288][ T3720] syz.4.96: attempt to access beyond end of device [ 44.322288][ T3720] loop4: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 44.337009][ T3720] syz.4.96: attempt to access beyond end of device [ 44.337009][ T3720] loop4: rw=0, sector=145, nr_sectors = 8 limit=128 [ 44.370737][ T3720] syz.4.96: attempt to access beyond end of device [ 44.370737][ T3720] loop4: rw=0, sector=145, nr_sectors = 8 limit=128 [ 44.384978][ T3720] syz.4.96: attempt to access beyond end of device [ 44.384978][ T3720] loop4: rw=0, sector=145, nr_sectors = 8 limit=128 [ 44.401613][ T3720] syz.4.96: attempt to access beyond end of device [ 44.401613][ T3720] loop4: rw=0, sector=145, nr_sectors = 8 limit=128 [ 44.414983][ T3720] syz.4.96: attempt to access beyond end of device [ 44.414983][ T3720] loop4: rw=0, sector=145, nr_sectors = 8 limit=128 [ 44.429834][ T3720] syz.4.96: attempt to access beyond end of device [ 44.429834][ T3720] loop4: rw=0, sector=145, nr_sectors = 8 limit=128 [ 44.443351][ T3720] syz.4.96: attempt to access beyond end of device [ 44.443351][ T3720] loop4: rw=0, sector=145, nr_sectors = 8 limit=128 [ 44.477574][ T3755] pim6reg1: entered promiscuous mode [ 44.483095][ T3755] pim6reg1: entered allmulticast mode [ 44.683299][ T3770] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 44.693125][ T3770] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 44.902812][ T3792] loop2: detected capacity change from 0 to 1024 [ 44.916664][ T3792] EXT4-fs: Ignoring removed orlov option [ 44.949054][ T3792] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.975885][ T29] kauditd_printk_skb: 403 callbacks suppressed [ 44.975900][ T29] audit: type=1400 audit(1758234773.069:514): avc: denied { write } for pid=3799 comm="syz.3.129" name="vlan0" dev="proc" ino=4026533251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 45.009356][ T29] audit: type=1400 audit(1758234773.079:515): avc: denied { read open } for pid=3791 comm="syz.2.126" path="/31/bus/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 45.010203][ T3800] @: renamed from vlan0 (while UP) [ 45.032057][ T29] audit: type=1400 audit(1758234773.079:516): avc: denied { write } for pid=3791 comm="syz.2.126" name="bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 45.058922][ T29] audit: type=1400 audit(1758234773.109:517): avc: denied { ioctl } for pid=3799 comm="syz.3.129" path="socket:[6367]" dev="sockfs" ino=6367 ioctlcmd=0x8923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 45.123134][ T3802] loop0: detected capacity change from 0 to 8192 [ 45.157368][ T3807] netlink: 'syz.3.132': attribute type 1 has an invalid length. [ 45.157551][ T3805] loop1: detected capacity change from 0 to 512 [ 45.165836][ T3807] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 45.187724][ T3805] EXT4-fs (loop1): orphan cleanup on readonly fs [ 45.188535][ T3297] loop0: p1 p2 < > p3 p4 < p5 > [ 45.195849][ T3805] EXT4-fs error (device loop1): ext4_orphan_get:1418: comm syz.1.131: bad orphan inode 13 [ 45.199205][ T3297] loop0: partition table partially beyond EOD, truncated [ 45.216799][ T3805] ext4_test_bit(bit=12, block=18) = 1 [ 45.222293][ T3805] is_bad_inode(inode)=0 [ 45.226327][ T3807] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 45.226476][ T3805] NEXT_ORPHAN(inode)=2130706432 [ 45.226497][ T3805] max_ino=32 [ 45.226504][ T3805] i_nlink=1 [ 45.228072][ T3805] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 45.264819][ T3805] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 45.269296][ T29] audit: type=1400 audit(1758234773.359:518): avc: denied { execute } for pid=3804 comm="syz.1.131" name="file2" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 45.274443][ T3297] loop0: p1 size 100663296 extends beyond EOD, truncated [ 45.305312][ T3297] loop0: p2 start 591104 is beyond EOD, truncated [ 45.311835][ T3297] loop0: p3 start 33572980 is beyond EOD, truncated [ 45.320777][ T3297] loop0: p5 size 100663296 extends beyond EOD, truncated [ 45.328932][ T3805] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.131: bg 0: block 248: padding at end of block bitmap is not set [ 45.344143][ T3805] Quota error (device loop1): write_blk: dquota write failed [ 45.351781][ T3805] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 45.361792][ T3805] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.131: Failed to acquire dquot type 1 [ 45.387613][ T3805] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 45.387887][ T3802] loop0: p1 p2 < > p3 p4 < p5 > [ 45.407498][ T3802] loop0: partition table partially beyond EOD, truncated [ 45.417708][ T3802] loop0: p1 size 100663296 extends beyond EOD, truncated [ 45.426277][ T3802] loop0: p2 start 591104 is beyond EOD, truncated [ 45.432803][ T3802] loop0: p3 start 33572980 is beyond EOD, truncated [ 45.440341][ T3802] loop0: p5 size 100663296 extends beyond EOD, truncated [ 45.466083][ T3805] syz.1.131 (3805) used greatest stack depth: 9248 bytes left [ 45.507778][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.589940][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.702263][ T29] audit: type=1400 audit(1758234773.799:519): avc: denied { create } for pid=3820 comm="syz.2.137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 45.758134][ T29] audit: type=1400 audit(1758234773.839:520): avc: denied { write } for pid=3820 comm="syz.2.137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 45.819123][ T29] audit: type=1400 audit(1758234773.919:521): avc: denied { mount } for pid=3825 comm="syz.3.141" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 45.887575][ T3836] loop4: detected capacity change from 0 to 512 [ 45.896135][ T3843] __nla_validate_parse: 5 callbacks suppressed [ 45.896155][ T3843] netlink: 24 bytes leftover after parsing attributes in process `syz.1.144'. [ 45.916040][ T3836] EXT4-fs (loop4): external journal device major/minor numbers have changed [ 45.966079][ T3836] EXT4-fs (loop4): failed to open journal device unknown-block(0,4) -6 [ 45.980327][ T3848] loop3: detected capacity change from 0 to 2048 [ 46.058251][ T3848] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.427013][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.427446][ T3886] syzkaller0: entered promiscuous mode [ 46.441614][ T3886] syzkaller0: entered allmulticast mode [ 46.507640][ T3900] bridge_slave_0: left allmulticast mode [ 46.513426][ T3900] bridge_slave_0: left promiscuous mode [ 46.519204][ T3900] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.527265][ T3900] bridge_slave_1: left allmulticast mode [ 46.533211][ T3900] bridge_slave_1: left promiscuous mode [ 46.539608][ T3900] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.551048][ T3900] bond0: (slave bond_slave_0): Releasing backup interface [ 46.561098][ T3900] bond0: (slave bond_slave_1): Releasing backup interface [ 46.570066][ T3900] team0: Port device team_slave_0 removed [ 46.577060][ T3900] team0: Port device team_slave_1 removed [ 46.733538][ T3912] netlink: 20 bytes leftover after parsing attributes in process `syz.3.172'. [ 46.775809][ T3916] netlink: 96 bytes leftover after parsing attributes in process `syz.3.174'. [ 46.820581][ T3920] netlink: 'syz.3.176': attribute type 10 has an invalid length. [ 46.828731][ T3920] netlink: 40 bytes leftover after parsing attributes in process `syz.3.176'. [ 46.838549][ T3920] dummy0: entered promiscuous mode [ 46.846079][ T3920] bridge0: port 3(dummy0) entered blocking state [ 46.853129][ T3920] bridge0: port 3(dummy0) entered disabled state [ 46.860946][ T3920] dummy0: entered allmulticast mode [ 46.870877][ T3920] bridge0: port 3(dummy0) entered blocking state [ 46.877577][ T3920] bridge0: port 3(dummy0) entered forwarding state [ 47.010087][ T3934] wireguard0: entered promiscuous mode [ 47.015598][ T3934] wireguard0: entered allmulticast mode [ 47.178195][ T3941] pim6reg1: entered promiscuous mode [ 47.183571][ T3941] pim6reg1: entered allmulticast mode [ 47.647266][ T3959] macvlan1: entered promiscuous mode [ 47.655153][ T3959] ipvlan0: entered promiscuous mode [ 47.661565][ T3959] ipvlan0: left promiscuous mode [ 47.667316][ T3959] macvlan1: left promiscuous mode [ 47.763786][ T3966] Driver unsupported XDP return value 0 on prog (id 166) dev N/A, expect packet loss! [ 47.859692][ T3972] macvlan1: entered promiscuous mode [ 47.882818][ T3972] ipvlan0: entered promiscuous mode [ 47.889802][ T3972] ipvlan0: left promiscuous mode [ 47.896303][ T3972] macvlan1: left promiscuous mode [ 48.160400][ T3981] syz.3.200 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 48.162970][ T3983] tipc: Started in network mode [ 48.175732][ T3983] tipc: Node identity ac14140f, cluster identity 4711 [ 48.189970][ T3983] tipc: New replicast peer: 255.255.255.255 [ 48.196145][ T3983] tipc: Enabled bearer , priority 10 [ 48.691828][ T4013] loop4: detected capacity change from 0 to 128 [ 48.894264][ T4013] bio_check_eod: 4816 callbacks suppressed [ 48.894281][ T4013] syz.4.215: attempt to access beyond end of device [ 48.894281][ T4013] loop4: rw=0, sector=121, nr_sectors = 920 limit=128 [ 49.134753][ T4041] loop4: detected capacity change from 0 to 128 [ 49.155807][ T4043] loop0: detected capacity change from 0 to 1024 [ 49.168097][ T4043] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 49.199727][ T4043] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.215264][ T4043] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 49.246507][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.308098][ T3412] tipc: Node number set to 2886997007 [ 49.326704][ T4051] geneve2: entered promiscuous mode [ 49.332064][ T4051] geneve2: entered allmulticast mode [ 49.423673][ T4059] loop4: detected capacity change from 0 to 512 [ 49.471776][ T4059] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.496458][ T4059] ext4 filesystem being mounted at /43/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 49.529413][ T4059] netlink: 96 bytes leftover after parsing attributes in process `syz.4.233'. [ 49.633300][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.702764][ T4073] hub 1-0:1.0: USB hub found [ 49.712132][ T4073] hub 1-0:1.0: 8 ports detected [ 49.735828][ T4077] openvswitch: netlink: Message has 6 unknown bytes. [ 49.952253][ T4106] loop2: detected capacity change from 0 to 512 [ 49.962979][ T4106] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 50.011466][ T4110] team0: Device ipvlan2 failed to register rx_handler [ 50.077231][ T29] kauditd_printk_skb: 170 callbacks suppressed [ 50.077306][ T29] audit: type=1400 audit(1758234778.169:692): avc: denied { bind } for pid=4113 comm="syz.1.256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 50.152457][ T29] audit: type=1326 audit(1758234778.249:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.3.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6d0eeba9 code=0x7ffc0000 [ 50.175904][ T29] audit: type=1326 audit(1758234778.249:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.3.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6d0eeba9 code=0x7ffc0000 [ 50.210670][ T29] audit: type=1326 audit(1758234778.249:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.3.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f8d6d0eeba9 code=0x7ffc0000 [ 50.233921][ T29] audit: type=1326 audit(1758234778.249:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.3.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6d0eeba9 code=0x7ffc0000 [ 50.257432][ T29] audit: type=1326 audit(1758234778.249:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.3.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6d0eeba9 code=0x7ffc0000 [ 50.281090][ T29] audit: type=1326 audit(1758234778.249:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.3.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f8d6d0eeba9 code=0x7ffc0000 [ 50.304306][ T29] audit: type=1326 audit(1758234778.249:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.3.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6d0eeba9 code=0x7ffc0000 [ 50.327800][ T29] audit: type=1326 audit(1758234778.249:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.3.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d6d0eeba9 code=0x7ffc0000 [ 50.351309][ T29] audit: type=1326 audit(1758234778.249:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4119 comm="syz.3.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f8d6d0eeba9 code=0x7ffc0000 [ 50.497222][ T4141] SELinux: Context ـ is not valid (left unmapped). [ 50.506293][ T4143] netlink: 4 bytes leftover after parsing attributes in process `syz.4.270'. [ 50.517080][ T4143] netlink: 12 bytes leftover after parsing attributes in process `syz.4.270'. [ 50.809328][ T4179] loop3: detected capacity change from 0 to 2048 [ 50.821495][ C1] vcan0: j1939_tp_rxtimer: 0xffff88811a325400: rx timeout, send abort [ 50.829847][ C1] vcan0: j1939_tp_rxtimer: 0xffff88811a325200: rx timeout, send abort [ 50.838272][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811a325400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 50.852690][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811a325200: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 50.923977][ T4191] loop0: detected capacity change from 0 to 1024 [ 50.940086][ T4179] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.957264][ T4191] EXT4-fs: inline encryption not supported [ 50.966419][ T4191] EXT4-fs (loop0): stripe (8) is not aligned with cluster size (16), stripe is disabled [ 50.983601][ T4191] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.323728][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.375027][ T4229] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 51.684022][ T4243] 9pnet: p9_errstr2errno: server reported unknown error ‌@يخ0x0000000000000003 [ 51.801680][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.859424][ T4257] loop2: detected capacity change from 0 to 512 [ 51.886375][ T4257] EXT4-fs: Ignoring removed mblk_io_submit option [ 51.903504][ T4261] loop0: detected capacity change from 0 to 1024 [ 51.914781][ T4257] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 51.930121][ T4261] EXT4-fs: Ignoring removed orlov option [ 51.936696][ T4257] EXT4-fs (loop2): 1 truncate cleaned up [ 51.945715][ T4265] loop3: detected capacity change from 0 to 512 [ 51.953044][ T4257] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.973070][ T4265] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 51.982473][ T4261] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.994687][ T4265] EXT4-fs (loop3): orphan cleanup on readonly fs [ 52.005329][ T4265] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.309: Failed to acquire dquot type 1 [ 52.007080][ T4270] loop4: detected capacity change from 0 to 128 [ 52.051557][ T4265] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.309: bg 0: block 40: padding at end of block bitmap is not set [ 52.102824][ T4270] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 52.110755][ T4270] FAT-fs (loop4): Filesystem has been set read-only [ 52.117835][ T4265] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 52.131784][ T4270] syz.4.310: attempt to access beyond end of device [ 52.131784][ T4270] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 52.146821][ T4265] EXT4-fs (loop3): 1 truncate cleaned up [ 52.151251][ T4270] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 52.153960][ T4265] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 52.160506][ T4270] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 52.182306][ T4283] syz.4.310: attempt to access beyond end of device [ 52.182306][ T4283] loop4: rw=0, sector=2065, nr_sectors = 1 limit=128 [ 52.195564][ T4283] Buffer I/O error on dev loop4, logical block 2065, async page read [ 52.204541][ T4265] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #16: comm syz.3.309: corrupted xattr block 31: invalid header [ 52.220105][ T4283] syz.4.310: attempt to access beyond end of device [ 52.220105][ T4283] loop4: rw=0, sector=2066, nr_sectors = 1 limit=128 [ 52.233441][ T4283] Buffer I/O error on dev loop4, logical block 2066, async page read [ 52.241903][ T4265] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=16 [ 52.265274][ T4265] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #16: comm syz.3.309: corrupted xattr block 31: invalid header [ 52.278671][ T4283] syz.4.310: attempt to access beyond end of device [ 52.278671][ T4283] loop4: rw=0, sector=2067, nr_sectors = 1 limit=128 [ 52.289200][ T4265] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=16 [ 52.292832][ T4283] Buffer I/O error on dev loop4, logical block 2067, async page read [ 52.305873][ T4265] EXT4-fs error (device loop3): ext4_get_link:106: inode #16: comm syz.3.309: bad symlink. [ 52.312426][ T4283] syz.4.310: attempt to access beyond end of device [ 52.312426][ T4283] loop4: rw=0, sector=2068, nr_sectors = 1 limit=128 [ 52.332829][ T4283] Buffer I/O error on dev loop4, logical block 2068, async page read [ 52.342800][ T4283] syz.4.310: attempt to access beyond end of device [ 52.342800][ T4283] loop4: rw=0, sector=2069, nr_sectors = 1 limit=128 [ 52.356119][ T4283] Buffer I/O error on dev loop4, logical block 2069, async page read [ 52.365108][ T4283] syz.4.310: attempt to access beyond end of device [ 52.365108][ T4283] loop4: rw=0, sector=2070, nr_sectors = 1 limit=128 [ 52.378312][ T4283] Buffer I/O error on dev loop4, logical block 2070, async page read [ 52.386488][ T4283] syz.4.310: attempt to access beyond end of device [ 52.386488][ T4283] loop4: rw=0, sector=2071, nr_sectors = 1 limit=128 [ 52.399834][ T4283] Buffer I/O error on dev loop4, logical block 2071, async page read [ 52.424982][ T4283] syz.4.310: attempt to access beyond end of device [ 52.424982][ T4283] loop4: rw=0, sector=2072, nr_sectors = 1 limit=128 [ 52.438621][ T4283] Buffer I/O error on dev loop4, logical block 2072, async page read [ 52.446959][ T4283] Buffer I/O error on dev loop4, logical block 2065, async page read [ 52.457916][ T4283] Buffer I/O error on dev loop4, logical block 2066, async page read [ 52.466740][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.722984][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.104037][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.237786][ T4381] loop2: detected capacity change from 0 to 512 [ 53.252124][ T4381] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 53.279870][ T4381] EXT4-fs (loop2): 1 truncate cleaned up [ 53.288498][ T4381] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.380809][ T4394] netlink: 96 bytes leftover after parsing attributes in process `syz.4.331'. [ 53.475350][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.490959][ T4401] netlink: 60 bytes leftover after parsing attributes in process `syz.3.330'. [ 53.500376][ T4401] unsupported nlmsg_type 40 [ 53.844206][ T4421] pim6reg1: entered promiscuous mode [ 53.849856][ T4421] pim6reg1: entered allmulticast mode [ 53.911850][ T4427] loop0: detected capacity change from 0 to 2048 [ 53.943649][ T4427] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.957097][ T4427] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.981068][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.077894][ T4445] netlink: 'syz.2.351': attribute type 30 has an invalid length. [ 54.268916][ T4454] team0: Port device vlan0 added [ 54.371613][ T4462] loop0: detected capacity change from 0 to 512 [ 54.429111][ T4462] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.453129][ T4470] netlink: 'syz.1.362': attribute type 10 has an invalid length. [ 54.490283][ T4470] team0: Device hsr_slave_0 failed to register rx_handler [ 54.501477][ T4462] ext4 filesystem being mounted at /80/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.562275][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.593391][ T4477] netlink: 'syz.1.366': attribute type 30 has an invalid length. [ 54.771402][ T4483] team0: Port device vlan2 added [ 54.849163][ T4488] loop3: detected capacity change from 0 to 512 [ 54.877486][ T4488] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 54.906196][ T4488] EXT4-fs (loop3): 1 truncate cleaned up [ 54.919325][ T4488] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.955477][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.061101][ T4505] netlink: 48 bytes leftover after parsing attributes in process `syz.0.376'. [ 55.096015][ T29] kauditd_printk_skb: 227 callbacks suppressed [ 55.096033][ T29] audit: type=1326 audit(1758234783.189:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4510 comm="syz.1.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9356eba9 code=0x7ffc0000 [ 55.132425][ T4511] loop1: detected capacity change from 0 to 512 [ 55.139881][ T4501] loop2: detected capacity change from 0 to 4096 [ 55.150392][ T4511] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 55.152307][ T4501] EXT4-fs: Ignoring removed nomblk_io_submit option [ 55.187306][ T29] audit: type=1326 audit(1758234783.219:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4510 comm="syz.1.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5d9356eba9 code=0x7ffc0000 [ 55.210857][ T29] audit: type=1326 audit(1758234783.219:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4510 comm="syz.1.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9356eba9 code=0x7ffc0000 [ 55.234356][ T29] audit: type=1326 audit(1758234783.219:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4510 comm="syz.1.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5d9356eba9 code=0x7ffc0000 [ 55.257687][ T29] audit: type=1326 audit(1758234783.229:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4510 comm="syz.1.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9356eba9 code=0x7ffc0000 [ 55.281193][ T29] audit: type=1326 audit(1758234783.229:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4510 comm="syz.1.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9356eba9 code=0x7ffc0000 [ 55.304477][ T29] audit: type=1326 audit(1758234783.229:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4510 comm="syz.1.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5d9356eba9 code=0x7ffc0000 [ 55.327814][ T29] audit: type=1326 audit(1758234783.229:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4510 comm="syz.1.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9356eba9 code=0x7ffc0000 [ 55.351078][ T29] audit: type=1326 audit(1758234783.229:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4510 comm="syz.1.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d9356eba9 code=0x7ffc0000 [ 55.374359][ T29] audit: type=1326 audit(1758234783.229:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4510 comm="syz.1.377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f5d9356eba9 code=0x7ffc0000 [ 55.400011][ T4511] EXT4-fs (loop1): 1 truncate cleaned up [ 55.406172][ T4511] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.430876][ T4501] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.531859][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.742615][ T4539] vlan2: entered allmulticast mode [ 55.745814][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.760335][ T4541] loop4: detected capacity change from 0 to 512 [ 55.811557][ T4539] dummy0: entered allmulticast mode [ 55.828054][ T4541] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 55.850104][ T4541] EXT4-fs (loop4): 1 truncate cleaned up [ 55.875010][ T4541] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.923368][ T4546] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.924060][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.981263][ T4546] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.021027][ T4546] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.044047][ T4551] netlink: 'syz.4.388': attribute type 10 has an invalid length. [ 56.078635][ T4551] team0: Port device dummy0 added [ 56.091309][ T4546] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.105196][ T4551] netlink: 'syz.4.388': attribute type 10 has an invalid length. [ 56.117625][ T4551] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 56.147655][ T4551] team0: Failed to send options change via netlink (err -105) [ 56.156510][ T4551] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 56.166520][ T4551] team0: Port device dummy0 removed [ 56.174985][ T4551] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 56.208107][ T110] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.236612][ T110] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.246946][ T110] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.258442][ T110] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.348983][ T4557] 9pnet: p9_errstr2errno: server reported unknown error ‌@يخ0x0000000000000007 [ 56.447818][ T4559] loop4: detected capacity change from 0 to 2048 [ 56.495293][ T4559] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.517072][ T4567] netlink: 60 bytes leftover after parsing attributes in process `syz.0.392'. [ 56.605100][ T4571] bridge_slave_0: left allmulticast mode [ 56.610882][ T4571] bridge_slave_0: left promiscuous mode [ 56.616595][ T4571] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.699293][ T4571] bridge_slave_1: left allmulticast mode [ 56.705015][ T4571] bridge_slave_1: left promiscuous mode [ 56.710797][ T4571] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.767570][ T4571] bond0: (slave bond_slave_0): Releasing backup interface [ 56.801130][ T4571] bond0: (slave bond_slave_1): Releasing backup interface [ 56.831331][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.845744][ T4571] team0: Port device team_slave_0 removed [ 56.904113][ T4571] team0: Port device team_slave_1 removed [ 56.920485][ T4571] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 56.927908][ T4571] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 56.964957][ T4571] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 56.972726][ T4571] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 56.989648][ T4578] loop4: detected capacity change from 0 to 1024 [ 57.015546][ T4578] EXT4-fs: Ignoring removed nobh option [ 57.021236][ T4578] EXT4-fs: inline encryption not supported [ 57.040876][ T4571] team0: Port device vlan2 removed [ 57.074733][ T4578] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.131493][ T4578] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.396: Allocating blocks 497-513 which overlap fs metadata [ 57.195611][ T4590] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.210594][ T4589] netlink: 'syz.0.397': attribute type 10 has an invalid length. [ 57.218857][ T4593] EXT4-fs (loop4): pa ffff888109449700: logic 16, phys. 129, len 24 [ 57.218886][ T4593] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1 [ 57.253467][ T4589] netlink: 40 bytes leftover after parsing attributes in process `syz.0.397'. [ 57.264252][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.278405][ T4589] dummy0: entered promiscuous mode [ 57.280745][ T4596] loop3: detected capacity change from 0 to 512 [ 57.318870][ T4596] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.336872][ T4603] loop4: detected capacity change from 0 to 512 [ 57.344138][ T4596] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.359825][ T4589] bridge0: port 1(dummy0) entered blocking state [ 57.367234][ T4589] bridge0: port 1(dummy0) entered disabled state [ 57.375120][ T4603] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 57.385639][ T4603] EXT4-fs (loop4): orphan cleanup on readonly fs [ 57.392604][ T4603] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.407: Failed to acquire dquot type 1 [ 57.406830][ T4603] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.407: bg 0: block 40: padding at end of block bitmap is not set [ 57.426376][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.435584][ T4603] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 57.444690][ T4603] EXT4-fs (loop4): 1 truncate cleaned up [ 57.451094][ T4603] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 57.470499][ T4590] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.549232][ T4603] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #16: comm syz.4.407: corrupted xattr block 31: invalid header [ 57.563727][ T4603] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=16 [ 57.575331][ T4603] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #16: comm syz.4.407: corrupted xattr block 31: invalid header [ 57.577359][ T4608] vlan2: entered allmulticast mode [ 57.602955][ T4603] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=16 [ 57.622099][ T4603] EXT4-fs error (device loop4): ext4_get_link:106: inode #16: comm syz.4.407: bad symlink. [ 57.644343][ T4590] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.682909][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.756758][ T4590] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.830991][ T2658] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.854619][ T2658] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.877591][ T2658] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.905704][ T2658] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.947191][ T4629] loop3: detected capacity change from 0 to 512 [ 57.967595][ T4629] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.044260][ T4632] loop1: detected capacity change from 0 to 1024 [ 58.057938][ T4634] loop2: detected capacity change from 0 to 1024 [ 58.104401][ T4629] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 58.127028][ T4636] vhci_hcd: invalid port number 96 [ 58.132349][ T4636] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 58.207784][ T4632] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 58.222362][ T4632] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #11: comm syz.1.416: iget: bogus i_mode (1) [ 58.248241][ T4632] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.416: couldn't read orphan inode 11 (err -117) [ 58.249507][ T4634] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.327465][ T4634] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.419: Allocating blocks 449-513 which overlap fs metadata [ 58.346792][ T4632] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.394653][ T4633] EXT4-fs (loop2): pa ffff888109449770: logic 48, phys. 177, len 21 [ 58.402787][ T4633] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 58.422037][ T3313] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.452092][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.478849][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.513049][ T4646] loop1: detected capacity change from 0 to 512 [ 58.540363][ T4652] netlink: 100 bytes leftover after parsing attributes in process `syz.2.425'. [ 58.583654][ T4646] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 58.602541][ T4646] EXT4-fs (loop1): orphan cleanup on readonly fs [ 58.610482][ T4646] EXT4-fs error (device loop1): ext4_acquire_dquot:6937: comm syz.1.421: Failed to acquire dquot type 1 [ 58.622274][ T4646] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.421: bg 0: block 40: padding at end of block bitmap is not set [ 58.640259][ T4646] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 58.650665][ T4646] EXT4-fs (loop1): 1 truncate cleaned up [ 58.656966][ T4646] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 58.672988][ T4646] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #16: comm syz.1.421: corrupted xattr block 31: invalid header [ 58.687434][ T4646] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=16 [ 58.703311][ T4646] EXT4-fs error (device loop1): ext4_xattr_block_get:593: inode #16: comm syz.1.421: corrupted xattr block 31: invalid header [ 58.716794][ T4646] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=16 [ 58.726447][ T4646] EXT4-fs error (device loop1): ext4_get_link:106: inode #16: comm syz.1.421: bad symlink. [ 58.747415][ T4659] netlink: 8 bytes leftover after parsing attributes in process `syz.4.428'. [ 58.797736][ T4662] loop4: detected capacity change from 0 to 1024 [ 58.817358][ T3306] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.853303][ T4667] netlink: 4 bytes leftover after parsing attributes in process `syz.2.432'. [ 58.871647][ T4667] netlink: 32 bytes leftover after parsing attributes in process `syz.2.432'. [ 58.970391][ T2994] udevd[2994]: worker [3297] terminated by signal 33 (Unknown signal 33) [ 58.982158][ T2994] udevd[2994]: worker [3297] failed while handling '/devices/virtual/block/loop3' [ 59.008780][ T2994] udevd[2994]: worker [3498] terminated by signal 33 (Unknown signal 33) [ 59.031754][ T2994] udevd[2994]: worker [3498] failed while handling '/devices/virtual/block/loop4' [ 59.049405][ T4684] @: renamed from vlan0 (while UP) [ 59.090381][ T4687] loop3: detected capacity change from 0 to 1024 [ 59.117987][ T4687] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 59.136234][ T4687] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #11: comm syz.3.436: iget: bogus i_mode (1) [ 59.149137][ T4687] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.436: couldn't read orphan inode 11 (err -117) [ 59.252509][ T4693] loop2: detected capacity change from 0 to 512 [ 59.403764][ T4693] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.439: bad orphan inode 11862016 [ 59.453327][ T4701] loop0: detected capacity change from 0 to 2048 [ 59.465506][ T4693] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.488689][ T3644] loop0: p4 < > [ 59.497518][ T4701] loop0: p4 < > [ 59.585378][ T4693] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #19: comm syz.2.439: corrupted inode contents [ 59.603869][ T4712] loop0: detected capacity change from 0 to 512 [ 59.612147][ T4693] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #19: comm syz.2.439: mark_inode_dirty error [ 59.625289][ T4693] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #19: comm syz.2.439: corrupted inode contents [ 59.639678][ T4712] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 59.658853][ T4693] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2991: inode #19: comm syz.2.439: mark_inode_dirty error [ 59.671451][ T4712] EXT4-fs (loop0): orphan cleanup on readonly fs [ 59.682950][ T4712] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.443: Failed to acquire dquot type 1 [ 59.692652][ T4693] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2994: inode #19: comm syz.2.439: mark inode dirty (error -117) [ 59.694739][ T4712] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.443: bg 0: block 40: padding at end of block bitmap is not set [ 59.708715][ T4693] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117) [ 59.722349][ T4712] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 59.740923][ T4712] EXT4-fs (loop0): 1 truncate cleaned up [ 59.759654][ T4712] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #16: comm syz.0.443: corrupted xattr block 31: invalid header [ 59.772997][ T4712] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=16 [ 59.782431][ T4712] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #16: comm syz.0.443: corrupted xattr block 31: invalid header [ 59.795990][ T4712] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=16 [ 59.805201][ T4712] EXT4-fs error (device loop0): ext4_get_link:106: inode #16: comm syz.0.443: bad symlink. [ 59.852034][ T4723] geneve2: entered promiscuous mode [ 59.857307][ T4723] geneve2: entered allmulticast mode [ 59.940295][ T4730] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 59.951137][ T4730] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 59.962709][ T4730] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 59.970189][ T4730] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 60.016074][ T4738] tipc: Started in network mode [ 60.021053][ T4738] tipc: Node identity ac14140f, cluster identity 4711 [ 60.028142][ T4738] tipc: New replicast peer: 255.255.255.255 [ 60.034221][ T4738] tipc: Enabled bearer , priority 10 [ 60.106455][ T29] kauditd_printk_skb: 185 callbacks suppressed [ 60.106475][ T29] audit: type=1326 audit(1758234788.199:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4724 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa647305b67 code=0x7ffc0000 [ 60.136635][ T29] audit: type=1326 audit(1758234788.199:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4724 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa6472aada9 code=0x7ffc0000 [ 60.160170][ T29] audit: type=1326 audit(1758234788.199:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4724 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fa64730eba9 code=0x7ffc0000 [ 60.185554][ T29] audit: type=1326 audit(1758234788.229:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4724 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa647305b67 code=0x7ffc0000 [ 60.208935][ T29] audit: type=1326 audit(1758234788.229:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4724 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa6472aada9 code=0x7ffc0000 [ 60.232274][ T29] audit: type=1326 audit(1758234788.229:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4724 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa647305b67 code=0x7ffc0000 [ 60.255713][ T29] audit: type=1326 audit(1758234788.229:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4724 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa6472aada9 code=0x7ffc0000 [ 60.278994][ T29] audit: type=1326 audit(1758234788.229:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4724 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fa64730eba9 code=0x7ffc0000 [ 60.302405][ T29] audit: type=1326 audit(1758234788.259:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4724 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa647305b67 code=0x7ffc0000 [ 60.325690][ T29] audit: type=1326 audit(1758234788.259:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4724 comm="syz.2.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa6472aada9 code=0x7ffc0000 [ 60.783769][ T4755] geneve2: entered promiscuous mode [ 60.789190][ T4755] geneve2: entered allmulticast mode [ 60.863216][ T4765] netlink: 'syz.4.468': attribute type 1 has an invalid length. [ 60.891336][ T4765] 8021q: adding VLAN 0 to HW filter on device bond1 [ 60.905919][ T4769] netlink: 'syz.1.470': attribute type 1 has an invalid length. [ 60.913691][ T4769] netlink: 198116 bytes leftover after parsing attributes in process `syz.1.470'. [ 60.918050][ T4765] netlink: 4 bytes leftover after parsing attributes in process `syz.4.468'. [ 60.952808][ T4765] bond1 (unregistering): Released all slaves [ 61.054121][ T4772] loop2: detected capacity change from 0 to 512 [ 61.060853][ T4775] netlink: 8 bytes leftover after parsing attributes in process `syz.0.474'. [ 61.070822][ T4777] @: renamed from vlan0 (while UP) [ 61.078654][ T4772] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 61.086815][ T4772] EXT4-fs (loop2): orphan cleanup on readonly fs [ 61.098627][ T4772] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.471: Failed to acquire dquot type 1 [ 61.111524][ T4772] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.471: bg 0: block 40: padding at end of block bitmap is not set [ 61.145519][ T4772] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 61.148139][ T1027] tipc: Node number set to 2886997007 [ 61.161001][ T4772] EXT4-fs (loop2): 1 truncate cleaned up [ 61.171670][ T4772] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #16: comm syz.2.471: corrupted xattr block 31: invalid header [ 61.185148][ T4772] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=16 [ 61.194474][ T4772] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #16: comm syz.2.471: corrupted xattr block 31: invalid header [ 61.209551][ T4772] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=16 [ 61.218633][ T4772] EXT4-fs error (device loop2): ext4_get_link:106: inode #16: comm syz.2.471: bad symlink. [ 61.287935][ T37] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.323155][ T37] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.353750][ T37] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.369516][ T4791] netlink: 8 bytes leftover after parsing attributes in process `syz.0.478'. [ 61.402256][ T37] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.411332][ T4793] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 61.418942][ T4793] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 61.442230][ T4793] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 61.449720][ T4793] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 61.463061][ T4800] netlink: 12 bytes leftover after parsing attributes in process `syz.1.481'. [ 61.514698][ T4802] netlink: 'syz.1.483': attribute type 1 has an invalid length. [ 61.545763][ T4802] 8021q: adding VLAN 0 to HW filter on device bond1 [ 61.562187][ T4802] netlink: 4 bytes leftover after parsing attributes in process `syz.1.483'. [ 61.591786][ T4802] bond1 (unregistering): Released all slaves [ 61.697627][ T4809] loop0: detected capacity change from 0 to 2048 [ 61.734185][ T4816] loop3: detected capacity change from 0 to 512 [ 61.745070][ T4816] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 61.797371][ T4816] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.489: invalid indirect mapped block 4294967295 (level 0) [ 61.831033][ T4816] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.489: invalid indirect mapped block 4294967295 (level 1) [ 61.850823][ T4816] EXT4-fs (loop3): 1 orphan inode deleted [ 61.856678][ T4816] EXT4-fs (loop3): 1 truncate cleaned up [ 61.899026][ T4818] loop1: detected capacity change from 0 to 128 [ 62.065246][ T4811] bio_check_eod: 16088 callbacks suppressed [ 62.065266][ T4811] syz.1.487: attempt to access beyond end of device [ 62.065266][ T4811] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 62.132775][ T4811] syz.1.487: attempt to access beyond end of device [ 62.132775][ T4811] loop1: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 62.170653][ T4811] syz.1.487: attempt to access beyond end of device [ 62.170653][ T4811] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 62.191539][ T4811] syz.1.487: attempt to access beyond end of device [ 62.191539][ T4811] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 62.205643][ T4811] syz.1.487: attempt to access beyond end of device [ 62.205643][ T4811] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 62.221966][ T4811] syz.1.487: attempt to access beyond end of device [ 62.221966][ T4811] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 62.235952][ T4811] syz.1.487: attempt to access beyond end of device [ 62.235952][ T4811] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 62.250050][ T4811] syz.1.487: attempt to access beyond end of device [ 62.250050][ T4811] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 62.277139][ T4811] syz.1.487: attempt to access beyond end of device [ 62.277139][ T4811] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 62.291376][ T4811] syz.1.487: attempt to access beyond end of device [ 62.291376][ T4811] loop1: rw=0, sector=145, nr_sectors = 8 limit=128 [ 62.757837][ T4849] netlink: 'syz.0.498': attribute type 1 has an invalid length. [ 62.830093][ T4849] 8021q: adding VLAN 0 to HW filter on device bond1 [ 62.884495][ T4846] bond1 (unregistering): Released all slaves [ 63.029941][ T4857] loop4: detected capacity change from 0 to 2048 [ 63.093770][ T4860] pim6reg1: entered promiscuous mode [ 63.099214][ T4860] pim6reg1: entered allmulticast mode [ 63.404263][ T4884] loop0: detected capacity change from 0 to 1024 [ 63.428586][ T4884] EXT4-fs: Ignoring removed orlov option [ 63.441762][ T4888] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4888 comm=syz.1.517 [ 63.453992][ T4886] loop3: detected capacity change from 0 to 1024 [ 63.474705][ T4888] netlink: 'syz.1.517': attribute type 1 has an invalid length. [ 63.509094][ T4886] EXT4-fs: Ignoring removed bh option [ 63.518450][ T4888] bond1: (slave bridge1): making interface the new active one [ 63.526413][ T4888] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 63.546782][ T4886] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 63.876668][ T4894] ================================================================== [ 63.884820][ T4894] BUG: KCSAN: data-race in filemap_write_and_wait_range / xas_set_mark [ 63.893521][ T4894] [ 63.895846][ T4894] write to 0xffff888109583254 of 4 bytes by task 4886 on cpu 0: [ 63.903471][ T4894] xas_set_mark+0x12b/0x140 [ 63.907991][ T4894] __folio_start_writeback+0x1dd/0x440 [ 63.913462][ T4894] ext4_bio_write_folio+0x5ad/0x9f0 [ 63.918667][ T4894] mpage_process_page_bufs+0x4a1/0x620 [ 63.924216][ T4894] mpage_prepare_extent_to_map+0x786/0xc00 [ 63.930024][ T4894] ext4_do_writepages+0xa05/0x2750 [ 63.935148][ T4894] ext4_writepages+0x176/0x300 [ 63.939912][ T4894] do_writepages+0x1c3/0x310 [ 63.944522][ T4894] file_write_and_wait_range+0x156/0x2c0 [ 63.950182][ T4894] generic_buffers_fsync_noflush+0x45/0x120 [ 63.956080][ T4894] ext4_sync_file+0x1ab/0x690 [ 63.960772][ T4894] vfs_fsync_range+0x10a/0x130 [ 63.965538][ T4894] ext4_buffered_write_iter+0x34f/0x3c0 [ 63.971094][ T4894] ext4_file_write_iter+0xdbf/0xf00 [ 63.976302][ T4894] iter_file_splice_write+0x666/0xa60 [ 63.981672][ T4894] direct_splice_actor+0x156/0x2a0 [ 63.986790][ T4894] splice_direct_to_actor+0x312/0x680 [ 63.992252][ T4894] do_splice_direct+0xda/0x150 [ 63.997021][ T4894] do_sendfile+0x380/0x650 [ 64.001468][ T4894] __x64_sys_sendfile64+0x105/0x150 [ 64.006679][ T4894] x64_sys_call+0x2bb0/0x2ff0 [ 64.011374][ T4894] do_syscall_64+0xd2/0x200 [ 64.015908][ T4894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.021809][ T4894] [ 64.024136][ T4894] read to 0xffff888109583254 of 4 bytes by task 4894 on cpu 1: [ 64.031684][ T4894] filemap_write_and_wait_range+0xfc/0x340 [ 64.037507][ T4894] filemap_invalidate_pages+0xa4/0x1a0 [ 64.042968][ T4894] kiocb_invalidate_pages+0x6e/0x80 [ 64.048180][ T4894] __iomap_dio_rw+0x5d4/0x1250 [ 64.052959][ T4894] iomap_dio_rw+0x40/0x90 [ 64.057291][ T4894] ext4_file_write_iter+0xad9/0xf00 [ 64.062497][ T4894] iter_file_splice_write+0x666/0xa60 [ 64.067876][ T4894] direct_splice_actor+0x156/0x2a0 [ 64.072990][ T4894] splice_direct_to_actor+0x312/0x680 [ 64.078363][ T4894] do_splice_direct+0xda/0x150 [ 64.083140][ T4894] do_sendfile+0x380/0x650 [ 64.087570][ T4894] __x64_sys_sendfile64+0x105/0x150 [ 64.092787][ T4894] x64_sys_call+0x2bb0/0x2ff0 [ 64.097479][ T4894] do_syscall_64+0xd2/0x200 [ 64.101994][ T4894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.107916][ T4894] [ 64.110239][ T4894] value changed: 0x0a000021 -> 0x04000021 [ 64.115948][ T4894] [ 64.118272][ T4894] Reported by Kernel Concurrency Sanitizer on: [ 64.124431][ T4894] CPU: 1 UID: 0 PID: 4894 Comm: syz.3.516 Not tainted syzkaller #0 PREEMPT(voluntary) [ 64.134077][ T4894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 64.144163][ T4894] ==================================================================